F5 Networks

CLI Documentation

  • F5.COM
  • GITHUB
  • DEVCENTRAL
  • SUPPORT
  • System Controller
    • config-mode-commands
      • SNMP
      • base-commands
      • components
      • file
      • image
      • interfaces
      • lacp
      • partitions
      • slots
      • system-aaa-authentication
      • system-aaa-password-policy
      • system-aaa-primary-key
      • system-aaa-server-groups
      • system-aaa-tls
      • system-appliance-mode
      • system-clock
      • system-database
      • system-dbvars
      • system-diagnostics-core-files
      • system-diagnostics-ihealth
      • system-diagnostics-proxy
      • system-diagnostics-qkview
      • system-dns
      • system-image
      • system-licensing
      • system-logging
      • system-mgmt-ip
      • system-network
      • system-ntp
      • system-redundancy
      • system
    • operational-mode-commands
      • operational-mode-commands
    • pipe-mode-commands
      • pipe-mode-commands
    • show-commands
      • show-SNMP-FRAMEWORK-MIB
      • show-cli
      • show-cluster
      • show-components
      • show-configuration
      • show-ctrlr_status
      • show-file
      • show-history
      • show-image
      • show-interfaces
      • show-lacp
      • show-parser
      • show-partitions
      • show-restconf-state
      • show-running-config
      • show-system-aaa
      • show-system-alarms
      • show-system-appliance-mode
      • show-system-blade-power
      • show-system-chassis-macs
      • show-system-clock
      • show-system-database
      • show-system-diagnostics
      • show-system-dns
      • show-system-events
      • show-system-health
      • show-system-image
      • show-system-licensing
      • show-system-logging
      • show-system-mgmt-ip
      • show-system-network
      • show-system-ntp
      • show-system-redundancy
      • show-system-remote-console
      • show-system
  • Chassis Partition
    • config-mode-commands
      • SNMP
      • base-commands
      • cluster
      • fdb
      • file
      • images
      • interfaces
      • lacp
      • lldp
      • portgroups
      • qos
      • stp
      • system-aaa-authentication
      • system-aaa-password-policy
      • system-aaa-server-groups
      • system-aaa-tls
      • system-appliance-mode
      • system-database
      • system-diagnostics-core-files
      • system-diagnostics-ihealth
      • system-diagnostics-qkview
      • system-logging
      • system-redundancy
      • system
      • tenants
      • vlan-listeners
      • vlans
    • operational-mode-commands
      • operational-mode-commands
    • pipe-mode-commands
      • pipe-mode-commands
    • show-commands
      • show-SNMP-FRAMEWORK-MIB
      • show-cli
      • show-cluster
      • show-components
      • show-dag-states
      • show-dma-states
      • show-fdb
      • show-file
      • show-history
      • show-images
      • show-interfaces
      • show-lacp
      • show-lldp
      • show-parser
      • show-partition
      • show-portgroups
      • show-qos
      • show-restconf-state
      • show-running-config
      • show-service-instances
      • show-stp
      • show-system-aaa
      • show-system-alarms
      • show-system-appliance-mode
      • show-system-diagnostics
      • show-system-events
      • show-system-health
      • show-system-licensing
      • show-system-logging
      • show-system-redundancy
      • show-system-state
      • show-system
      • show-tenants
      • show-vlan-listeners

CLI Documentation

System Controller


System Controller: config-mode-commands


SNMP COMMUNITY Configuration

COMMAND

SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>

DESCRIPTION Configure an SNMP community.

ARGUMENTS

<SNMP community>

  • type: string
  • description: A human-readable string representing the corresponding value of snmpCommunityName in a Security Model-independent format. An SNMP community string is used to allow access to statistics within a managed device.

EXAMPLE

Configure the SNMP community name to be test_community:

syscon-1-active(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community

SNMP VACM Configuration

COMMAND

SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community_name> vacmGroupName <group-name>

DESCRIPTION Configure SNMP VIEW BASED ACM for the given community. This configuration maps a combination of securityModel and securityName into a groupName, which is used to define an access control policy for a group of principals.

ARGUMENTS

<vacmSecurityModel>

  • type: int
  • description: The Security Model by which the vacmSecurityName referenced by this entry is provided. The default value is 1 for SNMP v1, and the default value is 2 for SNMP v2c.

<community>

  • type: string
  • description: The securityName(community name) for the principal, represented in a Security Model independent format, which is mapped by this entry to a groupName.

<group-name>

  • type: string
  • description: The name of the group to which this entry belongs (for example, a combination of securityModel and securityName).

Note: Use group-name as read-access while configuring the SNMP VACM.

EXAMPLES

Configure the SNMP v2c VACM read access group for community test_community:

syscon-1-active(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access

Configure the SNMP v1 VACM read access group for community test_community:

syscon-1-active(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access

SNMP Trap Configuration

IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable, snmpTargetParamsTable, and snmpTargetAddrTable, as shown below.


snmpNotifyTable Configuration

COMMAND

SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap

DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.

ARGUMENTS

<snmpNotifyName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpNotifyEntry.

EXAMPLE

Configure the SNMP NOTIFICATION MIB entry to be v2_trap for trap notifications:

syscon-1-active(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap

snmpTargetParamsTable Configuration

COMMAND

SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>

DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.

ARGUMENTS

<snmpTargetParamsName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpTargetParamsEntry.

<snmpTargetParamsMPModel>

  • type: int
  • description: The Message Processing Model to be used when generating SNMP messages using this entry.
**Note:** snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)

<snmpTargetParamsSecurityModel>

  • type: int
  • description: The Security Model to be used when generating SNMP messages using this entry.
**Note:** snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)

<snmpTargetParamsSecurityName>

  • type: string
  • description: The securityName that identifies the Principal on whose behalf SNMP messages will be generated using this entry.
**Note:** This must be one of the configured SNMP communities.

<snmpTargetParamsSecurityLevel>

  • type: string
  • description: The level of security to be used when generating SNMP messages using this entry.
**Note:** This must be `noAuthNoPriv` for SNMP v1 and v2c.

EXAMPLES

Configure the SNMP snmpTargetParamsTable to be group2 for SNMP v2 model with test_community:

syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv

Configure the SNMP snmpTargetParamsTable to be group1 for SNMP v1 model with test_community:

syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv

snmpTargetAddrTable Configuration

COMMAND

SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>

DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.

ARGUMENTS

<snmpTargetAddrName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpTargetAddrEntry.

<snmpTargetAddrTDomain>

  • type: oid
  • description: This value indicates the transport type of the address contained in the snmpTargetAddrTAddress object.
**Note:** Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.

<snmpTargetAddrTAddress>

  • type: string
  • description: This value contains a transport address.
**Note:** 
For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).

For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).

<snmpTargetAddrTagList>

  • type: string
  • description: This value contain a list of tag values that are used to select target addresses for a specific operation.
**Note:** This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).

<snmpTargetAddrParams>

  • type: string
  • description: The value of this object identifies an entry in the snmpTargetParamsTable. The identified entry contains SNMP parameters to be used when generating messages to be sent to this transport address.

EXAMPLES

Configure the SNMP snmpTargetAddrTable to be v2_trap with IPv4 address x.x.x.x and port 6011:

Port Octet Conversion:

6011 >> 8 = 23 (1st octet)

6011 & 255 = 123 (2nd octet)
syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2

Configure the SNMP snmpTargetAddrTable to be v1_trap with IPv4 address x.x.x.x and port 6011:

syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1

Base Commands


abort

COMMAND abort

DESCRIPTION Abort a configuration session.

ARGUMENTS This command has no arguments.


annotate

COMMAND annotate

DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.

Note: Only available when the system has been configured with attributes enabled.

ARGUMENTS

<statement> <text>

  • type: string
  • description: A statement with which an annotation is to be associated and the text to be associated for a part of the configuration.

clear

COMMAND clear

DESCRIPTION Remove all configuration changes.

ARGUMENTS

history

  • description: Clear command history.

commit

COMMAND commit

DESCRIPTION Commit the current set of changes to the running configuration.

ARGUMENTS

abort <id>

  • type: int
  • description: Halt a pending commit using the persist-id <id> argument.

and-quit

  • description: Commit the current set of changes and exit configuration mode.

check

  • description: Validate the current configuration and indicate any configuration errors.

confirmed <timeout-in-min>

  • type: int
  • description: Commit the current set of changes to running with a timeout (in minutes). If no commit confirmed command is issued before the timeout expires, then the configuration is reverted to the configuration that was active before the commit confirmed command was issued. If no timeout is given, then the confirming commit has a timeout of 10 minutes. The configuration session will be terminated after this command since no further editing is possible. The confirming commit will be rolled back if the CLI session is terminated before confirming the commit, unless the persist argument is also given. If the persist command is given, then the CLI session can be terminated and a later session can confirm the pending commit by supplying the persist token as an argument to the commit command using the persist-id argument.

no-confirm

  • description: Commit the current set of changes without querying the user. If needed, you can specify the persist token as an argument to this command using the persist-id argument.

comment <text>

  • type: string
  • description: Add a text comment about the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

label

  • type: string
  • description: Add a text label that describes the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

persist-id <id>

  • type: string
  • description: Persist identifier used if a previous commit operation was performed using the persist-id argument. Include the persist-id option and specify the same persist token id, to modify the ongoing confirming commit process. This enables you to cancel an ongoing persist commit operation or extend the timeout.

save-running <filename>

  • type: string
  • description: Save a copy of the configuration to a specified file.

compare

COMMAND compare

DESCRIPTION Compare two configuration subtrees.

ARGUMENTS

<config>

  • type: string
  • description: Compare the running configuration to a saved configuration.

copy

COMMAND copy

DESCRIPTION Copy the running configuration.

ARGUMENTS

<identifier>

  • type: int
  • description: The file identifier.

<path-to-file>

  • type: string
  • description: Path of the file to be compared.

<file>

  • type: string
  • description: File name to be compared.

describe

COMMAND describe

DESCRIPTION Display detailed information about a command.

ARGUMENTS

<command>

  • type: string
  • description: The source of the command (YANG, clispec, etc.).

<path-to-file>

  • type: string
  • description: The path in the YANG file.

do

COMMAND do

DESCRIPTION Run a command in operational (user) mode.

ARGUMENTS

<command>

  • type: string
  • description: Command to be run in operational mode.

end

COMMAND end

DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.

ARGUMENTS

no-confirm

  • description Exit configuration mode immediately, without committing any changes to the configuration.

exit

COMMAND exit

DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.

ARGUMENTS

level

  • description: Exit from the current level. If performed on the top level, exits configuration mode. This is the default value.

configuration-mode

  • description: Exit from configuration mode regardless of mode. If changes have been made to the configuration, you are prompted to save before exiting configuration mode.

no-confirm

  • description: Exit configuration mode immediately, without committing any changes to the configuration.

help

COMMAND help

DESCRIPTION Display help information about a specified command.

ARGUMENTS

<command>

  • type: string
  • description Command for which you want to view help.

insert

COMMAND insert

DESCRIPTION Insert a parameter or element.

ARGUMENTS

<path-to-file>

  • type: string
  • description Element or parameter to insert. If the element already exists and has the indexedView option set in the data model, then the old element will be renamed to element+1 and the new element inserted in its place.

move

COMMAND move

DESCRIPTION Move an element or parameter.

ARGUMENTS

<path-to-file> <position>

  • type: strings
  • description Element or parameter to move and the position to move this element. The element can be moved first, last (default), before, or after an element.

no

COMMAND no

DESCRIPTION Delete or unset a configuration command.

ARGUMENTS

<command>

  • type: string
  • description Command to delete or unset.

pwd

COMMAND pwd

DESCRIPTION Display the current path in the configuration hierarchy.

ARGUMENTS This command has no arguments.


resolved

COMMAND resolved

DESCRIPTION Indicate that conflicts have been resolved.

ARGUMENTS This command has no arguments.


revert

COMMAND revert

DESCRIPTION Copy the running configuration.

ARGUMENTS

no-confirm

  • description: Copy the running configuration without prompting the user to confirm.

rollback

COMMAND rollback

DESCRIPTION Returns the configuration to a previously committed configuration.

ARGUMENTS

configuration <rollback-version>

  • type: int
  • description: Return to an earlier committed version. The most recently committed configuration (the running configuration) is number 0, the next most recent is 1, and so on.

selective <rollback-version>

  • type: int
  • description: Return to a specific earlier committed configuration. This might succeed or fail depending on the content of the delta rollback.

EXAMPLES

Return to the configuration changes made in rollback versions 0 and 1:

syscon-1-active# rollback configuration 1

Return to the configuration changes made only in rollback version 1:

syscon-1-active# rollback selective 1

show

COMMAND show

DESCRIPTION Display a specified parameter.

ARGUMENTS

configuration

  • description: Display the current configuration buffer.

full-configuration

  • description: Display the current configuration.

history <number-of-items-to-show>

  • type: int
  • description: Display CLI command history.

parser <command-prefix>

  • type: string
  • description: Display all possible commands starting with .

tag

COMMAND tag

DESCRIPTION Configure statement tags.

ARGUMENTS

add <statement> <tag>

  • type: string
  • description: Add a tag to a configuration statement.

clear <statement>

  • type: string
  • description: Remove all tags from a configuration statement.

del <statement> <tag>

  • type: string
  • description: Remove a tag from a statement.

top

COMMAND top

DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.

ARGUMENTS

<command>

  • type: string
  • description: Optional command to run after exiting to the top level.

validate

COMMAND validate

DESCRIPTION Verify that the candidate configuration contains no errors. This performs the same operation as commit check.

ARGUMENTS This command has no arguments.


components

COMMAND components

DESCRIPTION

Configure properties for hardware components.

ARGUMENTS

The availability of options for this command depends on which hardware component you are configuring.

component <specific-component>

  • type: string
  • description: Name of the specific component. Available options are:
    • blade-1 through blade-<n>
    • chassis
    • controller-1 through controller-2
    • fantray-1
    • lcd
    • psu-1 through psu-<n>
    • psu-controller-1 through psu-controller-2

component <specific-component> config name

  • type: string
  • description: An optional descriptive name for a specific component.

component <specific-component> properties property <specific-property>

  • type: string
  • description: An optional descriptive name or value for a specific component.

component chassis psu config redundancy-mode { n+1 | n+n | no-redundancy }

  • type: enumeration
  • description: The redundancy mode used for installed power supply units (PSUs). Available options are:
    • n+1: Prefer n+1 redundancy, which means that the chassis has more working PSUs than are required to support all installed components. The system will remain fully functional if a single PSU fails.
    • n+n: Prefer n+n redundancy, which means that the chassis has twice as many working PSUs than are required to support all installed components. This configuration is typically used in DC installations with two independent DC power buses. The system will remain fully functional if half of the working PSUs fail (or if one of the facility’s two DC buses fails).
    • no-redundancy: Prefer no-redundancy, which means that the chassis has enough working PSUs to support all installed components.

component chassis psu config severity { alert | critical | emergency | error | notice | warning }

  • type: enumeration
  • description: SLogging severity level for PSU redundancy modes. The default value is warning. Available options, in decreasing order of severity, are:
    • alert: Serious errors that require immediate administrator intervention.
    • critical: Critical errors, including hardware and file system failures.
    • emergency: System is unusable.
    • error: Non-critical, but possibly important, error messages.
    • notice: Messages that contain useful information, but may be ignored.
    • warning: Messages that should be logged and reviewed.

EXAMPLES

Configure the PSU redundancy mode to be n+n:

syscon-1-active(config)# components component chassis psu config redundancy-mode n+n

Configure the severity level for the n+n PSU redundancy mode to be error:

syscon-1-active(config)# components component chassis psu config severity error redundancy-mode n+n

file config concurrent-operations-limit

COMMAND file config concurrent-operations-limit

DESCRIPTION Specify how many concurrent file operations are allowed at a time.

ARGUMENTS

<number-of-file-ops>

  • type: byte
  • description: The number of concurrent file operations allowed at a time.

EXAMPLE

Limit the number of concurrent file operations to 10:

syscon-1-active# file config concurrent-operations-limit 10

file known-hosts known-host

COMMAND file known-hosts known-host

DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.

ARGUMENTS

config fingerprint

  • type: boolean
  • description: Fingerprint received from remote-host string.

config remote-host

  • type: string
  • description: The remote system FQDN or IPv4/IPv6 address. The minimum length is 1 character, and the maximum length is 253 characters.

file import

COMMAND file import

DESCRIPTION Transfer a remote file to the system controller. These directories are available for use for file import operations on the system controller:

  • images/staging
  • images/import
  • diags/shared
  • configs/

ARGUMENTS

insecure

  • description: Disable SSL certificate verification of the remote system.

local-file <path-to-file>

  • type: string
  • description: Path to the local file.

password <password>

  • type: string
  • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

protocol { scp | sftp | https }

  • type: enumeration
  • description: Protocol to be used for file transfer.

remote-file <path-to-file>

  • type: string
  • description: Path to the remote file.

remote-host <path-to-file>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

remote-port <port-number>

  • type: unsignedShort
  • description: Port number to use for file transfer. The range is from 1 to 65535.

remote-url <url>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

username <username>

  • type: string
  • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

web-token <webtoken>

  • type: string
  • description: Web token for connecting to the remote server.

EXAMPLE

Transfer a file named myfile.iso from the remote host files.company.com on port 443 to the images/staging directory on the system controller:

syscon-1-active# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/staging/myfile.iso)

file export

COMMAND file export

DESCRIPTION Transfer a file from a system controller to a remote system. These directories are available for use for file export operations on the system controller:

  • log/controller
  • log/conf
  • diags/crash
  • diags/core
  • images/staging
  • images/import
  • diags/shared
  • configs/

insecure

  • description: Disable SSL certificate verification of the remote system.

local-file <path-to-file>

  • type: string
  • description: Path to the local file.

password <password>

  • type: string
  • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

protocol { scp | sftp | https }

  • type: enumeration
  • description: Protocol to be used for file transfer.

remote-file <path-to-file>

  • type: string
  • description: Path to the remote file.

remote-host <path-to-file>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

remote-port <port-number>

  • type: unsignedShort
  • description: Port number to use for file transfer. The range is from 1 to 65535.

remote-url <url>

  • type: string
  • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

username <username>

  • type: string
  • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

web-token <webtoken>

  • type: string
  • description: Web token for connecting to the remote server.

EXAMPLE

Transfer a file named velos.log from the local host to the /home/jdoe/ directory at files.company.com, using the username jdoe:

syscon-1-active# file export local-file log/controller/velos.log remote-host files.company.com remote-file home/jdoe/velos.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/controller/velos.log)

file delete

COMMAND file delete

DESCRIPTION Delete a specified file from the system controller. You can use file delete only on files in the diags/shared directory.

ARGUMENTS

file-name <path-to-file>

  • type: string
  • description: File to be deleted.

EXAMPLE

Delete a specified QKView file from the system:

syscon-1-active# file delete file-name diags/shared/qkview/controller-1-76ee7548-786d-11eb-a48b-12345a000007-qkview.tar.gz
    result Deleting the file

file transfer-status

COMMAND file transfer-status

DESCRIPTION Display the status of file transfer operations.

ARGUMENTS

file-name <path-to-file>

  • type: string
  • description: View the status of a specific file that you have transferred.

EXAMPLE

Check the status of file transfers:

syscon-1-active# file transfer-status
result
S.No.|Operation  |Protocol|Local File Path                    |Remote Host            |Remote File Path              |Status
1    |Import file|HTTPS   |images/staging/myfile.iso     |files.company.com      |images/myfile.iso             |In Progress (15.0%)

file list

COMMAND file list

DESCRIPTION Display a list of directories and files in a specified path.

ARGUMENTS

path <filepath>

  • type: string
  • description: Path for which you want to view the included files and directories.

EXAMPLE

Display a list of files in images/staging:

syscon-1-active# file list path images/staging
entries {
    name
F5OS-C-1.2.0-1234.CONTROLLER.CANDIDATE.iso
F5OS-C-1.2.0-1234.PARTITION.CANDIDATE.iso
}

file show

COMMAND file show

DESCRIPTION Display the contents of a specified file.

ARGUMENTS

<path-to-file>

  • type: string
  • description: File that you want to view.

EXAMPLE

Display the contents of the file log/controller/velos.log:

syscon-1-active# file show log/controller/velos.log
2021-02-26T09:57:57-08:00 localhost.localdomain notice boot_marker: ---==={ BOOT-MARKER }===---
2021-02-26T09:59:04-08:00 controller-1.chassis.local notice boot_marker: ---==={ BOOT-MARKER }===---
2021-02-26T18:08:59.060702+00:00 controller-1 vcc-lacpd[10]: priority="Info" version=1.0 msgid=0x3301000000000040 msg="LACPD starting.".
2021-02-26T18:08:59.061370+00:00 controller-1 alert-service[8]: priority="Notice" version=1.0 msgid=0x2201000000000001 msg="Alert Service Starting..." version="3.4.9" date="Fri Nov 20 00:40:14 2020".
2021-02-26T18:08:59.061371+00:00 controller-1 /usr/bin/authd[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061401+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061469+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061639+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000006 msg="DB state monitor started".
...

file tail

COMMAND file tail

DESCRIPTION Display only the last 10 lines of a specified file.

ARGUMENTS

<path-to-file>

  • type: string
  • description: File that you want to view.

-f

  • description: Display appended data as the file grows. Type Ctrl+C to cancel the operation.

-n <number-of-lines>

  • description: Display a specific number of lines, instead of only the last 10 lines.

EXAMPLES

Display only the last 10 lines of log/controller/velos.log:

syscon-1-active# file tail log/controller/velos.log
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:10+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:12+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".

Display the last 10 lines of log/controller/velos.log and keep appending output as the file grows:

syscon-1-active# file tail -f log/controller/velos.log
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:10+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:12+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".

Display only the last five lines of log/controller/velos.log:

syscon-1-active# file tail -n 5 log/controller/velos.log
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".

image controller remove iso

COMMAND image controller remove iso

DESCRIPTION Remove a specified ISO version from the system controller.

ARGUMENTS

version

  • type: string
  • description: System controller iso-version to remove.

EXAMPLE

Remove the ISO named 1.2.0-3456 from the system controller:

syscon-1-active(config)# image controller remove iso 1.2.0-3456

image controller remove os

COMMAND image controller remove os

DESCRIPTION Remove a specified OS version from the system controller.

ARGUMENTS

version

  • type: string
  • description: Controller os-version to remove.

EXAMPLE

Remove the OS version named 1.2.0-3456 from the system controller:

syscon-1-active(config)# image controller remove os 1.2.0-3456

image controller remove service

COMMAND image controller remove service

DESCRIPTION Remove a specified service version from the system controller.

ARGUMENTS

version

  • type: string
  • description: Controller service-version to remove.

EXAMPLE

Remove the service version named 1.2.0-3456 from the system controller:

syscon-1-active(config)# image controller remove service 1.2.0-3456

image partition remove iso

COMMAND image partition remove iso

DESCRIPTION Remove a specified ISO version from the partition.

ARGUMENTS

version

  • type: string
  • description: Partition iso-version to remove.

EXAMPLE

Remove the ISO version named 1.2.0-3456 from the partition:

syscon-1-active(config)# image partition remove iso 1.2.0-3456

image partition remove os

COMMAND image partition remove os

DESCRIPTION Remove a specified OS version from the partition.

ARGUMENTS

version

  • type: string
  • description: Partition os-version to remove.

EXAMPLE

Remove the OS version named 1.2.0-3456 from the partition:

syscon-1-active(config)# image partition remove os 1.2.0-3456

image partition remove service

COMMAND image partition remove service

DESCRIPTION Remove a specified service version from the partition.

ARGUMENTS

version

  • type: string
  • description: Partition service-version to remove.

EXAMPLE

Remove the service version named 1.2.0-3456 from the partition:

syscon-1-active(config)# image partition remove service 1.2.0-3456

interfaces interface

COMMAND interfaces interface

DESCRIPTION Configure chassis network interfaces. This includes options for link aggregation.

ARGUMENTS

The availability of options for this command depends on which interface you are configuring.

<interface-name>

  • type: string
  • description: Name of the specific interface. Available options are:
    • <blade-number>/1.<n> - <blade-number>/<n>.<n>
    • 1/mgmt0
    • 2/mgmt0
    • cplagg_1.<n>

interfaces interface <interface-name> aggregation config

COMMAND interfaces interface <interface-name> aggregation config

DESCRIPTION Configure aggregation for an interface.

ARGUMENTS

distribution-hash { dst-mac | src-dst-ipport | src-dst-mac }

  • description: Supported load balancing hash values. Available options are:
    • dst-mac: Distribute on the destination MAC address.
    • src-dst-ipport: Distribute on the source destination IP address and the TCP or UDP port.
    • src-dst-mac: Distribute on the source destination MAC address.

lag-type { LACP | STATIC }

  • description: Link aggregation type.

lagid <lag-id>

  • description: LAG identifier.

mac-address <mac-address>

  • description: MAC address for a LAG group.

min-links <number-of-links>

  • description: Minimum number of links that must be up for the bundle as a whole to be labeled up.

EXAMPLE

Configure aggregation of type LACP on interface 1/1.1:

syscon-1-active(config)# interfaces interface 1/1.1 aggregation config lag-type LACP

interfaces interface <interface-name> config


COMMAND interfaces interface <interface-name> config

DESCRIPTION Configure aggregation for an interface.

ARGUMENTS

description

  • description: A description for the interface.

loopback-mode { false | true }

  • description: Set to true to enable loopback mode or false to disable it.

mtu <size>

  • description: MTU size.

name <name>

  • description: A descriptive name.

type <interface-type>

  • description: The interface type. Press Tab at the CLI to see an extensive list of options.

EXAMPLE

Configure interface 1/1.1 to use the fast aggregation type:

syscon-1-active(config)# interfaces interface 1/1.1

interfaces interface <interface-name> ethernet config

COMMAND interfaces interface <interface-name> ethernet config

DESCRIPTION Configure Ethernet options for an interface.

ARGUMENTS

aggregate-id <interface>

  • description: The logical aggregate interface to which this interface belongs.

auto-negotiate { false | true }

  • description: Whether to enable auto negotiation. Set to true to enable auto negotiate or false to disable it.

duplex-mode { FULL | HALF }

  • description: Whether to enable full or half duplex on an interface. Set to FULL to enable full duplex on an interface or set to HALF to enable half duplex on an interface.

enable-flow-control { false | true }

  • description: Whether to enable priority flow control. Set to true to enable priority flow control or false to disable it.

flow-control { rx | rx-priority | tx | tx-priority }

  • description: Whether to enable flow control. Available options are:
    • rx: Set to on to enable priority flow control in the receive direction or off to disable it.
    • rx-priority <priority>: Enables priority-based flow control in the receive direction on a specified interface to a specified priority number. Valid values are 1 through 8.
    • tx: Set to on to enable priority flow control in the send direction or off to disable it.
    • tx-priority <priority>: Enables priority-based flow control on a specified interface to a specified priority number. Valid values are 1 through 8.

mac-address

  • description: The MAC address for the specified interface.

phyport

  • description: The physical port of the specified interface.

port-speed

  • description: The port speed for the specified interface. Available options are:
    • SPEED_1GB
    • SPEED_5GB
    • SPEED_10GB
    • SPEED_10MB
    • SPEED_25GB
    • SPEED_40GB
    • SPEED_50GB
    • SPEED_100GB
    • SPEED_100MB
    • SPEED_2500MB
    • SPEED_UNKNOWN

EXAMPLE

Configure interface 1/1.1 to use the FULL duplex mode:

syscon-1-active(config)# interfaces interface 1/1.1 ethernet config duplex-mode FULL

interfaces interface <interface-name> hold-time

COMMAND interfaces interface <interface-name> holdtime

DESCRIPTION Configure Ethernet options for an interface.

ARGUMENTS

config { up | down } <time-in-milliseconds>

  • description: The hold-time value to use when an interface transitions from up to down.

EXAMPLE

Configure hold-time for interface 1/1.2:

syscon-1-active(config)# interfaces interface 1/1.2 holdtime config up

interfaces interface <interface-name> subinterfaces subinterface range


COMMAND interfaces interface <interface-name> subinterfaces subinterface range

DESCRIPTION This command is not currently supported.


lacp config system-priority

COMMAND lacp config system-priority

DESCRIPTION System priority and system MAC are combined as system-id which is required by the LACP protocol. Each partition has a system mac which is not configurable. The default system priority is 32768.

ARGUMENTS

<priority>

  • type: unsignedShort
  • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system.

EXAMPLE

Configure system priority to be 1000:

syscon-1-active(config)# lacp config system-priority 1000

lacp interfaces interface

COMMAND lacp interfaces interface

DESCRIPTION

    Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.

ARGUMENTS

interval { FAST | SLOW }

  • description: The interval at which interfaces send LACP packets. Set the interval to FAST to have packets sent every second. Set the interval to SLOW to have packets sent every 30 seconds.

lacp-mode { ACTIVE | PASSIVE }

  • description: Set to PASSIVE to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.

EXAMPLES

Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:

syscon-1-active(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST

Create a LAG interface named lag1 with the type ieee8023adLag:

syscon-1-active(config)# interfaces interface lag1 config type ieee8023adLag; commit

Enable LACP on a LAG interface named lag1:

syscon-1-active(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
#

Create an LACP interface named lag1 with default parameters (internal is set to SLOW, lacp-mode is set to ACTIVE):

syscon-1-active(config)# lacp interfaces interface lag1 config name lag1; commit

Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1:

syscon-1-active(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
syscon-1-active(config)#  interfaces interface 1/2.0 ethernet config aggregate-id lag1
syscon-1-active(config)#  commit

Attach VLANs 1000 and 1001 to a LAG interface named lag1:

syscon-1-active(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans { 1000 1001 }

partitions partition

COMMAND partitions partition

DESCRIPTION Configure options for partitions.

ARGUMENTS

<partition-name>

  • type: string
  • description: Name of the partition. Partition names must consist of only alphanumerics (0-9, a-z, A-Z), must begin with a letter, and are limited to 31 characters. No hyphens or other special characters are allowed.

EXAMPLE

Create a partition named newPartition:

syscon-1-active(config)# partitions partition newPartition

partitions partition <partition-name> check-version

COMMAND partitions partition <partition-name> check-version

DESCRIPTION Check whether a partition is compatible with a specific service version.

ARGUMENTS

iso-version <version-number>

  • type: string
  • description: Partition ISO version.

os-version <version-number>

  • type: string
  • description: Partition OS version.

service-version <version-number>

  • type: string
  • description: Partition service version.

EXAMPLE

Verify that the partition is compatible with service version number 1.2.0-2934:

syscon-1-active(config)# partitions partition new check-version service-version 1.2.0-2934
result Partition database upgrade compatibility check succeeded.

partitions partition <partition-name> set-version

COMMAND partitions partition <partition-name> set-version

DESCRIPTION Trigger an install after verifying software compatibility using check-version. This operation will cause the partition control plane, blades, and tenants to restart, which interrupts both management and data plane traffic.

ARGUMENTS

iso-version <version-number>

  • type: string
  • description: Partition ISO version.

os-version <version-number>

  • type: string
  • description: Partition OS version.

service-version <version-number>

  • type: string
  • description: Partition service version.

proceed { yes | no }

  • type: string
  • description: Specify no to show a confirmation prompt prior to beginning the installation of new partition software. Specify yes to bypass a confirmation prompt.

partitions partition <partition-name> config

COMMAND partitions partition <partition-name> config

DESCRIPTION Configure a partition.

ARGUMENTS

configuration-volume <size>

  • type: unsignedByte
  • description: The size in GB for the configuration volume.

{ enabled | disabled }

  • type: boolean
  • description: Specify enabled to enable a specified partition. Specify disabled to disable it.

images-volume <size>

  • type: unsignedByte
  • description: The size in GB for the images volume.

iso-version <version-number>

  • type: string
  • description: Partition ISO version.

mgmt-ip { ipv4 | ipv6 } address <ip-address> gateway <ip-address> prefix-length <length>

  • type: string
  • description: Partition management IP address. For the management IP address, you can also configure these options:
    • address: IPv4 or IPv6 address
    • gateway: IPv4 or IPv6 gateway address
    • prefix-length: IPv4 or IPv6 prefix length

os-version <version-number>

  • type: string
  • description: Partition OS version.

service-version <version-number>

  • type: string
  • description: Partition service version.

shared-volume <size>

  • type: unsignedByte
  • description: The size in GB for the shared volume.

EXAMPLES

Enable a partition named newPartition:

syscon-1-active(config)# partitions partition newPartition config enabled

Disable a partition named newPartition:

syscon-1-active(config)# partitions partition newPartition config disabled

Change the iso-version running on a partition named newPartition to be version 1.2.0-2934:

syscon-1-active(config)# partitions partition newPartition config iso-version 1.2.0-2934

Change the os-version running on a partition named newPartition to be version 1.2.0-2934:

syscon-1-active(config)# partitions partition newPartition config os-version 1.2.0-2934

Change the service-version running on a partition named newPartition to be version 1.2.0-2934:

syscon-1-active(config)# partitions partition newPartition config service-version 1.2.0-2934

slots slot

COMMAND slots slot

DESCRIPTION Specify a slot to enable, disable, or reassign to a different partition.

ARGUMENTS

slot-num <slot-number>

  • type: int, 1 .. 32
  • description: The slot number to configure.

enabled { false | true }

  • type: boolean
  • description: Set to true to enable a slot. The default is true.

partition <partition-name>

  • type: string
  • description: The name of the partition to which a slot is assigned. The default value is default.

EXAMPLE

Disable slot 1 and verify that it is disabled:

syscon-1-active(config)# slots slot 1 disabled
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
 disabled
 partition none
!

Enable slot 1 and verify that it is enabled:

syscon-1-active(config)# slots slot 1 enabled
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
 enabled
 partition none
!

Assign slot 1 to a partition named default and verify that it is correctly assigned:

syscon-1-active(config)# slots slot 1 partition default
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
 enabled
 partition default
!

system aaa authentication config authentication-method

COMMAND

system aaa authentication config authentication-method

DESCRIPTION

Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.

ARGUMENTS

{ LDAP_ALL | LOCAL | RADIUS_ALL | TACACS_ALL }

  • type: enumeration
  • description: Set one or more types. Authentication is tried on the order in which it is configured here.

EXAMPLE

Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password):

syscon-1-active(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }

system aaa authentication ldap active_directory

COMMAND system aaa authentication ldap active_directory

DESCRIPTION

Specify whether to enable LDAP Active Directory (AD).

ARGUMENTS

{ false | true }

  • type: enumeration
  • description: Set to true to enable LDAP AD or false to disable it. The default value is false.

EXAMPLE

Enable LDAP AD on the system:

syscon-1-active(config)# system aaa authentication ldap active_directory true

system aaa authentication ldap base

COMMAND

system aaa authentication ldap base

DESCRIPTION

Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.

ARGUMENTS

<dn-name>

  • type: list of string
  • description: The distinguished name from which to start the search for the LDAP user. The default format is 1 - 255 alphanumeric characters. Allowed special characters include: = . , -

EXAMPLE

syscon-1-active(config)# system aaa authentication ldap base dc=xyz,dc=com
syscon-1-active(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }


system aaa authentication ldap bind_timelimit

COMMAND system aaa authentication ldap bind_timelimit

DESCRIPTION

Specify a maximum amount of time to wait for LDAP authentication to return a result.

ARGUMENTS

<value-in-seconds>

  • type: unsignedShort
  • description: The maximum bind time limit, in seconds. The default value is 30.

EXAMPLE

Set a maximum bind time limit of 60 seconds:

syscon-1-active(config)# system aaa authentication ldap bind_timelimit 60

system aaa authentication ldap binddn

COMMAND

system aaa authentication ldap binddn

DESCRIPTION

Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.

ARGUMENTS

<dn-acct-info>

  • type: string
  • description: The account that is allowed to search the base DN. The default format is 1 - 255 alphanumeric characters. Allowed special characters include: = . , -

EXAMPLE

Set the distinguished name of a specified account for searching the base DN:

syscon-1-active(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com

system aaa authentication ldap bindpw

COMMAND

system aaa authentication ldap bindpw

DESCRIPTION

Specify the password of the search account identified in binddn.

ARGUMENTS

<password>

  • type: AES encrypted string
  • description: The password for the search account on the LDAP server. This option is required if you enter a value for the binddn option. The default value is none.

EXAMPLE

Specify a password for the search account on the LDAP server:

syscon-1-active(config)# system aaa authentication ldap bindpw <password>

system aaa authentication ldap idle_timelimit

COMMAND

system aaa authentication ldap idle_timelimit

DESCRIPTION

Configure the maximum amount of time before the LDAP connection can be inactive before it times out.

ARGUMENTS

<number-of-seconds>

  • type: unsignedShort
  • description: The maximum idle timeout, in seconds. The default value is 30.

EXAMPLE

Set a maximum idle timeout of 60 seconds:

syscon-1-active(config)# system aaa authentication ldap idle_timelimit 60

system aaa authentication ldap ldap_version

COMMAND

system aaa authentication ldap ldap_version

DESCRIPTION

Specify the LDAP protocol version number.

ARGUMENTS

<version-number>

  • type: unsignedByte
  • description: The protocol version number for the LDAP server. The range is from 1 to 3. The default value is 3.

EXAMPLE

Specify that LDAPv3 is used for the LDAP server:

syscon-1-active(config)# system aaa authentication ldap ldap_version 3

system aaa authentication ldap ssl

COMMAND

system aaa authentication ldap ssl

DESCRIPTION

Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.

ARGUMENTS

on

  • type: string
  • description: Enable TLS to secure all connections.

off

  • type: string
  • description: Disable TLS to secure all connections.

start_tls

  • type: string
  • description: Start a connection in unencrypted mode on a port configured for plain text and negotiates TLS/SSL encryption with the client. If selected, it is used rather than raw LDAP over SSL.

EXAMPLE

Specify that TLS is enabled for all connections:

syscon-1-active(config)# system aaa authentication ldap ssl on

system aaa authentication ldap timelimit

COMMAND

system aaa authentication ldap timelimit

DESCRIPTION

Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.

ARGUMENTS

<number-of-seconds>

  • type: unsignedShort
  • description: The time limit, in seconds, used for LDAP searches.

EXAMPLE

Specify a maximum time limit of 60 seconds for LDAP searches:

syscon-1-active(config)# system aaa authentication ldap timelimit 60

system aaa authentication ldap tls_cacert

COMMAND

system aaa authentication ldap tls_cacert

DESCRIPTION

Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.

ARGUMENTS

<path-to-cacert>

  • type: string
  • description: The PEM-formatted X.509 certificate (self-signed or from a CA). The default value is none.

EXAMPLE

Specify a certificate for authenticating the TLS connection:

syscon-1-active(config)# system aaa authentication ldap tls_cacert <path_to_cacert>.pem

system aaa authentication ldap tls_cert

COMMAND

system aaa authentication ldap tls_cert

DESCRIPTION

Specify the file that contains the certificate for the client's key.

ARGUMENTS

<path-to-cacert>

  • type: string
  • description: The file that contains the certificate.

EXAMPLE

Specify a file that contains the certificate for a client's key:

syscon-1-active(config)# system aaa authentication ldap tls_cacert <path_to_cacert>.pem

system aaa authentication ldap tls_ciphers

COMMAND

system aaa authentication ldap tls_ciphers

DESCRIPTION

Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.

The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

ARGUMENTS

<cipher-suite>

  • type: string
  • description: The cipher suite for the TLS library in use.

EXAMPLE

Specify the cipher suite for the TLS library in use:

syscon-1-active(config)# system aaa authentication ldap tls_cyphers <cipher-suite>

system aaa authentication ldap tls_key

COMMAND

system aaa authentication ldap tls_key

DESCRIPTION

Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

ARGUMENTS

<path-to-file>

  • type: AES encrypted string
  • description: The file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

system aaa authentication ldap tls_reqcert

COMMAND

system aaa authentication ldap tls_reqcert

DESCRIPTION

Specify what checks to perform on certificates in a TLS session. The default value is never.

ARGUMENTS

never

  • type: string
  • description: This level indicates that a certificate is not required. This is the default level.

allow

  • type: string
  • description: This level indicates that a certificate is requested. If none is provided, the session proceeds normally. If a certificate is provided, but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided.

try

  • type: string
  • description: This level indicates that a certificate is requested. If no certificate is provided, the session proceeds normally. If a certificate is provided, and it cannot be verified, the session is terminated immediately.

{ demand | hard }

  • type: string
  • description: This level indicates that a certificate is requested and a valid certificate must be provided, otherwise the session is terminated immediately.

EXAMPLE

Specify that a certificate is not required for a TLS session:

syscon-1-active(config)# system aaa authentication ldap tls_reqcert never

system aaa authentication roles role

COMMAND

system aaa authentication roles role

DESCRIPTION

Specify the primary role assigned to the user.

ARGUMENTS

config gid

  • type: unsignedInt
  • description: The assigned system group ID for the role.

config rolename

  • type: string
  • description: The assigned role name for the role; must comply with Linux naming policies.

config users

  • type: list of strings
  • description: The roles assigned to the user.

EXAMPLE

Configure which rolename and system group ID is used for a specified role:

syscon-1-active(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>

system aaa authentication users user

COMMAND

system aaa authentication users user

DESCRIPTION

Configure options for users.

ARGUMENTS

config expiry-date <yyyy-mm-dd>

  • type: string
  • description: The date that you want the account to expire, in yyyy-mm-dd format. The default value is -1 (no expiration date). Use 1 to indicate expired.

config last-change <yyyy-mm-dd>

  • type: int
  • description: The date that the the password was last changed, in yyyy-mm-dd format. Use 0 to force a password change.

config role

  • type: string
  • description: The role to which the user is assigned.

tally-count

  • type: unsignedInt
  • description: The number of login failures, excluding root and admin users.

config username

  • type: string
  • description: The name of the user.

config set-password

  • type: string
  • description: Used by admin roles to change the password for other users.

config change-password

  • type: string
  • description: Used by non-admin users to change their own password. This requires that they know their old password.

EXAMPLE

Configure a user named jdoe so that the user must change their password at their next log in and indicate that the account has no expiration date:

syscon-1-active(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1

system aaa password-policy config apply-to-root

COMMAND

system aaa password-policy config apply-to-root

DESCRIPTION

Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true), the system returns an error on failed check if the root user changing the password. If disabled (false), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.

ARGUMENTS

{ false | true }

  • type: enumeration
  • description Set to true to enforce password policies even if it is the root user configuring passwords or false to disable it. The default value is false.

system aaa password-policy config max-age

COMMAND

system aaa password-policy config max-age

DESCRIPTION

Configure the number of days that users can keep using the same password without changing it.

ARGUMENTS

max-age <days>

  • type: unsignedInt
  • description: The maximum number of days that a user can use the same password. The range of values is from 0 to 999999 days. Set to -1 to indicate that the password never expires.

system aaa password-policy config max-login-failures

COMMAND

system aaa password-policy config max-login-failures

DESCRIPTION

Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.

ARGUMENTS

max-login-failures <number-of-failures>

  • type: unsignedInt
  • description: The maximum number of unsuccessful login attempts that are permitted before a user is locked out. The range of values is from 0 to 65535.

system aaa password-policy config min-length

COMMAND

system aaa password-policy config min-length

DESCRIPTION

Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9. If you want to allow passwords that are as short as 5 characters, you should not use min-length.

ARGUMENTS

min-length <size>

  • type: unsignedInt
  • description: The minimum length of new passwords. The range of values is from 6 to 255.

system aaa password-policy config reject-username

COMMAND

system aaa password-policy config reject-username

DESCRIPTION

Check whether the user name is contained in the new password, either in straight or reversed form. If it is found, the new password is rejected.

ARGUMENTS

{ false | true }

  • type: enumeration
  • description: Set to false to allow the user name in a new password or true to reject new passwords that contain the user name in some form. The default value is false.

system aaa password-policy config required-differences

COMMAND

system aaa password-policy config required-differences

DESCRIPTION

Configure the number of character changes that are required in the new password that differentiate it from the old password.

ARGUMENTS

<number-of-diffs>

  • type: unsignedInt
  • description: The number of character changes required in a new password to differentiate it from the old password. The range is from 0 to 127. The default value is 5.

system aaa password-policy config required-lowercase

COMMAND

system aaa password-policy config required-lowercase

DESCRIPTION

Configure the minimum number of lowercase character required for a password.

ARGUMENTS

<number-of-chars>

  • type: unsignedInt
  • description: The minimum number of lowercase characters required for a password. The range is from 0 to 127.

system aaa password-policy config required-numeric

COMMAND

system aaa password-policy config required-numeric

DESCRIPTION

Configure the minimum number of numeric characters required for a password.

ARGUMENTS

<number-of-chars>

  • type: unsignedInt
  • description: The minimum number of numeric characters required for a password. The range is from 0 to 127.

system aaa password-policy config required-special

COMMAND

system aaa password-policy config required-special

DESCRIPTION

Configure the minimum number of numeric characters required for a password.

ARGUMENTS

<number-of-chars>

  • type: unsignedInt
  • description: The minimum number of special characters required for a password. The range is from 0 to 127.

system aaa password-policy config required-uppercase

COMMAND

system aaa password-policy config required-uppercase

DESCRIPTION

Configure the minimum number of numeric characters required for a password.

ARGUMENTS

<number-of-chars>

  • type: unsignedInt
  • description: The minimum number of uppercase characters required for a password. The range is from 0 to 127.

system aaa password-policy config retries

COMMAND

system aaa password-policy config retries

DESCRIPTION

Configure the number of retries allowed when user authentication is unsuccessful.

ARGUMENTS

<number-of-retries>

  • type: unsignedInt
  • description: The number of retries allowed after unsuccessful user authentication. The range is from 0 to 127.

system aaa password-policy config root-lockout

COMMAND

system aaa password-policy config root-lockout

DESCRIPTION

Configure whether the root account can be locked out after unsuccessful login attempts.

ARGUMENTS

{ false | true }

  • type: enumeration
  • description: Set to false to disable root lockout after a number of unsuccessful login attempts or true to enable it. The default value is false.

system aaa password-policy config root-unlock-time

COMMAND system aaa password-policy config root-unlock-time

DESCRIPTION

Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.

ARGUMENTS

<time-in-seconds>

  • type: unsignedInt
  • description: The amount of time (in seconds) after unsuccessful root user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

system aaa password-policy config unlock-time

COMMAND

system aaa password-policy config unlock-time

DESCRIPTION

Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.

ARGUMENTS

<time-in-seconds>

  • type: unsignedInt
  • description: The amount of time (in seconds) after unsuccessful user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

system aaa primary-key set

COMMAND

system aaa primary-key set

DESCRIPTION

Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.

ARGUMENTS

passphrase

  • type: string
  • description: The passphrase for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

confirm-passphrase

  • type: string
  • description: Set the option to confirm the passphrase input again.

salt

  • type: string
  • description: The salt for the key. The minimum length is 6 characters, and the maximum length is 255 characters.

confirm-salt

  • type: string
  • description: Set the option to confirm the salt input again.

EXAMPLE

Change the primary key, set a passphrase and salt, and then display the status of the key migration process:

syscon-1-active(config)# system aaa primary-key set
Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
response description: Key migration is initiated. Use 'show system primary-key state status' to get status


syscon-1-active# show system aaa primary-key state
system aaa primary-key state hash Jt221bA3Xf3V2ClXPY9pdfQzauNUGODq4EseXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
system aaa primary-key state status "COMPLETE        Initiated: Fri Jan 29 22:33:02 2021"

[root@controller-1 ~]#

system aaa server-groups server-group

COMMAND

system aaa server-groups server-group

DESCRIPTION

Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.

ARGUMENTS

RADIUS Server

auth-port <port-number>
  • description: The UDP destination port on the server for authentication requests.

secret-key <key>

  • description: A shared secret key that provides security for communication between the system and AAA server.

timeout <time-in-seconds>

  • description: The time interval to wait for the server to reply before resending. The valid values are from 1 to 9 seconds. The default value is 3 (seconds).

LDAP Server

auth-port <port-number>
  • description: The UDP destination port on the server for authentication requests. The default value is 389.

type { LDAP | RADIUS | TACACS }

  • description: The authentication server type. The default value is LDAP (LDAP over TCP).

EXAMPLES

Create a server group named radius-test of type RADIUS, assign a specific RADIUS server with the group, and then configure a secret key:

syscon-1-active(config)# system aaa server-groups server-group radius-test
syscon-1-active(config-server-group-radius-test)# config type RADIUS
syscon-1-active(config-server-group-radius-test)# config name radius-test
syscon-1-active(config-server-group-radius-test)# commit
Commit complete.
syscon-1-active(config-server-group-radius-test)#
syscon-1-active(config)# system aaa server-groups server-group radius-test servers server 192.0.2.10 config address 192.0.2.10
syscon-1-active(config-server-192.0.2.10)# radius config secret-key radius-key'
syscon-1-active(config-server-192.0.2.10)# commit

Create a server group named ldap-test of type LDAP, assign a specific LDAP server with the group, and then set the LDAP type as LDAP over TCP:

syscon-1-active(config)# system aaa server-groups server-group ldap-test
syscon-1-active(config-server-group-ldap-test)# config type LDAP
syscon-1-active(config-server-group-ldap-test)# config name ldap-test
syscon-1-active(config-server-group-ldap-test)# commit
Commit complete.
syscon-1-active(config-server-group-ldap-test)#
syscon-1-active(config)# system aaa server-groups server-group ldap-test servers server 192.0.2.10 config address 192.0.2.10
syscon-1-active(config-server-192.0.2.10)# ldap config type ldap
syscon-1-active(config-server-192.0.2.10)# commit

system aaa tls config certificate

COMMAND

system aaa tls config certificate

DESCRIPTION

Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.

ARGUMENTS

<certificate>

  • type: string
  • description: Valid certificate content.

EXAMPLE

Add a certificate and key to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key , commit the changes:

syscon-1-active(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...

syscon-1-active(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...

syscon-1-active(config)# commit
Commit complete.

system aaa tls config key

COMMAND

system aaa tls config key

DESCRIPTION

Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in DB storage.

ARGUMENTS

<key>

  • type: AES encrypted string
  • description: Valid key content.

EXAMPLE

Add a TLS key and certificate to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate:

syscon-1-active(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...

syscon-1-active(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...

syscon-1-active(config)# commit
Commit complete.

system aaa tls crls crl

COMMAND system aaa tls crls crl

DESCRIPTION Configure a Certificate Revocation List Entry (CRL).

ARGUMENTS

config name <name>

  • type: string
  • description: Name of CRL entry.

config revocation-key <crl>

  • type: string
  • description: Specifies the PEM-encoded CRL. The minimum length is 1 character.

EXAMPLE

Add a new CRL to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the CRL key.

syscon-2-active(config)# system aaa tls crls crl *crl Name*
Value for 'config revocation-key' (<string>):
[Multiline mode, exit with ctrl-D.]
> ...

syscon-2-active(config)# commit
Commit complete.

system aaa tls create-self-signed-cert

COMMAND system aaa tls create-self-signed-cert

DESCRIPTION Create an OpenSSL key for use with AAA/TLS.

ARGUMENTS

key-type { rsa | ecdsa }

  • type: enumeration
  • description: Key type to use with the self-signed certificate. Available options include RSA and ECDSA (Elliptic Curve Digital Signature Algorithm).

key-size <key-size>

  • type: unsignedInt,
  • description: Size of key. The range is from 2048 to 8192 bytes.

days-valid <number>

  • type: unsignedInt
  • description: The number of days for which a certificate is valid.

curve-name <curve-type>

  • type: enumeration
  • description: The ECDSA curve type to use. The default value is secp521r1. Available options are:
    • SM2
    • brainpoolP160r1
    • brainpoolP160t1
    • brainpoolP192r1
    • brainpoolP192t1
    • brainpoolP224r1
    • brainpoolP224t1
    • brainpoolP256r1
    • brainpoolP256t1
    • brainpoolP320r1
    • brainpoolP320t1
    • brainpoolP384r1
    • brainpoolP384t1
    • brainpoolP512r1
    • brainpoolP512t1
    • prime192v1
    • prime192v2
    • prime192v3
    • prime239v1
    • prime239v2
    • prime239v3
    • prime256v1
    • secp112r1
    • secp112r2
    • secp128r1
    • secp128r2
    • secp160k1
    • secp160r1
    • secp160r2
    • secp192k1
    • secp224k1
    • secp224r1
    • secp256k1
    • secp384r1
    • secp521r1

name <common-name>

  • type: string
  • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

organization <org-name>

  • type: string
  • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

unit <unit-name>

  • type: string
  • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

city <city-name>

  • type: string
  • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

region <region-name>

  • type: string
  • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

country <country-code>

  • type: string
  • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

email <email-address>

  • type: string
  • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

version <version-number>

  • type: unsignedShort
  • description: Version number for the certificate.

store-tls { false | true }

  • type: enumeration
  • description: Set to true to store the self-signed certificate pair in the the system-aaa-tls-config or false to specify that it should not be stored.

EXAMPLE

Create a private key and self-signed certificate:

syscon-1-active(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacd9H4cMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----

system aaa tls create-csr

COMMAND system aaa tls create-csr

DESCRIPTION Create a certificate signing request (CSR).

ARGUMENTS

name <common-name>

  • type: string
  • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

organization <org-name>

  • type: string
  • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

unit <unit-name>

  • type: string
  • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

city <city-name>

  • type: string
  • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

region <region-name>

  • type: string
  • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

country <country-code>

  • type: string
  • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

email <email-address>

  • type: string
  • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

version <version-number>

  • type: unsignedShort
  • description: Version number for the certificate.

EXAMPLE

Create a CSR:

system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
response -----BEGIN CERTIFICATE REQUEST-----
JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
0ov+Osy2iA==
-----END CERTIFICATE REQUEST-----

system appliance-mode config

COMMAND system appliance-mode config

DESCRIPTION Configure whether appliance mode is enabled or disabled on the system controller controller. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:

  • System controller: Run system appliance-mode on the system controller.
  • Chassis partition: Run system appliance-mode on the chassis partition.
  • Tenant: Run tenants tenant <tenant-name\> config appliance-mode on the chassis partition.

ARGUMENTS

{ disabled | enabled }

  • type: boolean
  • description: Specify enabled to enable appliance mode on the system controller. Specify disabled to disable it.

EXAMPLE

Enable appliance mode and then verify that appliance mode is enabled:

syscon-1-active(config)# system appliance-mode config enabled
syscon-1-active(config)# commit
syscon-1-active(config)# exit
syscon-1-active# show system appliance-mode
system appliance-mode state enabled

Disable appliance mode and then verify that appliance mode is disabled:

syscon-1-active(config)# system appliance-mode config disabled
syscon-1-active(config)# commit
syscon-1-active(config)# exit
syscon-1-active# show system appliance-mode
system appliance-mode state disabled

system clock config timezone-name

COMMAND system clock config timezone-name

DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid timezone names, see www.iana.org/time-zones.

ARGUMENTS

<tz-database-name>

  • type: string
  • description: The tz database names to be used by the system.

EXAMPLES

Configure the system to use the America/Los_Angeles time zone:

syscon-1-active(config)# system clock config timezone-name America/Los_Angeles

Configure the system to use the Asia/Calcutta time zone:

syscon-1-active(config)# system clock config timezone-name Asia/Calcutta

system database config-backup

COMMAND system database config-backup

DESCRIPTION Generate a backup of the system configuration in the form of an XML file.

ARGUMENTS

name <filename>

  • type: string
  • description: The name of the backup file.

overwrite { false | true }

  • type: boolean
  • description: Set to true to overwrite the file if a file by that name exists or false to disable the file overwrite. The default value is false.

EXAMPLE

Create a backup file of the system configuration named backup-march2021 and overwrite it if a file by that name already exists:

syscon-1-active(config)# system database config-backup name backup-march2021 overwrite true
response Succeeded.

system database config-restore

COMMAND system database config-restore

DESCRIPTION Restore the system configuration from an XML backup file.

ARGUMENTS

name <filename>

  • type: string
  • description: The name of the backup file.

EXAMPLE

Restore the system configuration from a backup file named backup-march2021:

syscon-1-active(config)# system database config-restore name backup-march2021

system database config reset-default-config

COMMAND system database config reset-default-config

DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.

IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, all partition configuration, and tenant images.

ARGUMENTS

reset-default-config { false | true }

  • type: boolean
  • description: Set to true to reset the configuration to the default or false to disable it. The default value is false.

EXAMPLE

Revert the system to the default configuration:

syscon-1-active(config)# system database config reset-default-config true

system dbvars config debug

COMMAND system dbvars config debug

DESCRIPTION Set debug variables (dbvars) for various components.

ARGUMENTS

The availability of options for this command depends on which debug variable you are configuring.

<specific-dbvar>

  • type: string
  • description: Name of the specific dbvar. Available options are:
    • chassis-manager
    • confd
    • ha
    • mgmt-ip-test
    • partition-agent
    • partition-software-manager
    • switchd
    • system
    • terminal-server

system diagnostics core-files list

COMMAND system diagnostics core-files list

DESCRIPTION List core files for the VELOS system.

EXAMPLE

List all core files on the system:

syscon-1-active# system diagnostics core-files list
files { controller-1:/diags/shared/core/container/authd-1.core.gz controller-1:/diags/shared/core/container/orchestration_m-1.core.gz controller-1:/diags/shared/core/host/test-1.core.gz controller-2:/diags/shared/core/container/test-1.core.gz controller-2:/diags/shared/core/host/test-2.core.gz }

system diagnostics core-files delete

COMMAND system diagnostics core-files delete

DESCRIPTION Delete core files from the VELOS system.

ARGUMENTS

files

  • type: list of strings
  • description: The controller number, path, and name of core files to be deleted. To delete more than one file, separate file names with a space.

EXAMPLE

Delete selected core files from the system:

syscon-1-active# system diagnostics core-files delete files { controller-1:/diags/shared/core/host/test-1.core.gz }

system diagnostics ihealth config authserver

COMMAND system diagnostics ihealth config authserver

DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://api.f5.com/auth/pub/sso/login/ihealth-api.

ARGUMENTS

authserver

  • type: string
  • description: The FQDN for the authentication server.

EXAMPLE

Specify an authentication server for the iHealth service:

syscon-1-active(config)# system diagnostics ihealth config authserver
(<string>) (https://api.f5.com/auth/pub/sso/login/ihealth-api): https://api.f5networks.net/auth/pub/sso/login/ihealth-api

system diagnostics ihealth config password

COMMAND system diagnostics ihealth config password

DESCRIPTION Specify the password used to log in to iHealth. This password is given in plain text, but will be encrypted when stored in the system.

ARGUMENTS

password

  • type: AES encrypted string
  • description: The password string for the iHealth user.

EXAMPLE

Specify a password to be used for logging in to iHealth:

syscon-1-active(config)# system diagnostics ihealth config password
(<AES encrypted string>): **********

system diagnostics ihealth config server

COMMAND system diagnostics ihealth config server

DESCRIPTION Specify the iHealth service has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.

ARGUMENTS

server

  • type: string
  • description: The FQDN for the iHealth upload server.

EXAMPLE

Specify an upload server for the iHealth service:

syscon-1-active(config)# system diagnostics ihealth config server  
(<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True

system diagnostics ihealth config username

COMMAND system diagnostics ihealth config username

DESCRIPTION Specify the username used to access the iHealth service.

ARGUMENTS

username

  • type: string
  • description: The username used for accessing the iHealth service.

EXAMPLE

Specify a user name to be used when logging in to iHealth:

syscon-1-active(config)# system diagnostics ihealth config username
(<string>) (user@f5.com): user2@f5.com

system diagnostics ihealth upload

COMMAND system diagnostics ihealth upload

DESCRIPTION Initiate a qkview-file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.

ARGUMENTS

qkview-file

  • type: string
  • description: The name of the QKView file to be uploaded. Use the system diagnostics qkview list command to see a list of available files. Note: Be sure to add /diags/shared/QKView/ as a prefix to the QKView file name.

description

  • type: string
  • description: A short description of the QKView file. For example, "data path performance."

service-request-number

  • type: string
  • description: The F5 service request number for F5 support. For example, 1-123134134 or C1231231.

EXAMPLE

Upload a file named /diags/shared/qkview/test.qkview to iHealth:

syscon-1-active(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
message HTTP/1.1 202 Accepted
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:09:08 GMT
Content-Length: 0

system diagnostics ihealth cancel

COMMAND system diagnostics ihealth cancel

DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.

ARGUMENTS

upload-id

  • type: string
  • description: The upload-id that is returned when initiating an upload.

EXAMPLE

Cancel the QKView upload with an upload-id of iuw53AYW.

syscon-1-active(config)# system diagnostics ihealth cancel upload-id iuw53AYW
message HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:10:01 GMT
Content-Length: 44

system diagnostics proxy config

COMMAND system diagnostics proxy config


DESCRIPTION Configure a web proxy to upload QKView files to F5 iHealth. This is useful when the VELOS system does not have internet access to reach f5.com.

ARGUMENTS

proxy-password <password>

  • type: AES encrypted string
  • description: Password for the web proxy server.

EXAMPLE

Configure the system to connect to a web proxy using specified credentials:

syscon-1-active(config)# system diagnostics proxy config proxy-server 192.0.2.111 proxy-username jdoe proxy-password
(<AES encrypted string>): ******

system diagnostics qkview capture

COMMAND system diagnostics qkview capture

DESCRIPTION Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in a single directory, depending on where the QKView file is executed.

If you request a QKView on a system controller or chassis partition, QKView files are stored in the host directory: diags/shared/qkview/.

ARGUMENTS

filename <name>

  • type: string
  • description: The name of the file to which QKView data is written. The default filename is <system-name>.qkview.

timeout <time-in-seconds>

  • type: int
  • description: The time in seconds after which to stop QKView collection. The default value is 0, which indicates no timeout.

exclude-cores { false | true }

  • type: boolean
  • description: Set to true if core files should be excluded from QKView. The default value is false.

maxcoresize <size-in-mb>

  • type: int
  • description: If this argument is specified, core files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 25 MB.

maxfilesize <size-in-mb>

  • type: int
  • description: If this argument is specified, all files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value is 500 MB.

EXAMPLE

Generate a QKView and name the file client-qkview.tar, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout:

syscon-1-active# system diagnostics qkview capture filename client-qkview.tar exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
result  Qkview file client-qkview.tar is being collected
return code 200

syscon-1-active# system diagnostics qkview status
result  {"Busy":true,"Percent":6,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview.tar"}

resultint 0

syscon-1-active# system diagnostics qkview capture
result  Qkview file controller-1.qkview is being collected
return code 200

resultint 0

syscon-1-active# system diagnostics qkview capture filename tryagain.tar
result  Qkview capture can not be initiated. Another Qkview capture is already in progress

return code 429

resultint -10


system diagnostics qkview cancel

COMMAND system diagnostics qkview cancel

DESCRIPTION Cancel a QKView that is in progress.

ARGUMENTS This command has no arguments.

EXAMPLE

Cancel the currently running QKView:

syscon-1-active# system diagnostics qkview cancel
result  Qkview with filename client-qkview.tar was canceled
return code 200

resultint 0

system diagnostics qkview status

COMMAND system diagnostics qkview status

DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.

ARGUMENTS This command has no arguments.

EXAMPLE

View the status of the currently running QKView:

syscon-1-active# system diagnostics qkview status
result  {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}

resultint 0

syscon-1-active# system diagnostics qkview status
result  {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}

resultint 0

system diagnostics qkview delete

COMMAND system diagnostics qkview delete

DESCRIPTION Delete a QKView file.

ARGUMENTS

filename

  • type: string
  • description: The name of file to delete.

EXAMPLE

Delete the QKView file named client-qkview.tar.canceled.

syscon-1-active# system diagnostics qkview delete filename client-qkview.tar.canceled
result  Deleted Qkview file client-qkview.tar.canceled
return code 200

resultint 0

system diagnostics qkview list

COMMAND system diagnostics qkview list

DESCRIPTION Show a list of QKView files.

ARGUMENTS This command has no arguments.

EXAMPLE

List all QKView files on the system:

syscon-1-active# system diagnostics qkview list
result  {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2020-10-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2020-10-26T23:37:43.786269089Z","Size":668708104}]}

resultint 0

system dns servers

COMMAND system dns servers

DESCRIPTION Configure a DNS server for the system controller to use.

ARGUMENTS

server <name>

  • type: string
  • description: The DNS server name.

address <ip-address>

  • type: string
  • description: The IP address of the DNS server.

port <port-number>

  • type: int
  • description: The port number of the DNS server. The default value is 53.

EXAMPLE

Configure a DNS server and then verify that it was completed:

syscon-1-active(config)# system dns servers server 192.0.2.20 config address 192.0.2.20 port 53
syscon-1-active(config-server-192.0.2.20)# commit
Commit complete.
syscon-1-active(config-server-192.0.2.20)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config system dns
system dns servers server 192.0.2.20
 config address 192.0.2.20
 config port 53
!

system image check-version

COMMAND system image check-version

DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.

ARGUMENTS

iso-version <version>

  • type: string
  • description: System image ISO version.

os-version <version>

  • type: string
  • description: System image OS version.

service-version <version>

  • type: string
  • description: System image service version.

EXAMPLE

Verify that the system is compatible with service version number 1.2.0-3456:

syscon-1-active(config)# system image check-version service-version 1.2.0-3456

system image set-version

COMMAND system image set-version

DESCRIPTION Trigger an install after verifying schema compatibility using check-version. This upgrades software on one system controller at a time, without an interruption to system controller availability.

ARGUMENTS

iso-version <version>

  • type: string
  • description: System image ISO version.

os-version

  • type: string
  • description: System image OS version.

out-of-service

  • description: Specify that the upgrade installs on both system controllers and results in a service outage.

service-version

  • type: string
  • description: System image service version.

EXAMPLE

Upgrade the system to iso version 1.2.0-3456:

syscon-1-active(config)# system image set-version iso-version 1.2.0-3456

Upgrade the os version to 1.2.0-3456:

syscon-1-active(config)# system image set-version os-version 1.2.0-3456

Upgrade the service version to 1.2.0-3456:

syscon-1-active(config)# system image set-version service-version 1.2.0-3456

system licensing get-dossier

COMMAND system licensing get-dossier

DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.

ARGUMENTS

add-on-keys <key>

  • type: string (array)
  • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

registration-key <key>

  • type: string
  • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

EXAMPLE

Get a system licensing dossier from F5:

syscon-1-active(config)# system licensing get-dossier
system-dossier 3446aa94eaa020b4ccb57a495d8589771b03556ffa0fc89fe8ae2e301dba149163ce139fb3a94333b6e8ecd28053bd97f541649c2c61756712c1d105b6d637c472b5642cf87064ba3ce9bee90e97df863876f885c3015ca2d4fb8bd02898f2912a0f5a161025baf42494279291ac4518578b5ce04fd03af1a44b793b13ddaa81552f46e205aee75d0c3f81c19bf7411bb9549f31d3d856f2bda42125113b5a6892fc3858b525016defe1636cdad2020ffd297c53a8acefa1b093d3d5609269f6483896402f800d40b8f3cb571a9ab0ea482707bd6e7b34545feb966c5e33ba8d6519486eba2fbeb15eda6761f9df0c9ac3a597becf272fb468465793fbbdc86b96c7a95ab44d925ec8677b060552a8415d93ed9e947039cc27b5a734b6e29f83b38fd6d49ba2bff5bde9df7e400632e434698ebd5a5b441f6915f1d1c884b2be52638e7f46b0ca880a1e6ecbbc67091b9938b0039c4c3ed80d808543cff5875b7b081058a6a263cfd6d72f08c06a58a4b13060543647a9979694a0db7c8816d96fd5fa233c878fb472915e0c241a0ee0898d959315d0a3e0daa933ce208a5c0444871001c8aca507a537fe0a7625ce026113ce46cc9d22b09993f67c5dc2084775e221c9ba8a47089cb35be094c70de40dfca0726bde9ea3a6b9b8b0f3b5d054464f3357b07c7cba243a70c011ee5d856337e1465adf94b0dafbbe647c9f6d5a

system licensing get-eula

COMMAND system licensing get-eula

DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.

ARGUMENTS

add-on-keys <key>

  • type: string (array)
  • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

registration-key <key>

  • type: string
  • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

EXAMPLE

Gets the contents of the latest F5 EULA:

syscon-1-active(config)# system licensing get-eula
eula-text END USER LICENSE AGREEMENT

DOC-0355-16

IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT

YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE.  IF YOU
DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.

This End User License Agreement ("License") applies to the software
product(s) ("Software") you have licensed from us whether on
a stand-alone basis or as part of any hardware ("Hardware") you
purchase from us, (the Hardware and Software together, the "Product").
...

system licensing install

COMMAND system licensing install

DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.

ARGUMENTS

add-on-keys <key>

  • type: string (array)
  • description: A 14-character string that informs the license server about which add-on products you are entitled to license.

license-server <ip-address-or-host-name>

  • type: ip (ip-address), port (unsigned short), name (string)
  • description: IP address or host name of license server. You can specify IP address, port, and name of license server.

registration-key <key>

  • type: string
  • description: A 27-character string that informs the license server about which F5 products you are entitled to license. The base registration key is preinstalled on your system. If you do not already have a base registration key, you can obtain one from F5 Technical Support.

EXAMPLE

Install a base license on the system:

syscon-1(config)# system licensing install registration-key A1234-56789-01234-56789-0123456
result License installed successfully.

system licensing manual-install license

COMMAND system licensing manual-install

DESCRIPTION Perform a manual system license installation.

ARGUMENTS

license <license-text>

  • type: string
  • description: License information for the system. Before you use system licensing manual-install, you use system licensing get-dossier to get the system dossier text, and then activate the license at activate.f5.com.

EXAMPLE

License the system using license information from activate.f5.com:

syscon-1-active(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
> #
> Auth vers : 5b
> #
> #
> # BIG-IP System License Key File
> # DO NOT EDIT THIS FILE!!
> #
> # Install this file as "/config/bigip.license".
> #
> # Contact information in file /CONTACTS
> #
> #
> # Warning: Changing the system time while this system is running
> # with a time-limited license may make the system unusable.
> #
> Usage : F5 Internal Product Development
> #
> #
> # Only the specific use referenced above is allowed. Any other uses are prohibited.
> #
> Vendor : F5 Networks, Inc.
> #
> # Module List
> #
> active module : Local Traffic Manager, CX410|Y123456-7890123|FIPS 140-2 Compliant Mode, CX410|APM-Lite|Rate Shaping|Max Compression, CX410|DNS-GTM, Base|Max SSL, CX410|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
> optional module : Access Policy Manager, Base, CX410
> optional module : Access Policy Manager, Max, CX410
> optional module : Advanced Firewall Manager, CX410
...

system logging remote-servers remote-server

COMMAND system logging remote-servers remote-server

DESCRIPTION Configure information about remote logging servers.

ARGUMENTS

config <ip-address-or-fqdn>

  • type: string
  • description: Host IP address or hostname of the remote log server. The minimum length is 1 character, and the maximum length is 253 characters.

config config proto { tcp | udp }

  • type: enumeration
  • description: Remote server connection protocol. The default value is udp.

config config remote-port <port-number>

  • type: unsignedShort
  • description: Destination port number for syslog messages. The default value is 514.

selectors selector

  • description: Selector facility or severity selector on which to filter messages. F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.

EXAMPLE

Create a logging destination:

syscon-1-active(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
syscon-1-active(config-remote-server-192.0.2.240)# commit
Commit complete.

Delete a logging destination:

syscon-1-active(config)# no system logging remote-servers remote-server 192.0.2.240
syscon-1-active(config)# commit
Commit complete.

system logging host-logs

COMMAND system logging host-logs

DESCRIPTION Configure settings for sending host logs to remote logging servers.

ARGUMENTS

config files file <dir-or-file-name>

  • type: string
  • description: File or directory to be sent.

config remote-forwarding { enabled | disabled }

  • type: enumeration
  • description: Specify enabled to enable remote forwarding of active node host logs. Specify disabled to disable it.

config remote-forwarding enabled include-standby

  • description: If remote forwarding is enabled, specify that the standby node will forward host logs to the active node.

config selectors selector <selector>

  • description: Specify the facility, or class of host messages, to forward. Any logs directed to these will be forwarded, provided that host-logs is enabled and a remote server configuration is present. Available options are:
    • ALL
    • AUDIT
    • AUTH
    • AUTHPRIV
    • CONSOLE
    • KERNEL
    • LOCAL0 LOCAL7
    • MAIL
    • NTP
    • SYSLOG
    • SYSTEM_DAEMON
    • USER

EXAMPLE

Enable remote forwarding:

syscon-1-active(config)# system logging host-logs config remote-forwarding enabled

system logging sw-components sw-component

COMMAND system logging sw-components sw-component

DESCRIPTION Configure logging for platform software components. Available options are:

  • alert-service
  • authd
  • confd-key-migrationd
  • config-object-manager
  • diag-agent
  • fips-service
  • ihealth-upload-service
  • ihealthd
  • license-service
  • lopd
  • orchestration-manager
  • partition-software-manager
  • platform-diag
  • platform-fwu
  • platform-hal
  • platform-monitor
  • platform-stats-bridge-cc
  • qkviewd
  • rsyslog-configd
  • snmp-trapd
  • switchd
  • terminal-server
  • upgrade-service
  • user-manager
  • vcc-chassis-manager
  • vcc-confd
  • vcc-ha
  • vcc-host-config vcc-image-server vcc-lacpd vcc-partition-agent

ARGUMENTS

<component-name> config description

  • type: string
  • description: Text that describes the platform software component. This value is read-only.

<component-name> config name

  • type: string
  • description: Name of the platform software component. This value is read-only.

<component-name> config severity { ALERT | CRITICAL | DEBUG | EMERGENCY | ERROR | INFORMATIONAL | NOTICE | WARNING }

  • type: enumeration
  • description: Software component logging severity level. The default value is INFORMATIONAL. Available options, in decreasing order of severity, are:
    • EMERGENCY: System is unusable.
    • ALERT: Serious errors that require immediate administrator intervention.
    • CRITICAL: Critical errors, including hardware and file system failures.
    • ERROR: Non-critical, but possibly important, error messages.
    • WARNING: Messages that should be logged and reviewed.
    • NOTICE: Messages that contain useful information, but may be ignored.
    • INFORMATIONAL: Messages that contain useful information, but may be ignored. This is the default value.
    • DEBUG: Verbose messages used for troubleshooting.

system mgmt-ip config dhcp-enabled

COMMAND system mgmt-ip config dhcp-enabled

DESCRIPTION Enable or disable DHCP for controller management IP address.

ARGUMENTS

dhcp-enabled { false | true }

  • type: boolean
  • description: Set to true to enable DHCP for the management IP address or false to disable it. The default value is false.

EXAMPLE

Enable DCHP for the management IP address:

syscon-1-active(config)# system mgmt-ip config dhcp-enabled true

system mgmt-ip config ipv4 controller-1

COMMAND system mgmt-ip config ipv4 controller-1

DESCRIPTION Configure the IPv4 management IP address for system controller 1.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv4 address.

EXAMPLE

Configure the IPv4 management IP address for controller-1 to be 192.0.2.2:

syscon-1-active(config)# system mgmt-ip config ipv4 controller-1 address 192.0.2.2

system mgmt-ip config ipv4 controller-2

COMMAND system mgmt-ip config ipv4 controller-2

DESCRIPTION Configure the IPv4 management IP address for system controller 2.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv4 address.

EXAMPLE

Configure the IPv4 management IP address for controller-2 to be 192.0.2.3:

syscon-1-active(config)# system mgmt-ip config ipv4 controller-2 address 192.0.2.3

system mgmt-ip config ipv4 floating

COMMAND system mgmt-ip config ipv4 floating

DESCRIPTION Configure the floating IPv4 management address.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv4 address.

EXAMPLE

Configure the floating IPv4 management IP address to be 192.0.2.4:

syscon-1-active(config)# system mgmt-ip config ipv4 floating address 192.0.2.4

system mgmt-ip config ipv4 gateway

COMMAND system mgmt-ip config ipv4 gateway

DESCRIPTION Configure the gateway IPv4 address.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv4 address.

EXAMPLE

Configure the gateway IPv4 address to be 192.0.2.1:

syscon-1-active(config)# system mgmt-ip config ipv4 gateway 192.0.2.1

system mgmt-ip config ipv4 prefix-length

COMMAND system mgmt-ip config ipv4 prefix-length

DESCRIPTION Configure the IPv4 prefix length.

ARGUMENTS

prefix-length <length>

  • type: int
  • description: IPv4 prefix length. The range is from 0 to 32.

EXAMPLE

Configure the IPv4 prefix length to be 24:

syscon-1-active(config)# system mgmt-ip config ipv4 prefix-length 24

system mgmt-ip config ipv6 controller-1

COMMAND system mgmt-ip config ipv6 controller-1

DESCRIPTION Configure the IPv6 management IP address for system controller 1.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv6 address.

EXAMPLE

Configure the IPv6 management IP address for controller-1 to be ::2:

syscon-1-active(config)# system mgmt-ip config ipv6 controller-1 address ::2

system mgmt-ip config ipv6 controller-2

COMMAND system mgmt-ip config ipv6 controller-2

DESCRIPTION Configure the IPv6 management IP address for system controller 2.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv6 address.

EXAMPLE

Configure the IPv6 management IP address for controller-2 to be ::3:

syscon-1-active(config)# system mgmt-ip config ipv6 controller-2 address ::3

system mgmt-ip config ipv6 floating

COMMAND system mgmt-ip config ipv6 floating

DESCRIPTION Configure the floating IPv6 management address.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv6 address.

EXAMPLE

Configure the floating IPv6 management IP address to be ::4:

syscon-1-active(config)# system mgmt-ip config ipv6 floating address ::4

system mgmt-ip config ipv6 gateway

COMMAND system mgmt-ip config ipv6 gateway

DESCRIPTION Configure gateway IPv6 address.

ARGUMENTS

address <ip-address>

  • type: string
  • description: IPv6 address.

EXAMPLE

Configure the gateway IPv6 address to be ::1:

syscon-1-active(config)# system mgmt-ip config ipv6 gateway ::1

system mgmt-ip config ipv6 prefix-length

COMMAND system mgmt-ip config ipv6 prefix-length

DESCRIPTION Configure IPv6 prefix length.

ARGUMENTS

prefix-length <length>

  • type: int
  • description: IPv6 prefix length. The range is from 0 to 128.

EXAMPLE

Configure the IPv6 prefix length to be 64:

syscon-1-active(config)# system mgmt-ip config ipv6 prefix-length 64

system network config chassis-id

DESCRIPTION Set the chassis ID that is used to determine internal address ranges.

IMPORTANT: F5 strongly recommends that you do not change this setting.

ARGUMENTS

chassis-id

  • type: int
  • description: Chassis ID for internal networking purposes. The range is from 1 to 4. The default value is 1.

system network config network-range-type

DESCRIPTION Configure the internal address range.

ARGUMENTS

{ RFC1918 | RFC6598 }

  • description: Network range type for internal networking purposes. Options include:
    • RFC1918: The system uses 10.[0-15]/12, as specified by RFC1918.
    • RFC6598: The system uses 100.64/10, as specified by RFC6598. This option ignores prefix. This is the default value.

EXAMPLE

Configure the range type to be RFC6598:

syscon-1-active(config)# system network config network-range-type RFC6598

system ntp config enable-ntp-auth

COMMAND system ntp config enable-ntp-auth

DESCRIPTION Enable Network Time Protocol (NTP) protocol authentication for the system. NTP authentication enhances security by ensuring that the system sends time-of-day requests only to trusted NTP servers. Use the system ntp ntp-keys ntp-key command to add the key associated with your server.

ARGUMENTS

{ false | true }

  • type: enumeration
  • description: Specify true to enable using NTP authentication. Specify false to disable it.

EXAMPLE

Enable the use of NTP authentication:

syscon-1-active(config)# system ntp config enable-ntp-auth true

system ntp config

COMMAND system ntp config

DESCRIPTION Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server from a serves defined in the 'ntp/server' list.

ARGUMENTS

{ disabled | enabled }

  • type: enumeration
  • description: Specify enabled to enable using NTP. Specify disabled to disable it.

EXAMPLE

Disable the use of NTP:

syscon-1-active(config)# system ntp config disabled

system ntp ntp-keys ntp-key

COMMAND system ntp ntp-keys ntp-key

DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.

ARGUMENTS

config key-id <id>

  • type: unsignedShort
  • description: An identifier used by the client and server to designate a secret key. The client and server must use the same key ID.

config key-type <type>

  • type: NTP_AUTH_TYPE
  • description: Encryption type used for the NTP authentication key. For example, NTP_AUTH_MD5.

config key-value <auth-key-value>

  • type: string
  • description: NTP authentication key value.

system ntp servers server

COMMAND system ntp servers server

DESCRIPTION Configure which NTP servers can be used for system clock synchronization. If system ntp is enabled, then the system will attempt to contact and use the specified NTP servers.

ARGUMENTS

config address <ip-address-or-dns-name>

  • type: string
  • description: NTP Server address with which system clock synchronize. The range is from 1 character to 253 characters.

config association-type { SERVER | PEER | POOL }

  • type: string
  • description: Classify the NTP configuration using these association types. The default value is SERVER.

config iburst { false | true }

  • type: boolean
  • description: Specify true to enable iburst for the NTP service. Specify false to disable it.

config port

  • type: unsignedShort
  • description: Port number on which the NTP Service to listen on. The default value is 123.

config prefer { false | true }

  • type: boolean
  • description: Specify true to indicate that this server should be the preferred one. Specify false if not.

config version

  • type: unsignedByte
  • description: Version number to put in outgoing NTP packets. The range is from 0 to 4.

config key-id

  • type: unsignedShort
  • description: Key identifier used for NTP authentication. The key-id value must match the key-type and key-value values provided in system ntp ntp-keys ntp-key on this client system, and all values must also match the server exactly.

EXAMPLES

Configure an NTP server with the address pool.ntp.org, where the association type is POOL, and it is the preferred server:

syscon-1-active(config)# system ntp servers server pool.ntp.org config address pool.ntp.org association-type POOL prefer true
syscon-1-active(config-server-pool.ntp.org)# top
syscon-1-active(config)# system ntp config enabled
syscon-1-active(config)# commit
Commit complete.

Configure an NTP server with the address time.f5net.com, where the association type is SERVER, iburst is enabled, port is 123, it is the preferred server, and version number is 4:

syscon-1-active(config)# system ntp servers server time.f5net.com
syscon-1-active(config-server-time.f5net.com)# config address time.f5net.com
syscon-1-active(config-server-time.f5net.com)# config association-type SERVER
syscon-1-active(config-server-time.f5net.com)# config iburst true
syscon-1-active(config-server-time.f5net.com)# config port 123
syscon-1-active(config-server-time.f5net.com)# config prefer true
syscon-1-active(config-server-time.f5net.com)# config version 4
syscon-1-active(config-server-time.f5net.com)# commit
Commit complete.

system redundancy config mode

COMMAND system redundancy config mode

DESCRIPTION Change the system controller redundancy mode.

ARGUMENTS

mode

  • type: string
  • description: System controller redundancy mode. Choose from these options:
    • auto: System chooses preferred node automatically.
    • prefer-1: Prefer controller-1 to be Active
    • prefer-2: Prefer controller-2 to be Active.

EXAMPLE

Set system controller 2 as the preferred controller:

syscon-1-active(config)# system redundancy config mode prefer-2


system redundancy go-standby

COMMAND system redundancy go-standby

DESCRIPTION Cause currently active system controller to switch to standby.

EXAMPLE

Set the currently active system controller switch so that it is the standby controller:

syscon-1-active(config)# system redundancy go-standby

system config hostname

COMMAND system config hostname

DESCRIPTION Configure a hostname for the system.

ARGUMENTS

<hostname>

  • type: string
  • description: The hostname for the system. The hostname must be fully qualified domain name (FQDN). The minimum length is 1 character, and the maximum length is 253 characters.

EXAMPLE

Configure the hostname to be test.company.com:

syscon-1-active(config)# system config hostname test.company.com

system config login-banner

COMMAND system config login-banner

DESCRIPTION

Configure a banner message to be displayed before users log in to the system.

ARGUMENTS

<message>

  • type: string
  • description: The login banner message for the system.

EXAMPLE

Configure a banner message:

syscon-1-active(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED

system config motd-banner

COMMAND system config motd-banner

DESCRIPTION

Configure a message of the day (MOTD) banner to display after users log in to the system.

<message>

  • type: string
  • description: The MOTD banner message for the system.

EXAMPLE

Configure a MOTD banner message:

syscon-1-active(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.

system reboot controllers

COMMAND system reboot controllers

DESCRIPTION Trigger a restart of a specified system controller. This resets the management IP connection.

ARGUMENTS

controller { active | standby }
  • type: enumeration
  • description: Specify active to restart the active system controller. Specify standby to restart the standby system controller.

EXAMPLE

Reboot the standby system controller:

syscon-1-active(config)# system reboot controllers controller standby

system set-datetime

COMMAND system set-datetime

DESCRIPTION Configure the date and time for the system.

ARGUMENTS

date <date>
  • type: string
  • description: The system date, in the format YYYY-MM-DD.
time
  • type: string
  • description: The system time, in the format HH:MM:SS.

EXAMPLES

Configure the system date to be 2021-01-01:

syscon-1-active(config)# system set-datetime date 2021-01-01

Configure the system time to be 12:01:00:

syscon-1-active(config)# system set-datetime date 12:01:00

System Controller: operational-mode-commands


Operational Mode Commands


autowizard

COMMAND autowizard

DESCRIPTION Specify whether to query automatically for mandatory elements.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Specify true to query automatically for mandatory elements. Specify false to disable it.

cd

COMMAND cd

DESCRIPTION Change the working directory to a specific folder.

ARGUMENTS

<directory>

  • type: string
  • description: Directory name to which you want to change.

clear

COMMAND clear

DESCRIPTION Remove all configuration changes.

ARGUMENTS

history

  • description: Clear operational and configuration mode history.

commit

COMMAND commit

DESCRIPTION Commit the current set of changes to the running configuration.

ARGUMENTS

abort

  • description: Halt a pending commit using the persist-id <id> argument.

confirm

  • description: Commit the current set of changes to running with a timeout (in minutes). If no commit confirm command is issued before the timeout expires, then the configuration is reverted to the configuration that was active before the commit confirmed command was issued. If no timeout is given, then the confirming commit has a timeout of 10 minutes. The configuration session will be terminated after this command since no further editing is possible. The confirming commit will be rolled back if the CLI session is terminated before confirming the commit, unless the persist argument is also given. If the persist command is given, then the CLI session can be terminated and a later session can confirm the pending commit by supplying the persist token as an argument to the commit command using the persist-id argument.

persist-id <id>

  • type: int
  • description: Persist identifier used if a previous commit operation was performed using the persist-id argument. Include the persist-id option and specify the same persist token id, to modify the ongoing confirming commit process. This enables you to cancel an ongoing persist commit operation or extend the timeout.

compare

COMMAND compare

DESCRIPTION Compare two configuration subtrees.

ARGUMENTS

<config>

  • type: string
  • description: Compare the running configuration to a saved configuration.

complete-on-space

COMMAND complete-on-space

DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Specify true to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false to disable it.

config

COMMAND config

DESCRIPTION Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit command.

ARGUMENTS

terminal

  • description: Allow editing from this terminal only. This edits a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time.

no-confirm

  • description: Do not allow a commit confirmation. This edits a private copy of the running configuration and does not allow the commit confirmed command to be used to commit the configuration.

exclusive

  • description: Specify an exclusive edit mode. This locks the running configuration and the candidate configuration, and edits the candidate configuration. No one else can edit the candidate configuration as long as it is locked.

shared

  • description: Specify shared edit mode. Edit the candidate configuration without locking it. This option allows another person to edit the candidate configuration at the same time.

describe

COMMAND describe

DESCRIPTION Display internal information about how a command is implemented.

ARGUMENTS

<command>

  • type: string
  • description: Command for which you want to view implementation information.

display-level

COMMAND display-level

DESCRIPTION Set the depth of the configuration shown for show commands.

ARGUMENTS

<depth>

  • type: unsigned long integer
  • description: Maximum depth to display for show commands. The <depth> can be a value from 1 through 64.

exit

COMMAND exit

DESCRIPTION Exit the CLI session.

ARGUMENTS This command has no arguments.


file

COMMAND file

DESCRIPTION Perform file operations.

ARGUMENTS

For detailed information about these arguments, see the file page under System Controller / config-mode-commands.

  • delete
  • export
  • import
  • list
  • show
  • tail
  • transfer-status

help

COMMAND help

DESCRIPTION Display help information about a specified command.

ARGUMENTS

<command>

  • type: string
  • description Command for which you want to view help.

history

COMMAND history

DESCRIPTION Configure the command history cache size.

ARGUMENTS

<size>

  • type: int
  • description: Number of commands tracked by CLI history. The <size> can be a value from 0 through 1000.

id

COMMAND id

DESCRIPTION Display information about the current user, including user, gid, group, and gids.

ARGUMENTS This command has no arguments.


idle-timeout

COMMAND idle-timeout

DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.

ARGUMENTS

<timeout>

  • type: int
  • description: Number of seconds that the CLI is inactive before a user is logged out. A value of 0 (zero) sets the time to infinity, so the user is never logged out. The timeout can be a value from 0 through 8192 seconds. The default value is 1800 seconds (30 minutes).

ignore-leading-space

COMMAND ignore-leading-space

DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Set to false to ignore leading whitespace or true to consider it.

leaf-prompting

COMMAND leaf-prompting

DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Specify false to disable leaf prompting and specify true to enable it.

logout

COMMAND logout

DESCRIPTION Log out a specific session or user from all sessions.

ARGUMENTS

session <session-id>

  • type: string
  • description: Log out a specific session by providing a value for <session-id>.

user <user-name>

  • type: string
  • description: Log out a specific user by providing a value for <user-name>.

no

COMMAND no

DESCRIPTION Delete or unset a configuration command.

ARGUMENTS

<command>

  • type: string
  • description Command to delete or unset.

output-file

COMMAND output-file

DESCRIPTION Copy command output to a file or terminal.

ARGUMENTS

<terminal-or-filename>

  • type: string
  • description: Specify whether to output to the terminal or to a specified file.

paginate

COMMAND paginate

DESCRIPTION Specify whether to control the pagination of CLI command output.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Specify false to display command output continuously, regardless of the CLI screen height. Specify true to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.

prompt1

COMMAND prompt1

DESCRIPTION Set the operational mode prompt.

ARGUMENTS

<prompt-text>

  • type: string
  • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
    • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
    • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
    • \H - Full hostname. You configure the hostname with the system hostname command.
    • \s - Source IP address of the local system.
    • \t - Current time in 24-hour hh:mm:ss format.
    • \A - Current time in 24-hour ​ format.
    • \T - Current time in 12-hour hh:mm:ss​ format.
    • \@ - Current time in 12-hour hh:mm​ format.
    • \u - Login username of the current user.
    • \m - Mode name.
    • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
    • \M - Mode name in parentheses.
    • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

prompt2

COMMAND prompt2

DESCRIPTION Set the configuration mode prompt.

ARGUMENTS

<prompt-text>

  • type: string
  • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
    • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
    • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
    • \H - Full hostname. You configure the hostname with the system hostname command.
    • \s - Source IP address of the local system.
    • \t - Current time in 24-hour hh:mm:ss format.
    • \A - Current time in 24-hour ​ format.
    • \T - Current time in 12-hour hh:mm:ss​ format.
    • \@ - Current time in 12-hour hh:mm​ format.
    • \u - Login username of the current user.
    • \m - Mode name.
    • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
    • \M - Mode name in parentheses.
    • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

pwd

COMMAND pwd

DESCRIPTION Display the current path in the configuration hierarchy.

ARGUMENTS This command has no arguments.


quit

COMMAND quit

DESCRIPTION Exit the CLI session.

ARGUMENTS This command has no arguments.


screen-length

COMMAND screen-length

DESCRIPTION Configure the length of the terminal window.

ARGUMENTS

<number-of-rows>

  • type: int
  • description: The length of the terminal screen, in rows. The <number-of-rows> can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.

screen-width

COMMAND screen-width

DESCRIPTION Configure the width of the terminal window.

ARGUMENTS

<number-of-columns>

  • type: int
  • description: The width of the terminal screen, in columns. The <number-of-rows> can be from 200 through 256.

send

COMMAND send

DESCRIPTION Send a message to the terminal of a specified user or all users.

ARGUMENTS

{ all | username <\username> }

  • description: Specify all to send a message to all users. Specify username <username> to send a message only to a specified user.

<message>

  • type: string
  • description: Contents of message to send to specified user(s).

show

COMMAND show

DESCRIPTION Show information about the system.

ARGUMENTS

<system-component>

  • type: string
  • description: The component about which you want to view information.

show-defaults

COMMAND show-defaults

DESCRIPTION Specify whether to display the default configuration.

ARGUMENTS

{ false | true }

  • type: boolean
  • description: Specify true to display the default values. Specify false to hide the default values.

terminal

COMMAND terminal

DESCRIPTION Set the terminal type.

ARGUMENTS

{ generic | xterm | vt100 | ansi | linux }

  • description: The type of terminal. Select from one of these options:
    • generic
    • xterm
    • vt100
    • ansi
    • linux

timestamp

COMMAND timestamp

DESCRIPTION Configure whether to display the timestamp.

ARGUMENTS

{ enable | disable }

  • type: boolean
  • description: Specify enable to show the timestamp. Specify disable to hide the timestamp.

who

COMMAND who

DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).

ARGUMENTS This command has no arguments.


write

COMMAND write

DESCRIPTION Display the running configuration of the system on the terminal. This command is equivalent to the show running-config command.

ARGUMENTS

terminal

  • description: Displays the running configuration. To show the configuration of a specific component, press the Tab key to view additional options.

System Controller: pipe-mode-commands


Pipe Mode Commands


annotation

COMMAND annotation

DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.

Note: Only available when the system has been configured with attributes enabled.

ARGUMENTS

<statement> <text>

  • type: string
  • description: Statement and text to search in a provided configuration statement.

append

COMMAND append

DESCRIPTION Append command output text to a file.

ARGUMENTS

<filename>

  • type: string
  • description: Append command output to a specified file.

begin

COMMAND begin

DESCRIPTION Display the command output starting at the first match of a specified string.

ARGUMENTS

<regularexpression-_restricted_subset>

  • type: string
  • description: Text string to find, where command output will begin displaying. The string is case sensitive.

best-effort

COMMAND best-effort

DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.

ARGUMENTS This command has no arguments.


context-match

COMMAND context-match

DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.

ARGUMENTS

<pattern>

  • type: string
  • description: Characters from the output to match.

count

COMMAND count

DESCRIPTION Count the number of lines in the command output.

ARGUMENTS This command has no arguments.


csv

COMMAND csv

DESCRIPTION Display table output in CSV format.

ARGUMENTS This command has no arguments.


de-select

COMMAND de-select

DESCRIPTION Do not show a specified field in the command output.

ARGUMENTS

<column-to-de-select>

  • type: string
  • description: The field that you do not want to display in the command output.

debug

COMMAND debug

DESCRIPTION Display debug information.

ARGUMENTS This command has no arguments.


details

COMMAND details

DESCRIPTION Display the default values for commands in the running configuration.

ARGUMENTS This command has no arguments.


display

COMMAND display

DESCRIPTION Display options.

ARGUMENTS This command has no arguments.


exclude

COMMAND exclude

DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.

ARGUMENTS

<regularexpression-_restricted_subset>

  • type: string
  • description: String to match when excluding lines from the command output.

extended

COMMAND extended

DESCRIPTION Display referring entries or elements.

ARGUMENTS This command has no arguments.


force

COMMAND force

DESCRIPTION Log out any users who are locking the configuration.

ARGUMENTS This command has no arguments.


hide

COMMAND hide

DESCRIPTION Hide display options.

ARGUMENTS This command has no arguments.


include

COMMAND include

DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.

ARGUMENTS

<regularexpression-_restricted_subset>

  • type: string
  • description: String to match when including in the command output.

linnum

COMMAND linnum

DESCRIPTION Display a line number at the beginning of each line in the displayed output.

ARGUMENTS This command has no arguments.


match-all

COMMAND match-all

DESCRIPTION Display the command output that matches all command output filters.

ARGUMENTS This command has no arguments.


match-any

COMMAND match-any

DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.

ARGUMENTS This command has no arguments.


more

COMMAND more

DESCRIPTION Paginate the command output. This is the default behavior.

ARGUMENTS This command has no arguments.


nomore

COMMAND nomore

DESCRIPTION Do not paginate command output.

ARGUMENTS This command has no arguments.


notab

COMMAND notab

DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.

ARGUMENTS This command has no arguments.


repeat

COMMAND repeat

DESCRIPTION Repeat the output of a show command periodically.

ARGUMENTS

<interval-in-seconds>

  • type: int
  • description: How often to repeat the command, in seconds. Type Ctrl-C to terminate the display.

save

COMMAND save

DESCRIPTION Save the command output text to a file.

ARGUMENTS

<filename>

  • type: string
  • description: The name of the file where command output is saved.

select

COMMAND select

DESCRIPTION Display selected fields in the command output.

ARGUMENTS

<column-to-select>

  • type: string
  • description: The field(s) that you want to display in the command output.

sort-by

COMMAND sort-by

DESCRIPTION Display command output with values sorted in a specified field.

ARGUMENTS

<index>

  • type: string
  • description: Name of the field to sort by in the command output.

suppress-validate-warning-prompt

COMMAND suppress-validate-warning-prompt

DESCRIPTION Suppress the validation warning prompt.

ARGUMENTS This command has no arguments.


tab

COMMAND tab

DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.

ARGUMENTS This command has no arguments.


tags

COMMAND tags

DESCRIPTION Display only statements with tags that match a pattern.

ARGUMENTS

<pattern>

  • type: string
  • description: Characters from the output to match.

trace

COMMAND trace

DESCRIPTION Display trace information.

ARGUMENTS This command has no arguments.


until

COMMAND until

DESCRIPTION Display the command output, ending with the line that matches a specified string.

ARGUMENTS

<regularexpression-_restricted_subset>

  • type: string
  • description: Text string to find to start displaying the command output.

System Controller: show-commands


show SNMP-FRAMEWORK-MIB

COMMAND show SNMP-FRAMEWORK-MIB

DESCRIPTION Display information about the SNMP Management Architecture MIB.

ARGUMENTS

This command has no arguments.

EXAMPLES

Display the SNMP Engine information:

syscon-1-active# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 1
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 1632463
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000

show cli

COMMAND show cli

DESCRIPTION Display the default CLI session settings.

ARGUMENTS

This command has no arguments.

EXAMPLES

Display the current default CLI session settings:

syscon-1-active# show cli
autowizard            true
complete-on-space     true
devtools              false
display-level         99999999
history               100
idle-timeout          1800
ignore-leading-space  false
leaf-prompting        true
output-file           terminal
paginate              true
prompt1               \h\M#
prompt2               \h(\m)#
screen-length         57
screen-width          120
service prompt config true
show-defaults         false
terminal              xterm-256color
timestamp             disable

show cluster

COMMAND show cluster

DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.

EXAMPLE

Display the current cluster state:

syscon-1-active# show cluster
NAME          STATUS  TIME CREATED          ROLES         CPU  PODS  MEMORY      HUGEPAGES
--------------------------------------------------------------------------------------------
blade-1       Ready   2021-01-26T07:05:29Z  compute       28   250   26112336Ki  102890Mi
blade-2       Ready   2021-01-26T07:05:29Z  compute       28   250   26112336Ki  102890Mi
controller-1  Ready   2021-01-26T06:36:50Z  infra,master  -    -     -           -
controller-2  Ready   2021-01-26T06:36:50Z  infra,master  -    -     -           -

STAGE NAME               STATUS
---------------------------------
AddingBlade              Done
HealthCheck              Done
HostedInstall            Done
MasterAdditionalInstall  Done
MasterInstall            Done
NodeBootstrap            Done
NodeJoin                 Done
Prerequisites            Done
ServiceCatalogInstall    Done
etcdInstall              Done

cluster cluster-status summary-status "Openshift cluster is healthy, and all controllers and blades are ready."
INDEX  STATUS
-----------------------------------------------------------------------------------------------------------------------
0      2021-01-26 06:12:18.325648 -  Performing network-validations before installing cluster into openshift cluster.
1      2021-01-26 06:12:41.236284 -  Installing controllers into openshift cluster.
2      2021-01-26 06:26:41.835981 -  Cannot ping blade blade-1.chassis.local (192.0.2.1) [1].
3      2021-01-26 06:27:28.002906 -  Cannot ping blade blade-2.chassis.local (192.0.2.2) [1].
4      2021-01-26 06:33:19.463460 -  Can now ping blade blade-1.chassis.local (192.0.2.1).
5      2021-01-26 06:33:19.775967 -  Can now ping blade blade-2.chassis.local (192.0.2.2).
6      2021-01-26 06:33:41.891690 -  Successfully SSH'd to blade blade-2.chassis.local.
7      2021-01-26 06:33:52.639644 -  Successfully SSH'd to blade blade-1.chassis.local.
8      2021-01-26 06:56:46.673298 -  Controller 1 is ready in openshift cluster.
9      2021-01-26 06:56:46.673409 -  Controller 2 is ready in openshift cluster.
10     2021-01-26 06:56:46.673439 -  Openshift cluster is ready.
11     2021-01-26 06:57:10.948596 -  Installation of controllers into openshift cluster succeeded.
12     2021-01-26 06:57:59.873283 -  Blade 1 is being added to the openshift cluster.
13     2021-01-26 06:58:09.992015 -  Blade 2 is being added to the openshift cluster.
14     2021-01-26 06:58:12.432213 -  New blade(s) are ready join the cluster.
15     2021-01-26 06:58:13.191941 -  Adding new blades into the Openshift cluster.
16     2021-01-26 07:06:09.967325 -  Blade 1 is ready in openshift cluster.
17     2021-01-26 07:06:09.967406 -  Blade 2 is ready in openshift cluster.
18     2021-01-26 07:12:22.252472 -  Success adding new blades into the Openshift cluster,
19     2021-01-26 07:19:06.812622 -  Orchestration manager transitioning to standby.
20     2021-01-26 07:20:35.970843 -  Orchestration manager transitioning to active.
21     2021-01-26 07:24:26.013076 -  Blade 1 is NOT ready in openshift cluster.
22     2021-01-26 07:24:50.259240 -  Blade 1 is ready in openshift cluster.
23     2021-01-26 09:09:12.465617 -  Invalid DNS server configured on controller-1.chassis.local.
24     2021-01-26 09:09:29.959390 -  Found valid DNS configuration on controller-1.chassis.local.

show cluster cluster-status

COMMAND show cluster cluster-status

DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.Nodes in the cluster.

ARGUMENTS

cluster-status <event-number>

  • description: View a specific OpenShift event.

EXAMPLE

Display cluster event number 2:

syscon-1-active# show cluster cluster-status cluster-status 2
INDEX  STATUS
-----------------------------------------------------------------------------
2      2021-03-02 00:03:44.551587 -  Blade 7 is ready in openshift cluster.

show cluster install-progress

COMMAND show cluster install-progress

DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.

ARGUMENTS

install-progress <stage-name>

  • description: View the status of a specific stage name. Available options are:
    • AddingBlade
    • HealthCheck
    • HostedInstall
    • MasterAdditionalInstall
    • MasterInstall
    • NodeBootstrap
    • NodeJoin
    • Prerequisites
    • ServiceCatalogInstall
    • displaylevel
    • etcdInstall

EXAMPLE

Display the installation progress of only the AddingBlade stage:

syscon-1-active# show cluster install-progress install-progress AddingBlade
STAGE NAME   STATUS
---------------------
AddingBlade  Done

Display the installation progress of the whole cluster:

syscon-1-active# show cluster install-progress
STAGE NAME               STATUS
---------------------------------
AddingBlade              Done
HealthCheck              Done
HostedInstall            Done
MasterAdditionalInstall  Done
MasterInstall            Done
NodeBootstrap            Done
NodeJoin                 Done
Prerequisites            Done
ServiceCatalogInstall    Done
etcdInstall              Done

show cluster nodes

COMMAND show cluster nodes

DESCRIPTION Display the status of nodes in the cluster, including the current state of the OpenShift cluster and the individual system controller or blade nodes within the cluster.

ARGUMENTS

node <blade-or-sys-controller>

  • description: View the status of a specific node. Available options are:
    • blade-1 - blade-<n>
    • controller-1
    • controller-2

EXAMPLES

Display only the status of blade-2:

syscon-1-active# show cluster nodes node blade-2
NAME     STATUS  TIME CREATED          ROLES    CPU  PODS  MEMORY      HUGEPAGES
----------------------------------------------------------------------------------
blade-2  Ready   2021-02-26T19:20:15Z  compute  28   250   26112340Ki  102890Mi

Display the status of all nodes:

syscon-1-active# show cluster nodes
NAME          STATUS  TIME CREATED          ROLES         CPU  PODS  MEMORY      HUGEPAGES
--------------------------------------------------------------------------------------------
blade-1       Ready   2021-01-26T07:05:29Z  compute       28   250   26112336Ki  102890Mi
blade-2       Ready   2021-01-26T07:05:29Z  compute       28   250   26112336Ki  102890Mi
controller-1  Ready   2021-01-26T06:36:50Z  infra,master  -    -     -           -
controller-2  Ready   2021-01-26T06:36:50Z  infra,master  -    -     -           -

show cluster orchestration-manager

COMMAND show cluster orchestration-manager

DESCRIPTION Display the status of orchestration manager components in the cluster.

ARGUMENTS

active-node

  • description: View the status of the active node.

blade-status

  • description: View the cluster status of all blades.

cluster-initialized

  • description: Display whether the cluster is initialized. If the output is true, the cluster is initialized. If the output is false, the cluster is not initialized.

cluster-ready

  • description: Display whether the cluster is ready. If the output is true, the cluster is ready. If the output is false, the cluster is not ready.

controller-status

  • description: View the cluster status of all system controllers.

etcd-ha-initialized

  • description: Display whether high availability (HA) is initialized. If the output is true, HA is initialized. If the output is false, HA is not initialized.

etcd-ha-running

  • description: Display whether HA is ready. If the output is true, HA is ready. If the output is false, HA is not ready.

EXAMPLE

Display the status of all orchestration manager components:

syscon-1-active# show cluster orchestration-manager
cluster orchestration-manager cluster-initialized true
cluster orchestration-manager cluster-ready true
cluster orchestration-manager active-node controller-1.chassis.local
cluster orchestration-manager etcd-ha-initialized true
cluster orchestration-manager etcd-ha-running true
                                                               ABLE  ABLE
                                             IN       READY    TO    TO
INDEX  NAME                        INSERTED  CLUSTER  CLUSTER  PING  SSH   STATE
---------------------------------------------------------------------------------------
1      controller-1.chassis.local  true      true     true     true  true  In Cluster
2      controller-2.chassis.local  true      true     true     true  true  In Cluster

                                                          ABLE  ABLE
                                        IN       READY    TO    TO                PARTITION
INDEX  NAME                   INSERTED  CLUSTER  CLUSTER  PING  SSH   STATE       LABEL
-----------------------------------------------------------------------------------------------
1      blade-1.chassis.local  true      true     true     true  true  In Cluster  partition-1
2      blade-2.chassis.local  true      true     true     true  true  In Cluster  partition-1

show components

COMMAND show components

DESCRIPTION Display information about hardware inventory and firmware components.

ARGUMENTS

The availability of options for this command depends on which hardware component you are configuring.

component <specific-component>

  • type: string
  • description: Name of the specific component. Available options are:
    • blade-1 through blade-<n>
    • chassis
    • controller-1 through controller-2
    • fantray-1
    • lcd
    • psu-1 through psu-<n>
    • psu-controller-1 through psu-controller-2

component <blade-number> properties property <firmware-properties>

  • type: string
  • description: View information about firmware properties to verify the firmware version for a specified blade or verify that a firmware update has completed successfully. When a firmware update is in progress, the UPDATE STATUS is running, and it changes to complete when the update completes. You can either leave off a specific firmware property to see all properties or specify one of these available options:
    • fw-version-bios
    • fw-version-bios-me
    • fw-version-cpld
    • fw-version-drive-nvme0n1
    • fw-version-fpga-atse0
    • fw-version-fpga-vqf0
    • fw-version-lop-app
    • fw-version-lop-bootloader
    • fw-version-sirr

EXAMPLES

Display details about psu-1:

syscon-1-active# show components component psu-1
components component psu-1
 state serial-no 20003BPK0135
 state part-no SPDFFIV-08
 state empty false

Display software information on blade-1:

syscon-1# show components component blade-1 software
SOFTWARE INDEX      VERSION
--------------------------------
blade-os            1.2.0-3019
partition-services  1.2.0-3019

Display all information about blade-1:

syscon-1# show components component blade-1
components component blade-1
 state serial-no      bld123456s
 state part-no        "400-0086-02 REV 2"
 state empty          false
 state tpm-integrity-status Valid
 state memory available 22674624512
 state memory free 20161323008
 state memory used-percent 83
 state temperature current 31.0
 state temperature average 31.0
 state temperature minimum 30.0
 state temperature maximum 32.0
                                                                                  UPDATE
NAME                       NAME  VALUE                              CONFIGURABLE  STATUS
------------------------------------------------------------------------------------------
QAT0                       -     Lewisburg C62X Crypto/Compression  false         -
QAT1                       -     Lewisburg C62X Crypto/Compression  false         -
QAT2                       -     Lewisburg C62X Crypto/Compression  false         -
fw-version-bios            -     2.03.008.1                         false         -
fw-version-bios-me         -     4.0.4.128                          false         -
fw-version-cpld            -     05.04.00                           false         -
fw-version-lop-app         -     1.00.928.0.1                       false         -
fw-version-lop-bootloader  -     1.02.868.0.1                       false         -

 storage state disks disk nvme0n1
  state model "INTEL SSDPELKX010T8"
  state vendor Intel
  state version VCV10301
...

Show information about all firmware for blade-1 and verify that the fw-version-lop-app firmware has updated successfully:

syscon-1-active# show components component blade-1 properties
                                                             UPDATE
NAME                       NAME  VALUE         CONFIGURABLE  STATUS
-----------------------------------------------------------------------
fw-version-bios            -     1.21.168.1    -             none
fw-version-bios-me         -     4.0.4.112     false         none
fw-version-cpld            -     04.03.01      false         none
fw-version-drive-nvme0n1   -     unknown       false         none
fw-version-fpga-atse0      -     7.6.59.0      false         none
fw-version-fpga-vqf0       -     8.6.63.33     false         none
fw-version-lop-app         -     1.00.928.0.1  -             complete
fw-version-lop-bootloader  -     1.02.868.0.1  false         none
fw-version-sirr            -     1.1.8         false         none

show configuration commit changes

COMMAND show configuration commit changes

DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.

ARGUMENTS

<id>

  • type: int
  • description: Display information for a specific configuration commit.

EXAMPLES

Display information about the last commit:

syscon-1-active# show configuration commit changes
!
! Created by: admin
! Date: 2021-02-09 18:37:47
! Client: system
!
partitions partition default
 config os-version 1.2.0-3019
 config service-version 1.2.0-3019
!

Display information about commit ID 28:

syscon-1-active# show configuration commit changes 28
!
! Created by: admin
! Date: 2021-02-05 21:57:52
! Client: cli
!
partitions partition ConfdUpgradePartition
!

Display information about concurrent operations:



show configuration commit list

COMMAND show configuration commit list

DESCRIPTION Display information about the configuration commits stored in the commit database.

ARGUMENTS

<number-of-commits>

  • type: int
  • description: Display a specific number of configuration commits.

EXAMPLE

Display information about the five most recent configuration commits:

syscon-1-active# show configuration commit list 5
2021-02-10 00:30:06
SNo. ID       User       Client      Time Stamp          Label       Comment
~~~~ ~~       ~~~~       ~~~~~~      ~~~~~~~~~~          ~~~~~       ~~~~~~~
0    10001    admin      system      2021-02-09 18:37:47
1    10026    admin      system      2021-02-09 18:29:31
2    10025    system     system      2021-02-09 18:24:40
3    10024    system     system      2021-02-09 18:24:39
4    10023    system     system      2021-02-09 18:24:39

show configuration rollback changes

COMMAND show configuration rollback changes

DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.

ARGUMENTS

<id>

  • type: int
  • description: Display information for a specific configuration commit.

EXAMPLE

Display changes that would be made by rolling back to the most recent configuration commit:

syscon-1-active# show configuration rollback changes
partitions partition default
 config os-version 1.2.0-2954
 config service-version 1.2.0-2954
!

show ctrlr_status

COMMAND show ctrlr_status

DESCRIPTION Display the status of the current system controller.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display the status of the current system controller:

syscon-1-active# show ctrlr_status
ctrlr_status chassis_num 1

show file

COMMAND show file

DESCRIPTION Display information about the status of current file transfer operations and known hosts for file transfers.

ARGUMENTS

known-hosts

  • type: unsignedLong
  • description: Display known hosts for file transfers using SFTP or SCP.

transfer-operations

  • type: unsignedLong
  • description: Display the status of any current file transfer operations. If there are no transfers in progress, this message displays: % No entries found. Every uploaded file includes a status. Available options include, but are not limited to, these statuses:
    • Initialized: File upload has initialized.
    • In-progress: File uploaded has started. A percentage uploaded displays with the percentage of bytes received, and this refreshes every 5 seconds
    • Completed: The md5sum was validated, and the file was moved to its destination folder.
    • md5sum-checksum-failed: The file was partially uploaded, or the wrong file was uploaded. The uploaded file is deleted.
    • Duplicate-failed: The file already exists in the destination folder. The uploaded file is deleted.
    • Copy-failed: The move of the file from the file upload tmp folder to the destination failed.

EXAMPLES

Display information about an in-progress file transfer operation:

syscon-1-active# show file transfer-operations
file transfer-operations transfer-operation images/BIGIP-bigip15.1.x-15.1.5.ALL-VELOS.qcow2.zip 192.0.02.11 build/bigip/v15.1.x/daily/build146.0/VM/BIGIP-bigip15.1.x-15.1.5.ALL-VELOS.qcow2.zip "Import file" "HTTPS   "
 status    "In Progress (12.0%)"
 timestamp "Fri Jun 11 21:56:06 2021"

show history

COMMAND show history

DESCRIPTION Display a history of commands run on the system controller.

ARGUMENTS

  • type: int
  • description: Number of commands to show in the command history.

EXAMPLE

Display the last five commands that were run on the system controller:

syscon-1-active# show history
02-18 16:47:28 -- show cluster
02-18 16:47:43 -- show running-config partitions partition default
02-18 16:47:50 -- show cluster
02-18 16:51:31 -- show running-config partitions partition default
02-18 19:25:59 -- file transfer-status

show image controller

COMMAND show image controller

DESCRIPTION Display information about the images on the system controllers, including their versions, dates, and whether they are in use.

ARGUMENTS

This command has no arguments.

EXAMPLE

Show all images on the system controllers:

syscon-1-active# show image controller
VERSION OS                                  IN
CONTROLLER  CONTROLLER  STATUS  DATE        USE
---------------------------------------------------
1.2.0-3498  1           ready   2021-02-21  true
1.2.0-3414  1           ready   2021-02-17  false

VERSION
SERVICE                                     IN
CONTROLLER  CONTROLLER  STATUS  DATE        USE
---------------------------------------------------
1.2.0-3498  1           ready   2021-02-21  true
1.2.0-3414  1           ready   2021-02-17  false

VERSION
ISO                                         IN
CONTROLLER  CONTROLLER  STATUS  DATE        USE
---------------------------------------------------
1.2.0-3498  1           ready   2021-02-21  false
1.2.0-3414  1           ready   2021-02-17  false

show image partition

COMMAND show image partition

DESCRIPTION Display information about the images on the partition.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display all images on the partitions:

syscon-1-active# show image partition
VERSION OS                                   IN
PARTITION    CONTROLLER  STATUS  DATE        USE    NAME     ID
-----------------------------------------------------------------
1.2.0-3498   1           ready   2021-02-21  true   default  1
1.2.0-3494   1           ready   2021-02-21  false
1.2.0-3414   1           ready   2021-02-17  true   second   2
                                                    third    3
1.2.0-3354   1           ready   2021-02-16  false
1.0.0-12251  1           ready   2020-11-05  false

VERSION
SERVICE                                      IN
PARTITION    CONTROLLER  STATUS  DATE        USE    NAME     ID
-----------------------------------------------------------------
1.2.0-3498   1           ready   2021-02-21  true   default  1
1.2.0-3494   1           ready   2021-02-21  false
1.2.0-3414   1           ready   2021-02-17  true   second   2
                                                    third    3
1.2.0-3354   1           ready   2021-02-16  false
1.0.0-12251  1           ready   2020-11-05  false

show interfaces interface

COMMAND show interfaces interface

DESCRIPTION Display information about chassis network interfaces. This includes options for link aggregation.

ARGUMENTS

The availability of options for this command depends on which interface you specify.

<interface-name>

  • type: string
  • description: Name of the specific interface. Available options are:
    • <blade-number>/1.<n> - <blade-number>/<n>.<n>
    • 1/mgmt0
    • 2/mgmt0
    • cplagg_1.<n>

EXAMPLE

Display information about interface 1/1.1:

syscon-1-active# show interfaces interface lag1
interfaces interface 1/1.1
 state name    1/1.1
 state type    ethernetCsmacd
 state loopback-mode false
 state enabled
 state ifindex 10
 state admin-status UP
 state oper-status UP
 state last-change 65986699140
 state counters in-octets 7411812584
 state counters in-pkts 17018405
 state counters in-unicast-pkts 16294087
 state counters in-broadcast-pkts 211701
 state counters in-multicast-pkts 512617
 state counters in-discards 1898
 state counters in-errors 0
 state counters in-unknown-protos 0
 state counters in-fcs-errors 0
 state counters out-octets 8311367596
 state counters out-pkts 16766991
 state counters out-unicast-pkts 8275243
 state counters out-broadcast-pkts 3936076
 state counters out-multicast-pkts 4555672
 state counters out-discards 0
 state counters out-errors 0
 hold-time state up 0
 hold-time state down 0
 ethernet state mac-address 5a:a5:5a:01:01:01
 ethernet state auto-negotiate true
 ethernet state duplex-mode FULL
 ethernet state port-speed SPEED_10GB
 ethernet state enable-flow-control false
 ethernet state hw-mac-address 5a:a5:5a:01:01:01
 ethernet state counters in-mac-pause-frames 0
 ethernet state counters in-oversize-frames 2582667
 ethernet state counters in-jabber-frames 0
 ethernet state counters in-fragment-frames 0
 ethernet state counters in-8021q-frames 0
 ethernet state counters in-crc-errors 0
 ethernet state counters out-mac-pause-frames 0
 ethernet state counters out-8021q-frames 0

show interfaces interface <interface-name> aggregation state

COMMAND show interfaces interface <interface-name> aggregation state

DESCRIPTION Show the aggregation state for an interface.

ARGUMENTS

These options are available:

  • displaylevel
  • lag-speed
  • lag-type
  • mac-address
  • min-links

show interfaces interface <interface-name> ethernet state

COMMAND show interfaces interface <interface-name> ethernet state

DESCRIPTION Show the ethernet state for an interface.

ARGUMENTS

These options are available:

  • aggregate-id
  • auto-negotiate
  • counters
  • displaylevel
  • duplex-mode
  • enable-flow-control
  • hw-mac-address
  • mac-address
  • negotiated-duplex-mode
  • negotiated-port-speed
  • port-speed

show interfaces interface <interface-name> hold-time state

COMMAND show interfaces interface <interface-name> hold-time state

DESCRIPTION Show the hold-time state for an interface.

ARGUMENTS

These options are available:

  • displaylevel
  • down
  • up

show interfaces interface <interface-name> state

COMMAND show interfaces interface <interface-name> state

DESCRIPTION Show the hold-time state for an interface.

ARGUMENTS

These options are available:

  • admin-status
  • counters
  • description
  • disabled
  • displaylevel
  • enabled
  • ifindex
  • last-change
  • logical
  • loopback-mode
  • mtu
  • name
  • oper-status
  • type

show interfaces interface <interface-name> subinterfaces

COMMAND show interfaces interface <interface-name> subinterfaces subinterface

DESCRIPTION Show configured subinterfaces for a specified interface.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

show lacp

COMMAND

show lacp

DESCRIPTION

Display the current LACP configuration and state information for global and all LACP interfaces.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLE

Display one level of information about LACP interfaces:

syscon-1-active# show lacp displaylevel 1
lacp interfaces interface cplagg_1.1
lacp interfaces interface cplagg_1.10
lacp interfaces interface cplagg_1.11
lacp interfaces interface cplagg_1.12

show lacp interfaces

COMMAND

show lacp interfaces

DESCRIPTION

Display the current LACP state for all LACP interfaces.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

show lacp interfaces interface

COMMAND

show lacp interfaces interface

DESCRIPTION

Display the current LACP config and state information for an LACP interface.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

<interface-name>

  • description: The interface to display.

EXAMPLE

Display information about the cplagg_1.1 interface:

syscon-1-active# show lacp interfaces interface cplagg_1.1
lacp interfaces interface cplagg_1.1
 state name cplagg_1.1
 state interval FAST
 state lacp-mode ACTIVE
                                                                                                                                                PARTNER  LACP    LACP    LACP    LACP    LACP
                                                                                                  SYSTEM  OPER                   PARTNER  PORT  PORT     IN      OUT     RX      TX      UNKNOWN  LACP
INTERFACE  INTERFACE  ACTIVITY  TIMEOUT  SYNCHRONIZATION  AGGREGATABLE  COLLECTING  DISTRIBUTING  ID      KEY   PARTNER ID       KEY      NUM   NUM      PKTS    PKTS    ERRORS  ERRORS  ERRORS   ERRORS
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1/1.1      -          ACTIVE    SHORT    IN_SYNC          true          true        true          -       2     0:a:49:ff:80:12  -        4225  2        774811  774113  0       -       -        -
2/1.1      -          ACTIVE    SHORT    IN_SYNC          true          true        true          -       2     0:a:49:ff:80:12  -        8321  4        774810  774111  0       -       -        -


show lacp state

COMMAND

show lacp state

DESCRIPTION

Display global LACP state information.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

system-priority

  • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

show parser

COMMAND show parser

DESCRIPTION Display information about available commands and their syntax.

ARGUMENTS

dump

  • description: Display information about all available commands.

dump <command>

  • description: Display information about a specified command.

EXAMPLES

Display information about all commands:

syscon-1-active# show parser dump
autowizard [false/true]
cd <Dir>
cd
clear history
commit [confirm/abort]
commit [confirm/abort] persist-id <id>
commit
commit persist-id <id>
compare file <File> [brief]
compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
compare file <File> [brief] SNMPv2-MIB system sysContact
compare file <File> [brief] SNMPv2-MIB system sysLocation
compare file <File> [brief] SNMPv2-MIB system sysName
compare file <File> [brief] components component
compare file <File> [brief] image controller config iso iso
compare file <File> [brief] image controller config os os
compare file <File> [brief] image controller config services service
compare file <File> [brief] image partition config iso iso
compare file <File> [brief] image partition config os os
compare file <File> [brief] image partition config services service
compare file <File> [brief] interfaces interface
compare file <File> [brief] lacp config
compare file <File> [brief] lacp interfaces interface
compare file <File> [brief] partitions partition
compare file <File> [brief] slots slot
compare file <File> [brief] system aaa authentication config
compare file <File> [brief] system aaa authentication ldap bind_timelimit
compare file <File> [brief] system aaa authentication ldap idle_timelimit
compare file <File> [brief] system aaa authentication ldap ldap_version
compare file <File> [brief] system aaa authentication ldap ssl
compare file <File> [brief] system aaa authentication ldap timelimit
compare file <File> [brief] system aaa authentication ldap tls_reqcert
compare file <File> [brief] system aaa authentication roles role
compare file <File> [brief] system aaa authentication users user
compare file <File> [brief] system aaa password-policy config apply-to-root
compare file <File> [brief] system aaa password-policy config max-age
compare file <File> [brief] system aaa password-policy config max-login-failures
compare file <File> [brief] system aaa password-policy config min-length
compare file <File> [brief] system aaa password-policy config reject-username
compare file <File> [brief] system aaa password-policy config required-differences
compare file <File> [brief] system aaa password-policy config required-lowercase
compare file <File> [brief] system aaa password-policy config required-numeric
compare file <File> [brief] system aaa password-policy config required-special
compare file <File> [brief] system aaa password-policy config required-uppercase
compare file <File> [brief] system aaa password-policy config retries
compare file <File> [brief] system aaa password-policy config root-lockout
compare file <File> [brief] system aaa password-policy config root-unlock-time
compare file <File> [brief] system aaa password-policy config unlock-time
--More--

Display information only about the commit command:

syscon-1-active# show parser dump commit
commit [confirm/abort]
commit [confirm/abort] persist-id <id>
commit
commit persist-id <id>

show partitions partition

COMMAND show partitions partition

DESCRIPTION Display information about partitions.

ARGUMENTS

<partition-name>

  • description: Set to true to enable a partition. The default is false.

EXAMPLE

Display information about the default partition:

syscon-1-active# show partitions partition default
                                                                    RUNNING
               BLADE OS    SERVICE                 PARTITION        SERVICE     STATUS
NAME       ID  VERSION     VERSION     CONTROLLER  STATUS           VERSION     AGE
----------------------------------------------------------------------------------------
default    1   1.2.0-7507  1.2.0-7507  1           running-active   1.2.0-7507  19h
                                       2           running-standby  1.2.0-7507  19h
test       2   1.2.0-7091  1.2.0-7091  1           running-active   1.2.0-7091  19h
                                       2           running-standby  1.2.0-7091  19h

show restconf-state

COMMAND show restconf-state

DESCRIPTION Display capabilities supported by the RESTCONF server.

ARGUMENTS

capabilities capability

  • description: Display all capabilities supported by the RESTCONF server.

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLE

Display all supported capabilities:

syscon-1-active# show restconf-state
restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=explicit
restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0

show running-config

COMMAND show running-config

DESCRIPTION Display the current configuration. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.

ARGUMENTS

For information about these arguments, see these sections on the controller show-SNMP-FRAMEWORK-MIB page.

  • SNMP-COMMUNITY-MIB
  • SNMP-NOTIFICATION-MIB
  • SNMP-TARGET-MIB
  • SNMP-USER-BASED-SM-MIB
  • SNMP-VIEW-BASED-ACM-MIB
  • SNMPv2-MIB
  • components
  • file
  • image
  • interfaces
  • lacp
  • partitions
  • slots
  • system

EXAMPLE

Display the current running configuration for partitions:

syscon-1-active# show running-config partitions
partitions partition ConfdUpgradePartition
!
partitions partition default
 config enabled
 config os-version 1.2.0-3019
 config service-version 1.2.0-3019
 config pxe-server internal
 config mgmt-ip ipv4 address 192.0.2.57
 config mgmt-ip ipv4 prefix-length 24
 config mgmt-ip ipv4 gateway 192.0.2.254
!
partitions partition new
!
partitions partition none
 config disabled
!
partitions partition second
 config enabled
 config iso-version 1.2.0-2954
 config pxe-server internal
 config mgmt-ip ipv4 address 192.0.2.50
 config mgmt-ip ipv4 prefix-length 24
 config mgmt-ip ipv4 gateway 192.0.2.254
!
partitions partition third
 config enabled
 config iso-version 1.2.0-2954
 config pxe-server internal
 config mgmt-ip ipv4 address 192.0.2.48
 config mgmt-ip ipv4 prefix-length 24
 config mgmt-ip ipv4 gateway 192.0.2.254
!

show system aaa

COMMAND show system aaa

DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display the default system accounts:

syscon-1-active# show system aaa authentication
          LAST    TALLY  EXPIRY
USERNAME  CHANGE  COUNT  DATE    ROLE
----------------------------------------
admin     18000   0      -1      admin
root      18000   0      -1      root

ROLENAME     GID   USERS
--------------------------
admin        9000  -
limited      9999  -
operator     9001  -
partition_1  9101  -
partition_2  9102  -
partition_3  9103  -
partition_4  9104  -
partition_5  9105  -
partition_6  9106  -
partition_7  9107  -
partition_8  9108  -
root         0     -
ts_admin     9100  -
user         9002  -

Display information for the primary key:

syscon-1-active# show system aaa primary-key
system aaa primary-key state hash gzkudf6usf73hstFja9bltIkd895y6SuxG4IW8VjDoykCjQCToezcifAE/Ro96Kyd7G/MCwIfreuU7wYrqcxxg==
system aaa primary-key state status None

Show the TLS certificate:

syscon-1-active# show system aaa tls state certificate

Show the current CRLs in the system:

syscon-1-active# show system aaa tls crls crl

show system alarms

COMMAND show system alarms

DESCRIPTION Display information about system alarms.

EXAMPLE

Display active alarm conditions:

syscon-1-active# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
--------------------------------------------------------------------------------------------------
65793 psu-1 ERROR PSU fault detected 2020-08-31 10:39:12.113796318 UTC
65536 controller-1 CRITICAL Hardware device fault detected 2020-08-31 11:37:44.190637453 UTC

show system appliance-mode

COMMAND show system appliance-mode

DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.

EXAMPLE

Display the current state of appliance mode:

syscon-1-active# show system appliance-mode
system appliance-mode state disabled

show system blade-power

COMMAND show system blade-power

DESCRIPTION Display power requested and allocated for each blade in the chassis.

EXAMPLES

Display the requested and allocated power only for blade 1:

syscon-1-active# show system blade-power allocation 1
SLOT  REQUESTED  ALLOCATED
NUM   POWER      POWER
----------------------------
1     390        390

Display the requested and allocated power for all blades in the chassis:

syscon-1-active# show system blade-power
system blade-power total available 4555
system blade-power total requested 3120
system blade-power total allocated 3120
SLOT  REQUESTED  ALLOCATED
NUM   POWER      POWER
----------------------------
1     390        390
2     390        390
3     390        390
4     390        390
5     390        390
6     390        390
7     390        390
8     390        390

show system chassis-macs

COMMAND show system chassis-macs

DESCRIPTION Display assigned MAC addresses for system components, such as physical front panel ports, LAGs, tenants, networking usage, and partition management.

EXAMPLES

Display the base chassis MAC address:

syscon-1-active# show system chassis-macs base
system chassis-macs base 0014a28e5c01

Display MAC addresses for partitions:

syscon-1-active# show system chassis-macs partitions
IDENTIFIER  OFFSET  MAC ADDRESS
---------------------------------------
1           8       00:11:b2:c3:4d:08
            9       00:11:b2:c3:4d:09
            10      00:11:b2:c3:4d:0a
            11      00:11:b2:c3:4d:0b
            12      00:11:b2:c3:4d:0c
            13      00:11:b2:c3:4d:0d
            14      00:11:b2:c3:4d:0e
            15      00:11:b2:c3:4d:0f
            16      00:11:b2:c3:4d:10
            17      00:11:b2:c3:4d:11
            18      00:11:b2:c3:4d:12
            19      00:11:b2:c3:4d:13
            20      00:11:b2:c3:4d:14
            21      00:11:b2:c3:4d:15
            22      00:11:b2:c3:4d:16
            23      00:11:b2:c3:4d:17
2           24      00:11:b2:c3:4d:18
            25      00:11:b2:c3:4d:19
            26      00:11:b2:c3:4d:1a
            27      00:11:b2:c3:4d:1b
            28      00:11:b2:c3:4d:1c
            29      00:11:b2:c3:4d:1d
            30      00:11:b2:c3:4d:1e
            31      00:11:b2:c3:4d:1f
            32      00:11:b2:c3:4d:20
            33      00:11:b2:c3:4d:21
            34      00:11:b2:c3:4d:22
            35      00:11:b2:c3:4d:23
            36      00:11:b2:c3:4d:24
            37      00:11:b2:c3:4d:25
            38      00:11:b2:c3:4d:26
            39      00:11:b2:c3:4d:27

show system clock

COMMAND show system clock

DESCRIPTION Display the current time zone name configured for the system.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLE

Display the currently-configured time zone name:

syscon-1-active# show system clock
system clock state timezone-name Pacific

show system clock state controllers

COMMAND show system clock state controllers controller

DESCRIPTION Display the current time zone name configured for the system controllers.

ARGUMENTS

{ 1 | 2 }

  • type: boolean
  • description: The system controller to view.

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLES

Display the current time for all system controllers:

syscon-1-active# show system clock state controllers controller
CONTROLLER  DATE TIME
-----------------------------------------
1           2021-07-11 04:22:48 Etc/UTC
2           2021-07-11 04:22:48 Etc/UTC

Display the current time only for system controller 2:

syscon-1-active# show system clock state controllers controller 2
CONTROLLER  DATE TIME
-----------------------------------------
2           2021-07-11 04:23:01 Etc/UTC

show system database state reset-default-config

COMMAND show system database state reset-default-config

DESCRIPTION Display whether the reset-default-config flag is enabled in the system configuration.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display the status of the reset-default-config flag in the system configuration:

syscon-1-active# show system database state reset-default-config
system database state reset-default-config false

show system diagnostics

COMMAND show system diagnostics

DESCRIPTION Display iHealth information.

EXAMPLE

Display the iHealth configuration for the system:

syscon-1-active# show system diagnostics ihealth
system diagnostics ihealth state username ""
system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api

show system dns

COMMAND show system dns

DESCRIPTION Display information about DNS servers configured for the system controller to use.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display all configured DNS servers:

syscon-1-active# show system dns
ADDRESS       ADDRESS  PORT
-----------------------------
192.0.2.100   -        53
192.0.2.100     -        53

show system events

COMMAND show system events

DESCRIPTION Display information about system events.

EXAMPLE

Display system events and do not paginate command output:

syscon-1-active# show system events | nomore
LOG
----------------------------------------------------------------------------------------------------------------------------------------
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration health state" "2020-08-30 06:19:03.868597381 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration request-active state" "2020-08-30 06:19:03.880859476 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration grant-active state" "2020-08-30 06:19:03.892291984 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration health state" "2020-08-30 06:19:03.903104866 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration grant-active state" "2020-08-30 06:19:49.863635400 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration request-active state" "2020-08-30 06:19:53.619701519 UTC"
65793 psu-3 psu-fault EVENT NA "Deasserted: PSU 3 input OK" "2020-08-30 06:19:53.916775247 UTC"
65793 psu-3 psu-fault EVENT NA "Deasserted: PSU 3 output OK" "2020-08-30 06:19:53.977790694 UTC"
65793 psu-4 psu-fault EVENT NA "Deasserted: PSU 4 input OK" "2020-08-30 06:19:54.036836768 UTC"
65793 psu-4 psu-fault EVENT NA "Deasserted: PSU 4 output OK" "2020-08-30 06:19:54.097780931 UTC"
65792 lcd lcd-fault ASSERT ERROR "Fault detected in LCD module" "2020-08-30 06:20:01.867643203 UTC"
65792 lcd lcd-fault EVENT NA "LCD is in fault state" "2020-08-30 06:20:01.867670273 UTC"
65792 lcd lcd-fault CLEAR ERROR "Fault detected in LCD module" "2020-08-30 06:21:27.989430027 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: peer arbitration request-active state" "2020-08-30 06:21:37.864662916 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: peer arbitration health state" "2020-08-30 06:21:37.875784916 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration health state" "2020-08-30 06:21:34.082963396 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration request-active state" "2020-08-30 06:21:34.088761802 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration grant-active state" "2020-08-30 06:21:36.016797509 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration health state" "2020-08-30 06:21:36.022922816 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: local arbitration health state" "2020-08-30 06:21:36.028852414 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: local arbitration request-active state" "2020-08-30 06:21:36.035580745 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration request-active state" "2020-08-30 06:21:38.025136766 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration grant-active state" "2020-08-30 06:21:38.032655297 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration request-active state" "2020-08-30 06:21:41.864925695 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration request-active state" "2020-08-30 06:21:42.018737589 UTC"

show system health

COMMAND show system health

DESCRIPTION Display health information about system components.

ARGUMENTS

The availability of options for this command depends on the hardware component for which you want to view health information.

components component <specific-component> { { firmware | hardware | services } <specific-component> } }

  • type: string
  • description: Name of the specific component. Available options are:
    • blade-1 through blade-<n>
    • controller-1 through controller-2
    • fantray-1
    • lcd
    • psu-1 through psu-<n>
    • psu-controller-1 through psu-controller-2

summary components component <specific-component> { attributes | state }

  • type: string
  • description: Name of the specific component for which to view a brief summary of health information. Available options are:
    • blade-1 through blade-<n>
    • controller-1 through controller-2
    • fantray-1
    • lcd
    • psu-1 through psu-<n>
    • psu-controller-1 through psu-controller-2

EXAMPLES

Display high-level hardware health state for controller-1:

syscon-1-active# show system health components component controller-1 hardware state | nomore
KEY                                      NAME                                HEALTH  SEVERITY
-----------------------------------------------------------------------------------------------
controller/hardware/cpu                  cpu-1                               ok      info
controller/hardware/cpu/pcie             PCIe BUS                            ok      info
controller/hardware/drives               Storage Subsystem                   ok      info
controller/hardware/drives/nvme0n1       drive-1                             ok      info
controller/hardware/lop                  Controller LOP                      ok      info
controller/hardware/memory               Memory                              ok      info
controller/hardware/switch               Controller Switch Subsystem         ok      notice
controller/hardware/switch/switch0       Control Plane Switch 0              ok      info
controller/hardware/switch/switch0/hg0   Port hg0 --> Peer Controller        ok      info
controller/hardware/switch/switch0/hg1   Port hg1 --> Peer Controller        ok      info
controller/hardware/switch/switch0/xe0   Port xe0 --> slot3                  ok      info
controller/hardware/switch/switch0/xe1   Port xe1 --> slot4                  ok      info
controller/hardware/switch/switch0/xe10  Port xe10 --> CPU control plane 01  ok      info
controller/hardware/switch/switch0/xe11  Port xe11 --> CPU control plane 02  ok      info
controller/hardware/switch/switch0/xe2   Port xe2 --> slot7                  ok      info
controller/hardware/switch/switch0/xe3   Port xe3 --> slot8                  ok      info
controller/hardware/switch/switch0/xe4   Port xe4 --> slot1                  ok      info
controller/hardware/switch/switch0/xe5   Port xe5 --> slot2                  ok      info
controller/hardware/switch/switch0/xe6   Port xe6 --> slot5                  ok      info
controller/hardware/switch/switch0/xe7   Port xe7 --> slot6                  ok      info
controller/hardware/switch/switch0/xe8   Port xe8 --> front-panel mgmt       ok      info
controller/hardware/switch/switch0/xe9   Port xe9 --> CPU control plane 00   ok      info
controller/hardware/switch/switch1       Data Plane Switch 1                 ok      notice
controller/hardware/switch/switch1/hg0   Port hg0 --> slot1                  ok      info
controller/hardware/switch/switch1/hg1   Port hg1 --> slot1                  ok      notice
controller/hardware/switch/switch1/hg10  Port hg10 --> slot3                 ok      notice
controller/hardware/switch/switch1/hg11  Port hg11 --> slot3                 ok      info
controller/hardware/switch/switch1/hg12  Port hg12 --> slot6                 ok      info
controller/hardware/switch/switch1/hg13  Port hg13 --> slot6                 ok      notice
controller/hardware/switch/switch1/hg14  Port hg14 --> slot2                 ok      info
controller/hardware/switch/switch1/hg15  Port hg15 --> slot2                 ok      notice
controller/hardware/switch/switch1/hg2   Port hg2 --> slot5                  ok      info
controller/hardware/switch/switch1/hg3   Port hg3 --> slot5                  ok      notice
controller/hardware/switch/switch1/hg4   Port hg4 --> slot8                  ok      notice
controller/hardware/switch/switch1/hg5   Port hg5 --> slot8                  ok      info
controller/hardware/switch/switch1/hg6   Port hg6 --> slot4                  ok      notice
controller/hardware/switch/switch1/hg7   Port hg7 --> slot4                  ok      info
controller/hardware/switch/switch1/hg8   Port hg8 --> slot7                  ok      notice
controller/hardware/switch/switch1/hg9   Port hg9 --> slot7                  ok      info
controller/hardware/switch/switch1/xe0   Port xe0 --> CPU data plane 00      ok      info

Display health information about system memory:

syscon-1-active# show system health components component controller-1 hardware controller/hardware/memory
hardware controller/hardware/memory
 state name Memory
 state health ok
 state severity info
NAME                            DESCRIPTION                      HEALTH  SEVERITY  VALUE  UPDATED AT
----------------------------------------------------------------------------------------------------------------
memory:sensor:temperature       Memory temperature (C)           ok      info      32.75  2021-06-11T10:34:26Z
rasdaemon:mc:corrected:event    RAS Daemon MC corrected event    ok      info             2021-06-11T10:24:21Z
rasdaemon:mc:fatal:event        RAS Daemon MC fatal event        ok      info             2021-06-11T10:24:21Z
rasdaemon:mc:uncorrected:event  RAS Daemon MC uncorrected event  ok      info             2021-06-11T10:24:21Z

Display the status of the tcpdump service on the blades:

syscon-1-active# show system health components component services  blade/services/tcpdumpd
system health components component blade-1
 services blade/services/tcpdumpd
  state name tcpdumpd
  state health ok
  state severity info
NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach             Container attach event                    ok      info      0      2021-06-17T07:13:48Z
container:event:die                Container die event                       ok      info      0      2021-07-12T17:43:23Z
container:event:exec-create        Container exec create event               ok      info      0      2021-07-12T15:56:52Z
container:event:exec-detach        Container exec detach event               ok      info      0      2021-06-17T07:13:48Z
container:event:exec-die           Container exec die event                  ok      info      0      2021-06-17T07:13:48Z
container:event:exec-start         Container exec start event                ok      info      0      2021-07-12T15:56:52Z
container:event:kill               Container kill event                      ok      info      0      2021-07-12T17:43:23Z
container:event:restart            Container restart event                   ok      info      0      2021-07-12T17:48:26Z
container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2021-06-17T07:13:48Z
container:event:start              Container start event                     ok      info      0      2021-06-17T07:13:48Z
container:event:stop               Container stop event                      ok      info      0      2021-07-12T17:43:23Z
container:running                  Container running                         ok      info      true   2021-07-13T14:24:26Z

system health components component blade-2
 services blade/services/tcpdumpd
  state name tcpdumpd
  state health ok
  state severity info
NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach             Container attach event                    ok      info      0      2021-06-17T07:13:47Z
container:event:die                Container die event                       ok      info      0      2021-07-13T14:24:52Z
container:event:exec-create        Container exec create event               ok      info      0      2021-07-12T15:56:55Z
container:event:exec-detach        Container exec detach event               ok      info      0      2021-06-17T07:13:47Z
container:event:exec-die           Container exec die event                  ok      info      0      2021-06-17T07:13:47Z
container:event:exec-start         Container exec start event                ok      info      0      2021-07-12T15:56:55Z
container:event:kill               Container kill event                      ok      info      0      2021-07-13T14:24:52Z
container:event:restart            Container restart event                   ok      info      0      2021-07-12T17:47:13Z
container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2021-06-17T07:13:47Z
container:event:start              Container start event                     ok      info      0      2021-06-17T07:13:47Z
container:event:stop               Container stop event                      ok      info      0      2021-07-13T14:24:52Z
container:running                  Container running                         ok      info      true   2021-07-13T14:24:52Z
...

Display a brief summary of health information for blade-1:

syscon-1-active# show system health summary components component blade-1
COMPONENT        COMPONENT  COMPONENT  ATTRIBUTE  ATTRIBUTE    ATTRIBUTE  ATTRIBUTE  ATTRIBUTE  UPDATED
NAME       NAME  HEALTH     SEVERITY   NAME       DESCRIPTION  HEALTH     SEVERITY   VALUE      AT
---------------------------------------------------------------------------------------------------------
blade-1    -     ok         notice

show system image

COMMAND show system image

DESCRIPTION Display information about the installed image on the system controllers.

ARGUMENTS

This command has no arguments.

EXAMPLES

Display the currently-installed image on the system controllers:

syscon-1-active# show system image
                    SERVICE     ISO      INSTALL
NUMBER  OS VERSION  VERSION     VERSION  STATUS
--------------------------------------------------
1       1.2.0-3498  1.2.0-3456  -        none
2       1.2.0-3498  1.2.0-3456  -        none

show system licensing

COMMAND show system licensing

DESCRIPTION Display information about system license.

EXAMPLE

Display information about the license activated on the system (Note that actual license key values are not shown below):

syscon-1-active# show system licensing
system licensing license
                         Licensed version    7.4.0
                         Registration Key    XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
                         Licensed date       2020/08/29
                         License start       2020/05/05
                         License end         2020/09/29
                         Service check date  2020/08/30
                         Platform ID         F101
                         Appliance SN        chs600103s

                         Active Modules
                          Local Traffic Manager, CX410 (XXXXXXX-XXXXXXX)
                           Best Bundle, CX410
                           APM-Lite
                           Advanced Routing
                           Carrier Grade NAT (AFM ONLY)
                           Max Compression, CX410
                           Rate Shaping
                           Max SSL, CX410
                           Anti-Virus Checks
                           Base Endpoint Security Checks
                           Firewall Checks
                           Machine Certificate Checks
                           Network Access
                           Protected Workspace
                           Secure Virtual Keyboard
                           APM, Web Application
                           App Tunnel
                           Remote Desktop


show system logging

COMMAND show system logging

DESCRIPTION Display information about remote logging.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

host-logs

  • description: Display configured settings for sending host logs to remote logging servers.

show system mgmt-ip

COMMAND show system mgmt-ip

DESCRIPTION Display information about all configured management IP addresses.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display information about all configured management IP addresses:

syscon-1-active# show system mgmt-ip state floating
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::
syscon-1-active# show system mgmt-ip
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::
                            IPV4                             IPV6
                            PREFIX                  IPV6     PREFIX  IPV6
CONTROLLER  IPV4 ADDRESS    LENGTH  IPV4 GATEWAY    ADDRESS  LENGTH  GATEWAY
------------------------------------------------------------------------------
1           192.0.2.239     24      192.0.2.254  ::       0       ::
2           192.0.2.226     24      192.0.2.254  ::       0       ::

system mgmt-ip state fixed-addresses

COMMAND system mgmt-ip state fixed-addresses

DESCRIPTION Display information about all fixed management IP addresses.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display information about the fixed management IP addresses:

syscon-1-active# show system mgmt-ip state fixed-addresses
                            IPV4                             IPV6
                            PREFIX                  IPV6     PREFIX  IPV6
CONTROLLER  IPV4 ADDRESS    LENGTH  IPV4 GATEWAY    ADDRESS  LENGTH  GATEWAY
------------------------------------------------------------------------------
1           192.0.2.239     24      192.0.2.254  ::       0       ::
2           192.0.2.226     24      192.0.2.254  ::       0       ::

system mgmt-ip state floating

COMMAND system mgmt-ip state floating

DESCRIPTION Display information about the floating management IP addresses.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display information about the floating management IP addresses:

syscon-1-active# show system mgmt-ip state floating
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::

show system network

COMMAND show system network

DESCRIPTION Display information about the configured and active internal network addresses.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display information about the currently-configured internal network:

syscon-1-active# show system network
system network state configured-network-range-type RFC6598
system network state configured-network-range 100.64.0.0/12
system network state configured-chassis-id 1
system network state active-network-range-type RFC6598
system network state active-network-range 100.64.0.0/12
system network state active-chassis-id 1

show system ntp

COMMAND show system ntp

DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLE

Display the current state of NTP on the system:

syscon-1-active# show system ntp
system ntp state disabled

show system ntp ntp-keys

COMMAND show system ntp ntp-keys

DESCRIPTION Display a list of configured NTP authentication keys.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

ntp-key <key-id>

  • description: An identifier used by the client and server to designate a secret key.

show system ntp servers

COMMAND show system ntp servers

DESCRIPTION Displays a list of configured NTP servers.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLE

Display configured NTP servers:

syscon-1-active# show system ntp servers
                                               ASSOCIATION                           ROOT   ROOT                POLL
ADDRESS         ADDRESS         PORT  VERSION  TYPE         IBURST  PREFER  STRATUM  DELAY  DISPERSION  OFFSET  INTERVAL
--------------------------------------------------------------------------------------------------------------------------
time.f5net.com  time.f5net.com  123   4        SERVER       true    true    -        -      -           -       -

show system redundancy

COMMAND show system redundancy

DESCRIPTION Display information about system controller redundancy.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display the currently-configured redundancy mode for the system controllers:

syscon-1-active# show system redundancy
system redundancy state mode auto
system redundancy state current-active controller-2
NAME          NAME
--------------------
controller-1  -
controller-2  -

show system remote-console

COMMAND show system remote-console

DESCRIPTION Display information about active console sessions.

ARGUMENTS

This command has no arguments.

EXAMPLE

Display active console sessions:

syscon-1-active# show system remote-console
SLOT  SLOT                                  CONNECTED
NUM   DESCRIPTION      CONNECTED VIA        AS
-------------------------------------------------------
1     Blade in slot 1  System Controller 1  admin

show system

COMMAND show system

DESCRIPTION Display information about the system, such as domain name, login banner, and hostname.

ARGUMENTS

displaylevel <depth>

  • type: unsigned long
  • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

EXAMPLES

Display the current date and time:

syscon-1-active# show system state current-datetime

Display the domain name for the system:

syscon-1-active# show system state domain-name

Display the hostname for the system:

syscon-1-active# show system state hostname

Display the login banner for the system:

syscon-1-active# show system state login-banner

Display the message of the day banner for the system:

syscon-1-active# show system state motd-banner

Chassis Partition


Chassis Partition: config-mode-commands


SNMP COMMUNITY Configuration

COMMAND

SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>

DESCRIPTION Configure an SNMP community.

ARGUMENTS

<SNMP community>

  • type: string
  • description: A human-readable string representing the corresponding value of snmpCommunityName in a Security Model-independent format. An SNMP community string is used to allow access to statistics within a managed device.

EXAMPLE

Configure the SNMP community name to be test_community:

default-1(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community

SNMP VACM Configuration

COMMAND

SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community_name> vacmGroupName <group-name>

DESCRIPTION Configure SNMP VIEW BASED ACM for the given community. This configuration maps a combination of securityModel and securityName into a groupName that is used to define an access control policy for a group of principals.

ARGUMENTS

<vacmSecurityModel>

  • type: int
  • description: The Security Model, by which the vacmSecurityName referenced by this entry is provided. The default value is 1 for SNMP v1, and the default value is 2 for SNMP v2c.

<community>

  • type: string
  • description: The securityName(community name) for the principal, represented in a Security Model independent format, which is mapped by this entry to a groupName.

<group-name>

  • type: string
  • description: The name of the group to which this entry belongs (for example, the combination of securityModel and securityName).

Note: Use group-name as read-access while configuring the SNMP VACM.

EXAMPLE

Configure the SNMP v2c VACM read access group for community test_community:

default-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access

EXAMPLE

Configure the SNMP v1 VACM read access group for community test_community:

default-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access

SNMP Trap Configuration

IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable, snmpTargetParamsTable, and snmpTargetAddrTable, as shown below.


snmpNotifyTable Configuration

COMMAND

SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap

DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.

ARGUMENTS

<snmpNotifyName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpNotifyEntry.

EXAMPLE

Configure the SNMP NOTIFICATION MIB entry to be v2_trap for trap notifications:

default-1(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap

snmpTargetParamsTable Configuration

COMMAND

SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>

DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.

ARGUMENTS

<snmpTargetParamsName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpTargetParamsEntry.

<snmpTargetParamsMPModel>

  • type: int
  • description: The Message Processing Model to be used when generating SNMP messages using this entry.
**Note:** snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)

<snmpTargetParamsSecurityModel>

  • type: int
  • description: The Security Model to be used when generating SNMP messages using this entry.
**Note:** snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)

<snmpTargetParamsSecurityName>

  • type: string
  • description: The securityName that identifies the Principal on whose behalf SNMP messages will be generated using this entry.
**Note:** This must be one of the configured SNMP communities.

<snmpTargetParamsSecurityLevel>

  • type: string
  • description: The level of security to be used when generating SNMP messages using this entry.
**Note:** This must be `noAuthNoPriv` for SNMP v1 and v2c.

EXAMPLES

Configure the SNMP snmpTargetParamsTable to be group2 for SNMP v2 model with test_community:

default-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv

Configure the SNMP snmpTargetParamsTable to be group1 for SNMP v1 model with test_community:

default-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv

snmpTargetAddrTable Configuration

COMMAND

SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>

DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.

ARGUMENTS

<snmpTargetAddrName>

  • type: string
  • description: The locally arbitrary, but unique, identifier associated with this snmpTargetAddrEntry.

<snmpTargetAddrTDomain>

  • type: oid
  • description: This value indicates the transport type of the address contained in the snmpTargetAddrTAddress object.
**Note:** Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.

<snmpTargetAddrTAddress>

  • type: string
  • description: This value contains a transport address.
**Note:** 
For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).

For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).

<snmpTargetAddrTagList>

  • type: string
  • description: This value contains a list of tag values that are used to select target addresses for a particular operation.
**Note:** This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).

<snmpTargetAddrParams>

  • type: string
  • description: The value of this object identifies an entry in the snmpTargetParamsTable. The identified entry contains SNMP parameters to be used when generating messages to be sent to this transport address.

EXAMPLES

Configure the SNMP snmpTargetAddrTable to be v2_trap with ipv4 address x.x.x.x and port 6011:

Port Octet Conversion:

6011 >> 8 = 23 (1st octet)

6011 & 255 = 123 (2nd octet)
default-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2

Configure the SNMP snmpTargetAddrTable to be v1_trap with ipv4 address x.x.x.x and port 6011:

default-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1

Base Commands


abort

COMMAND abort

DESCRIPTION Abort a configuration session.

ARGUMENTS This command has no arguments.


annotate

COMMAND annotate

DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.

Note: Only available when the system has been configured with attributes enabled.

ARGUMENTS

<statement> <text>

  • type: string
  • description: A statement with which an annotation is to be associated and the text to be associated for a part of the configuration.

clear

COMMAND clear

DESCRIPTION Remove all configuration changes.

ARGUMENTS

history

  • description: Clear command history.

commit

COMMAND commit

DESCRIPTION Commit the current set of changes.

ARGUMENTS

and-quit

  • description: Commit the current set of changes and exit configuration mode.

check

  • description: Validate the current configuration and indicate any configuration errors.

comment <text>

  • type: string
  • description: Add a text comment about the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

label <text>

  • type: string
  • description: Add a text label that describes the commit operation. If the text string includes spaces, enclose the string in quotation marks (" ").

no-confirm

  • description: Commit the current set of changes without querying the user. If needed, you can specify the persist token as an argument to this command using the persist-id argument.

save-running <filename>

  • type: string
  • description: Save a copy of the configuration to a specified file.

compare

COMMAND compare

DESCRIPTION Compare two configuration subtrees.

ARGUMENTS

<config>

  • type: string
  • description: Compare the running configuration to a saved configuration.

copy

COMMAND copy

DESCRIPTION Copy the running configuration.

ARGUMENTS

<identifier>

  • type: int
  • description: The file identifier.

<path-to-file>

  • type: string
  • description: Path of the file to be compared.

describe

COMMAND describe

DESCRIPTION Display detailed information about a command.

ARGUMENTS

<command>

  • type: string
  • description: The source of the command (YANG, clispec, etc.).

<path-to-file>

  • type: string
  • description: The path in the YANG file.

do

COMMAND do

DESCRIPTION Run a command in operational (user) mode.

ARGUMENTS

<command>

  • type: string
  • description Command to be run in operational mode.

end

COMMAND end

DESCRIPTION Exit configuration mode. If no changes have been made, you are prompted to save the changes before exiting configuration mode.

ARGUMENTS

no-confirm

  • description Exit configuration mode immediately, without committing any changes to the configuration.

exit

COMMAND exit

DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.

ARGUMENTS

level

  • description: Exit from the current level. If performed on the top level, exits configuration mode. This is the default value.

configuration-mode

  • description: Exit from configuration mode regardless of mode. If changes have been made to the configuration, you are prompted to save before exiting configuration mode.

no-confirm

  • description: Exit configuration mode immediately, without committing any changes to the configuration.

help

COMMAND help

DESCRIPTION Display help information about a specified command.

ARGUMENTS

<command>

  • type: string
  • description Command for which you want to view help.

insert

COMMAND insert

DESCRIPTION Insert a parameter or element.

ARGUMENTS

<path-to-file>

  • type: string
  • description Element or parameter to insert. If the element already exists and has the indexedView option set in the data model, then the old element will be renamed to element+1 and the new element inserted in its place.

move

COMMAND move

DESCRIPTION Move an element or parameter.

ARGUMENTS

<path-to-file> <position>

  • type: strings
  • description Element or parameter to move and position to move this element. The element can be moved first, last (default), before, or after an element.

no

COMMAND no

DESCRIPTION Delete or unset a configuration command.

ARGUMENTS

<command>

  • type: string
  • description Command to delete or unset.

pwd

COMMAND pwd

DESCRIPTION Display the current path in the configuration hierarchy.

ARGUMENTS This command has no arguments.


resolved

COMMAND resolved

DESCRIPTION Indicate that conflicts have been resolved.

ARGUMENTS This command has no arguments.


revert

COMMAND revert

DESCRIPTION Copy the running configuration.

ARGUMENTS

no-confirm

  • description: Copy the running configuration without prompting the user to confirm.

rollback

COMMAND rollback

DESCRIPTION Roll back database to last committed version

ARGUMENTS

configuration Roll back database to last committed version Roll back database to a previous version. The number 0 contains the

current running configuration. The oldest configuration is the one with highest number. <number> Select rollback version

selective Apply a single rollback delta Apply a single rollback delta. This may succeed or fail depending on the content of the delta rollback. <number> Select rollback version


show

COMMAND show

DESCRIPTION Display a specified parameter.

ARGUMENTS

configuration

  • description: Display the current configuration buffer.

full-configuration

  • description: Display the current configuration.

history <number-of-items-to-show>

  • type: int
  • description: Display CLI command history.

parser <command-prefix>

  • type: string
  • description: Display all possible commands starting with <command-prefix>.

tag

COMMAND tag

DESCRIPTION Configure statement tags.

ARGUMENTS

add <statement> <tag>

  • type: strings
  • description: Add a tag to a configuration statement.

clear <statement>

  • type: string
  • description: Remove all tags from a configuration statement.

del <statement> <tag>

  • type: strings
  • description: Remove a tag from a statement.

top

COMMAND top

DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.

ARGUMENTS

<command>

  • type: string
  • description: Optional command to run after exiting to the top level.

validate

COMMAND validate

DESCRIPTION Verify that the candidate configuration contains no errors. This performs the same operation as commit check.

ARGUMENTS This command has no arguments.


cluster nodes node <blade-num> config

COMMAND cluster nodes node <blade-num> config

DESCRIPTION Configure whether a node is enabled or disabled in a partition.

ARGUMENTS

node blade-<blade-num>

  • type: string
  • description: Blade number in the partition.

node blade-<blade-num> enable

  • type: string
  • description: Enable a node in the partition.

node blade-<blade-num> disable

  • type: string
  • description: Disable a node in the partition.

node blade-<blade-num> name

  • type: string
  • description: A descriptive name for the node.

EXAMPLE

Disable blade-1 in the partition:

default-1(config)# cluster nodes node blade-1 config disabled

cluster nodes node <blade-num> reboot

COMMAND cluster nodes node <blade-num> reboot

DESCRIPTION Reboot a node in the partition.

ARGUMENTS

This command has no arguments.

EXAMPLE

Reboot blade-1:

default-1(config)# cluster nodes node blade-1 reboot

cluster disk-usage-threshold config critical-limit

COMMAND cluster disk-usage-threshold config critical-limit

DESCRIPTION Configure the percentage of disk usage allowed before triggering a critical alarm.

ARGUMENTS

<percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering a critical alarm. The range is from 0 to 100%.

cluster disk-usage-threshold config error-limit

COMMAND cluster disk-usage-threshold config error-limit

DESCRIPTION Configure the percentage of disk usage allowed before triggering an error alarm.

ARGUMENTS

<percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering an error alarm. The range is from 0 to 100%.

cluster disk-usage-threshold config growth-rate-limit

COMMAND cluster disk-usage-threshold config growth-rate-limit

DESCRIPTION Configure the percentage of disk usage growth rate allowed.

ARGUMENTS

<percentage>

  • type: unsignedByte
  • description: Percentage of allowed disk usage growth. The range is from 0 to 100%.

cluster disk-usage-threshold config interval

COMMAND cluster disk-usage-threshold config interval

DESCRIPTION Configure the interval measured, in minutes, at which disk usage is monitored.

ARGUMENTS

<time-in-minutes>

  • type: unsignedByte
  • description: Time, in minutes, at which the system monitors disk usage.

cluster disk-usage-threshold config warning-limit

COMMAND cluster disk-usage-threshold config warning-limit

DESCRIPTION Configure the percentage of disk usage allowed before triggering a warning alarm.

ARGUMENTS

<percentage>

  • type: unsignedByte
  • description: Percentage of disk usage that is allowed before triggering a warning alarm. The range is from 0 to 100%.

fdb mac-table entries entry

COMMAND fdb mac-table entries entry

DESCRIPTION Configure a Layer 2 forwarding database (FDB) entry in the system.

IMPORTANT: The FDB table is managed by the system, and manual configuration requires intricate knowledge of the hardware data path. You should configure an FDB object only under the guidance of F5 Technical Support. Manually configuring FDB objects can potentially impact the flow of network traffic through the system.

ARGUMENTS

<mac-address>

  • type: mac-address
  • description: Hex list representation of the Layer 2 MAC address. The format must be exactly 6 octets in the format xx:xx:xx:xx:xx:xx.

<vlan-identifier>

  • type: integer
  • description: Integer value of the VLAN that is associated with the mac-address for the FDB object.

{ tag_type_s_tag_c_tag | tag_type_vid | tag_type_vlan_tag | tag_type_vni }

  • type: enumeration
  • description: The manner in which the FDB will interpret the VLAN value during lookup processing.

file config concurrent-operations-limit

COMMAND file config concurrent-operations-limit

DESCRIPTION Specify how many concurrent file operations are allowed at a time.

ARGUMENTS

<number-of-file-ops>

  • type: byte
  • description: The number of concurrent file operations allowed at a time.

file known-hosts known-host

COMMAND file known-hosts known-host

DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.

ARGUMENTS

config fingerprint

  • type: boolean
  • description: Fingerprint received from remote-host string.
  • config remote-host

    • type: string
    • description: The remote system FQDN or IPv4/IPv6 address. The minimum length is 1 character, and the maximum length is 253 characters.

    file import

    COMMAND file import

    DESCRIPTION Transfer a file from a chassis partition to a remote system. These directories are available for use for file import operations on the chassis partition:

    • diags/shared
    • configs
    • images

    ARGUMENTS

    insecure

    • description: Disable SSL certificate verification of the remote system.

    local-file <path-to-file>

    • type: string
    • description: Path to the local file.

    password <password>

    • type: string
    • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    protocol { scp | sftp | https }

    • type: enumeration
    • description: Protocol to be used for file transfer.

    remote-file <path-to-file>

    • type: string
    • description: Path to the remote file.

    remote-host <path-to-file>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    remote-port <port-number>

    • type: unsignedShort
    • description: Port number to use for file transfer. The range is from 1 to 65535.

    remote-url <url>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    username <username>

    • type: string
    • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    web-token <webtoken>

    • type: string
    • description: Web token for connecting to the remote server.

    EXAMPLE

    Transfer a file named myfile.iso from the remote host files.company.com on port 443 to the images directory on the chassis partition:

    default-1# file import local-file images remote-file images/myfile.iso remote-host files.company.com remote-port 443
    result File transfer is initiated.(images/myfile.iso)
    

    file export

    COMMAND file export

    DESCRIPTION Transfer a file from a chassis partition to a remote system. These directories are available for use for file export operations on the chassis partition:

    • log
    • diags/core/
    • diags/shared/
    • configs
    • images

    ARGUMENTS

    insecure

    • description: Disable SSL certificate verification of the remote system.

    local-file <path-to-file>

    • type: string
    • description: Path to the local file.

    password <password>

    • type: string
    • description: Password for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    protocol { scp | sftp | https }

    • type: enumeration
    • description: Protocol to be used for file transfer.

    remote-file <path-to-file>

    • type: string
    • description: Path to the remote file.

    remote-host <path-to-file>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    remote-port <port-number>

    • type: unsignedShort
    • description: Port number to use for file transfer. The range is from 1 to 65535.

    remote-url <url>

    • type: string
    • description: IP address or FQDN of the remote server. The minimum length is 1 character, and the maximum length is 253 characters.

    username <username>

    • type: string
    • description: Username for connecting to the remote server. If you specify a username, you will be prompted to enter the password.

    web-token <webtoken>

    • type: string
    • description: Web token for connecting to the remote server.

    EXAMPLE

    Transfer a file named velos.log from the local host to the /home/jdoe/ directory at files.company.com, using the username jdoe:

    default-1# file export local-file log/velos.log remote-host files.company.com remote-file home/jdoe/velos.log username jdoe password
    Value for 'password' (<string>): *********
    result File transfer is initiated.(log/velos.log)
    
    

    file delete

    COMMAND file delete

    DESCRIPTION Delete a specified file from the chassis partition. You can use file delete only on files in the diags/shared directory.

    ARGUMENTS

    file-name <path-to-file>

    • type: string
    • description: File to be deleted.

    EXAMPLE

    Delete a specified QKView file from the system:

    default-1# file delete file-name diags/shared/qkview/default-76ee4321-786d-11eb-a48b-12345a000007-qkview.tar.gz
        result Deleting the file
    

    file transfer-status

    COMMAND file transfer-status

    DESCRIPTION Display the status of file transfer operations.

    ARGUMENTS

    file-name <path-to-file>

    • type: string
    • description: View the status of a specific file that you have transferred.

    EXAMPLE

    Check the status of file transfers:

    default-1-active# file transfer-status
    result
    S.No.|Operation  |Protocol|Local File Path                       |Remote Host            |Remote File Path              |Status
    1    |Import file|HTTPS   |/images/myfile.iso   |files.company.com      |images/myfile.iso             |In Progress (15.0%)
    

    file list

    COMMAND file list

    DESCRIPTION Display a list of directories and files in a specified path.

    ARGUMENTS

    path <filepath>

    • type: string
    • description: Path for which you want to view the included files and directories.

    EXAMPLE

    Display a list of files in /images:

    default-1# file list path images
    entries {
        name
    BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
    }
    

    file show

    COMMAND file show

    DESCRIPTION Display the contents of a specified file.

    ARGUMENTS

    <path-to-file>

    • type: string
    • description: File that you want to view.

    EXAMPLE

    Display the contents of the file log/velos.log:

    default-1# file show log/velos.log
    2021-02-26T18:23:05.160009+00:00 controller-1(p1) partition-bladesd[7]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
    2021-02-26T18:23:05.161038+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000002 msg="tcpdumpd-master starting" VERSION="1.3.18" DATE="Wed Feb 10 17:04:45 2021".
    2021-02-26T18:23:05.161047+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="/usr/bin/tcpdumpd_master".
    2021-02-26T18:23:05.161053+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="-r".
    2021-02-26T18:23:05.161057+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="1".
    2021-02-26T18:23:05.161062+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="-l".
    2021-02-26T18:23:05.161067+00:00 controller-1(p1) partition-bladesd[7]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
    ...
    

    file tail

    COMMAND file tail

    DESCRIPTION Display only the last 10 lines of a specified file.

    ARGUMENTS

    <path-to-file>

    • type: string
    • description: File that you want to view.

    -f

    • description: Display appended data as the file grows. Type Ctrl+C to cancel the operation.

    -n <number-of-lines>

    • description: Display a specific number of lines, instead of only the last 10 lines.

    EXAMPLES

    Display only the last 10 lines of log/velos.log:

    default-1# file tail log/velos.log
    2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    

    Display the last 10 lines of log/velos.log and keep appending output as the file grows:

    default-1# file tail -f log/velos.log
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    

    Display only the last five lines of log/velos.log:

    default-1# file tail -n 5 log/velos.log
    2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
    

    images remove

    COMMAND images remove

    DESCRIPTION Remove tenant image.

    ARGUMENTS

    name <image-name>.bundle

    • type: string
    • description: Name of the .bundle image file.

    EXAMPLE

    Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle:

    partition1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
    result Successful.
    

    interfaces interface

    COMMAND interfaces interface

    DESCRIPTION Configure network interface attributes.

    ARGUMENTS

    config name <name>

    • type: string
    • description: The name of the interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config description <description>

    • type: string
    • description: The description of the interface.

    config enabled

    • type: boolean
    • description: The configured, desired state of the interface. This field can be set only to ieee8023adLag when creating LAG interfaces.

    config type <type>

    • type: identityref
    • description: The type of the interface.

    EXAMPLE

    Configure a description for interface 1.0 on blade-1 and verify that it was configured correctly:

    default-1(config)# interfaces interface 1/1.0 config description "40G Link"
    default-1(config-interface-1/1.0)# commit
    Commit complete.
    default-1(config-interface-1/1.0)# exit
    default-1(config)# exit
    default-1# show running-config interfaces interface 1/1.0 config
    interfaces interface 1/1.0
     config name 1/1.0
     config type ethernetCsmacd
     config description "40G Link"
     config enabled
    !
    

    interfaces interface <lag-name> aggregation config

    COMMAND interfaces interface <lag-name> aggregation config

    DESCRIPTION Configure LAGs and their attributes.

    ARGUMENTS

    lag-type { STATIC | LACP }

    • type: aggregation-type
    • description: Link aggregation type.

    distribution-hash { dst-mac | src-dst-ipport | src-dst-mac }

    • type: enumeration.
    • description: Supported load balancing hash values. Available options are:
      • src-dst-ipport
      • dst-mac
      • src-dst-ipport
      • src-dst-mac

    switched-vlan config native-vlan <vlan-id>

    • type: unsignedShort
    • description: The native VLAN id for untagged frames arriving on a trunk interface. The range is from 1 to 4094.

    switched-vlan config trunk-vlans <vlan-ids>

    • type: list of unsignedShort
    • description: VLANs that the LAG members may carry. The range is from 1 to 4094.

    EXAMPLE

    Create a LAG named test-lag that uses dst-mac for the hash, assign trunk VLAN IDs 99 and 101, and then verify that it was configured correctly:

    default-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
    default-1(config)# commit
    default-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans { 99 101 }
    default-1(config)# commit
    
    default-1# show running-config interfaces interface test-lag aggregation switched-vlan config
    interfaces interface test-lag
     aggregation switched-vlan config trunk-vlans { 99 101 }
    !
    

    interfaces interface <interface-name> ethernet

    COMMAND interfaces interface ethernet

    DESCRIPTION Configure physical interfaces attributes.

    ARGUMENTS

    config aggregate-id <aggregate-interface>

    • type: leafref
    • description: The logical aggregate interface (LAG) to which this interface belongs. The user is prompted with a list of configured LAGs.

    switched-vlan config native-vlan

    • type: unsignedShort
    • description: The native VLAN id for untagged frames arriving on the Ethernet interface. The range is from 1 to 4094.

    switched-vlan config trunk-vlans

    • type: list of unsignedShort
    • description: VLANs that the Ethernet interface can carry. The range is from 1 to 4094.

    lacp config system-priority

    COMMAND lacp config system-priority

    DESCRIPTION System priority and system MAC are combined as system-id, which is required by the LACP protocol. Each partition has a system mac which is not configurable. The default system priority is 32768.

    ARGUMENTS

    <priority>

    • type: unsignedShort
    • description: System priority used by the node on this LAG interface. A lower value indicates higher priority for determining which node is the controlling system.

    EXAMPLES

    Configure system priority to be 1000:

    default-1(config)# lacp config system-priority 1000
    

    lacp interfaces interface

    COMMAND lacp interfaces interface

    DESCRIPTION

    Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.

    ARGUMENTS

    interval { FAST | SLOW }

    • description: The interval at which interfaces send LACP packets. Set the interval to FAST to have packets sent every second. Set the interval to SLOW to have packets sent every 30 seconds.

    lacp-mode { ACTIVE | PASSIVE }

    • description: Set to PASSIVE to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.

    EXAMPLES

    Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:

    default-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
    

    Create a LAG interface named lag1 with the type ieee8023adLag:

    default-1(config)# interfaces interface lag1 config type ieee8023adLag; commit
    

    Enable LACP on a LAG interface named lag1:

    default-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
    

    Create an LACP interface named lag1 with default parameters (internal is set to SLOW, lacp-mode is set to ACTIVE):

    default-1(config)# lacp interfaces interface lag1 config name lag1; commit
    

    Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1:

    default-1(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
    default-1(config)#  interfaces interface 1/2.0 ethernet config aggregate-id lag1
    default-1(config)#  commit
    

    Attach VLANs 1000 and 1001 to a LAG interface named lag1:

    default-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans { 1000 1001 }
    default-1(config)# commit
    

    lldp config

    COMMAND lldp config

    DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.

    ARGUMENTS

    enabled

    • type: boolean
    • description: Enable LLDP on the system.

    disabled

    • type: boolean
    • description: Disable LLDP on the system.

    max-neighbors-per-port <neighbors>

    • type: unsignedShort
    • description: Maximum number of LLDP neighbors per port. The default value is 10.

    reinit-delay <delay>

    • type: unsignedShort
    • description: System delay time to re-initialize LLDP data unit (LLDPDU). The default value is 2.

    system-description <description>

    • type: string
    • description: System description for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

    system-name <name>

    • type: string
    • description: System name for LLDP. The minimum length is 0 characters, and the maximum length is 255 characters.

    tx-delay <delay>

    • type: unsignedShort
    • description: System delay time to transmit LLDPDU. The default value is 2.

    tx-hold <hold>

    • type: unsignedShort
    • description: System hold time to transmit LLDPDU. The default value is 4.

    tx-interval <interval>

    • type: unsignedShort
    • description: System interval to transmit LLDPDU. The range is from 5 to 32768. The default value is 30.

    EXAMPLE

    Configure a system-description for LLDP and verify that it was configured correctly:

    default-1(config)# lldp config system-description "Test system description"
    default-1(config)# commit
    Commit complete.
    default-1(config)# exit
    default-1# show running-config lldp config
    lldp config enabled
    lldp config system-description "Test system description"
    lldp config tx-interval 30
    lldp config tx-hold    4
    lldp config reinit-delay 2
    lldp config tx-delay   2
    lldp config max-neighbors-per-port 10
    

    lldp interfaces interface

    COMMAND lldp interfaces interface

    DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) for an interface.

    ARGUMENTS

    <interface-name> config name <interface-name>

    type: string description: The name of the interface. The minimum length is 1 character, and the maximum length is 63 characters.

    EXAMPLE

    Create an LLDP interface:

    default-1(config)# lldp interfaces interface 1/1.0 config name 1/1.0
    

    lldp interfaces interface <interface-name> config

    COMMAND lldp interfaces interface <interface-name> config

    DESCRIPTION Configure LLDP attributes for an interface.

    ARGUMENTS

    name <name>

    • type: string
    • description: The name of the LLDP interface. The minimum length is 1 character, and the maximum length is 63 characters.

    enabled

    • type: boolean
    • description: Enable LLDP for the specified interface.

    disabled

    • type: boolean
    • description: Disable LLDP for the specified interface.

    tlv-advertisement-state { none | txonly | rxonly | txrx }

    • type: lldp-tlv-advertisement-direction, default: txrx
    • description:LLDP PDU direction for LLDP Type-Length-Value (TLV) advertisement.

    tlvmap <tlvmap_bit>

    • type: lldp-tlvmap-bits
    • description: Bitmap to define the LLDP TLV to be transmitted. Available options are:
      • chassis-id
      • link-aggregation
      • macphy
      • management-address
      • mfs
      • port-description
      • port-id
      • power-mdi
      • ppvid
      • product-model
      • protocol-identity
      • pvid
      • system-capabilities
      • system-description
      • system-name
      • ttl
      • vlan-name

    EXAMPLE

    Configure a tlv-advertisement-state for LLDP interface 1.0 on blade-1 and verify that it was configured correctly:

    default-1(config)# lldp interfaces interface 1/1.0 config tlv-advertisement-state txrx
    default-1(config-interface-1/1.0)# commit
    Commit complete.
    default-1(config-interface-1/1.0)# top
    default-1(config)# exit
    default-1# show running-config lldp interfaces interface 1/1.0
    lldp interfaces interface 1/1.0
     config name             1/1.0
     config enabled
     config tlv-advertisement-state txrx
     config tlvmap           chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
    !
    

    portgroups portgroup

    COMMAND portgroups portgroup

    DESCRIPTION Configure port group attributes.

    ARGUMENTS

    <portgroup> config name <name>

    • type: string
    • description: The name of the port group.

    <portgroup> config mode { MODE_4x10GB | MODE_4x25GB | MODE_40GB | MODE_100GB }

    • type: enumeration
    • description: The mode of the port group. All port groups on a blade must be configured with the same mode. Changing to a different mode will restart the blade. These are the valid values for this argument:
      • MODE_100GB
      • MODE_4x25GB
      • MODE_40GB
      • MODE_4x10GB

    <portgroup> config ddm ddm-poll-frequency <frequency>

    • type: unsignedInt
    • description: DDM polling frequency in seconds. Set to 0 (zero) to disable the polling.

    EXAMPLE

    Configure a port group on blade-1 to use a DDM polling frequency of 20 seconds:

    default-1(config)# portgroups portgroup 1/1 config ddm ddm-poll-frequency 20
    ---
    
    Configure the port mode on blade 1 to be MODE_40GB:
    
    ---
    default-1(config-portgroup-1/1)# portgroups portgroup 1/2 config mode MODE_40GB
    default-1(config-portgroup-1/2)# commit
    The following warnings were generated:
      'portgroups portgroup': Blade(s) 1 will reboot
    Proceed? [yes,no] no
    

    qos global-setting

    COMMAND qos global-setting

    DESCRIPTION Configure whether Quality of Service (QOS) is disabled or enabled for either 802.1p or DSCP.

    ARGUMENTS

    config status { QoS-disabled | 8021P-enabled | DSCP-enabled }

    • type: enumeration
    • description: Select whether to disable QoS or enable either 802.1p or DSCP.

    EXAMPLE

    Enable QOS for DSCP:

    default-1(config)# qos global-setting config status DSCP-enabled
    

    qos global-setting config mapping-8021p

    COMMAND qos global-setting config mapping-8021p

    DESCRIPTION Configure traffic priorities for 802.1p values.

    ARGUMENTS

    default-traffic-priority <traffic-priority-name>

    • type: string
    • description: Set a traffic priority to be the default for all unmapped 802.1p values.

    traffic-priority <traffic-priority-name> value <list-of-values>

    • type: unsignedByte
    • description: Map a traffic priority to a list of 802.1p values. The range is from 0 to 7.

    EXAMPLE

    Create a traffic priority for VOIP traffic to numeric priority 7:

    default-1(config)# qos global-setting config mapping-8021p traffic-priority VOIP value 7
    

    qos global-setting config mapping-DSCP

    COMMAND qos global-setting config mapping-DSCP

    DESCRIPTION Configure traffic priorities for DSCP values.

    ARGUMENTS

    default-traffic-priority <traffic-priority-name>

    • type: string
    • description: Set a traffic priority to be the default for all unmapped DSCP values.

    traffic-priority <traffic-priority-name> value <list-of-values>

    • type: unsignedByte
    • description: Map a traffic priority to a list of DSCP values. The range is from 0 to 63.

    qos global-setting config traffic-priorities traffic-priority

    COMMAND qos global-setting config traffic-priorities traffic-priority

    DESCRIPTION Create traffic priorities

    ARGUMENTS

    <traffic-priority-name>

    • type: string
    • description: User-specified name for a QoS traffic priority.

    EXAMPLE

    Create a traffic priority named VOIP:

    default-1(config)# qos global-setting config traffic-priorities traffic-priority VOIP
    

    qos meter-setting config interfaces interface

    COMMAND qos meter-setting config interfaces interface

    DESCRIPTION Map a meter group for a selected interface.

    ARGUMENTS

    <interface-name> meter-group <meter-group-name>

    • type: string
    • description: Assign a physical interface or a LAG interface name to a specified meter group.

    EXAMPLE

    Assign port 1/1.0 to a meter group named mg1:

    default-1(config)# qos meter-setting config interfaces interface 1/1.0 meter-group mg1
    

    qos meter-setting config meter-groups meter-group

    COMMAND qos meter-setting config meter-groups meter-group

    DESCRIPTION Create a meter group.

    ARGUMENTS

    <name> meters traffic-priority <traffic-priority-name> weight <value>

    • type: string
    • description: Create a meter group with a specified name for the meter group, a specified traffic priority name, and map a traffic priority to a weight.

    EXAMPLE

    Create a meter group named mg1 and assign weights to a traffic priority named VOIP:

    default-1(config)# qos meter-setting config meter-groups meter-group mg1 meters traffic-priority VOIP weight 120
    

    stp

    COMMAND stp

    DESCRIPTION Configure Spanning Tree Protocol (STP) on the system.


    stp global config enabled-protocol

    COMMAND stp global config enabled-protocol

    DESCRIPTION Configures whether Spanning Tree Protocol (STP) is enabled on the partition. If empty, STP is disabled. There can be only one spanning tree protocol enabled at a time. When configuring anything for stp stp, stp rstp, or stp mstp, ensure that the respective protocol has been configured as the global enabled-protocol.

    When any spanning-tree protocol is configured, all interfaces in the partition not configured for the respective spanning-tree protocol will be blocked to avoid broadcast storms. Deleting the enabled-protocol removes the blocking state.

    ARGUMENTS

    { MSTP | RAPID_PVST | RSTP | STP }

    • description: The global STP protocol enabled on the partition.

    EXAMPLE

    Enable STP as the as the global STP protocol and verify that it was configured correctly:

    default-1(config)# stp global config enabled-protocol { STP } ; commit
    Commit complete.
    default-1(config)# show full-configuration stp global
    stp global config enabled-protocol { STP }
    

    Enable RSTP as the as the global STP protocol and verify that it was configured correctly:

    default-1(config)# stp global config enabled-protocol { RSTP } ; commit
    Commit complete.
    default-1(config)# show full-configuration stp global
    stp global config enabled-protocol { RSTP }
    

    Enable MSTP as the as the global STP protocol and verify that it was configured correctly:

    default-1(config)# stp global config enabled-protocol { MSTP } ; commit
    Commit complete.
    default-1(config)# show full-configuration stp global
    stp global config enabled-protocol { MSTP }
    

    Disable STP on the partition:

    default-1(config)# no stp global config enabled-protocol ; commit
    Commit complete.
    default-1(config)# show full-configuration stp global
    % No entries found.
    

    stp interfaces interface

    COMMAND stp interfaces interface

    DESCRIPTION Configure specific STP features for an interface.

    ARGUMENTS

    <interface> config edge-port { EDGE_ENABLE | EDGE_DISABLE | EDGE_AUTO }

    • type: enumeration
    • description: Set the interface as an edge port. This transitions the port automatically to the spanning tree forwarding state without passing through the blocking or learning states.

    <interface> config link-type { P2P | SHARED }

    • type: enumeration
    • description: Set the interface link type. Available options are:
      • P2P: Use the optimizations for point-to-point spanning tree links. Point-to-point links connect two spanning tree bridges only.
      • SHARED: Use the optimizations for shared spanning tree links. Shared links connect two or more spanning tree bridges.

    <interface> config name <name>

    • type: string
    • description: Set a reference to the STP Ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    stp mstp config

    COMMAND stp mstp config

    DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.

    ARGUMENTS

    forwarding-delay <time-in-seconds>

    • type: unsignedByte
    • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)) F5 recommends keeping the default value. The range is from 4 to 30 seconds.

    hello-time <time-in-seconds>

  • type: unsignedByte
  • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.
  • hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of PortFast Bridge Protocol Data Units (BPDUs) per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 10 BPDUs.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    max-hop <number-of-hops>

    • type: unsignedByte
    • description: The max hop determines the number of bridges in an MST region that a BPDU can traverse before it is discarded. F5 recommends keeping the default value. The range is from 1 to 255 hops.

    name

    • type: string
    • description: The Configuration Name in the MST Configuration Identifier. The minimum length is 1 character, and the maximum length is 32 characters.

    revision

    • type: unsignedInt
    • description: The Revision Level in the MST Configuration Identifier.

    EXAMPLES

    Configure MSTP named my-region with a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per second, a revision level of 1, and a maximum hop of 21 hops, and then verify that it was configured correctly:

    default-1(config)# stp mstp config forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 name my-region revision 1 max-hop 21 ; commit
    Commit complete.
    default-1(config)# show full-configuration stp mstp config
    stp mstp config name my-region
    stp mstp config revision 1
    stp mstp config max-hop 21
    stp mstp config hello-time 3
    stp mstp config max-age 21
    stp mstp config forwarding-delay 16
    stp mstp config hold-count 7
    

    stp mstp mst-instances mst-instance

    COMMAND stp mstp mst-instances mst-instance

    DESCRIPTION Configure a specific MST instance.

    ARGUMENTS

    <instance>

    • type: unsignedShort,
    • description: MST instance. The range is from 1 to 4094.

    config bridge-priority { 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 }

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    config mst-id <mst-identifier>

    • type: unsignedShort
    • description: In an MSTP Bridge, an MSTID, that is, a value used to identify a spanning tree (or MST) instance. The range is from 1 to 4094.

    config vlan <vlan-identifier>

    • type: list
    • description: List of VLANs mapped to the MST instance. The range is from 1 to 4094.

    EXAMPLE

    Configure MST instance 5 with a bridge priority of 36864, MST identifier of 5, and mapped to VLANs 100 and 101, and then verify that it was configured correctly:

    default-1(config)# stp mstp mst-instances mst-instance 5 config bridge-priority 36864 mst-id 5 vlan { 100 101 }
    default-1(config-mst-instance-5)# commit
    Commit complete.
    default-1(config-mst-instance-5)# show full
    stp mstp mst-instances mst-instance 5
    config mst-id 5
    config vlan { 100 101 }
    config bridge-priority 36864
    !
    

    stp mstp mst-instances mst-instance {mst-id} interfaces interface


    COMMAND stp mstp mst-instances mst-instance {mst-id} interfaces interface

    DESCRIPTION Configure data for MSTP on each interface. Must be configured in conjunction with an STP interface

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure MST instance 5 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    default-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1/1.0
    config name 1/1.0
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    default-1(config)# stp mstp mst-instances mst-instance 5 interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
    Commit complete.
    default-1(config-interface-1/1.0)# top
    default-1(config)# show full-configuration stp mstp mst-instances mst-instance 5
    stp mstp mst-instances mst-instance 5
    config mst-id 5
    config vlan { 100 101 }
    config bridge-priority 36864
    interfaces interface 1/1.0
    config name 1/1.0
    config cost 100
    config port-priority 128
    !
    

    stp rstp config

    COMMAND stp rstp config

    DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the RSTP protocol.

    ARGUMENTS

    bridge-priority { 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 }

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    forwarding-delay <time-in-seconds>

    • type: unsignedByte
    • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 4 to 30 seconds.

    hello-time <time-in-seconds>

    • type: unsignedByte
    • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.

    hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of BPDUs per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 30 BPDUs per second.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    EXAMPLES

    Configure RSTP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds,and a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:

    default-1(config)# stp rstp config bridge-priority 36864 forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 ; commit
    Commit complete.
    default-1(config)# show full-configuration stp rstp config
    stp rstp config hello-time 3
    stp rstp config max-age 21
    stp rstp config forwarding-delay 16
    stp rstp config hold-count 7
    stp rstp config bridge-priority 36864
    

    stp rstp interfaces interface

    COMMAND stp rstp interfaces interface

    DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure RSTP instance 1/1.0 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    default-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1/1.0
    config name 1/1.0
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    default-1(config)# stp rstp interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
    Commit complete.
    default-1(config-interface-1/1.0)# show full
    stp rstp interfaces interface 1/1.0
    config name 1/1.0
    config cost 100
    config port-priority 128
    !
    

    stp stp config

    COMMAND stp stp config bridge-priority

    DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.

    ARGUMENTS

    bridge-priority { 0 | 4096 | 8192 | 12288 | 16384 | 20480 | 24576 | 28672 | 32768 | 36864 | 40960 | 45056 | 49152 | 53248 | 57344 | 61440 }

    • type: unsignedInt
    • description: The manageable component of the Bridge Identifier. F5 recommends configuring bridge-priority to a high value so that this device does not become the root bridge.

    forwarding-delay <time-in-seconds>

    • type: unsignedByte
    • description: The delay used by STP bridges to transition root and designated ports to forwarding. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 4 to 30 seconds.

    hello-time <time-in-seconds>

    • type: unsignedByte
    • description: The interval between periodic transmissions of configuration messages by designated ports. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 1 to 10 seconds.

    hold-count <bpdus-per-second>

    • type: unsignedByte
    • description: The maximum number of BPDUs per second that the switch can send from an interface. F5 recommends keeping the default value. The range is from 1 to 30 BPDUs per second.

    max-age <time-in-seconds>

    • type: unsignedByte
    • description: The maximum age of the information transmitted by the bridge when it is the root bridge. Must follow restriction ((2 _ hello-time + 1) <= max-age) AND (max-age <= 2 _ (forwarding-delay - 1)). F5 recommends keeping the default value. The range is from 6 to 40 seconds.

    EXAMPLES

    Configure STP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds,and a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:

    default-1(config)# stp stp config bridge-priority 36864 forwarding-delay 16 hello-time 3 hold-count 7 max-age 21 ; commit
    Commit complete.
    default-1(config)# show full-configuration stp stp config
    stp stp config hello-time 3
    stp stp config max-age 21
    stp stp config forwarding-delay 16
    stp stp config hold-count 7
    stp stp config bridge-priority 36864
    

    stp stp interfaces interface

    COMMAND stp stp interfaces interface

    DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.

    ARGUMENTS

    <interface>

    • description: The STP interface.

    config cost

    • type: unsignedInt
    • description: The port's contribution, when it is the Root Port, to the Root Path Cost for the Bridge. The range is from 0 to 200000000.

    config name <name>

    • type: string
    • description: Reference to the STP ethernet interface. The minimum length is 1 character, and the maximum length is 63 characters.

    config port-priority <priority>

    • type: unsignedByte
    • description: The manageable component of the Port Identifier, also known as port (or interface) priority. Configure in increments of 16. The range is from 1 to 240.

    EXAMPLE

    Configure STP instance 1/1.0 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:

    default-1(config)# show full-configuration stp interfaces
    stp interfaces interface 1/1.0
    config name 1/1.0
    config edge-port EDGE_AUTO
    config link-type P2P
    !
    default-1(config)# stp stp interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
    Commit complete.
    default-1(config-interface-1/1.0)# show full
    stp stp interfaces interface 1/1.0
    config name 1/1.0
    config cost 100
    config port-priority 128
    !
    

    system aaa authentication config authentication-method

    COMMAND system aaa authentication config authentication-method

    DESCRIPTION Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.

    ARGUMENTS

    { LDAP_ALL | LOCAL | RADIUS_ALL | TACACS_ALL }

    • type: enumeration
    • description: Available authentication methods. You can set one or more types. The system attempts authentication in the order configured here.

    EXAMPLE

    Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password):

    default-1(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }
    

    system aaa authentication ldap active_directory

    COMMAND system aaa authentication ldap active_directory

    DESCRIPTION Specify whether to enable LDAP Active Directory (AD) on the chassis partition.

    ARGUMENTS

    { false | true }

    • type: enumeration
    • description Set to true to enable LDAP AD or false to disable it. The default value is false.

    EXAMPLE

    Enable LDAP AD on the system:

    default-1-active(config)# system aaa authentication ldap active_directory true
    

    system aaa authentication ldap base

    COMMAND system aaa authentication ldap base

    DESCRIPTION Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-name>

    • type: list of string
    • description: The distinguished name from which to start the search for the LDAP user. The default format is: 1 - 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    Search for a specified distinguished name:

    default-1(config)# system aaa authentication ldap base dc=xyz,dc=com
    default-1(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }
    
    

    system aaa authentication ldap bind_timelimit

    COMMAND system aaa authentication ldap bind_timelimit

    DESCRIPTION Specify a maximum amount of time to wait for LDAP authentication to return a result.

    ARGUMENTS

    <value-in-seconds>

    • type: unsignedShort
    • description: The maximum bind time limit, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum bind time limit of 60 seconds:

    default-1(config)# system aaa authentication ldap bind_timelimit 60
    

    system aaa authentication ldap binddn

    COMMAND system aaa authentication ldap binddn

    DESCRIPTION Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.

    ARGUMENTS

    <dn-acct-info>

    • type: string
    • description: The account that is allowed to search the base DN. The default format is: 1 - 255 alphanumeric characters. Allowed special characters include: = . , -

    EXAMPLE

    Set the distinguished name of a specified account for searching the base DN:

    default-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
    

    system aaa authentication ldap bindpw

    COMMAND system aaa authentication ldap bindpw

    DESCRIPTION Specify the password of the search account identified in binddn.

    ARGUMENTS

    <password>

    • type: AES encrypted string
    • description: The password for the search account on the LDAP server. This option is required if you enter a value for the binddn option. The default value is none.

    EXAMPLE

    Specify a password for the search account on the LDAP server:

    default-1(config)# system aaa authentication ldap bindpw <password\>
    

    system aaa authentication ldap idle_timelimit

    COMMAND system aaa authentication ldap idle_timelimit

    DESCRIPTION Configure the maximum amount of time before the LDAP connection can be inactive before it times out.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The maximum idle timeout, in seconds. The default value is 30.

    EXAMPLE

    Set a maximum idle timeout of 60 seconds:

    default-1(config)# system aaa authentication ldap idle_timelimit 60
    

    system aaa authentication ldap ldap_version

    COMMAND system aaa authentication ldap ldap_version

    DESCRIPTION Specify the LDAP protocol version number.

    ARGUMENTS

    <version-number>

    • type: unsignedByte, 1 .. 3
    • description: The protocol version number for the LDAP server. The default value is 3.

    EXAMPLE

    Specify that LDAPv3 is used for the LDAP server:

    default-1(config)# system aaa authentication ldap ldap_version 3
    

    system aaa authentication ldap ssl

    COMMAND system aaa authentication ldap ssl

    DESCRIPTION Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.

    ARGUMENTS

    on

    • type: string
    • description: Enable TLS to secure all connections.

    off

    • type: string
    • description: Disable TLS to secure all connections.

    start_tls

    • type: string
    • description: Start a connection in unencrypted mode on a port configured for plain text and negotiates TLS/SSL encryption with the client. If selected, it is used rather than raw LDAP over SSL.

    EXAMPLE

    Specify that TLS is enabled for all connections:

    default-1(config)# system aaa authentication ldap ssl on
    

    system aaa authentication ldap timelimit

    COMMAND system aaa authentication ldap timelimit

    DESCRIPTION Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.

    ARGUMENTS

    <number-of-seconds>

    • type: unsignedShort
    • description: The time limit, in seconds, used for LDAP searches.

    EXAMPLE

    Specify a maximum time limit of 60 seconds for LDAP searches.

    default-1(config)# system aaa authentication ldap timelimit 60
    

    system aaa authentication ldap tls_cacert

    COMMAND system aaa authentication ldap tls_cacert

    DESCRIPTION Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The PEM-formatted X.509 certificate (self-signed or from a CA). The default value is none.

    EXAMPLE

    Specify a certificate for authenticating the TLS connection:

    default-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_cert

    COMMAND system aaa authentication ldap tls_cert

    DESCRIPTION Specify the file that contains the certificate for the client's key.

    ARGUMENTS

    <path-to-cacert>

    • type: string
    • description: The file that contains the certificate.

    EXAMPLE

    Specify a file that contains the certificate for a client's key:

    default-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
    

    system aaa authentication ldap tls_ciphers

    COMMAND system aaa authentication ldap tls_ciphers

    DESCRIPTION Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.

    The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

    ARGUMENTS

    <cipher-suite>

    • type: string
    • description: The cipher suite for the TLS library in use.

    EXAMPLE

    Specify the cipher suite for the TLS library in use:

    default-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
    

    system aaa authentication ldap tls_key

    COMMAND system aaa authentication ldap tls_key

    DESCRIPTION Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    ARGUMENTS

    <path-to-file>

    • type: AES encrypted string
    • description: The file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert command.

    system aaa authentication ldap tls_reqcert

    COMMAND system aaa authentication ldap tls_reqcert

    DESCRIPTION Specify what checks to perform on certificates in a TLS session. The default value is never.

    ARGUMENTS

    never

    • type: string
    • description: This level indicates that a certificate is not required. This is the default level.

    allow

    • type: string
    • description: This level indicates that a certificate is requested. If none is provided, the session proceeds normally. If a certificate is provided, but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided.

    try

    • type: string
    • description: This level indicates that a certificate is requested. If no certificate is provided, the session proceeds normally. If a certificate is provided, and it cannot be verified, the session is terminated immediately.

    { demand | hard }

    • type: string
    • description: This level indicates that a certificate is requested and a valid certificate must be provided, otherwise the session is terminated immediately.

    EXAMPLE

    Specify that a certificate is not required for a TLS session:

    default-1(config)# system aaa authentication ldap tls_reqcert never
    

    system aaa authentication roles role

    COMMAND system aaa authentication roles role

    DESCRIPTION Specify the primary role assigned to the user.

    ARGUMENTS

    config gid

    • type: unsignedInt
    • description: The assigned system group ID for the role.

    config rolename

    • type: string
    • description: The assigned role name for the role; must comply with Linux naming policies.

    config users

    • type: list of strings
    • description: The roles assigned to the user.

    EXAMPLE

    Configure which rolename and system group ID is used for a specified role:

    default-1(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>
    

    system aaa authentication users user

    COMMAND system aaa authentication users user

    DESCRIPTION Configure options for users.

    ARGUMENTS

    config expiry-date <yyyy-mm-dd>

    • type: string
    • description: The date that you want the account to expire, in yyyy-mm-dd format. The default value is -1 (no expiration date). Use 1 to indicate expired.

    config last-change <yyyy-mm-dd>

    • type: int
    • description: The date that the the password was last changed, in yyyy-mm-dd format. Use 0 to force a password change.

    config role

    • type: string
    • description: The role to which the user is assigned.

    tally-count

    • type: unsignedInt
    • description: The number of login failures, excluding root and admin users.

    config username

    • type: string
    • description: The name of the user.

    config set-password

    • type: string
    • description: Used by admin roles to change the password for other users.

    config change-password

    • type: string
    • description: Used by non-admin users to change their own password. This requires that they know their old password.

    EXAMPLE

    Configure a user named jdoe so that the user must change their password at their next log in and indicated that the account has no expiration date:

    default-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
    

    system aaa password-policy config apply-to-root

    COMMAND system aaa password-policy config apply-to-root

    DESCRIPTION Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true), the system returns an error on failed check if the root user changing the password. If disabled (false), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.

    ARGUMENTS

    { false | true }

    • type: enumeration
    • description Set to true to enforce password policies even if it is the root user configuring passwords or false to disable it. The default value is false.

    system aaa password-policy config max-age

    COMMAND system aaa password-policy config max-age

    DESCRIPTION Configure the number of days that users can keep using the same password without changing it.

    ARGUMENTS

    max-age <days>

    • type: unsignedInt
    • description: The maximum number of days that a user can use the same password. The range of values is from 0 to 999999 days. Set to -1 to indicate that the password never expires.

    system aaa password-policy config max-login-failures

    COMMAND system aaa password-policy config max-login-failures

    DESCRIPTION Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.

    ARGUMENTS

    max-login-failures <number-of-failures>

    • type: unsignedInt
    • description: The maximum number of unsuccessful login attempts that are permitted before a user is locked out. The range of values is from 0 to 65535.

    system aaa password-policy config min-length

    COMMAND system aaa password-policy config min-length

    DESCRIPTION Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9. If you want to allow passwords that are as short as 5 characters, you should not use min-length.

    ARGUMENTS

    min-length <size>

    • type: unsignedInt
    • description: The minimum length of new passwords. The range of values is from 6 to 255.

    system aaa password-policy config reject-username

    COMMAND system aaa password-policy config reject-username

    DESCRIPTION Check whether the user name is contained in the new password, either in straight or reversed form. If it is found, the new password is rejected.

    ARGUMENTS

    { false | true }

    • type: enumeration
    • description: Set to false to allow the user name in a new password or true to reject new passwords that contain the user name in some form. The default value is false.

    system aaa password-policy config required-differences

    COMMAND system aaa password-policy config required-differences

    DESCRIPTION Configure the number of character changes that are required in the new password that differentiate it from the old password.

    ARGUMENTS

    <number-of-diffs>

    • type: unsignedInt
    • description: The number of character changes required in a new password to differentiate it from the old password. The range is from 0 to 127. The default value is 5.

    system aaa password-policy config required-lowercase

    COMMAND system aaa password-policy config required-lowercase

    DESCRIPTION Configure the minimum number of lowercase character required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of lowercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-numeric

    COMMAND system aaa password-policy config required-numeric

    DESCRIPTION Configure the minimum number of numeric characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of numeric characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-special

    COMMAND system aaa password-policy config required-special

    DESCRIPTION Configure the minimum number of numeric characters required for a password. minimum number of special characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of special characters required for a password. The range is from 0 to 127.

    system aaa password-policy config required-uppercase

    COMMAND system aaa password-policy config required-uppercase

    DESCRIPTION Configure the minimum number of numeric characters required for a password. minimum number of uppercase characters required for a password.

    ARGUMENTS

    <number-of-chars>

    • type: unsignedInt
    • description: The minimum number of uppercase characters required for a password. The range is from 0 to 127.

    system aaa password-policy config retries

    COMMAND system aaa password-policy config retries

    DESCRIPTION Configure the number of retries allowed when user authentication is unsuccessful.

    ARGUMENTS

    <number-of-retries>

    • type: unsignedInt
    • description: The number of retries allowed after unsuccessful user authentication. The range is from 0 to 127.

    system aaa password-policy config root-lockout

    COMMAND system aaa password-policy config root-lockout

    DESCRIPTION Configure whether the root account can be locked out after unsuccessful login attempts.

    ARGUMENTS

    • type: enumeration
    • description: Set to false to disable root lockout after a number of unsuccessful login attempts or true to enable it. The default value is false.

    system aaa password-policy config root-unlock-time

    COMMAND system aaa password-policy config root-unlock-time

    DESCRIPTION Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful root user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa password-policy config unlock-time

    COMMAND system aaa password-policy config unlock-time

    DESCRIPTION Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.

    ARGUMENTS

    <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time (in seconds) after unsuccessful user authentication before the user can retry logging in. The range is from 0 to 999999 seconds.

    system aaa server-groups server-group

    COMMAND system aaa server-groups server-group

    DESCRIPTION Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.

    ARGUMENTS

    RADIUS Server

    auth-port <port-number>
    • description: The UDP destination port on the server for authentication requests.

    secret-key <key>

    • description: A shared secret key that provides security for communication between the system and AAA server.

    timeout <time-in-seconds>

    • description: The time interval to wait for the server to reply before resending. The valid values are from 1 to 9 seconds. The default value is 3 (seconds).

    LDAP Server

    auth-port <port-number>
    • description: The UDP destination port on the server for authentication requests. The default value is 389.

    type { LDAP | RADIUS | TACACS }

    • description: The authentication server type. The default value is LDAP (LDAP over TCP).

    EXAMPLE

    Create a server group named radius-test of type RADIUS, assign a specific RADIUS server with the group, and then configure a secret key:

    default-1(config)# system aaa server-groups server-group radius-test
    default-1(config-server-group-radius-test)# config type RADIUS
    default-1(config-server-group-radius-test)# config name radius-test
    default-1(config-server-group-radius-test)# commit
    Commit complete.
    default-1(config-server-group-radius-test)#
    default-1(config)# system aaa server-groups server-group radius-test servers server 192.0.2.10 config address 192.0.2.10
    default-1(config-server-192.0.2.10)# radius config <tab>
    Possible completions:
      auth-port  secret-key  timeout
    default-1(config-server-192.0.2.10)# radius config secret-key radius-key'
    default-1(config-server-192.0.2.10)# commit
    

    Create a server group named ldap-test of type LDAP, assign a specific LDAP server with the group, and then set the LDAP type as LDAP over TCP:

    default-1(config)# system aaa server-groups server-group ldap-test
    default-1(config-server-group-ldap-test)# config type LDAP
    default-1(config-server-group-ldap-test)# config name ldap-test
    default-1(config-server-group-ldap-test)# commit
    Commit complete.
    default-1(config-server-group-ldap-test)#
    default-1(config)# system aaa server-groups server-group ldap-test servers server 192.0.2.10 config address 192.0.2.10
    default-1(config-server-192.0.2.10)# ldap config type ldap
    default-1(config-server-192.0.2.10)# commit
    

    system aaa tls config certificate

    COMMAND

        system aaa tls config certificate
    

    DESCRIPTION

    Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.

    ARGUMENTS

    <certificate>

    • type: string
    • description: Valid certificate content.

    EXAMPLE

    Add a certificate and key to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key , commit the changes:

    default-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    default-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    default-1(config)# commit
    Commit complete.
    

    system aaa tls config key

    COMMAND

        system aaa tls config key
    

    DESCRIPTION

    Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in DB storage.

    ARGUMENTS

    <key>

    • type: AES encrypted string
    • description: Valid key content.

    EXAMPLE

    Add a TLS key and certificate to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate:

    default-1(config)# system aaa tls config key
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    default-1(config)# system aaa tls config certificate
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    default-1(config)# commit
    Commit complete.
    

    system aaa tls crls crl

    COMMAND system aaa tls crls crl

    DESCRIPTION Configure a Certificate Revocation List Entry (CRL).

    ARGUMENTS

    string
    

    config name <name>

    • type: string
    • description: Name of CRL entry.

    config revocation-key <crl>

    • type: string
    • description: Specifies the PEM-encoded CRL. The minimum length is 1 character.

    EXAMPLE

    Add a new CRL to the system. When you press Enter, you will enter multi-line mode, at which point you can copy in the CRL key.

    syscon-2-active(config)# system aaa tls crls crl *crl Name*
    Value for 'config revocation-key' (<string>):
    [Multiline mode, exit with ctrl-D.]
    > ...
    
    syscon-2-active(config)# commit
    Commit complete.
    
    

    system aaa tls create-self-signed-cert

    COMMAND system aaa tls create-self-signed-cert

    DESCRIPTION Create an OpenSSL key for use with AAA/TLS.

    ARGUMENTS

    key-type { rsa | ecdsa }

    • type: enumeration
    • description: Key type to use with the self-signed certificate. Available options include RSA and ECDSA (Elliptic Curve Digital Signature Algorithm).

    key-size <key-size>

    • type: unsignedInt,
    • description: Size of key. The range is from 2048 to 8192 bytes.

    days-valid <number>

    • type: unsignedInt
    • description: The number of days for which a certificate is valid.

    curve-name <curve-type>

    • type: enumeration
    • description: The ECDSA curve type to use. The default value is secp521r1. Available options are:
      • SM2
      • brainpoolP160r1
      • brainpoolP160t1
      • brainpoolP192r1
      • brainpoolP192t1
      • brainpoolP224r1
      • brainpoolP224t1
      • brainpoolP256r1
      • brainpoolP256t1
      • brainpoolP320r1
      • brainpoolP320t1
      • brainpoolP384r1
      • brainpoolP384t1
      • brainpoolP512r1
      • brainpoolP512t1
      • prime192v1
      • prime192v2
      • prime192v3
      • prime239v1
      • prime239v2
      • prime239v3
      • prime256v1
      • secp112r1
      • secp112r2
      • secp128r1
      • secp128r2
      • secp160k1
      • secp160r1
      • secp160r2
      • secp192k1
      • secp224k1
      • secp224r1
      • secp256k1
      • secp384r1
      • secp521r1

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    store-tls { false | true }

    • type: enumeration
    • description: Set to true to store the self-signed certificate pair in the the system-aaa-tls-config or false to specify that it should not be stored.

    EXAMPLE

    Create a private key and self-signed certificate:

    default-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
    response
    -----BEGIN EC PRIVATE KEY-----
    MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
    BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
    QKbVuacd9H4cMj2tX/wyqVNePg==
    -----END EC PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
    EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
    CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
    MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
    Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
    Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
    A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
    DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
    zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
    /DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
    3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
    -----END CERTIFICATE-----
    

    system aaa tls create-csr

    COMMAND system aaa tls create-csr

    DESCRIPTION Create a certificate signing request (CSR).

    ARGUMENTS

    name <common-name>

    • type: string
    • description: Common name for the certificate. (for example, the server's hostname). The minimum length is 1 character, and the maximum length is 63 characters.

    organization <org-name>

    • type: string
    • description: Certificate originator organization name (for example, your company's name). The minimum length is 1 character, and the maximum length is 63 characters.

    unit <unit-name>

    • type: string
    • description: Organizational unit name (for example, IT). The minimum length is 1 character, and the maximum length is 31 characters.

    city <city-name>

    • type: string
    • description: City or locality name (for example, Seattle). The minimum length is 1 character, and the maximum length is 127 characters.

    region <region-name>

    • type: string
    • description: State, county, or region (for example, Washington). The minimum length is 1 character, and the maximum length is 127 characters.

    country <country-code>

    • type: string
    • description: Two-letter country code (for example, US). Length must be exactly 2 characters.

    email <email-address>

    • type: string
    • description: Email address for certificate contact. The minimum length is 1 character, and the maximum length is 255 characters.

    version <version-number>

    • type: unsignedShort
    • description: Version number for the certificate.

    EXAMPLE

    Create a CSR:

    system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
    response -----BEGIN CERTIFICATE REQUEST-----
    JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
    MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
    CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
    BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
    Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
    gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
    CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
    3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
    k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
    iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
    eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
    ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
    New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
    pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
    pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
    0ov+Osy2iA==
    -----END CERTIFICATE REQUEST-----
    

    system appliance-mode config

    COMMAND system appliance-mode config

    DESCRIPTION Configure whether appliance mode is enabled or disabled on the chassis partition. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:

    • System controller: Run system appliance-mode on the system controller.
    • Chassis partition: Run system appliance-mode on the chassis partition.
    • Tenant: Run tenants tenant <tenant-name\> config appliance-mode on the chassis partition.

    ARGUMENTS

    { disabled | enabled }

    • type: boolean
    • description: Specify enabled to enable appliance mode on the chassis partition. Specify disabled to disable it.

    EXAMPLE

    Enable appliance mode on the chassis partition and then verify that appliance mode is enabled:

    default-1(config)# system appliance-mode config enabled
    default-1(config)# commit
    default-1(config)# exit
    default-1# show system appliance-mode
    system appliance-mode state enabled
    

    Disable appliance mode on the chassis partition and then verify that appliance mode is disabled:

    default-1(config)# system appliance-mode config disabled
    default-1(config)# commit
    default-1(config)# exit
    default-1# show system appliance-mode state
    system appliance-mode state disabled
    

    system database config-backup

    COMMAND system database config-backup

    DESCRIPTION Generate a backup of the chassis partition configuration database as an XML file.

    ARGUMENTS

    name <filename>

    • type: string
    • description: The name of the backup file.

    proceed { no | yes }

    • type: boolean
    • description: Set to yes to overwrite the file if a file by that name exists or no to disable the file overwrite. The default value is no.

    EXAMPLE

    Create a backup file of the chassis partition configuration named backup-march2022 and overwrite it if a file by that name already exists:

    default-1(config)# system database config-backup name backup-march2021 proceed yes
    response Succeeded.
    

    system database config-restore

    COMMAND system database config-restore

    DESCRIPTION Restore the chassis partition configuration from an XML backup file.

    ARGUMENTS

    name

    • type: string
    • description: The name of the backup file.

    proceed { no | yes }

    • type: boolean
    • description: Set to yes to overwrite the file if a file by that name exists or no to disable the file overwrite. The default value is no.

    EXAMPLE

    Restore the chassis partition configuration from a backup file named backup-march2021:

    default-1(config)# system database config-restore name backup-march2021
    

    system database config reset-default-config

    COMMAND system database config reset-default-config

    DESCRIPTION Revert the chassis partition to the default configuration and clear any existing configuration information.

    ARGUMENTS

    reset-default-config { false | true }

    • type: boolean
    • description: Set to true to reset the configuration to the default or false to disable it. The default value is false.

    EXAMPLE

    Revert the chassis partition to the default configuration:

    default-1(config)# system database config reset-default-config true
    

    system diagnostics core-files list

    COMMAND system diagnostics core-files list

    DESCRIPTION List core files for the VELOS system.

    EXAMPLE

    List all core files on the system:

    syscon-1-active# system diagnostics core-files list
    files { controller-1:/var/shared/core/container/authd-1.core.gz controller-1:/var/shared/core/container/orchestration_m-1.core.gz controller-1:/var/shared/core/host/test-1.core.gz controller-2:/var/shared/core/container/test-1.core.gz controller-2:/var/shared/core/host/test-2.core.gz }
    

    system diagnostics core-files delete

    COMMAND system diagnostics core-files delete

    DESCRIPTION Delete core files from the VELOS system.

    ARGUMENTS

    files

    • type: list of strings
    • description: The controller number, path, and name of core files to be deleted. To delete more than one file, separate file names with a space.

    EXAMPLE

    Delete selected core files from the system:

    syscon-1-active# system diagnostics core-files delete files { controller-1:/var/shared/core/host/test-1.core.gz }
    

    system diagnostics ihealth config authserver

    COMMAND system diagnostics ihealth config authserver

    DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://api.f5.com/auth/pub/sso/login/ihealth-api.

    ARGUMENTS

    authserver

    • type: string
    • description: The FQDN for the authentication server.

    EXAMPLE

    Specify an authentication server for the iHealth service:

    default-1(config)# system diagnostics ihealth config authserver
    (<string>) (https://api.f5.com/auth/pub/sso/login/ihealth-api): https://api.f5networks.net/auth/pub/sso/login/ihealth-api
    

    system diagnostics ihealth config password

    COMMAND system diagnostics ihealth config password

    DESCRIPTION Specify the password used to log in to iHealth. This password is given in plain text, but will be encrypted when stored in the system.

    ARGUMENTS

    password

    • type: AES encrypted string
    • description: The password string for the iHealth user.

    EXAMPLE

    Specify a password to be used for logging in to iHealth:

    default-1(config)# system diagnostics ihealth config password
    (<AES encrypted string>): **********
    

    system diagnostics ihealth config server

    COMMAND system diagnostics ihealth config server

    DESCRIPTION Specify the iHealth service has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.

    ARGUMENTS

    server

    • type: string
    • description: The FQDN for the iHealth upload server.

    EXAMPLE

    Specify an upload server for the iHealth service:

    default-1(config)# system diagnostics ihealth config server  
    (<string>) (https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
    

    system diagnostics ihealth config username

    COMMAND system diagnostics ihealth config username

    DESCRIPTION Specify the username used to access the iHealth service.

    ARGUMENTS

    username

    • type: string
    • description: The username used for accessing the iHealth service.

    EXAMPLE

    Specify a user name to be used when logging in to iHealth:

    default-1(config)# system diagnostics ihealth config username
    (<string>) (user@company.com): user2@company.com
    

    system diagnostics ihealth upload

    COMMAND system diagnostics ihealth upload

    DESCRIPTION Initiate a qkview-file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.

    ARGUMENTS

    qkview-file

    • type: string
    • description: The name of the QKView file to be uploaded. Use the system diagnostics qkview list command to see a list of available files.

    Note: Be sure to add diags/shared/QKView/ as a prefix to the QKView file name.

    description

    • type: string
    • description: A short description of the QKView file. For example, "data path performance."

    service-request-number

    • type: string
    • description: The F5 service request number for F5 support. For example, 1-123134134 or C1231231.

    EXAMPLE

    Upload a file named diags/shared/qkview/test.qkview to iHealth:

    default-1# config
    default-1# system diagnostics ihealth upload qkview-file diags/shared/qkview/test.qkview description testing service-request-number C523232
    message HTTP/1.1 202 Accepted
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 30 Jun 2020 12:09:08 GMT
    Content-Length: 0
    

    system diagnostics ihealth cancel

    COMMAND system diagnostics ihealth cancel

    DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.

    ARGUMENTS

    upload-id

    • type: string
    • description: The upload-id that is returned when initiating an upload.

    EXAMPLE

    Cancel the QKView upload with an upload-id of iuw53AYW.

    default-1# config
    default-1# system diagnostics ihealth cancel upload-id iuw53AYW
    message HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Location: /support/ihealth/status/iuw53AYW
    Date: Tue, 30 Jun 2020 12:10:01 GMT
    Content-Length: 44
    

    system diagnostics qkview capture

    COMMAND system diagnostics qkview capture

    DESCRIPTION

    Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in a single directory, depending on where the QKView file is executed.

    If you request a QKView on a system controller or chassis partition, QKView files are stored in the host directory: diags/shared/qkview/.

    ARGUMENTS

    filename <name>

    • type: string
    • description: The name of the file to write the QKView data to. The default filename is *machine-name*.qkview.

    timeout <time-in-seconds>

    • type: int
    • description: The time in seconds after which to stop QKView collection. The default value is 0, which indicates no timeout.

    exclude-cores { false | true }

    • type: boolean
    • description: Set to true if core files should be excluded from QKView. The default value is false.

    maxcoresize <size-in-mb>

    • type: int
    • description: If this argument is specified, core files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value for maximum core size is 25 MB.

    maxfilesize <size-in-mb>

    • type: int
    • description: If this argument is specified, all files greater than this size (in MB) are excluded. The range is from 2 MB to 1000 MB. The default value for maximum file size is 500 MB.

    EXAMPLE

    Generate a QKView and name the file client-qkview.tar, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout:

    default-1# system diagnostics qkview capture filename client-qkview.tar exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
    result  Qkview file client-qkview.tar is being collected
    return code 200
    
    default-1# system diagnostics qkview status
    result  {"Busy":true,"Percent":6,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview.tar"}
    
    resultint 0
    
    default-1# system diagnostics qkview capture
    result  Qkview file controller-1.qkview is being collected
    return code 200
    
    resultint 0
    
    default-1# system diagnostics qkview capture filename tryagain.tar
    result  Qkview capture can not be initiated. Another Qkview capture is already in progress
    
    return code 429
    
    resultint -10
    
    

    system diagnostics qkview cancel

    COMMAND system diagnostics qkview cancel

    DESCRIPTION Cancel a QKView that is in progress.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Cancel the currently running QKView:

    default-1# system diagnostics qkview cancel
    result  Qkview with filename client-qkview.tar was canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview status

    COMMAND system diagnostics qkview status

    DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    View the status of the currently running QKView:

    default-1# system diagnostics qkview status
    result  {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
    
    resultint 0
    
    default-1# system diagnostics qkview status
    result  {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
    
    resultint 0
    

    system diagnostics qkview delete

    COMMAND system diagnostics qkview delete

    DESCRIPTION Delete a QKView file.

    ARGUMENTS

    filename

    • type: string
    • description: The name of file to delete.

    EXAMPLE

    Delete the QKView file named client-qkview.tar.canceled.

    default-1# system diagnostics qkview delete filename client-qkview.tar.canceled
    result  Deleted Qkview file client-qkview.tar.canceled
    return code 200
    
    resultint 0
    

    system diagnostics qkview list

    COMMAND system diagnostics qkview list

    DESCRIPTION Show a list of QKView files.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    List all QKView files on the system:

    default-1# system diagnostics qkview list
    result  {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2020-10-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2020-10-26T23:37:43.786269089Z","Size":668708104}]}
    
    resultint 0
    

    system logging host-logs

    COMMAND system logging host-logs

    DESCRIPTION Configure settings for sending host logs to remote logging servers.

    ARGUMENTS

    config files file <dir-or-file-name>

    • type: string
    • description: File or directory to be sent.

    config remote-forwarding { enabled | disabled }

    • type: enumeration
    • description: Specify enabled to enable remote forwarding of active node host logs. Specify disabled to disable it.

    config remote-forwarding enabled include-blades { 1 2 ... <n> }

    • description: If remote forwarding is enabled, specify that the specified non-active node(s) will forward host logs to the active node.

    config selectors selector <selector>

    • description: Specify the facility, or class of host messages, to forward. Any logs directed to these will be forwarded, provided that host-logs is enabled and a remote server configuration is present. Available options are:
      • ALL
      • AUDIT
      • AUTH
      • AUTHPRIV
      • CONSOLE
      • KERNEL
      • LOCAL0 LOCAL7
      • MAIL
      • NTP
      • SYSLOG
      • SYSTEM_DAEMON
      • USER

    EXAMPLES

    Enable remote forwarding:

    default-1-active(config)# system logging host-logs config remote-forwarding enabled
    

    Include non-active nodes (blade 1 and blade 2) when forwarding logs:

    default-1-active(config)# system logging host-logs config remote-forwarding include-blades { 1 2 }
    

    system logging remote-servers remote-server

    COMMAND system logging remote-servers remote-server

    DESCRIPTION Configure information about remote logging servers.

    ARGUMENTS

    config <ip-address-or-fqdn>

    • type: string
    • description: Host IP address or hostname of the remote log server. The minimum length is 1 character, and the maximum length is 253 characters.

    config config proto { tcp | udp }

    • type: enumeration
    • description: Remote server connection protocol. The default value is udp.

    config config remote-port <port-number>

    • type: unsignedShort
    • description: Destination port number for syslog messages. The default value is 514.

    selectors selector

    • description: Selector facility or severity selector on which to filter messages. F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.

    system logging sw-components sw-component

    COMMAND system logging sw-components sw-component

    DESCRIPTION Configure logging for platform software components. Available options are:

    • alert-service
    • api-svc-gateway
    • authd
    • dagd-service
    • datapath-cp-proxy
    • diag-agent
    • disk-usage-statd
    • dma-agent
    • fips-service
    • fpgamgr
    • ihealth-upload-service
    • ihealthd
    • image-agent
    • kubehelper
    • l2-agent
    • lacpd
    • license-service
    • line-dma-agent
    • lldpd
    • lopd
    • network-manager
    • optics-mgr
    • orchestration-agent
    • partition-bladesd
    • partition-common
    • partition-ha
    • platform-diag
    • platform-fwu
    • platform-hal
    • platform-mgr
    • platform-monitor
    • platform-stats-bridge
    • qkviewd
    • rsyslog-configd
    • snmp-trapd
    • stpd
    • sw-rbcast
    • tcpdumpd
    • tcpdumpd-master
    • tmstat-agent
    • tmstat-merged
    • user-manager
    • vconsole

    ARGUMENTS

    <component-name> config description

    • type: string
    • description: Text that describes the platform software component. This value is read-only.

    <component-name> config name

    • type: string
    • description: Name of the platform software component. This value is read-only.

    <component-name> config severity { ALERT | CRITICAL | DEBUG | EMERGENCY | ERROR | INFORMATIONAL | NOTICE | WARNING }

    • type: enumeration
    • description: Software component logging severity level. The default value is INFORMATIONAL. Available options, in decreasing order of severity, are:
      • EMERGENCY: Emergency system panic messages.
      • ALERT: Serious errors that require administrator intervention.
      • CRITICAL: Critical errors, including hardware and file system failures.
      • ERROR: Non-critical, but possibly important, error messages.
      • WARNING: Warning messages that should be logged and reviewed.
      • NOTICE: Messages that contain useful information, but may be ignored.
      • INFORMATIONAL: Messages that contain useful information, but may be ignored. This is the default value.
      • DEBUG: Verbose messages used for troubleshooting.

    system redundancy config auto-failback

    COMMAND system redundancy config auto-failback

    DESCRIPTION Configure whether the active location should switch (failback) from a non-preferred location to the preferred location.

    ARGUMENTS

    { disabled | enabled }

    • type: string
    • description: Specify enabled to enable auto-failback. Specify disabled to disable it. The default value is disabled, which means that the active location only changes when a failure occurs.

    failback-delay <time-in-seconds>

    • type: unsignedInt
    • description: The amount of time, in seconds, to wait after the preferred active location becomes ready before initiating a failback.

    EXAMPLES

    Enable auto-failback:

    partition(config)# system redundancy config auto-failback enabled
    

    Configure auto-failback with a failback-delay of 60 seconds:

    partition1(config)# system redundancy config auto-failback failback-delay 60
    

    system redundancy config mode

    COMMAND system redundancy config mode

    DESCRIPTION Configure the redundancy mode to be used by the system controllers.

    ARGUMENTS

    { active-controller | auto | prefer-1 | prefer-2 }

    • type: enumeration
    • description: The redundancy mode used by the system controllers: Available options are:
      • active-controller: Prefer running on the same system controller as the system controller software. The active controller hosts the floating IP address.
      • auto: No preference; the system always decides. This is the default option.
      • prefer-1: Prefer running on controller-1.
      • prefer-2: Prefer running on controller-2.

    EXAMPLE

    Configure the redundancy mode to be active-controller:

    partition(config)# system redundancy config mode active-controller
    

    system redundancy go-standby

    COMMAND system redundancy go-standby

    DESCRIPTION Request that the active system controller relinquish control and allow the standby controller to become active. This action has no effect if the standby is not ready to take over. If the current active does relinquish control, the SSH sessions to the management IP will be disconnected, and any outstanding, but uncommitted configuration changes will be discarded.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Make the currently-active system controller the standby controller:

    partition(config)# system redundancy go-standby
    

    system config login-banner

    COMMAND system config login-banner

    DESCRIPTION

    Configure a banner message to be displayed before users log in to the system.

    ARGUMENTS

    <message>

    • type: string
    • description: The login banner message for the system.

    EXAMPLE

    Configure a banner message:

    default-1(config)# system config login-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    

    system config motd-banner

    COMMAND system config motd-banner

    DESCRIPTION

    Configure a message of the day (MOTD) banner to display after users log in to the system.

    <message>

    • type: string
    • description: The MOTD banner message for the system.

    EXAMPLE

    Configure a MOTD banner message:

    default-1(config)# system config motd-banner
    (<string>):
    [Multiline mode, exit with ctrl-D.]
    ATTENTION!
    This system is scheduled for maintenance in two days.
    

    tenants tenant

    COMMAND tenants tenant

    DESCRIPTION Provision and deploy a tenant within the partition.

    ARGUMENTS

    <tenant-name>

    • type: string
    • description: User-specified name for a tenant. The minimum length is 1 character, and the maximum length is 50 characters.

    <tenant-name> config appliance-mode { disabled | enabled }

    • type: string
    • description: Specify enabled to enable appliance node at the tenant level. Specify disabled to disable it.

    <tenant-name> config cryptos { disabled | enabled }

    • type: string
    • description: Specify enabled to enable crypto devices for the tenant level. Specify disabled to disable it.

    <tenant-name> config gateway <ip-address>

    • type: IP Address
    • description: Configure an IPv4 or IPv6 gateway address for the tenant management IP address.

    <tenant-name> config image <image-name>

    • type: string
    • description: Configure an image file to use for the tenant.

    <tenant-name> config memory <amount-of-memory>

    • type: Unsigned long
    • description: Configure the amount of memory in MBs for the tenant. The range is from 4096 to 102400 MBs.

    <tenant-name> config mgmt-ip <ip-address>

    • type: IP Address
    • description: Configure the IPv4 or IPv6 management IP address for tenant management access. You can configure the management IP address only when a tenant is not in the deployed state.

    <tenant-name> config nodes <node-number>

    • type: Unsigned byte
    • description: Configure the node (blade) number(s) in the partition to schedule the tenant.

    <tenant-name> config prefix-length <length>

    • type: Unsigned byte
    • description: Configure the prefix length for the management IP of the tenant. The range is from 0 to 128.

    <tenant-name> config running-state { configured | provisioned | deployed }

    • type: string
    • description: Configure the desired state of the tenant.

    <tenant-name> config storage size <size-of-storage>

    • type: Unsigned long
    • description: Configure the storage quota in GBs for the tenant. The default value is 76 GB. The range is from 22 to 700 GB.

    <tenant-name> config tenant-auth-support { disabled | enabled }

    • type: Unsigned short
    • description: Configure whether authorization security is enabled; configurable only when the tenant is not in a Deployed state.

    <tenant-name> config type <tenant-type>

    • type: enumeration
    • description: Configure the type of tenant. Available options are:
      • BIG-IP
      • BIG-IP Next

    <tenant-name> config vcpu-cores-per-node <number-of-cores>

    • type: Unsigned byte
    • description: Configure the number of logical CPU cores for the tenant; configurable only when a tenant is not in a Deployed state.

    <tenant-name> config vlans <vlan-id>

    • type: Unsigned byte
    • description: Configure the VLAN ID from the partition VLAN table for the tenant.

    EXAMPLE

    Configure a tenant named bigip-vm of type BIG-IP, using a specific image file, assigned to blade-1, using port 22, a management IP address of 192.0.2.61, a netmask of 255.255.255.0, a gateway of 192.0.2.1, using VLAN 100, and a running state of deployed.

    default-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
    

    Configure a tenant to have appliance mode enabled by first setting the tenant's running-state to provisioned and then enabling appliance mode:

    default-1# tenants tenant bigip-vm config running-state provisioned
    default-1(config)# commit
    
    // NOTE: Wait until the tenant's `running-state` is `provisioned`.
    default-1# show tenants tenant bigip-vm state running-state
    state running-state provisioned
    
    default-1# tenants tenant bigip-vm config appliance-mode enabled
    default-1# tenants tenant bigip-vm config running-state deployed
    default-1(config)# commit
    
    default-1# show tenants tenant bigip-vm
    tenants tenant bigip-vm
     state type          BIG-IP
     state mgmt-ip       192.0.2.71
     state prefix-length 24
     state gateway       192.0.2.254
     state vlans         { 1040 1041 }
     state cryptos       enabled
     state vcpu-cores-per-node 2
     state memory        7680
     state running-state deployed
     state mac-data base-mac 00:1a:2b:3c:4d:5e
     state mac-data mac-pool-size 1
     state appliance-mode enabled
     state status        Running
     state primary-slot  1
     state image-version "BIG-IP 15.1.5 0.0.11"
    NDI      MAC
    ----------------------------
    default  00:1a:2b:3c:4d:0e
    
     state instances instance 1
      instance-id   1
      phase         Running
      image-name    BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
      creation-time 2021-03-12T04:29:47Z
      ready-time    2021-03-12T04:29:44Z
      status        "Started tenant instance"
      mgmt-mac      ea:45:15:37:e7:22
    

    vlan-listeners vlan-listener

    COMMAND vlan-listeners vlan-listener

    DESCRIPTION A vlan-listener is a system-generated object and should only be configured manually under the guidance of F5 Technical Support. Manually configuring a vlan-listener object could potentially impact the flow of network traffic through the system.

    ARGUMENTS

    interface

    • type: string
    • description: The name of the interface associated with the vlan-listener.

    vlan

    • type: vlan-id
    • description: Integer value of the VLAN that is associated with the vlan-listener.

    vlans vlan

    COMMAND vlans vlan

    DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.

    ARGUMENTS

    <vlan-id>

    • type: vlan-id
    • description: Integer value for the VLAN.

    config name <name>

    • type: string
    • description: Name of the vlan. The minimum length is 1 character, and the maximum length is 56 characters.

    config vlan-id

    • type: unsigned short
    • description: Numerical value of the VLAN tag associated with the VLAN. The range is from 1 to 4094.

    EXAMPLE

    Configure VLAN 100, with the name 100 and a vlan-id of 100:

    default-1(config)# vlans vlan 100 config name 100 vlan-id 100
    

    Chassis Partition: operational-mode-commands


    Operational Mode Commands


    autowizard

    COMMAND autowizard

    DESCRIPTION Specify whether to query automatically for mandatory elements.

    ARGUMENTS

    { false | true }

    • type: boolean
    • description: Specify true to query automatically for mandatory elements or false to disable it.

    cd

    COMMAND cd

    DESCRIPTION Change the working directory to a specific folder.

    ARGUMENTS

    <directory>

    • type: string
    • description: Directory name to which you want to change.

    clear

    COMMAND clear

    DESCRIPTION Remove all configuration changes.

    ARGUMENTS

    history

    • description: Clear command history.

    compare

    COMMAND compare

    DESCRIPTION Compare two configuration subtrees.

    ARGUMENTS

    <config>

    • type: string
    • description: Compare the running configuration to a saved configuration.

    complete-on-space

    COMMAND complete-on-space

    DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.

    ARGUMENTS

    { false | true }

    • type: boolean
    • description: Specify true to enable the ability to have the CLI complete a command name automatically when you press the space bar or false to disable it.

    config

    COMMAND config

    DESCRIPTION Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit command.

    ARGUMENTS

    terminal

    • description: Allow editing from this terminal only. This edits a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time.

    exclusive

    • description: Specify an exclusive edit mode. This locks the running configuration and the candidate configuration, and edits the candidate configuration. No one else can edit the candidate configuration as long as it is locked.

    describe

    COMMAND describe

    DESCRIPTION Display internal information about how a command is implemented.

    ARGUMENTS

    <command>

    • type: string
    • description: Command for which you want to view implementation information.

    display-level

    COMMAND display-level

    DESCRIPTION Set the depth of the configuration shown for show commands.

    ARGUMENTS

    <depth>

    • type: unsigned long integer
    • description: Maximum depth to display for show commands. The <depth> can be a value from 1 through 64.

    exit

    COMMAND exit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    file

    COMMAND file

    DESCRIPTION Perform file operations.

    ARGUMENTS

    For detailed information about these arguments, see the file page under partition config-mode-commands.

    delete

    • description: Delete a local file.

    export

    • description: Transfer a local file to a remote system.

    import

    • description: Transfer a remote file to the local system.

    list

    • description: Display a list of directories/files in a given path.

    show

    • description: Display the contents of a file.

    tail

    • description: Display the last part of a file.

    transfer-status

    • description: Display the status of a file operation.

    help

    COMMAND help

    DESCRIPTION Display help information about a specified command.

    ARGUMENTS

    <command>

    • type: string
    • description Command for which you want to view help.

    history

    COMMAND history

    DESCRIPTION Configure the command history cache size.

    ARGUMENTS

    <size>

    • type: int
    • description: Number of commands tracked by CLI history. The <size> can be a value from 0 through 1000.

    id

    COMMAND id

    DESCRIPTION Display information about the current user, including user, gid, group, and gids.

    ARGUMENTS This command has no arguments.


    idle-timeout

    COMMAND idle-timeout

    DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.

    ARGUMENTS

    <timeout>

    • type: int
    • description: Number of seconds that the CLI is inactive before a user is logged out. A value of 0 (zero) sets the time to infinity, so the user is never logged out. The timeout can be a value from 0 through 8192 seconds. The default value is 1800 seconds (30 minutes).

    ignore-leading-space

    COMMAND ignore-leading-space

    DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.

    ARGUMENTS

    { true | false)

    • type: boolean
    • description: Specify false to ignore leading whitespace or true to consider it.

    leaf-prompting

    COMMAND leaf-prompting

    DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.

    ARGUMENTS

    { false | true }

    • type: boolean
    • description: Specify false to disable leaf prompting or true to enable it.

    logout

    COMMAND logout

    DESCRIPTION Log out a specific session or user from all sessions.

    ARGUMENTS

    session <session-id>

    • type: string
    • description: Log out a specific session by providing a value for <session-id>.

    user <user-name>

    • type: string
    • description: Log out a specific user by providing a value for <user-name>.

    no

    COMMAND no

    DESCRIPTION Delete or unset a configuration command.

    ARGUMENTS

    <command>

    • type: string
    • description Command to delete or unset.

    output-file

    COMMAND output-file

    DESCRIPTION Copy command output to a file or terminal.

    ARGUMENTS

    <terminal-or-filename>

    • type: string
    • description: Specify whether to output to the terminal or to a specified file.

    paginate

    COMMAND paginate

    DESCRIPTION Specify whether to control the pagination of CLI command output.

    ARGUMENTS

    { false | true }

    • type: boolean
    • description: Specify false to display command output continuously, regardless of the CLI screen height. Specify true to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.

    prompt1

    COMMAND prompt1

    DESCRIPTION Set the operational mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour ​ format.
      • \T - Current time in 12-hour hh:mm:ss​ format.
      • \@ - Current time in 12-hour hh:mm​ format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    prompt2

    COMMAND prompt2

    DESCRIPTION Set the configuration mode prompt.

    ARGUMENTS

    <prompt-text>

    • type: string
    • description: Text to display at the operational mode prompt. Enclose the text in quotation marks. You can use regular ASCII characters and these special characters:
      • \d - Current date in the format yyyy-mm-dd (for example, 2013-12-02).
      • \h - Hostname up to the first period (.). You configure the hostname with the system hostname command.
      • \H - Full hostname. You configure the hostname with the system hostname command.
      • \s - Source IP address of the local system.
      • \t - Current time in 24-hour hh:mm:ss format.
      • \A - Current time in 24-hour ​ format.
      • \T - Current time in 12-hour hh:mm:ss​ format.
      • \@ - Current time in 12-hour hh:mm​ format.
      • \u - Login username of the current user.
      • \m - Mode name.
      • \m{n} - Mode name, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).
      • \M - Mode name in parentheses.
      • \M{n} - Mode name in parentheses, but the number of trailing components in the displayed path is limited to be a maximum of n, which is an integer. Characters removed are replaced with an ellipsis (...).

    pwd

    COMMAND pwd

    DESCRIPTION Display the current path in the configuration hierarchy.

    ARGUMENTS This command has no arguments.


    rollback

    COMMAND rollback

    DESCRIPTION Returns the configuration to a previously committed configuration.

    ARGUMENTS

    configuration <rollback-version>

    • type: int
    • description: Return to an earlier committed version. The most recently committed configuration (the running configuration) is number 0, the next most recent is 1, and so on.

    quit

    COMMAND quit

    DESCRIPTION Exit the CLI session.

    ARGUMENTS This command has no arguments.


    screen-length

    COMMAND screen-length

    DESCRIPTION Configure the length of the terminal window.

    ARGUMENTS

    <number-of-rows>

    • type: int
    • description: The length of the terminal screen, in rows. The <number-of-rows> can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.

    screen-width

    COMMAND screen-width

    DESCRIPTION Configure the width of the terminal window.

    ARGUMENTS

    <number-of-columns>

    • type: int
    • description: The width of the terminal screen, in columns. The <number-of-rows> can be from 200 through 256.

    send

    COMMAND send

    DESCRIPTION Send a message to the terminal of a specified user or all users.

    ARGUMENTS

    [all | username <\username>]

    • description: Specify all to send a message to all users. Specify username <username> to send a message only to a specified user.

    <message>

    • type: string
    • description: Contents of message to send to specified user(s).

    show

    COMMAND show

    DESCRIPTION Show information about the system.

    ARGUMENTS

    <system-component>

    • type: string
    • description: The component about which you want to view information.

    show-defaults

    COMMAND show-defaults

    DESCRIPTION Specify whether to display the default configuration.

    ARGUMENTS

    { false | true }

    • type: boolean
    • description: Specify true to display the default values or false to hide the default values.

    system

    COMMAND system

    DESCRIPTION Perform system operations for aaa, database, diagnostics, or events.

    ARGUMENTS

    For information about applicable arguments, see these pages under config-mode-commands:

    • system aaa-authentication
    • system-aaa-password-policy
    • system-aaa-server-groups
    • system-aaa-tls
    • system-database
    • system-diagnostics-core-files
    • system-diagnostics-ihealth
    • system-diagnostics-qkview

    events clear

    • description: Clear system events.

    system diagnostics tcpdump

    COMMAND system diagnostics tcpdump

    DESCRIPTION

    ARGUMENTS

    pcap filter

    • description: Berkeley Packet Filter (BPF) expression.

    { -i | interface } "<interface>"

    • description: Interface on which to capture packets. Capture packets on all interfaces by omitting this option or by specifying "0/0.0".

    { -w | outfile } <filename>

    • description: Packet Capture (PCAP) file to which captured packets are written.

    bpf <filter-expression>

    • description: PCAP filter expression for BPF. This filter takes standard tcpdump keywords such as host, port, tcp.flags, and so on.

    EXAMPLES

    Generate a tcpdump using bpf that only captures packets that go in or go out of blade 7's interface 1.0, are to/from 40.40.40.4, and the source or destination port is `80.n:

    default-1# system diagnostics tcpdump bpf "host 40.40.40.4 and port 80"
    running /usr/sbin/tcpdump -ni velo  "host 40.40.40.4 and port 80"
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on velo, link-type EN10MB (Ethernet), capture size 262144 bytes
    
    

    Generate a tcpdump that redirects the output to a PCAP file named capture.pcap:

    default-1# system diagnostics tcpdump outfile capture.pcap
    running /usr/sbin/tcpdump -ni velo  "-w" "/var/F5/partition/capture.pcap"
    tcpdump: listening on velo, link-type EN10MB (Ethernet), capture size 262144 bytes
    
    

    terminal

    COMMAND terminal

    DESCRIPTION Set the terminal type.

    ARGUMENTS

    [generic | xterm | vt100 | ansi | linux]

    • description: The type of terminal. Available options are::
      • generic
      • xterm
      • vt100
      • ansi
      • linux

    timestamp

    COMMAND timestamp

    DESCRIPTION Configure whether to display the timestamp.

    ARGUMENTS

    { enable | disable]

    • type: boolean
    • description: Specify enable to show the timestamp or disable to hide the timestamp.

    who

    COMMAND who

    DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).

    ARGUMENTS This command has no arguments.


    write

    COMMAND write

    DESCRIPTION Display the running configuration of the system on the terminal. This command is equivalent to the show running-config command.

    ARGUMENTS

    terminal

    • description: Displays the running configuration. To show the configuration of a specific component, press the Tab key to view additional options.

    Chassis Partition: pipe-mode-commands


    Pipe Mode Commands


    annotation

    COMMAND annotation

    DESCRIPTION Show only statements whose annotation matches a provided configuration statement or pattern.

    Note: Only available when the system has been configured with attributes enabled.

    ARGUMENTS

    <statement> <text>

    • type: strings
    • description: Statement and text to search in a provided configuration statement.

    append

    COMMAND append

    DESCRIPTION Append command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: Append command output to a specified file.

    begin

    COMMAND begin

    DESCRIPTION Display the command output starting at the first match of a specified string.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: Text string to find, where command output will begin displaying. The string is case sensitive.

    best-effort

    COMMAND best-effort

    DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.

    ARGUMENTS This command has no arguments.


    context-match

    COMMAND context-match

    DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    count

    COMMAND count

    DESCRIPTION Count the number of lines in the command output.

    ARGUMENTS This command has no arguments.


    csv

    COMMAND csv

    DESCRIPTION Show table output in CSV format.

    ARGUMENTS This command has no arguments.


    de-select

    COMMAND de-select

    DESCRIPTION Do not show a specified field in the command output.

    ARGUMENTS

    <column-to-de-select>

    • type: string
    • description: The field that you do not want to display in the command output.

    debug

    COMMAND debug

    DESCRIPTION Display debug information.

    ARGUMENTS This command has no arguments.


    details

    COMMAND details

    DESCRIPTION Display the default values for commands in the running configuration.

    ARGUMENTS This command has no arguments.


    display

    COMMAND display

    DESCRIPTION Display options.

    ARGUMENTS This command has no arguments.


    exclude

    COMMAND exclude

    DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: String to match when excluding lines from the command output.

    extended

    COMMAND extended

    DESCRIPTION Display referring entries or elements.

    ARGUMENTS


    force

    COMMAND force

    DESCRIPTION Log out any users who are locking the configuration.

    ARGUMENTS This command has no arguments.


    hide

    COMMAND hide

    DESCRIPTION Hide display options.

    ARGUMENTS This command has no arguments.


    include

    COMMAND include

    DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: String to match when including in the command output.

    linnum

    COMMAND linnum

    DESCRIPTION Display a line number at the beginning of each line in the displayed output.

    ARGUMENTS This command has no arguments.


    match-all

    COMMAND match-all

    DESCRIPTION Display the command output that matches all command output filters.

    ARGUMENTS This command has no arguments.


    match-any

    COMMAND match-any

    DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.

    ARGUMENTS This command has no arguments.


    more

    COMMAND more

    DESCRIPTION Paginate the command output. This is the default behavior.

    ARGUMENTS This command has no arguments.


    nomore

    COMMAND nomore

    DESCRIPTION Do not paginate command output.

    ARGUMENTS This command has no arguments.


    notab

    COMMAND notab

    DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.

    ARGUMENTS This command has no arguments.


    repeat

    COMMAND repeat

    DESCRIPTION Repeat the output of a show command periodically.

    ARGUMENTS

    <interval-in-seconds>

    • type: int
    • description: How often to repeat the command, in seconds. Type Ctrl-C to terminate the display.

    save

    COMMAND save

    DESCRIPTION Save the command output text to a file.

    ARGUMENTS

    <filename>

    • type: string
    • description: The name of the file where command output is saved.

    select

    COMMAND select

    DESCRIPTION Display selected fields in the command output.

    ARGUMENTS

    <column-to-select>

    • type: string
    • description: The field(s) that you want to display in the command output.

    sort-by

    COMMAND sort-by

    DESCRIPTION Display command output with values sorted in a specified field.

    ARGUMENTS

    <index>

    • type: string
    • description: Name of the field to sort by in the command output.

    suppress-validate-warning-prompt

    COMMAND suppress-validate-warning-prompt

    DESCRIPTION Suppress validation warning prompt

    ARGUMENTS This command has no arguments.


    tab

    COMMAND tab

    DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.

    ARGUMENTS This command has no arguments.


    tags

    COMMAND tags

    DESCRIPTION Show only statements with tags that match a pattern.

    ARGUMENTS

    <pattern>

    • type: string
    • description: Characters from the output to match.

    trace

    COMMAND trace

    DESCRIPTION Display trace information.

    ARGUMENTS


    until

    COMMAND until

    DESCRIPTION Display the command output, ending with the line that matches a specified string.

    ARGUMENTS

    <regularexpression-_restricted_subset>

    • type: string
    • description: Text string to find to start displaying the command output.

    Chassis Partition: show-commands


    show SNMP-FRAMEWORK-MIB

    COMMAND show SNMP-FRAMEWORK-MIB

    DESCRIPTION Display information about the SNMP Management Architecture MIB.

    ARGUMENTS

    This command has no arguments.

    EXAMPLES

    Display the SNMP Engine information:

    default-1# show SNMP-FRAMEWORK-MIB
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 1
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 1632463
    SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
    

    show cli

    COMMAND show cli

    DESCRIPTION Display the default CLI session settings.

    ARGUMENTS

        This command has no arguments.
    

    EXAMPLES

    Display the current default CLI session settings:

    default-1# show cli
    autowizard            true
    complete-on-space     false
    devtools              false
    display-level         99999999
    history               100
    idle-timeout          1800
    ignore-leading-space  false
    leaf-prompting        true
    output-file           terminal
    paginate              true
    prompt1               \h\M#
    prompt2               \h(\m)#
    screen-length         57
    screen-width          120
    service prompt config true
    show-defaults         false
    terminal              xterm-256color
    timestamp             disable
    

    show cluster

    COMMAND show cluster

    DESCRIPTION Display the state of all the nodes in the partition, including some data related to OpenShift nodes and the state of the FPGA and DMA devices.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the current state of nodes in the partition:

    default-1# show cluster
    cluster state
    cluster nodes node blade-1
    state enabled      true
    state node-running-state running
    state assigned     true
    state platform fpga-state FPGA_RDY
    state platform dma-agent-state DMA_AGENT_RDY
    state slot-number  1
    state node-info creation-time 2021-01-26T07:05:29Z
    state node-info cpu 28
    state node-info pods 250
    state node-info memory 131574096Ki
    state ready-info ready true
    state ready-info last-transition-time 2021-01-26T19:16:25Z
    state ready-info message "kubelet is posting ready status"
    state out-of-disk-info out-of-disk false
    state out-of-disk-info last-transition-time 2021-01-26T19:16:25Z
    state out-of-disk-info message "kubelet has sufficient disk space available"
    state disk-pressure-info disk-pressure false
    state disk-pressure-info last-transition-time 2021-01-26T19:16:25Z
    state disk-pressure-info message "kubelet has no disk pressure"
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    capacity   979105116160
    totalused  5975360
    images     5956980
    
    cluster nodes node blade-2
    state enabled      true
    state node-running-state running
    state assigned     true
    state platform fpga-state FPGA_RDY
    state platform dma-agent-state DMA_AGENT_RDY
    state slot-number  2
    state node-info creation-time 2021-01-26T07:05:29Z
    state node-info cpu 28
    state node-info pods 250
    state node-info memory 131574096Ki
    state ready-info ready true
    state ready-info last-transition-time 2021-01-26T07:05:51Z
    state ready-info message "kubelet is posting ready status"
    state out-of-disk-info out-of-disk false
    state out-of-disk-info last-transition-time 2021-01-26T07:05:29Z
    state out-of-disk-info message "kubelet has sufficient disk space available"
    state disk-pressure-info disk-pressure false
    state disk-pressure-info last-transition-time 2021-01-26T07:05:29Z
    state disk-pressure-info message "kubelet has no disk pressure"
    DISK DATA  DISK DATA
    NAME       VALUE
    -------------------------
    capacity   979105116160
    totalused  5975360
    images     5956980
    
    cluster nodes node blade-3
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  3
    cluster nodes node blade-4
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  4
    cluster nodes node blade-5
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  5
    cluster nodes node blade-6
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  6
    cluster nodes node blade-7
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  7
    cluster nodes node blade-8
    state enabled      true
    state node-running-state running
    state assigned     true
    state slot-number  8
    
    
    
    controller-2(config)# system licensing install registration-key I2305-08956-40368-99166-2099884
    result License installed successfully.
    

    show cluster disk-usage-threshold

    COMMAND show cluster disk-usage-threshold

    DESCRIPTION Display the current configuration of disk usage threshold.

    ARGUMENTS

    state critical-limit

    • description: The percentage of disk usage allowed before triggering a critical alarm.

    state error-limit

    • description: The percentage of disk usage allowed before triggering an error alarm.

    state growth-rate-limit

    • description: The percentage of disk usage growth rate allowed.

    state interval

    • description: The interval measured, in minutes, at which disk usage is monitored.

    state warning-limit

    • description: The percentage of disk usage allowed before triggering a warning alarm.

    EXAMPLE

    Display the current configuration for all disk usage threshold options:

    default-2# show cluster disk-usage-threshold
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    

    show cluster nodes node

    COMMAND show cluster nodes node

    DESCRIPTION Display the state of a specific node in the partition, including some data about OpenShift nodes and the state of the FPGA and DMA devices.

    ARGUMENTS

    node <blade-or-sys-controller>

    • type: string
    • description: Specific node in partition to display. Available options are:
      • blade-1 - blade-<n>
      • controller-1
      • controller-2

    EXAMPLE

    Display the state of the node blade-1:

    
    default-1# show cluster nodes node blade-1 state
    state enabled true
    state node-running-state running
    state assigned true
    state platform fpga-state FPGA_RDY
    state platform dma-agent-state DMA_AGENT_RDY
    state slot-number 1
    state node-info creation-time 2021-01-26T07:05:29Z
    state node-info cpu 28
    state node-info pods 250
    state node-info memory 131574096Ki
    state ready-info ready true
    state ready-info last-transition-time 2021-01-26T19:16:25Z
    state ready-info message "kubelet is posting ready status"
    state out-of-disk-info out-of-disk false
    state out-of-disk-info last-transition-time 2021-01-26T19:16:25Z
    state out-of-disk-info message "kubelet has sufficient disk space available"
    state disk-pressure-info disk-pressure false
    state disk-pressure-info last-transition-time 2021-01-26T19:16:25Z
    state disk-pressure-info message "kubelet has no disk pressure"
    DISK DATA DISK DATA
    NAME VALUE
    
    ---
    
    capacity 979105116160
    totalused 5975420
    images 5957032
    
    

    show cluster disk-usage-threshold

    COMMAND show cluster disk-usage-threshold

    DESCRIPTION Display current threshold settings for disk usage.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Display the current disk usage threshold:

    
    default-1# show cluster disk-usage-threshold
    cluster disk-usage-threshold state warning-limit 85
    cluster disk-usage-threshold state error-limit 90
    cluster disk-usage-threshold state critical-limit 97
    cluster disk-usage-threshold state growth-rate-limit 10
    cluster disk-usage-threshold state interval 60
    
    
    
    

    show components

    COMMAND show components

    DESCRIPTION Show information about hardware inventory and firmware, including:

    • Serial number and part number of blades
    • Number of Crypto/Compression QATs
    • TPM integrity status of BIOS
    • FPGA and firmware versions
    • CPU frequency, core count, model name, and utilization
    • Software versions running on blades
    • Storage details, including disk size and serial number
    • Temperature sensor output

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    component <specific-component>

    • description: Limit the output to the specified hardware component.

    component <specific-component> state

    • description: Limit the output to the operational state of the specified component(s).

    component <specific-component> blade-1

    • description: Limit the output to the specified component(s).

    EXAMPLES

    Display the FPGAs and their firmware version present on blade-1:

    default-1# show components component blade-1 integrated-circuit
    FPGA
    INDEX   VERSION
    -----------------
    atse_0  7.6.10
    vqf_0   8.6.13
    

    Display the serial numbers of blades in a partition:

    default-1# show components component state serial-no
    NAME     SERIAL NO
    ---------------------
    blade-1  bld424267s
    blade-2  bld424373s
    blade-3  bld421633s
    

    Display storage information about the disks from all components:

    default-1# show components component storage |tab
                                                                                                                                     READ                           WRITE
             DISK                                                                               PERCENT  TOTAL  READ  READ    READ   LATENCY  WRITE  WRITE   WRITE  LATENCY
    NAME     NAME     MODEL                VENDOR  VERSION   SERIAL NO         SIZE       TYPE  USED     IOPS   IOPS  MERGED  BYTES  MS       IOPS   MERGED  BYTES  MS
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    blade-1  nvme0n1  INTEL SSDPELKX010T8  Intel   VCV10301  BTLJ832408PV1P0I  1000.00GB  nvme  -        -      -     -       -      -        -      -       -      -
    blade-2  nvme0n1  INTEL SSDPELKX010T8  Intel   VCV10301  BTLJ8343039N1P0I  1000.00GB  nvme  -        -      -     -       -      -        -      -       -      -
    blade-3  nvme0n1  INTEL SSDPELKX010T8  Intel   VCV10301  BTLJ832408HP1P0I  1000.00GB  nvme  -        -      -     -       -      -        -      -       -      -
    

    show dag-states

    COMMAND

    show dag-states

    DESCRIPTION

    Display blade level packet disaggregation (DAG) state on the system. This table is populated by the system with a row per running tenant. The data shows the blades that a packet can be distributed to when received by an interface.

    EXAMPLE

    Display the current disaggregation state:

    default-1# show dag-states
                                                    COMMIT                         TENANT                                                     SDAG
                             PUBLISHER  PUBLISH     TENANT    COMMIT      DAG      INSTANCE                                                   TABLE
    TENANT NAME   PUBLISHER  INSTANCE   TIME        INSTANCE  TIME        VERSION  IDS       SDAG TABLE                                       HASH
    -------------------------------------------------------------------------------------------------------------------------------------------------
    defaultbip-1  dagd       1          1614908520  1         1614908520  16       { 1 }     1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1  0
    defaultbip-2  dagd       1          1615231250  1         1615231250  16       { 1 2 }   1 2 1 1 1 2 2 2 1 1 2 1 2 2 2 1 1 2 2 2 1 1 2 1  36876
    
    default-1#
    

    show dag-states dag-state

    COMMAND

    show dag-states dag-state

    DESCRIPTION

    Display only a specific dag-state for a given tenant name.

    ARGUMENTS

    Available options are:

    • publisher: software component that published this data
    • publisher instance: tenant instance that published this data
    • publish time: timestamp of publish
    • commit tenant instance: instance that committed this data
    • commit time: timestamp of commit
    • dag version: version of disaggregation library used by tenant
    • tenant instance ids: available blades for packets to distribute to
    • sdag table: a list of instance ids used by system to hash packets to blades
    • sdag table hash: a hash of the full sdag table

    EXAMPLE

    default-1# show dag-states dag-state defaultbip-2
                                                    COMMIT                         TENANT                                                     SDAG
                             PUBLISHER  PUBLISH     TENANT    COMMIT      DAG      INSTANCE                                                   TABLE
    TENANT NAME   PUBLISHER  INSTANCE   TIME        INSTANCE  TIME        VERSION  IDS       SDAG TABLE                                       HASH
    -------------------------------------------------------------------------------------------------------------------------------------------------
    defaultbip-2  dagd       1          1615231250  1         1615231250  16       { 1 2 }   1 2 1 1 1 2 2 2 1 1 2 1 2 2 2 1 1 2 2 2 1 1 2 1  36876
    

    show dma-states

    COMMAND show dma-states

    DESCRIPTION Display statistics pertaining to software DMA transfers to and from blade hardware. These stats include packets transmitted, received, and dropped at the software/hardware boundary of each blade. Also included are PVA acceleration operations sent to and from the hardware on each blade. The statistics are kept per-blade, but are global/shared over all partitions.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    dma-state

    • description: Specific component for which you want to view statistics. Available options are:
      • blade-<num>: View statistics for a specific blade only.
      • merged: View statistics for all blades.

    EXAMPLE

    Display statistics for active ePVAs on blade-1:

    default-1# show dma-states dma-state blade-1 state active-sep-epvas
                                                     RX
                                    TX SYN   TX SYN  FSD         RX
                   TX L4    TX L4   VIP      VIP     DROPS  RX   SYN
    SVC  SEP       SNOOP    SNOOP   SNOOP    SNOOP   NO     L4   VIP
    ID   ID   QOS  INSERTS  EVICTS  INSERTS  EVICTS  ROOM   FSD  FSD
    -------------------------------------------------------------------
    2    0    0    0        0       0        0       0      0    0
    2    0    1    0        0       0        0       0      0    0
    2    0    2    0        0       0        0       0      0    0
    2    0    3    0        0       0        0       0      0    0
    5    0    0    0        0       0        0       0      0    0
    5    0    1    0        0       0        0       0      0    0
    5    0    2    0        0       0        0       0      0    0
    5    0    3    0        0       0        0       0      0    0
    8    0    0    0        0       0        0       0      0    0
    8    0    1    0        0       0        0       0      0    0
    8    0    2    0        0       0        0       0      0    0
    8    0    3    0        0       0        0       0      0    0
    

    show fdb

    COMMAND show fdb

    DESCRIPTION Show Layer 2 forwarding database (FDB) entries in the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    mac-table

    • description: FDB (forwarding database) table used to store learned MAC addresses.

    EXAMPLE

    Display all FDB information using table output:

    default-1# show fdb | tab
    
    show fdb | tab
                                                                                              NDI
    MAC ADDRESS        VLAN  TAG TYPE      VLAN  TAG TYPE      VID   ENTRY TYPE   OWNER  AGE  ID    SVC  VTC  SEP  DMS  DID  CMDS  MIRRORING  INTERFACE
    -----------------------------------------------------------------------------------------------------------------------------------------------------
    00:94:a1:8e:4c:09  1040  tag_type_vid  1040  tag_type_vid  1040  L2-LISTENER  -      -    4095  8    -    -    -    -    1     -          -
    00:94:a1:8e:4c:09  1041  tag_type_vid  1041  tag_type_vid  1041  L2-LISTENER  -      -    4095  8    -    -    -    -    1     -          -
    
    

    Show FDB MAC table information:

    default-1# show fdb mac-table
    fdb mac-table entries entry 00:94:a1:8e:4c:09 100 tag_type_vid
     state vlan 100
     state tag-type tag_type_vid
     state vid  100
     state entry-type L2-LISTENER
     state owner defaultbip-1
     state ifh-fields ndi-id 4095
     state ifh-fields svc 8
     state ifh-fields cmds 1
    fdb mac-table entries entry 00:94:a1:8e:4c:09 101 tag_type_vid
     state vlan 101
     state tag-type tag_type_vid
     state vid  101
     state entry-type L2-LISTENER
     state owner defaultbip-1
     state ifh-fields ndi-id 4095
     state ifh-fields svc 8
     state ifh-fields cmds 1
    

    show file

    COMMAND show file

    DESCRIPTION Display current configuration for known hosts and state of file transfers.

    ARGUMENTS

    This command has no arguments.

    EXAMPLES

    Display the status of a current file transfer

    default-1# show file transfer-operations
    file transfer-operations transfer-operation images/BIGIP-bigip15.1.x.ALL-VELOS.qcow2.zip 192.0.2.11 build/bigip/v15.1.x/BIGIP-bigip15.1.x.ALL-VELOS.qcow2.zip "Import file" "HTTPS   "
     status    "In Progress (12.0%)"
     timestamp "Fri Jun 11 21:56:06 2021"
    

    show history

    COMMAND show history

    DESCRIPTION Display a history of commands run on the partition.

    ARGUMENTS

    • type: int
    • description: Number of commands to show in the command history.

    EXAMPLE

    Display the last five commands that were run on the partition:

    default-1# show history 5
    02:22:41 -- show running-config stp
    02:22:57 -- show running-config system
    02:23:05 -- show running-config cluster
    02:24:13 -- show running-config vlans
    02:28:39 -- show history
    

    show images

    COMMAND show images

    DESCRIPTION Display all images in the partition. Also shows which image is currently in use and which have been replicated to the other system controller.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display all images on the current partition:

    default-1# show images
                                                                        IN
    NAME                                                                USE   STATUS
    --------------------------------------------------------------------------------------
    BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle  true  replicated
    

    show interfaces

    COMMAND show interfaces

    DESCRIPTION Display information about blade network interfaces. This includes options for link aggregation.

    ARGUMENTS

    <interface-name>

    • type: string
    • description: Limit the output to the specified interface. Available options are:
      • <blade-number>/1.<n> - <blade-number>/<n>.<n>
      • <lag-name>

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    <interface-name> aggregation

    • description: Limit the output to aggregation-specific information for the specified interface(s).

    <interface-name> ethernet

    • description: Limit the output to Ethernet-specific information for the specified interface(s).

    <interface-name> state

    • description: Limit the output to the operational state of the specified interface(s).

    EXAMPLES

    Display only the first level of interface information:

    default-1# show interfaces displaylevel 1
    interfaces interface 1/1.0
    interfaces interface 1/2.0
    interfaces interface 2/1.0
    interfaces interface 2/2.0
    

    Display information two levels deep for all interfaces:

    default-1# show interfaces displaylevel 2
    interfaces interface 1/1.0
     state name               1/1.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state oper-status        DOWN
     state counters in-octets 0
     state counters in-unicast-pkts 0
     state counters in-broadcast-pkts 0
     state counters in-multicast-pkts 0
     state counters in-discards 0
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:8e:f8:00
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    interfaces interface 1/2.0
     state name               1/2.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state oper-status        UP
     state counters in-octets 12912213797284
     state counters in-unicast-pkts 522514104
     state counters in-broadcast-pkts 200979372285
     state counters in-multicast-pkts 17092141
     state counters in-discards 3949892934
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:8e:f8:01
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    interfaces interface 2/1.0
     state name               2/1.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state oper-status        UP
     state counters in-octets 35352746791704
     state counters in-unicast-pkts 128530545045
     state counters in-broadcast-pkts 16241112162
     state counters in-multicast-pkts 137385018018
     state counters in-discards 2984046990
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:8e:f8:80
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    interfaces interface 2/2.0
     state name               2/2.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state oper-status        UP
     state counters in-octets 35352746816000
     state counters in-unicast-pkts 128530545045
     state counters in-broadcast-pkts 16241112170
     state counters in-multicast-pkts 137385018209
     state counters in-discards 2984047014
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:8e:f8:81
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    

    Display information only about interface 1/1.0:

    default-1# show interfaces interface 1/1.0
    interfaces interface 1/1.0
     state name               1/1.0
     state type               ethernetCsmacd
     state mtu                9600
     state enabled            true
     state oper-status        DOWN
     state counters in-octets 0
     state counters in-unicast-pkts 0
     state counters in-broadcast-pkts 0
     state counters in-multicast-pkts 0
     state counters in-discards 0
     state counters in-errors 0
     state counters in-fcs-errors 0
     state counters out-octets 0
     state counters out-unicast-pkts 0
     state counters out-broadcast-pkts 0
     state counters out-multicast-pkts 0
     state counters out-discards 0
     state counters out-errors 0
     state forward-error-correction auto
     state lacp_state         LACP_DEFAULTED
     ethernet state port-speed SPEED_100GB
     ethernet state hw-mac-address 00:94:a1:8e:f8:00
     ethernet state counters in-mac-control-frames 0
     ethernet state counters in-mac-pause-frames 0
     ethernet state counters in-oversize-frames 0
     ethernet state counters in-jabber-frames 0
     ethernet state counters in-fragment-frames 0
     ethernet state counters in-8021q-frames 0
     ethernet state counters in-crc-errors 0
     ethernet state counters out-mac-control-frames 0
     ethernet state counters out-mac-pause-frames 0
     ethernet state counters out-8021q-frames 0
     ethernet state flow-control rx on
    

    Display state information for interface 1/1.0:

    default-1# show interfaces interface 1/1.0 state
    state name               1/1.0
    state type               ethernetCsmacd
    state mtu                9600
    state enabled            true
    state oper-status        DOWN
    state counters in-octets 0
    state counters in-unicast-pkts 0
    state counters in-broadcast-pkts 0
    state counters in-multicast-pkts 0
    state counters in-discards 0
    state counters in-errors 0
    state counters in-fcs-errors 0
    state counters out-octets 0
    state counters out-unicast-pkts 0
    state counters out-broadcast-pkts 0
    state counters out-multicast-pkts 0
    state counters out-discards 0
    state counters out-errors 0
    state forward-error-correction auto
    state lacp_state         LACP_DEFAULTED
    

    Display Ethernet information for interface 1/1.0:

    default-1# show interfaces interface 1/1.0 ethernet
    ethernet state port-speed SPEED_100GB
    ethernet state hw-mac-address 00:94:a1:8e:f8:00
    ethernet state counters in-mac-control-frames 0
    ethernet state counters in-mac-pause-frames 0
    ethernet state counters in-oversize-frames 0
    ethernet state counters in-jabber-frames 0
    ethernet state counters in-fragment-frames 0
    ethernet state counters in-8021q-frames 0
    ethernet state counters in-crc-errors 0
    ethernet state counters out-mac-control-frames 0
    ethernet state counters out-mac-pause-frames 0
    ethernet state counters out-8021q-frames 0
    ethernet state flow-control rx on
    
    

    Display information about interface 1/1.0 using table output:

    default-1# show interfaces interface 1/1.0 | tab
                                                                                                                                                                                                                                                                                                                                                                OUT
                                                                 IN       IN         IN                                           OUT      OUT        OUT                          FORWARD                                                                                                IN MAC   IN MAC  IN        IN      IN        IN              OUT MAC  MAC     OUT
                                                 OPER    IN      UNICAST  BROADCAST  MULTICAST  IN        IN      IN FCS  OUT     UNICAST  BROADCAST  MULTICAST  OUT       OUT     ERROR                       LAG   LAG    DISTRIBUTION  MAC                                             CONTROL  PAUSE   OVERSIZE  JABBER  FRAGMENT  8021Q   IN CRC  CONTROL  PAUSE   8021Q             MEMBER  MEMBER
    NAME   NAME   TYPE            MTU   ENABLED  STATUS  OCTETS  PKTS     PKTS       PKTS       DISCARDS  ERRORS  ERRORS  OCTETS  PKTS     PKTS       PKTS       DISCARDS  ERRORS  CORRECTION  LACP STATE      TYPE  SPEED  HASH          ADDRESS  LAGID  PORT SPEED   HW MAC ADDRESS     FRAMES   FRAMES  FRAMES    FRAMES  FRAMES    FRAMES  ERRORS  FRAMES   FRAMES  FRAMES  RX  VLAN  NAME    STATUS
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    1/1.0  1/1.0  ethernetCsmacd  9600  true     DOWN    0       0        0          0          0         0       0       0       0        0          0          0         0       auto        LACP_DEFAULTED  -     -      -             -        -      SPEED_100GB  00:94:a1:8e:f8:00  0        0       0         0       0         0       0       0        0       0       on  -
    

    Display aggregation-specific output for a LAG named test-lag:

    default-1# show interfaces interface test-lag aggregation
    aggregation state lag-type STATIC
    aggregation state lag-speed 200
    aggregation state distribution-hash src-dst-ipport
    aggregation state mac-address 00:0a:49:ff:48:0c
    aggregation state lagid 2
    MEMBER  MEMBER
    NAME    STATUS
    ----------------
    4/1.0   UP
    4/2.0   UP
    
    

    Display information about a LAG interface named lag1:

    default-1# show interfaces interface lag1
    interfaces interface lag1
     aggregation state lag-type STATIC
     aggregation state lag-speed 0
     aggregation state mac-address 00:94:a1:8d:18:0a
    

    show lacp

    COMMAND

    show lacp

    DESCRIPTION

    Display the current LACP configuration and state information for global and all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    EXAMPLE

    Display information about configured LACP interfaces:

    default-1# show lacp
    lacp state system-id-mac 00:94:a1:8e:4c:08
    lacp interfaces interface testLAG
     state name    testLAG
     state interval FAST
     state lacp-mode ACTIVE
     state system-id-mac 0:94:a1:8e:4c:8
    

    Display one level of information about configured LACP interfaces:

    default-1# show lacp displaylevel 1
    lacp state system-id-mac 00:94:a1:8e:4c:08
    lacp interfaces interface testLAG
    

    show lacp interfaces

    COMMAND

    show lacp interfaces

    DESCRIPTION

    Show current LACP state for all LACP interfaces.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    show lacp state for a specific lacp interface

    COMMAND

    show lacp interfaces interface

    DESCRIPTION

    Show current LACP config and state information for an LACP interface.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    <interface-name>

    • description: The interface to display.

    EXAMPLE

    Display information about the testLAG interface:

    default-1# show lacp interfaces interface testLAG
    lacp interfaces interface testLAG
     state name    testLAG
     state interval FAST
     state lacp-mode ACTIVE
     state system-id-mac 0:94:a1:8e:4c:8
    

    show lacp state

    COMMAND

    show lacp state

    DESCRIPTION

    Display global LACP state information.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    system-id-mac

    • description: Combination of LACP system-priority and the stack MAC address.

    system-priority

    • description: Priority assigned to the system for LACP. A smaller value indicates a higher priority.

    EXAMPLE

    Display the global state of LACP:

    default-1# show lacp state
    lacp state system-id-mac 00:94:a1:66:e0:08
    

    show lldp

    COMMAND show lldp

    DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    interfaces interface <interface-name>

    • type: string
    • description: Name of a specific LLDP interface.

    EXAMPLES

    Display all LLDP information:

    default-1# show lldp
    lldp state enabled
    lldp state chassis-id "Temporary ChassisId"
    lldp state chassis-id-type LOCAL
    lldp interfaces interface 1/1.0
     state name 1/1.0
     state enabled
     state counters frame-in 0
     state counters frame-out 8
     neighbors neighbor DL?U?uEthernet16/1
      config
      state system-name  SDSW-100gb
      state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
      state chassis-id   44:4c:a8:55:82:75
      state chassis-id-type MAC_ADDRESS
      state ttl          120
      state port-id      Ethernet16/1
      state port-id-type INTERFACE_NAME
      state management-address 192.0.2.4
    TYPE  OUI        OUI SUBTYPE                      CONFIG  TYPE  OUI        OUI SUBTYPE                      VALUE
    -------------------------------------------------------------------------------------------------------------------
    127   IEEE802.1  PVID                             -       127   IEEE802.1  PVID                             1
    127   IEEE802.3  Aggregation Port Id              -       127   IEEE802.3  Aggregation Port Id              0
    127   IEEE802.3  Aggregation Status               -       127   IEEE802.3  Aggregation Status               1
    127   IEEE802.3  MAC/PHY Auto-negotiation Status  -       127   IEEE802.3  MAC/PHY Auto-negotiation Status  0
    127   IEEE802.3  MAC/PHY MAU Type                 -       127   IEEE802.3  MAC/PHY MAU Type                 0
    127   IEEE802.3  MAC/PHY PMD Capability           -       127   IEEE802.3  MAC/PHY PMD Capability           0
    127   IEEE802.3  Maximum Frame Size               -       127   IEEE802.3  Maximum Frame Size               9236
    
    

    Display only the first level of LLDP information:

    default-1# show lldp displaylevel 1
    lldp state enabled
    lldp state chassis-id "Temporary ChassisId"
    lldp state chassis-id-type LOCAL
    lldp interfaces interface 1/1.0
    
    

    Display only the interface level LLDP information:

    default-1# show lldp interfaces interface 1/1.0
     state name 1/1.0
     state enabled
     state counters frame-in 0
     state counters frame-out 8
     neighbors neighbor DL?U?uEthernet16/1
      config
      state system-name  SDSW-100gb
      state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
      state chassis-id   44:4c:a8:55:82:75
      state chassis-id-type MAC_ADDRESS
      state ttl          120
      state port-id      Ethernet16/1
      state port-id-type INTERFACE_NAME
      state management-address 192.0.2.4
    TYPE  OUI        OUI SUBTYPE                      CONFIG  TYPE  OUI        OUI SUBTYPE                      VALUE
    -------------------------------------------------------------------------------------------------------------------
    127   IEEE802.1  PVID                             -       127   IEEE802.1  PVID                             1
    127   IEEE802.3  Aggregation Port Id              -       127   IEEE802.3  Aggregation Port Id              0
    127   IEEE802.3  Aggregation Status               -       127   IEEE802.3  Aggregation Status               1
    127   IEEE802.3  MAC/PHY Auto-negotiation Status  -       127   IEEE802.3  MAC/PHY Auto-negotiation Status  0
    127   IEEE802.3  MAC/PHY MAU Type                 -       127   IEEE802.3  MAC/PHY MAU Type                 0
    127   IEEE802.3  MAC/PHY PMD Capability           -       127   IEEE802.3  MAC/PHY PMD Capability           0
    127   IEEE802.3  Maximum Frame Size               -       127   IEEE802.3  Maximum Frame Size               9236
    
    

    Display only the interface neighbor information:

    default-1# show lldp interfaces interface 1/1.0 neighbors neighbor
    neighbors neighbor DL?U?uEthernet16/1
     config
     state system-name  SDSW-100gb
     state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
     state chassis-id   44:4c:a8:55:82:75
     state chassis-id-type MAC_ADDRESS
     state ttl          120
     state port-id      Ethernet16/1
     state port-id-type INTERFACE_NAME
     state management-address 192.0.2.4
    TYPE  OUI        OUI SUBTYPE                      CONFIG  TYPE  OUI        OUI SUBTYPE                      VALUE
    -------------------------------------------------------------------------------------------------------------------
    127   IEEE802.1  PVID                             -       127   IEEE802.1  PVID                             1
    127   IEEE802.3  Aggregation Port Id              -       127   IEEE802.3  Aggregation Port Id              0
    127   IEEE802.3  Aggregation Status               -       127   IEEE802.3  Aggregation Status               1
    127   IEEE802.3  MAC/PHY Auto-negotiation Status  -       127   IEEE802.3  MAC/PHY Auto-negotiation Status  0
    127   IEEE802.3  MAC/PHY MAU Type                 -       127   IEEE802.3  MAC/PHY MAU Type                 0
    127   IEEE802.3  MAC/PHY PMD Capability           -       127   IEEE802.3  MAC/PHY PMD Capability           0
    127   IEEE802.3  Maximum Frame Size               -       127   IEEE802.3  Maximum Frame Size               9236
    
    

    show parser

    COMMAND show parser

    DESCRIPTION Display information about available commands and their syntax.

    ARGUMENTS

    dump

    • description: Display information about all available commands.

    EXAMPLE

    Display information about all commands:

    default-1# show parser dump
    autowizard [false/true]
    cd <Dir>
    cd
    clear history
    compare file <File> [brief]
    compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
    compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
    compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
    compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
    compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
    compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
    compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
    compare file <File> [brief] SNMPv2-MIB system sysContact
    compare file <File> [brief] SNMPv2-MIB system sysLocation
    compare file <File> [brief] SNMPv2-MIB system sysName
    compare file <File> [brief] cluster nodes node
    compare file <File> [brief] components component
    compare file <File> [brief] fdb mac-table entries entry
    compare file <File> [brief] interfaces interface
    compare file <File> [brief] lacp config system-priority
    compare file <File> [brief] lacp interfaces interface
    compare file <File> [brief] lldp config disabled
    compare file <File> [brief] lldp interfaces interface
    compare file <File> [brief] portgroups portgroup
    compare file <File> [brief] stp global config
    compare file <File> [brief] stp interfaces interface
    compare file <File> [brief] stp mstp config hold-count
    compare file <File> [brief] stp mstp mst-instances mst-instance
    compare file <File> [brief] stp rstp config hold-count
    compare file <File> [brief] stp rstp interfaces interface
    compare file <File> [brief] stp stp config hold-count
    compare file <File> [brief] stp stp interfaces interface
    compare file <File> [brief] system aaa authentication config
    compare file <File> [brief] system aaa authentication ldap bind_timelimit
    compare file <File> [brief] system aaa authentication ldap idle_timelimit
    compare file <File> [brief] system aaa authentication ldap ldap_version
    compare file <File> [brief] system aaa authentication ldap ssl
    compare file <File> [brief] system aaa authentication ldap timelimit
    compare file <File> [brief] system aaa authentication ldap tls_reqcert
    compare file <File> [brief] system aaa authentication roles role
    compare file <File> [brief] system aaa authentication users user
    compare file <File> [brief] system aaa password-policy config apply-to-root
    compare file <File> [brief] system aaa password-policy config max-age
    compare file <File> [brief] system aaa password-policy config max-login-failures
    compare file <File> [brief] system aaa password-policy config min-length
    compare file <File> [brief] system aaa password-policy config reject-username
    compare file <File> [brief] system aaa password-policy config required-differences
    compare file <File> [brief] system aaa password-policy config required-lowercase
    compare file <File> [brief] system aaa password-policy config required-numeric
    compare file <File> [brief] system aaa password-policy config required-special
    compare file <File> [brief] system aaa password-policy config required-uppercase
    compare file <File> [brief] system aaa password-policy config retries
    compare file <File> [brief] system aaa password-policy config root-lockout
    compare file <File> [brief] system aaa password-policy config root-unlock-time
    --More--
    

    show partition

    COMMAND show partition

    DESCRIPTION Display information about the partition, including the chassis base MAC address. All MAC addresses in the partition are offset of the base MAC address.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display information about the current partition:

    default-1# show partition
    partition chassis-base-mac 00:94:a1:8e:e8:00
    

    show portgroups

    COMMAND show portgroups

    DESCRIPTION Display information about portgroups.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    portgroup <specific-portgroup>

    • description: Limit the output to the specified portgroup.

    portgroup <specific-portgroup> state

    • description: Limit the output to the operational state of the specified portgroup(s). Available options are:
      • ddm
      • displaylevel
      • media
      • optic-state
      • transmitter-technology
      • vendor-name
      • vendor-oui
      • vendor-partnum
      • vendor-revision
      • vendor-serialnum

    EXAMPLES

    Display the first level of information for portgroup 1/1:

    default-1# show portgroups portgroup 1/1 state displaylevel 1
    state vendor-name      "F5 NETWORKS INC."
    state vendor-oui       009065
    state vendor-partnum   "OPT-0031        "
    state vendor-revision  A0
    state vendor-serialnum "X1KA007         "
    state transmitter-technology "850 nm VCSEL"
    state media            100GBASE-SR4
    state optic-state      QUALIFIED
    state ddm rx-pwr low-threshold alarm -14.0
    state ddm rx-pwr low-threshold warn -11.0
    state ddm rx-pwr instant val-lane1 -2.93
    state ddm rx-pwr instant val-lane2 -2.81
    state ddm rx-pwr instant val-lane3 -2.77
    state ddm rx-pwr instant val-lane4 -2.9
    state ddm rx-pwr high-threshold alarm 3.4
    state ddm rx-pwr high-threshold warn 2.4
    state ddm tx-pwr low-threshold alarm -10.0
    state ddm tx-pwr low-threshold warn -8.0
    state ddm tx-pwr instant val-lane1 -1.2
    state ddm tx-pwr instant val-lane2 -1.01
    state ddm tx-pwr instant val-lane3 -1.03
    state ddm tx-pwr instant val-lane4 -1.13
    state ddm tx-pwr high-threshold alarm 5.0
    state ddm tx-pwr high-threshold warn 3.0
    state ddm temp low-threshold alarm -5.0
    state ddm temp low-threshold warn 0.0
    state ddm temp instant val 33.3007
    state ddm temp high-threshold alarm 75.0
    state ddm temp high-threshold warn 70.0
    state ddm bias low-threshold alarm 0.003
    state ddm bias low-threshold warn 0.005
    state ddm bias instant val-lane1 0.00754
    state ddm bias instant val-lane2 0.00752
    state ddm bias instant val-lane3 0.00747
    state ddm bias instant val-lane4 0.007526
    state ddm bias high-threshold alarm 0.013
    state ddm bias high-threshold warn 0.011
    state ddm vcc low-threshold alarm 2.97
    state ddm vcc low-threshold warn 3.135
    state ddm vcc instant val 3.2288
    state ddm vcc high-threshold alarm 3.63
    state ddm vcc high-threshold warn 3.465
    

    Display all information about portgroup 1/1:

    default-1# show portgroups portgroup 1/1
    portgroups portgroup 1/1
     state vendor-name      "F5 NETWORKS INC."
     state vendor-oui       009065
     state vendor-partnum   "OPT-0031        "
     state vendor-revision  A0
     state vendor-serialnum "X1KA007         "
     state transmitter-technology "850 nm VCSEL"
     state media            100GBASE-SR4
     state optic-state      QUALIFIED
     state ddm rx-pwr low-threshold alarm -14.0
     state ddm rx-pwr low-threshold warn -11.0
     state ddm rx-pwr instant val-lane1 -2.9
     state ddm rx-pwr instant val-lane2 -2.8
     state ddm rx-pwr instant val-lane3 -2.76
     state ddm rx-pwr instant val-lane4 -2.92
     state ddm rx-pwr high-threshold alarm 3.4
     state ddm rx-pwr high-threshold warn 2.4
     state ddm tx-pwr low-threshold alarm -10.0
     state ddm tx-pwr low-threshold warn -8.0
     state ddm tx-pwr instant val-lane1 -1.19
     state ddm tx-pwr instant val-lane2 -0.98
     state ddm tx-pwr instant val-lane3 -0.98
     state ddm tx-pwr instant val-lane4 -1.1
     state ddm tx-pwr high-threshold alarm 5.0
     state ddm tx-pwr high-threshold warn 3.0
     state ddm temp low-threshold alarm -5.0
     state ddm temp low-threshold warn 0.0
     state ddm temp instant val 33.3359
     state ddm temp high-threshold alarm 75.0
     state ddm temp high-threshold warn 70.0
     state ddm bias low-threshold alarm 0.003
     state ddm bias low-threshold warn 0.005
     state ddm bias instant val-lane1 0.00746
     state ddm bias instant val-lane2 0.00754
     state ddm bias instant val-lane3 0.00753
     state ddm bias instant val-lane4 0.007516
     state ddm bias high-threshold alarm 0.013
     state ddm bias high-threshold warn 0.011
     state ddm vcc low-threshold alarm 2.97
     state ddm vcc low-threshold warn 3.135
     state ddm vcc instant val 3.2288
     state ddm vcc high-threshold alarm 3.63
     state ddm vcc high-threshold warn 3.465
    

    Display the optic-state of portgroup 1/1:

    default-1# show portgroups portgroup 1/1 state optic-state
    state optic-state QUALIFIED
    

    Display the vendor-name of portgroup 1/1:

    default-1# show portgroups portgroup 1/1 state vendor-name
    state vendor-name "F5 NETWORKS INC."
    default-1#
    

    show qos

    COMMAND

    show qos

    DESCRIPTION

    Display the state of Quality of Service (QOS) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    EXAMPLE

    Display the current state of QOS on the system:

    default-1# show qos
    qos global-setting state status 8021P-enabled
    TRAFFIC PRIORITIES
    NAME  VTC
    -----------
    BE    0
    BRZ   1
    CTRL  2
    GOLD  3
    SIG   4
    SIX   5
    SVL   6
    VOIP  7
    
    qos global-setting state mapping-8021p default-traffic-priority BE
    802.1p TRAFFIC PRIORITY MAPPING
    NAME  VALUE
    -------------
    BRZ   1
    CTRL  3
    GOLD  4
    SIG   5-6
    SVL   2
    VOIP  7
    
    NAME  NAME  WEIGHT
    --------------------
    mg1   BE    12
          BRZ   1
          CTRL  5
          GOLD  5
          SIG   10
          SVL   5
          VOIP  60
    
                     METER
    NAME             GROUP
    ------------------------
    single-port-lag  mg1
    
    qos pmq-table type 8021P-enabled
    VTC  VALUE
    --------------
    0    { 0 }
    1    { 1 }
    2    { 3 }
    3    { 4 }
    4    { 5 6 }
    6    { 2 }
    7    { 7 }
    
    BLADE       MG
    ID     DID  ID
    ----------------
    1      20   1
    2      20   1
    
    DID  NAME   STATUS  TYPE
    ------------------------------
    20   2/1.0  UP      IN_TRUNK
    
    BLADE  MG
    ID     ID  VTC  CIR          CBS
    -------------------------------------
    1      1   0    2629571813   30612
               1    219130984    2551
               2    1095654922   12755
               3    1095654922   12755
               4    2191309844   25510
               6    1095654922   12755
               7    13147859069  153061
    2      1   0    2629571813   30612
               1    219130984    2551
               2    1095654922   12755
               3    1095654922   12755
               4    2191309844   25510
               6    1095654922   12755
               7    13147859069  153061
    
                                                            YELLOW                   RED    RED
               TRAFFIC   FORWARD BYTES     FORWARD BYTES    BYTES   YELLOW BYTES     BYTES  BYTES
    INTERFACE  PRIORITY  IN                OUT              IN      OUT              IN     OUT
    -----------------------------------------------------------------------------------------------
    2/1.0      BE        2110864454001191  131307771322650  0       103916809262888  0      0
    2/1.0      BRZ       0                 131312895910348  0       129030133658924  0      0
    2/1.0      CTRL      0                 131317575236946  0       119903658605678  0      0
    2/1.0      GOLD      0                 131323436227602  0       119908472120928  0      0
    2/1.0      SIG       0                 262645909350346  0       239815984025754  0      0
    2/1.0      SVL       0                 131317514644604  0       119903604393560  0      0
    2/1.0      VOIP      0                 131326550473990  0       145599086        0      0
    

    show qos state

    COMMAND

    show qos state

    DESCRIPTION

    Display statistics for the Quality of Service (QOS) on the system.

    ARGUMENTS

    EXAMPLE

    default-1# show qos state
                                                            YELLOW                   RED    RED
               TRAFFIC   FORWARD BYTES     FORWARD BYTES    BYTES   YELLOW BYTES     BYTES  BYTES
    INTERFACE  PRIORITY  IN                OUT              IN      OUT              IN     OUT
    -----------------------------------------------------------------------------------------------
    2/1.0      BE        2114664587148973  131544148433582  0       104103869411150  0      0
    2/1.0      BRZ       0                 131549277022618  0       129262405053096  0      0
    2/1.0      CTRL      0                 131553956091998  0       120119490686078  0      0
    2/1.0      GOLD      0                 131559803979756  0       120124291107562  0      0
    2/1.0      SIG       0                 263118645760244  0       240247622890914  0      0
    2/1.0      SVL       0                 131553892928998  0       120119433915478  0      0
    2/1.0      VOIP      0                 131562922186388  0       145599086        0      0
    

    show restconf-state

    COMMAND show restconf-state

    DESCRIPTION Display capabilities supported by the RESTCONF server.

    ARGUMENTS

    capabilities capability

    • description: Display all capabilities supported by the RESTCONF server.

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    EXAMPLE

    Display all supported capabilities:

    default-1# show restconf-state
    restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
    restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
    restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
    restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
    

    show running-config

    COMMAND show running-config

    DESCRIPTION Display the current configuration for a partition. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.

    ARGUMENTS

    For information about these arguments, see these sections on the partition show-SNMP-FRAMEWORK-MIB page.

    • SNMP-COMMUNITY-MIB
    • SNMP-NOTIFICATION-MIB
    • SNMP-TARGET-MIB
    • SNMP-USER-BASED-SM-MIB
    • SNMP-VIEW-BASED-ACM-MIB
    • SNMPv2-MIB
    • cluster
    • components
    • fdb
    • file
    • interfaces
    • lacp
    • lldp
    • portgroups
    • qos
    • stp
    • system
    • tenants
    • vlan-listeners
    • vlans

    EXAMPLE

    Display the current running configuration for VLANs:

    default-1# show running-config vlans
    vlans vlan 1
    !
    vlans vlan 2
    !
    vlans vlan 3
    !
    vlans vlan 4
    !
    vlans vlan 5
    !
    vlans vlan 7
    !
    vlans vlan 100
    !
    vlans vlan 101
    !
    vlans vlan 1004
    !
    vlans vlan 1005
    !
    vlans vlan 1025
    !
    vlans vlan 1028
    !
    vlans vlan 1029
    !
    vlans vlan 1037
    !
    vlans vlan 1038
    !
    

    Display information about configured portgroups:

    default-1# show running-config portgroups portgroup 1/1 config
    portgroups portgroup 1/1
     config name 1/1
     config mode MODE_100GB
     config ddm ddm-poll-frequency 30
    

    Display information about interface 1.0 on blade-1:

    default-1# show running-config interfaces interface 1/1.0 config
    interfaces interface 1/1.0
     config name 1/1.0
     config type ethernetCsmacd
     config enabled
    

    Display information about a LAG named test-lag:

    default-1# show running-config interfaces interface test-lag aggregation config
    interfaces interface test-lag
     aggregation config lag-type STATIC
     aggregation config distribution-hash src-dst-ipport
    

    Display information about the LAG assigned to interface 1.0 on blade-4:

    default-1# show running-config interfaces interface 4/1.0 ethernet config
    interfaces interface 4/1.0
     ethernet config aggregate-id test-lag
    !
    

    show service-instances

    COMMAND show service-instances

    DESCRIPTION

    Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.

    This command displays all the service instances in a partition.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    service-instance

    • type: string
    • description: Display information about a specific service instance.

    EXAMPLES

    Display the service-type value for each service-instance:

    default-1# show service-instances service-instance service-type| tab
                  SLOT
    TENANT NAME   ID    SERVICE TYPE
    ---------------------------------------
    L2FwdSvc-1    1     ST_SYSTEM_SERVICE
    L2FwdSvc-2    2     ST_SYSTEM_SERVICE
    L2FwdSvc-3    3     ST_SYSTEM_SERVICE
    L2FwdSvc-4    4     ST_SYSTEM_SERVICE
    L2FwdSvc-5    5     ST_SYSTEM_SERVICE
    L2FwdSvc-6    6     ST_SYSTEM_SERVICE
    L2FwdSvc-7    7     ST_SYSTEM_SERVICE
    L2FwdSvc-8    8     ST_SYSTEM_SERVICE
    SwRbcaster-1  1     ST_SYSTEM_SERVICE
    SwRbcaster-2  2     ST_SYSTEM_SERVICE
    SwRbcaster-3  3     ST_SYSTEM_SERVICE
    SwRbcaster-4  4     ST_SYSTEM_SERVICE
    SwRbcaster-5  5     ST_SYSTEM_SERVICE
    SwRbcaster-6  6     ST_SYSTEM_SERVICE
    SwRbcaster-7  7     ST_SYSTEM_SERVICE
    SwRbcaster-8  8     ST_SYSTEM_SERVICE
    defaultbip-1  1     ST_TENANT_SERVICE
    defaultbip-1  2     ST_TENANT_SERVICE
    defaultbip-1  3     ST_TENANT_SERVICE
    endtraffic    7     ST_TENANT_SERVICE
    samit109s     1     ST_TENANT_SERVICE
    
    

    Display the tenant-id value for each service-instance:

    default-1# show service-instances service-instance tenant-id
                  SLOT  TENANT
    TENANT NAME   ID    ID
    ----------------------------
    L2FwdSvc-1    1     0
    L2FwdSvc-2    2     0
    L2FwdSvc-3    3     0
    L2FwdSvc-4    4     0
    L2FwdSvc-5    5     0
    L2FwdSvc-6    6     0
    L2FwdSvc-7    7     0
    L2FwdSvc-8    8     0
    SwRbcaster-1  1     0
    SwRbcaster-2  2     0
    SwRbcaster-3  3     0
    SwRbcaster-4  4     0
    SwRbcaster-5  5     0
    SwRbcaster-6  6     0
    SwRbcaster-7  7     0
    SwRbcaster-8  8     0
    defaultbip-1  1     1
    defaultbip-1  2     1
    defaultbip-1  3     1
    endtraffic    7     9
    samit109s     1     8
    

    show service-pods

    COMMAND show service-pods

    DESCRIPTION

    Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.

    This command displays all the system service pods in a partition.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    service-pod

    • description: Display information about a specific service pod. Available attributes include pod-message, pod-restart-count, pod-slot-id, pod-state, pod-status, service-cluster-ip, and service-cluster-port.

    EXAMPLES

    Display all service pods:

    default-1# show service-pods
                                 SERVICE  POD           POD
                  SERVICE        CLUSTER  SLOT  POD     RESTART  POD
    SERVICE NAME  CLUSTER IP     PORT     ID    STATUS  COUNT    STATE    POD MESSAGE
    --------------------------------------------------------------------------------------------
    lacpd         192.0.2.162    80       6     true    0        Running  Running Successfully
    lldpd         192.0.2.119    80       2     true    0        Running  Running Successfully
    stpd          192.0.2.161    80       2     true    0        Running  Running Successfully
    tmstat-rsync  192.0.2.96     1069     4     true    0        Running  Running Successfully
    
    
    

    Display pod messages for service pods:

    default-1# show service-pods service-pod pod-message
    SERVICE NAME  POD MESSAGE
    ------------------------------------
    lacpd         Running Successfully
    lldpd         Running Successfully
    stpd          Running Successfully
    tmstat-rsync  Running Successfully
    

    show service-table

    COMMAND show service-table

    DESCRIPTION Display service tables for a partition.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    show services

    COMMAND show services

    DESCRIPTION

    Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.

    This command displays the internal configuration of services in a partition.

    IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    service <id>

    • description: Display information about a specific service. For id, you can specify a service ID or one of these options:
      • tenant_name
      • tier1_dag_profile
      • tier2_dag_profile

    EXAMPLE

    Display currently-running services:

    default-1# show services
                                                USE                                       USE
    SERVICE  HASH   FIELD   FULL        TUNNEL  IP     HASH   FIELD   FULL        TUNNEL  IP
    ID       ALG    SELECT  MASK  MASK  SELECT  PROTO  ALG    SELECT  MASK  MASK  SELECT  PROTO  TENANT NAME
    -----------------------------------------------------------------------------------------------------------
    8        dagv2  port    true        outer   false  dagv2  port    true        outer   false  defaultbip-1
    11       dagv2  port    true        outer   false  dagv2  port    true        outer   false  endtraffic
    

    show stp

    COMMAND

    show stp

    DESCRIPTION

    Displays the state of Spanning Tree Protocol (STP) on the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    EXAMPLES

    Display all STP information:

    default-1# show stp
    stp global state enabled-protocol { STP }
    stp rstp state hold-count 6
    stp mstp state hold-count 6
                                LINK
    NAME   NAME   EDGE PORT     TYPE
    ----------------------------------
    2/1.0  2/1.0  EDGE_DISABLE  P2P
    2/2.0  2/2.0  -             P2P
    
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:8d:18:8
    stp stp state designated-root-priority 8192
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    stp stp state root-port    3
    stp stp state root-cost    2200
    stp stp state topology-changes 3
    stp stp state time-since-topology-change 102
                                                               DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                         ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  200   100       3     ROOT       FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          2              24    134
    2/2.0  2/2.0  200   100       4     ALTERNATE  BLOCKING    8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         45          1              20    203
    
    default-1#
    

    Display only the first level of STP information:

    default-1# show stp stp displaylevel 1
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:8d:18:8
    stp stp state designated-root-priority 8192
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    stp stp state root-port    3
    stp stp state root-cost    2200
    stp stp state topology-changes 3
    stp stp state time-since-topology-change 568
    stp stp interfaces interface 2/1.0
    stp stp interfaces interface 2/2.0
    default-1# show stp stp displaylevel 2
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:8d:18:8
    stp stp state designated-root-priority 8192
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    stp stp state root-port    3
    stp stp state root-cost    2200
    stp stp state topology-changes 3
    stp stp state time-since-topology-change 610
    stp stp interfaces interface 2/1.0
     state name                 2/1.0
     state cost                 200
     state port-priority        100
     state port-num             3
     state role                 ROOT
     state port-state           FORWARDING
     state designated-root-priority 8192
     state designated-root-address 2:1c:73:ff:64:bb
     state designated-cost      2000
     state designated-bridge-priority 32768
     state designated-bridge-address 0:be:75:ae:1b:31
     state designated-port-priority 128
     state designated-port-num  37
     state forward-transisitions 2
     state counters bpdu-sent 40
     state counters bpdu-received 455
    stp stp interfaces interface 2/2.0
     state name                 2/2.0
     state cost                 200
     state port-priority        100
     state port-num             4
     state role                 ALTERNATE
     state port-state           BLOCKING
     state designated-root-priority 8192
     state designated-root-address 2:1c:73:ff:64:bb
     state designated-cost      2000
     state designated-bridge-priority 32768
     state designated-bridge-address 0:be:75:ae:1b:31
     state designated-port-priority 128
     state designated-port-num  45
     state forward-transisitions 1
     state counters bpdu-sent 20
     state counters bpdu-received 526
    default-1#
    

    stp global config enabled-protocol

    COMMAND

    show stp global state enabled-protocol

    DESCRIPTION

    Display which STP protocol is currently enabled for the partition. There is either one enabled protocol per partition or None.

    EXAMPLE

    Display the currently-enabled protocol:

    default-1# show stp global state enabled-protocol
    stp global state enabled-protocol { STP }
    

    show stp interfaces interface

    COMMAND

    show stp interfaces interface

    DESCRIPTION

    Display information about configured STP interfaces, including the current link type and edge port status.

    ARGUMENTS

    <interface>

    • description: Display information about only a specific STP interface, including the current link type and edge port status.

    EXAMPLE

    Display information about all configured STP interfaces:

    default-1# show stp interfaces
                                LINK
    NAME   NAME   EDGE PORT     TYPE
    ----------------------------------
    2/1.0  2/1.0  EDGE_DISABLE  P2P
    
    default-1#
    

    Display information about STP interface 2/1.0:

    default-1# show stp interfaces interface 2/1.0
                                LINK
    NAME   NAME   EDGE PORT     TYPE
    ----------------------------------
    2/1.0  2/1.0  EDGE_DISABLE  P2P
    
    default-1#
    

    show stp mstp

    COMMAND

    show stp mstp

    DESCRIPTION

    Display all system state related to the MSTP protocol. These fields are populated only when the STP global enabled-protocol is MSTP.

    EXAMPLE

    Display MSTP information:

    default-1# show stp mstp
    stp mstp state name f5-mstp-test
    stp mstp state revision 1
    stp mstp state max-hop 20
    stp mstp state hello-time 2
    stp mstp state max-age 20
    stp mstp state forwarding-delay 15
    stp mstp state hold-count 6
    stp mstp mst-instances mst-instance 555
     state mst-id               555
     state vlan                 { 555 }
     state bridge-priority      61440
     state designated-root-priority 61440
     state designated-root-address 0:94:a1:8d:18:8
     state root-port            0
     state root-cost            0
     state topology-changes     1
     state time-since-topology-change 136
                                                               DESIGNATED  DESIGNATED               DESIGNATED                   DESIGNATED
                        PORT      PORT                         ROOT        ROOT         DESIGNATED  BRIDGE      DESIGNATED       PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS      COST        PRIORITY    BRIDGE ADDRESS   PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT       FORWARDING  0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         3           1              3     70
    2/2.0  2/2.0  100   128       4     ALTERNATE  BLOCKING    0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         4           0              2     71
    
    default-1#
    

    show stp mstp mst-instances

    COMMAND

    show stp mstp mst-instances

    DESCRIPTION

    Display all configured MST instances and their state.

    EXAMPLE

    Display information about all configured MST instances:

    default-1# show stp mstp mst-instances
    stp mstp mst-instances mst-instance 555
     state mst-id               555
     state vlan                 { 555 }
     state bridge-priority      61440
     state designated-root-priority 61440
     state designated-root-address 0:94:a1:8d:18:8
     state root-port            0
     state root-cost            0
     state topology-changes     1
     state time-since-topology-change 274
                                                               DESIGNATED  DESIGNATED               DESIGNATED                   DESIGNATED
                        PORT      PORT                         ROOT        ROOT         DESIGNATED  BRIDGE      DESIGNATED       PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS      COST        PRIORITY    BRIDGE ADDRESS   PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT       FORWARDING  0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         3           1              3     139
    2/2.0  2/2.0  100   128       4     ALTERNATE  BLOCKING    0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         4           0              2     140
    
    default-1#
    

    show stp mstp mst-instances mst-instance

    COMMAND

    show stp mstp mst-instances mst-instance

    DESCRIPTION

    Display information about a specific MST instance and its state. You can optionally specify a single attribute. Available options are:

    • vlan: List of VLANs mapped to this instance.
    • bridge-priority: Priority of this MST instance used in root bridge selection.
    • designated-root-address: MAC address of current root bridge.
    • root-cost: The calculated cost associated with the current root-port.
    • root-port: The port-num, which is currently root. See the mapping between interface and port-num can be seen at stp mstp mst-instances mst-instances {mst-id} interfaces interface {name} state port-num.
    • time-since-topology-change: Seconds since the last change in topology occurred.
    • topology-changes: Total number of topology changes.
    • interfaces: List of interfaces configured for this MST instance and their respective spanning-tree state.

    EXAMPLE

    Display information about mst-instance 555:

    default-1# show stp mstp mst-instances mst-instance 555
    stp mstp mst-instances mst-instance 555
     state mst-id               555
     state vlan                 { 555 }
     state bridge-priority      61440
     state designated-root-priority 61440
     state designated-root-address 0:94:a1:8d:18:8
     state root-port            0
     state root-cost            0
     state topology-changes     1
     state time-since-topology-change 396
                                                               DESIGNATED  DESIGNATED               DESIGNATED                   DESIGNATED
                        PORT      PORT                         ROOT        ROOT         DESIGNATED  BRIDGE      DESIGNATED       PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS      COST        PRIORITY    BRIDGE ADDRESS   PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT       FORWARDING  0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         3           1              3     200
    2/2.0  2/2.0  100   128       4     ALTERNATE  BLOCKING    0           0:0:0:0:0:0  0           61440       0:94:a1:8d:18:8  128         4           0              2     201
    default-1#
    

    show stp mstp state

    COMMAND

    show stp mstp state

    DESCRIPTION

    Display the global state for the MSTP protocol. You can optionally specify a single attribute. Available options are:

    • name: Name of the MSTP region in which this bridge resides.
    • revision: Revision for the MSTP region in which this bridge resides.
    • forwarding-delay: If this system is the root bridge, protocol uses this forwarding delay.
    • hello-time: If this system is the root bridge, protocol uses this hello-time.
    • hold-count: If this system is the root bridge, protocol uses this hold-count.
    • max-age: If this system is the root bridge, protocol uses this max-age.

    EXAMPLE

    Display information about the global state for MSTP:

    default-1# show stp mstp state
    stp mstp state name f5-mstp-test
    stp mstp state revision 1
    stp mstp state max-hop 20
    stp mstp state hello-time 2
    stp mstp state max-age 20
    stp mstp state forwarding-delay 15
    stp mstp state hold-count 6
    

    Display the MSTP name:

    default-1# show stp mstp state name
    stp mstp state name f5-mstp-test
    

    Display the MSTP revision:

    default-1# show stp mstp state revision
    stp mstp state revision 1
    

    Display the MSTP max-hop:

    default-1# show stp mstp state max-hop
    stp mstp state max-hop 20
    

    Display the MSTP hello-time:

    default-1# show stp mstp state hello-time
    stp mstp state hello-time 2
    

    Display the MSTP max-age:

    default-1# show stp mstp state max-age
    stp mstp state max-age 20
    

    Display the MSTP forwarding-delay:

    default-1# show stp mstp state forwarding-delay
    stp mstp state forwarding-delay 15
    

    Display the MSTP hold-count:

    default-1# show stp mstp state hold-count
    stp mstp state hold-count 6
    

    show stp rstp

    COMMAND

    show stp rstp

    DESCRIPTION

    Display all system state related to the RSTP protocol. These fields are only populated when the stp global enabled-protocol is RSTP.

    EXAMPLE

    Display RSTP information:

    default-1# show stp rstp
    stp rstp state hello-time  2
    stp rstp state max-age     20
    stp rstp state forwarding-delay 15
    stp rstp state hold-count  6
    stp rstp state bridge-priority 32768
    stp rstp state bridge-address 0:94:a1:8d:18:8
    stp rstp state designated-root-priority 8192
    stp rstp state designated-root-address 2:1c:73:ff:64:bb
    stp rstp state root-port   3
    stp rstp state root-cost   2100
    stp rstp state topology-changes 1
    stp rstp state time-since-topology-change 10
                                                               DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                         ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT       FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          1              2     7
    2/2.0  2/2.0  100   128       4     ALTERNATE  BLOCKING    8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         45          0              2     8
    
    default-1#
    

    show stp rstp interfaces interface

    COMMAND

    show stp rstp interfaces interface

    DESCRIPTION

    Display information about configured RSTP interfaces

    EXAMPLE

    Display information about all configured RSTP interfaces:

    default-1# show stp rstp interfaces
                                                               DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                         ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT       FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          1              2     70
    2/2.0  2/2.0  100   128       4     ALTERNATE  BLOCKING    8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         45          0              2     71
    
    default-1#
    

    Display information about RSTP interface 2/1.0:

    default-1# show stp rstp interfaces interface 2/1.0
                                                          DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                    ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE  PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  100   128       3     ROOT  FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          1              2     98
    
    default-1#
    

    show stp stp

    COMMAND

    show stp stp

    DESCRIPTION

    Display all system state related to the STP protocol. These fields are only populated when the STP global enabled-protocol is STP.

    EXAMPLE

    default-1# show stp stp
    stp stp state hello-time   2
    stp stp state max-age      20
    stp stp state forwarding-delay 15
    stp stp state hold-count   6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:8d:18:8
    stp stp state designated-root-priority 8192
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    stp stp state root-port    3
    stp stp state root-cost    2200
    stp stp state topology-changes 3
    stp stp state time-since-topology-change 1268
                                                               DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                         ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  200   100       3     ROOT       FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          2              40    784
    2/2.0  2/2.0  200   100       4     ALTERNATE  BLOCKING    8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         45          1              20    853
    
    default-1#
    

    COMMAND

    show stp stp interfaces

    DESCRIPTION

    Display all system state related to interfaces configured for the STP protocol.

    EXAMPLE

    default-1# show stp stp interfaces
                                                               DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                         ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE       PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  200   100       3     ROOT       FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          2              40    841
    2/2.0  2/2.0  200   100       4     ALTERNATE  BLOCKING    8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         45          1              20    910
    
    default-1#
    

    show stp stp interfaces interface

    COMMAND

    show stp stp interfaces interface

    DESCRIPTION

    Display information about configured STP interfaces.

    EXAMPLE

    Display information about STP interface 2/1.0:

    default-1# show stp stp interfaces interface 2/1.0
                                                          DESIGNATED                                DESIGNATED                    DESIGNATED
                        PORT      PORT                    ROOT        DESIGNATED ROOT   DESIGNATED  BRIDGE      DESIGNATED        PORT        DESIGNATED  FORWARD        BPDU  BPDU
    NAME   NAME   COST  PRIORITY  NUM   ROLE  PORT STATE  PRIORITY    ADDRESS           COST        PRIORITY    BRIDGE ADDRESS    PRIORITY    PORT NUM    TRANSISITIONS  SENT  RECEIVED
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    2/1.0  2/1.0  200   100       3     ROOT  FORWARDING  8192        2:1c:73:ff:64:bb  2000        32768       0:be:75:ae:1b:31  128         37          2              40    914
    
    default-1#
    

    show stp stp state


    COMMAND

    show stp stp state

    DESCRIPTION

    Display any global state specific to the STP protocol. You can optionally specify a single attribute. Available options are:

    • bridge-address: MAC address for this bridge used in STP protocol.
    • bridge-priority: Priority of this bridge used in root bridge selection.
    • designated-root-address: MAC address of current root bridge.
    • forwarding-delay: If this system is the root bridge, protocol uses this forwarding delay.
    • hello-time: If this system is the root bridge, protocol uses this hello-time.
    • hold-count: If this system is the root bridge, protocol uses this hold-count.
    • max-age: If this system is the root bridge, protocol uses this max-age.
    • root-cost: The calculated cost associated with the current root-port.
    • root-port: port-num which is currently root. The mapping between interface and port-num can be seen at stp rstp interfaces interface {name} state port-num.
    • time-since-topology-change: Seconds since last change in topology occurred.
    • topology-changes: Total number of topology changes.

    EXAMPLE

    Display information about the global state for STP:

    default-1# show stp stp state
    stp stp state hello-time  2
    stp stp state max-age     20
    stp stp state forwarding-delay 15
    stp stp state hold-count  6
    stp stp state bridge-priority 32768
    stp stp state bridge-address 0:94:a1:8d:18:8
    stp stp state designated-root-priority 8192
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    stp stp state root-port   3
    stp stp state root-cost   2100
    stp stp state topology-changes 1
    stp stp state time-since-topology-change 418
    

    Display the STP hello-time:

    default-1# show stp stp state hello-time
    stp stp state hello-time 2
    

    Display the STP max-age:

    default-1# show stp stp state max-age
    stp stp state max-age 20
    

    Display the STP forwarding-delay:

    default-1# show stp stp state forwarding-delay
    stp stp state forwarding-delay 15
    

    Display the STP hold-count:

    default-1# show stp stp state hold-count
    stp stp state hold-count 6
    

    Display the STP bridge-priority:

    default-1# show stp stp state bridge-priority
    stp stp state bridge-priority 32768
    

    Display the STP bridge-address:

    default-1# show stp stp state bridge-address
    stp stp state bridge-address 0:94:a1:8d:18:8
    

    Display the STP designated-root-priority:

    default-1# show stp stp state designated-root-priority
    stp stp state designated-root-priority 8192
    

    Display the STP designated-root-address:

    default-1# show stp stp state designated-root-address
    stp stp state designated-root-address 2:1c:73:ff:64:bb
    

    Display the STP root-port:

    default-1# show stp stp state root-port
    stp stp state root-port 3
    

    Display the STP root-cost:

    default-1# show stp stp state root-cost
    stp stp state root-cost 2100
    

    Display the STP topology-changes:

    default-1# show stp stp state topology-changes
    stp stp state topology-changes 1
    

    Display the STP time-since-topology-change:

    default-1# show stp stp state time-since-topology-change
    stp stp state time-since-topology-change 486
    

    show system aaa

    COMMAND show system aaa

    DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.

    ARGUMENTS

    This command has no arguments.

    EXAMPLE

    Display the default system accounts:

    default-1# show system aaa authentication
              LAST    TALLY  EXPIRY
    USERNAME  CHANGE  COUNT  DATE    ROLE
    ----------------------------------------
    admin     18000   0      -1      admin
    root      18000   0      -1      root
    
    ROLENAME     GID   USERS
    --------------------------
    admin        9000  -
    limited      9999  -
    operator     9001  -
    partition_1  9101  -
    partition_2  9102  -
    partition_3  9103  -
    partition_4  9104  -
    partition_5  9105  -
    partition_6  9106  -
    partition_7  9107  -
    partition_8  9108  -
    root         0     -
    ts_admin     9100  -
    user         9002  -
    

    Show the TLS certificate:

    default-1# show system aaa tls state certificate
    

    Show the current CRLs in the system:

    default-1# show system aaa tls crls crl
    

    show system alarms

    COMMAND show system alarms

    DESCRIPTION Display information about system alarms.

    EXAMPLE

    Display active alarm conditions:

    default-1# show system alarms
    ID RESOURCE SEVERITY TEXT TIME CREATED
    -------------------------------------------------------------------------------------------------
    65545 blade-1 EMERGENCY Power fault detected in hardware 2020-08-31 11:50:24.042169447 UTC
    

    show system appliance-mode

    COMMAND

    show system appliance-mode

    DESCRIPTION

    Check the current state of appliance mode. It can be either enabled or disabled.

    EXAMPLE

    Get the current state of appliance-mode:

    default-1# show system appliance-mode
    system appliance-mode state disabled
    

    show system diagnostics

    COMMAND show system diagnostics

    DESCRIPTION Show iHealth information.

    EXAMPLE

    Display the iHealth configuration for the system:

    default-1# show system diagnostics ihealth
    system diagnostics ihealth state username ""
    system diagnostics ihealth state server https://ihealth-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
    system diagnostics ihealth state authserver https://api.f5.com/auth/pub/sso/login/ihealth-api
    

    show system events

    COMMAND show system events

    DESCRIPTION Display information about system events.

    EXAMPLE

    Show a list of system events:

    default-1# show system events | nomore
    LOG
    ---------------------------------------------------------------------------------------------------------------------------
    65550 blade-4 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:28.733241080 UTC"
    65550 blade-3 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:29.902888478 UTC"
    65550 blade-5 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.046717591 UTC"
    65550 blade-8 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.051940195 UTC"
    65550 blade-7 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.142001647 UTC"
    65550 blade-1 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.374032006 UTC"
    65550 blade-2 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.931862196 UTC"
    65546 blade-1 thermal-fault EVENT NA "Deasserted: VQF hot" "2021-06-07 07:30:34.424898975 UTC"
    65550 blade-4 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:36.732847474 UTC"
    65550 blade-4 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:36.740437691 UTC"
    65550 blade-3 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:37.888844718 UTC"
    65550 blade-3 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:37.896351348 UTC"
    65550 blade-5 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.035980475 UTC"
    65550 blade-8 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.051669894 UTC"
    65550 blade-5 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.042799411 UTC"
    65550 blade-8 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.058516384 UTC"
    65550 blade-7 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.141770789 UTC"
    65550 blade-7 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.148985854 UTC"
    65550 blade-6 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.227215000 UTC"
    65550 blade-1 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.373658790 UTC"
    65550 blade-1 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.380764421 UTC"
    65550 blade-2 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.923931779 UTC"
    65550 blade-2 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.930746599 UTC"
    65546 blade-1 thermal-fault ASSERT WARNING "Thermal fault detected in hardware" "2021-06-07 07:30:40.371912934 UTC"
    ...
    

    show system health

    COMMAND show system health

    DESCRIPTION Display health information about system components.

    ARGUMENTS

    The availability of options for this command depends on the hardware component for which you want to view health information.

    components component <specific-component> { { firmware | hardware | services } <specific-component> } }

    • type: string
    • description: Name of the specific component. Available options are:
      • blade-1 through blade-<n>
      • controller-1 through controller-2

    summary

    • description: High-level health status for all components.

    EXAMPLES

    Display high-level hardware health state for blade-5:

    default-1# show system health components component blade-5 hardware state | nomore
    KEY                                        NAME               HEALTH  SEVERITY
    --------------------------------------------------------------------------------
    blade/hardware/cpu                         CPU                ok      info
    blade/hardware/cpu/interfaces/ctrlplane00  Control Plane 00   ok      info
    blade/hardware/cpu/interfaces/ctrlplane01  Control Plane 01   ok      info
    blade/hardware/cpu/interfaces/ctrlplane02  Control Plane 02   ok      info
    blade/hardware/cpu/interfaces/ctrlplane03  Control Plane 03   ok      info
    blade/hardware/cpu/pcie                    PCIe BUS           ok      info
    blade/hardware/dma/dm0                     DMA                ok      info
    blade/hardware/dma/dm1                     DMA                ok      info
    blade/hardware/dma/dm2                     DMA                ok      info
    blade/hardware/dma/sep                     SEP                ok      info
    blade/hardware/dma/stream-manager          Stream-Manager     ok      info
    blade/hardware/drives                      Drives             ok      info
    blade/hardware/drives/nvme0n1              Drive NVME 0       ok      info
    blade/hardware/fpga/atse0                  FPGA ATSE-0        ok      info
    blade/hardware/fpga/atse0/be2              Bandwidth Engine   ok      info
    blade/hardware/fpga/atse0/fp0              FP0<->Optic-0      ok      info
    blade/hardware/fpga/atse0/fp1              FP1<->Optic-1      ok      info
    blade/hardware/fpga/atse0/gearbox0         Gearbox-0          ok      info
    blade/hardware/fpga/atse0/gearbox1         Gearbox-1          ok      info
    blade/hardware/fpga/atse0/ifh0             ATSE<->VQF Host0   ok      info
    blade/hardware/fpga/atse0/ifh1             ATSE<->VQF FP1     ok      info
    blade/hardware/fpga/atse0/ifh2             ATSE<->VQF FP0     ok      info
    blade/hardware/fpga/atse0/pcie0            ATSE<->CPU PCIe0   ok      info
    blade/hardware/fpga/atse0/pcie1            ATSE<->CPU PCIe1   ok      info
    blade/hardware/fpga/atse0/pcie2            ATSE<->CPU PCIe2   ok      info
    blade/hardware/fpga/vqf                    VQF FPGA           ok      info
    blade/hardware/fpga/vqf/bp0                VQF<->CC1 BP0      ok      info
    blade/hardware/fpga/vqf/bp1                VQF<->CC2 BP1      ok      info
    blade/hardware/fpga/vqf/ifh0               VQF<->ATSE FP0     ok      info
    blade/hardware/fpga/vqf/ifh1               VQF<->ATSE FP1     ok      info
    blade/hardware/fpga/vqf/ifh2               VQF<->ATSE Host0   ok      info
    blade/hardware/fpga/vqf/nse                NSE                ok      info
    blade/hardware/fpga/vqf/nse/nse-fp0        NSE FP0            ok      info
    blade/hardware/fpga/vqf/nse/nse-fp1        NSE FP1            ok      info
    blade/hardware/fpga/vqf/pcie0              VQF PCIe Config    ok      info
    blade/hardware/fpga/vqf/voq                VOQ                ok      info
    blade/hardware/fpga/vqf/voq/blade1.cpu     VOQ -> blade1.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade1.fp0     VOQ -> blade1.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade1.fp1     VOQ -> blade1.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade2.cpu     VOQ -> blade2.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade2.fp0     VOQ -> blade2.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade2.fp1     VOQ -> blade2.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade3.cpu     VOQ -> blade3.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade3.fp0     VOQ -> blade3.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade3.fp1     VOQ -> blade3.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade4.cpu     VOQ -> blade4.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade4.fp0     VOQ -> blade4.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade4.fp1     VOQ -> blade4.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade5.cpu     VOQ -> blade5.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade5.fp0     VOQ -> blade5.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade5.fp1     VOQ -> blade5.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade6.cpu     VOQ -> blade6.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade6.fp0     VOQ -> blade6.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade6.fp1     VOQ -> blade6.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade7.cpu     VOQ -> blade7.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade7.fp0     VOQ -> blade7.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade7.fp1     VOQ -> blade7.fp1  ok      info
    blade/hardware/fpga/vqf/voq/blade8.cpu     VOQ -> blade8.cpu  ok      info
    blade/hardware/fpga/vqf/voq/blade8.fp0     VOQ -> blade8.fp0  ok      info
    blade/hardware/fpga/vqf/voq/blade8.fp1     VOQ -> blade8.fp1  ok      info
    blade/hardware/lop                         LOP                ok      info
    blade/hardware/memory                      Memory             ok      info
    blade/hardware/optic0                      optic-0            ok      info
    blade/hardware/optic1                      optic-1            ok      info
    blade/hardware/qat                         QAT                ok      info
    blade/hardware/tpm                         TPM                ok      info
    

    Display the status of the tcpdump service on the blades:

    default-1-active# show system health components component services  blade/services/tcpdumpd
    system health components component blade-1
     services blade/services/tcpdumpd
      state name tcpdumpd
      state health ok
      state severity info
    NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
    ----------------------------------------------------------------------------------------------------------------------------
    container:event:attach             Container attach event                    ok      info      0      2021-06-17T07:13:48Z
    container:event:die                Container die event                       ok      info      0      2021-07-12T17:43:23Z
    container:event:exec-create        Container exec create event               ok      info      0      2021-07-12T15:56:52Z
    container:event:exec-detach        Container exec detach event               ok      info      0      2021-06-17T07:13:48Z
    container:event:exec-die           Container exec die event                  ok      info      0      2021-06-17T07:13:48Z
    container:event:exec-start         Container exec start event                ok      info      0      2021-07-12T15:56:52Z
    container:event:kill               Container kill event                      ok      info      0      2021-07-12T17:43:23Z
    container:event:restart            Container restart event                   ok      info      0      2021-07-12T17:48:26Z
    container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2021-06-17T07:13:48Z
    container:event:start              Container start event                     ok      info      0      2021-06-17T07:13:48Z
    container:event:stop               Container stop event                      ok      info      0      2021-07-12T17:43:23Z
    container:running                  Container running                         ok      info      true   2021-07-13T14:24:26Z
    
    system health components component blade-2
     services blade/services/tcpdumpd
      state name tcpdumpd
      state health ok
      state severity info
    NAME                               DESCRIPTION                               HEALTH  SEVERITY  VALUE  UPDATED AT
    ----------------------------------------------------------------------------------------------------------------------------
    container:event:attach             Container attach event                    ok      info      0      2021-06-17T07:13:47Z
    container:event:die                Container die event                       ok      info      0      2021-07-13T14:24:52Z
    container:event:exec-create        Container exec create event               ok      info      0      2021-07-12T15:56:55Z
    container:event:exec-detach        Container exec detach event               ok      info      0      2021-06-17T07:13:47Z
    container:event:exec-die           Container exec die event                  ok      info      0      2021-06-17T07:13:47Z
    container:event:exec-start         Container exec start event                ok      info      0      2021-07-12T15:56:55Z
    container:event:kill               Container kill event                      ok      info      0      2021-07-13T14:24:52Z
    container:event:restart            Container restart event                   ok      info      0      2021-07-12T17:47:13Z
    container:event:restart-last-hour  Container restart count in the last hour  ok      info      0      2021-06-17T07:13:47Z
    container:event:start              Container start event                     ok      info      0      2021-06-17T07:13:47Z
    container:event:stop               Container stop event                      ok      info      0      2021-07-13T14:24:52Z
    container:running                  Container running                         ok      info      true   2021-07-13T14:24:52Z
    ...
    

    Display a high-level summary of all system components:

    default-1# show system health summary system health summary components component blade-1 state health ok state severity notice system health summary components component blade-2 state health unhealthy state severity error attributes attribute "blade/firmware/fpga/atse0 - firmware:update-status" description "Firmware update status" health unhealthy severity error value error updatedAt 2022-04-21T17:11:52Z attributes attribute "blade/services/partition_fpga - service:ready" description "Service ready status" health ok severity warning value false updatedAt 2022-04-21T07:55:32Z attributes attribute "blade/services/partition_fpga - service:message-error" description "Service health monitor error" health ok severity warning value "No response to ready request" updatedAt 2022-04-21T07:55:32Z attributes attribute "blade/services/partition_fpga - service:message-error-count" description "Service health monitor error count" health ok severity warning value 1000 updatedAt 2022-04-21T07:55:34Z system health summary components component blade-3 system health summary components component blade-4 system health summary components component blade-5 system health summary components component blade-6 system health summary components component blade-7 system health summary components component blade-8 system health summary components component controller-1 state health ok state severity info system health summary components component controller-2 state health ok state severity info


    show system licensing

    COMMAND show system licensing

    DESCRIPTION Display information about partition licence.

    EXAMPLE

    Display license information for the default partition Note: commented license key values.

    default-1# show system licensing
    system licensing license
                             Licensed version    7.4.0
                             Registration Key    XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
                             Licensed date       2020/08/29
                             License start       2020/05/05
                             License end         2020/09/29
                             Service check date  2020/08/30
                             Platform ID         F101
                             Appliance SN        chs600103s
    
                             Active Modules
                              Local Traffic Manager, CX410 (XXXXXXX-XXXXXXX)
                               Best Bundle, CX410
                               APM-Lite
                               Advanced Routing
                               Carrier Grade NAT (AFM ONLY)
                               Max Compression, CX410
                               Rate Shaping
                               Max SSL, CX410
                               Anti-Virus Checks
                               Base Endpoint Security Checks
                               Firewall Checks
                               Machine Certificate Checks
                               Network Access
                               Protected Workspace
                               Secure Virtual Keyboard
                               APM, Web Application
                               App Tunnel
                               Remote Desktop
    
    

    show system logging

    COMMAND show system logging

    DESCRIPTION Display information about remote logging.

    ARGUMENTS

    This command has no arguments.


    show system redundancy

    COMMAND show system redundancy

    DESCRIPTION Display the redundancy state of the system; tracks the database synchronization status for both the system cControllers and the blades.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the current redundancy state:

    default-1# show system redundancy
    system redundancy state mode prefer-1
    system redundancy state auto-failback enabled
    system redundancy state auto-failback failback-delay 30
    system redundancy state current-active controller-1
    system redundancy state status redundant
                                                                                        SERVICES
    NAME          STATUS   FAULT  STARTUP TIME         LAST TRANSITION      OS VERSION  VERSION
    ------------------------------------------------------------------------------------------------
    blade-1       replica  false  2020-09-16 15:31:35  2020-09-16 15:31:37  1.0.0-0000  1.0.0-0000
    blade-2       -        -      -                    -                    -           -
    controller-1  active   false  2020-09-16 15:30:41  2020-09-16 15:30:44  1.0.0-0000  1.0.0-0000
    controller-2  standby  false  2020-09-16 15:31:16  2020-09-16 15:31:16  1.0.0-0000  1.0.0-0000
    

    show system redundancy state

    COMMAND show system redundancy state

    DESCRIPTION Display the state of all system redundancy configuration settings.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the state of all redundancy settings:

    default-1# show system redundancy state
    system redundancy state mode auto
    system redundancy state auto-failback disabled
    system redundancy state auto-failback failback-delay 30
    system redundancy state current-active controller-1
    system redundancy state status redundant
    

    show system redundancy nodes node

    COMMAND show system redundancy nodes node

    DESCRIPTION Display the redundancy state of a specific node in the partition. The node can be either a system controller or blade.

    ARGUMENTS

    node <blade-or-sys-controller>

    • type: string
    • description: Specific node in partition to display. Available options are:
      • blade-1 - blade-<n>
      • controller-1
      • controller-2

    EXAMPLE

    Display the redundancy state of blade-1:

    
    default-1# show system redundancy nodes node blade-1
                                                                                   SERVICES
    NAME     STATUS   FAULT  STARTUP TIME         LAST TRANSITION      OS VERSION  VERSION
    -------------------------------------------------------------------------------------------
    blade-1  replica  false  2021-06-15 20:56:51  2021-06-15 20:56:54  1.2.0-7682  1.2.0-7682
    

    show system state

    COMMAND show system state

    DESCRIPTION Display the name of the current partition.

    ARGUMENTS

    boot-time

    • description: Not supported.

    current-datetime

    • description: Not supported.

    hostname

    • description: Not supported.

    motd-banner

    • description: Not supported.

    partition-name

    • description: Display the partition name.

    EXAMPLES

    Display the current partition:

    default-1# show system state
    system state partition-name default
    
    

    Display the current partition:

    default-1# show system state partition-name
    system state partition-name default
    
    

    show system settings dag

    COMMAND show system settings dag

    DESCRIPTION Display information about the disaggregator (DAG) state for the system.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.

    EXAMPLES

    Display the current DAG state:

    default-1# show system settings dag
    system settings dag state ipv6-prefix-length 128
    

    show system state

    COMMAND show system state

    DESCRIPTION Display the name of the current partition.

    ARGUMENTS

    boot-time

    • description: Not supported.

    current-datetime

    • description: Not supported.

    hostname

    • description: Not supported.

    motd-banner

    • description: Not supported.

    partition-name

    • description: Display the partition name.

    EXAMPLES

    Display the current partition:

    default-1# show system state
    system state partition-name default
    
    

    Display the current partition:

    default-1# show system state partition-name
    system state partition-name default
    
    

    show tenants

    COMMAND show tenants

    DESCRIPTION Display the state of all configured tenants in the partition.

    ARGUMENTS This command has no arguments.

    EXAMPLE

    Display the state of configured tenants on the current partition:

    default-1# show tenants
    tenants tenant bigip-vm
     state unit-key-hash mHBqOf9bDlLkKb9erpvjx++nwQBMOk4seGfONpRZ2/30k6ycrUhOEMcSxFSSWRl1qNSIm392m+HUdDUfs3Kn8A==
     state type          BIG-IP
     state mgmt-ip       192.0.2.61
     state prefix-length 24
     state gateway       192.0.2.1
     state vlans         { 100 }
     state cryptos       disabled
     state vcpu-cores-per-node 2
     state memory        7680
     state running-state deployed
     state mac-data base-mac 00:94:a1:8c:e8:09
     state mac-data mac-pool-size 1
     state appliance-mode disabled
     state status        Running
     state primary-slot  1
     state image-version "BIG-IP 15.1.2.8 0.0.496"
    NDI      MAC
    ----------------------------
    default  00:94:a1:8c:e8:0a
    
     state instances instance 1
      instance-id   1
      phase         Running
      image-name    BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle
      creation-time 2021-01-26T19:17:19Z
      ready-time    2021-01-26T19:17:15Z
      status        "Started tenant instance"
      mgmt-mac      ae:ce:3c:8c:df:4e
    

    show tenants tenant

    COMMAND show tenants tenant

    DESCRIPTION Displays the state of a specific configured tenants in the partition.

    ARGUMENTS

    tenant-name

    • type: string
    • description: Specific tenant name.

    EXAMPLE

    Display the state of a tenant named bigip-vm:

    default-1# show tenants tenant bigip-vm
    tenants tenant bigip-vm
    state unit-key-hash mHBqOf9bDlL5tyerpvjx++nwQBMOk4seGfONpRZ2/30k6ycrUhOEMcSxFSSWRl1qNSIm392m1234DUfs3Kn8A==
    state type          BIG-IP
    state mgmt-ip       192.0.2.61
    state prefix-length 24
    state gateway       192.0.2.1
    state vlans         { 100 }
    state cryptos       disabled
    state vcpu-cores-per-node 2
    state memory        7680
    state running-state deployed
    state mac-data base-mac 00:94:a1:8c:e8:09
    state mac-data mac-pool-size 1
    state appliance-mode disabled
    state status        Running
    state primary-slot  1
    state image-version "BIG-IP 15.1.2.8 0.0.496"
    NDI      MAC
    ----------------------------
    default  00:94:a1:8c:e8:0a
    
    state instances instance 1
     instance-id   1
     phase         Running
     image-name    BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle
     creation-time 2021-01-26T19:17:19Z
     ready-time    2021-01-26T19:17:15Z
     status        "Started tenant instance"
     mgmt-mac      ae:ce:3c:8c:df:4e
    

    show vlan-listeners

    COMMAND show vlan-listeners

    DESCRIPTION Displays configured vlan-listeners. These objects are system created and available for display for technical support purposes only.

    ARGUMENTS

    displaylevel <depth>

    • type: unsigned long
    • description: Limit how many levels are displayed by the show command. If a display level of 1 is specified, then only the direct children of an element will be shown. If a display level of 3 is specified, then only elements at a depth of three below a given element will be displayed, etc. The range is from 1 through 64.

    vlan-listener <interface> <vlan-id>

    • description: Display a specific vlan-listener associated with an interface and VLAN pair.

    EXAMPLE

    Display the vlan-listener on interface 1/1.0 with the VLAN ID of 100:

    show vlan-listeners vlan-listener 1/1.0 100
                                             NDI                                             SERVICE
    INTERFACE  VLAN  ENTRY TYPE     OWNER    ID    SVC  VTC  SEP  DMS  DID  CMDS  MIRRORING  IDS
    ------------------------------------------------------------------------------------------------
    1/1.0     100   VLAN-LISTENER  tenant-1  4095   8    -    15   -    -    -     disabled   -