COMMAND
SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>
DESCRIPTION Configure an SNMP community.
ARGUMENTS
EXAMPLE
Configure the SNMP community name to be test_community
:
syscon-1-active(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community
COMMAND
SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community_name> vacmGroupName <group-name>
DESCRIPTION Configure SNMP VIEW BASED ACM for the given community. This configuration maps a combination of securityModel and securityName into a groupName, which is used to define an access control policy for a group of principals.
ARGUMENTS
1
for SNMP v1, and the default value is 2
for SNMP v2c.Note: Use group-name as read-access
while configuring the SNMP VACM.
EXAMPLES
Configure the SNMP v2c VACM read access
group for community test_community
:
syscon-1-active(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access
Configure the SNMP v1 VACM read access
group for community test_community
:
syscon-1-active(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access
IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable
, snmpTargetParamsTable
, and snmpTargetAddrTable
, as shown below.
COMMAND
SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap
DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
EXAMPLE
Configure the SNMP NOTIFICATION MIB entry to be v2_trap
for trap
notifications:
syscon-1-active(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap
COMMAND
SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.
ARGUMENTS
**Note:** snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)
**Note:** snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)
**Note:** This must be one of the configured SNMP communities.
**Note:** This must be `noAuthNoPriv` for SNMP v1 and v2c.
EXAMPLES
Configure the SNMP snmpTargetParamsTable to be group2
for SNMP v2 model with test_community
:
syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
Configure the SNMP snmpTargetParamsTable to be group1
for SNMP v1 model with test_community
:
syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
COMMAND
SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
**Note:** Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.
**Note:**
For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).
For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).
**Note:** This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).
EXAMPLES
Configure the SNMP snmpTargetAddrTable to be v2_trap
with IPv4 address x.x.x.x
and port 6011
:
Port Octet Conversion:
6011 >> 8 = 23 (1st octet)
6011 & 255 = 123 (2nd octet)
syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2
Configure the SNMP snmpTargetAddrTable to be v1_trap
with IPv4 address x.x.x.x
and port 6011
:
syscon-1-active(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1
COMMAND
SNMPv2-MIB system
DESCRIPTION Configure the SNMP system information such as system contact, location, and name.
ARGUMENTS
EXAMPLES
The example configures SNMP name, location and contact:
syscon-1-active(config)# SNMPv2-MIB system sysName f5System sysLocation boston sysContact support@f5.com
COMMAND abort
DESCRIPTION Abort a configuration session.
ARGUMENTS This command has no arguments.
COMMAND annotate
DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND commit
DESCRIPTION Commit the current set of changes to the running configuration.
ARGUMENTS
persist-id
<id> argument.commit confirmed
command is issued before the timeout expires, then the configuration is reverted to the configuration that was active before the commit confirmed
command was issued. If no timeout is given, then the confirming commit has a timeout of 10 minutes. The configuration session will be terminated after this command since no further editing is possible.
The confirming commit will be rolled back if the CLI session is terminated before confirming the commit, unless the persist argument is also given. If the persist command is given, then the CLI session can be terminated and a later session can confirm the pending commit by supplying the persist token as an argument to the commit
command using the persist-id
argument.persist-id
argument.persist-id
argument. Include the persist-id
option and specify the same persist token id, to modify the ongoing confirming commit process. This enables you to cancel an ongoing persist commit operation or extend the timeout.COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND copy
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND describe
DESCRIPTION Display detailed information about a command.
ARGUMENTS
COMMAND do
DESCRIPTION Run a command in operational (user) mode.
ARGUMENTS
COMMAND end
DESCRIPTION Exit configuration mode. If no changes have been made to the configuration, you are prompted to save before exiting configuration mode.
ARGUMENTS
COMMAND exit
DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.
ARGUMENTS
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND insert
DESCRIPTION Insert a parameter or element.
ARGUMENTS
COMMAND move
DESCRIPTION Move an element or parameter.
ARGUMENTS
COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND resolved
DESCRIPTION Indicate that conflicts have been resolved.
ARGUMENTS This command has no arguments.
COMMAND revert
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND rollback
DESCRIPTION Returns the configuration to a previously committed configuration.
ARGUMENTS
EXAMPLES
Return to the configuration changes made in rollback versions 0 and 1:
syscon-1-active# rollback configuration 1
Return to the configuration changes made only in rollback version 1:
syscon-1-active# rollback selective 1
COMMAND show
DESCRIPTION Display a specified parameter.
ARGUMENTS
COMMAND tag
DESCRIPTION Configure statement tags.
ARGUMENTS
COMMAND top
DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.
ARGUMENTS
COMMAND validate
DESCRIPTION
Verify that the candidate configuration contains no errors. This performs the same operation as commit check
.
ARGUMENTS This command has no arguments.
COMMAND components
DESCRIPTION
Configure properties for hardware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
warning
. Available options, in decreasing order of severity, are:EXAMPLES
Configure the PSU redundancy mode to be n+n
:
syscon-1-active(config)# components component chassis psu config redundancy-mode n+n
Configure the severity level for the n+n PSU redundancy mode to be error
:
syscon-1-active(config)# components component chassis psu config severity error redundancy-mode n+n
COMMAND file config concurrent-operations-limit
DESCRIPTION Specify how many concurrent file operations are allowed at a time.
ARGUMENTS
EXAMPLE
Limit the number of concurrent file operations to 10:
syscon-1-active# file config concurrent-operations-limit 10
COMMAND file known-hosts known-host
DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.
ARGUMENTS
COMMAND file import
DESCRIPTION
Transfer a remote file to the system controller. These directories are available for use for file import
operations on the system controller:
ARGUMENTS
EXAMPLE
Transfer a file named myfile.iso
from the remote host files.company.com
on port 443
to the images/staging
directory on the system controller:
syscon-1-active# file import local-file images/staging remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/staging/myfile.iso)
COMMAND file export
DESCRIPTION
Transfer a file from a system controller to a remote system. These directories are available for use for file export
operations on the system controller:
EXAMPLE
Transfer a file named velos.log
from the local host to the /home/jdoe/
directory at files.company.com
, using the username jdoe
:
syscon-1-active# file export local-file log/controller/velos.log remote-host files.company.com remote-file home/jdoe/velos.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/controller/velos.log)
COMMAND file delete
DESCRIPTION
Delete a specified file from the system controller. You can use file delete
only on files in the diags/shared
directory.
ARGUMENTS
EXAMPLE
Delete a specified QKView file from the system:
syscon-1-active# file delete file-name diags/shared/qkview/controller-1-76ee7548-786d-11eb-a48b-12345a000007-qkview.tar.gz
result Deleting the file
COMMAND file transfer-status
DESCRIPTION Display the status of file transfer operations.
ARGUMENTS
EXAMPLE
Check the status of file transfers:
syscon-1-active# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
1 |Import file|HTTPS |images/staging/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)
COMMAND file list
DESCRIPTION Display a list of directories and files in a specified path.
ARGUMENTS
EXAMPLE
Display a list of files in images/staging
:
syscon-1-active# file list path images/staging
entries {
name
F5OS-C-1.6.0-7891.CONTROLLER.CANDIDATE.iso
F5OS-C-1.6.0-7891.PARTITION.CANDIDATE.iso
}
COMMAND file show
DESCRIPTION Display the contents of a specified file.
ARGUMENTS
EXAMPLE
Display the contents of the file log/controller/velos.log
:
syscon-1-active# file show log/controller/velos.log
2021-02-26T09:57:57-08:00 localhost.localdomain notice boot_marker: ---==={ BOOT-MARKER }===---
2021-02-26T09:59:04-08:00 controller-1.chassis.local notice boot_marker: ---==={ BOOT-MARKER }===---
2021-02-26T18:08:59.060702+00:00 controller-1 vcc-lacpd[10]: priority="Info" version=1.0 msgid=0x3301000000000040 msg="LACPD starting.".
2021-02-26T18:08:59.061370+00:00 controller-1 alert-service[8]: priority="Notice" version=1.0 msgid=0x2201000000000001 msg="Alert Service Starting..." version="3.4.9" date="Fri Nov 20 00:40:14 2020".
2021-02-26T18:08:59.061371+00:00 controller-1 /usr/bin/authd[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061401+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061469+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:08:59.061639+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000006 msg="DB state monitor started".
...
COMMAND file tail
DESCRIPTION Display only the last 10 lines of a specified file.
ARGUMENTS
EXAMPLES
Display only the last 10 lines of log/controller/velos.log
:
syscon-1-active# file tail log/controller/velos.log
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:10+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:12+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
Display the last 10 lines of log/controller/velos.log
and keep appending output as the file grows:
syscon-1-active# file tail -f log/controller/velos.log
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:06+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:10+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:12+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
Display only the last five lines of log/controller/velos.log
:
syscon-1-active# file tail -n 5 log/controller/velos.log
2021-03-15T19:30:16+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:30:20+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:30:22+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=3 dest="tcp://localhost:1046".
2021-03-15T19:34:54+00:00 controller-1 alert-service[7]: priority="Notice" version=1.0 msgid=0x2201000000000021 msg="Sending POST_LOP_OBJECT_LED_ALARM_SEVERITY." func="postAlertLedSeverity" severity=6 dest="tcp://localhost:1046".
COMMAND file abort-transfer
DESCRIPTION Cancel an in-progress file transfer operation.
ARGUMENTS
EXAMPLE
Cancel a specified in-progress file transfer:
syscon-1-active# file abort-transfer operation-id IMPORT-A7FbjRIf
Aborting will stop the file transfer. Do you want to proceed? [yes/no] yes
result File transfer abort operation initiated.
COMMAND image controller remove iso
DESCRIPTION Remove a specified ISO version from the system controller.
ARGUMENTS
EXAMPLE
Remove the ISO named 1.6.0-7891 from the system controller:
syscon-1-active(config)# image controller remove iso 1.6.0-7891
COMMAND image controller remove os
DESCRIPTION Remove a specified OS version from the system controller.
ARGUMENTS
EXAMPLE
Remove the OS version named 1.6.0-7891 from the system controller:
syscon-1-active(config)# image controller remove os 1.6.0-7891
COMMAND image controller remove service
DESCRIPTION Remove a specified service version from the system controller.
ARGUMENTS
EXAMPLE
Remove the service version named 1.6.0-7891 from the system controller:
syscon-1-active(config)# image controller remove service 1.6.0-7891
COMMAND image partition remove iso
DESCRIPTION Remove a specified ISO version from the partition.
ARGUMENTS
EXAMPLE
Remove the ISO version named 1.6.0-7891 from the partition:
syscon-1-active(config)# image partition remove iso 1.6.0-7891
COMMAND image partition remove os
DESCRIPTION Remove a specified OS version from the partition.
ARGUMENTS
EXAMPLE
Remove the OS version named 1.6.0-7891 from the partition:
syscon-1-active(config)# image partition remove os 1.6.0-7891
COMMAND image partition remove service
DESCRIPTION Remove a specified service version from the partition.
ARGUMENTS
EXAMPLE
Remove the service version named 1.6.0-7891 from the partition:
syscon-1-active(config)# image partition remove service 1.6.0-7891
COMMAND interfaces interface
DESCRIPTION Configure chassis network interfaces. This includes options for link aggregation.
ARGUMENTS
The availability of options for this command depends on which interface you are configuring.
COMMAND interfaces interface <interface-name> aggregation config
DESCRIPTION Configure aggregation for an interface.
ARGUMENTS
up
.EXAMPLE
Configure aggregation of type LACP on interface 1/1.1:
syscon-1-active(config)# interfaces interface 1/1.1 aggregation config lag-type LACP
COMMAND interfaces interface <interface-name> config
DESCRIPTION Configure aggregation for an interface.
ARGUMENTS
true
to enable loopback mode or false
to disable it.EXAMPLE
Configure interface 1/1.1 to use the fast
aggregation type:
syscon-1-active(config)# interfaces interface 1/1.1
COMMAND interfaces interface <interface-name> ethernet config
DESCRIPTION Configure Ethernet options for an interface.
ARGUMENTS
true
to enable auto negotiate or false
to disable it.FULL
to enable full duplex on an interface or set to HALF
to enable half duplex on an interface.true
to enable priority flow control or false
to disable it.on
to enable priority flow control in the receive direction or off
to disable it.on
to enable priority flow control in the send direction or off
to disable it.EXAMPLE
Configure interface 1/1.1 to use the FULL
duplex mode:
syscon-1-active(config)# interfaces interface 1/1.1 ethernet config duplex-mode FULL
COMMAND interfaces interface <interface-name> holdtime
DESCRIPTION Configure Ethernet options for an interface.
ARGUMENTS
EXAMPLE
Configure hold-time for interface 1/1.2:
syscon-1-active(config)# interfaces interface 1/1.2 holdtime config up
COMMAND interfaces interface <interface-name> subinterfaces subinterface range
DESCRIPTION This command is not currently supported.
COMMAND lacp config system-priority
DESCRIPTION
System priority and system MAC are combined as system-id
which is required by the LACP protocol. Each partition has a system mac which is not configurable. The default system priority is 32768.
ARGUMENTS
EXAMPLE
Configure system priority to be 1000
:
syscon-1-active(config)# lacp config system-priority 1000
COMMAND lacp interfaces interface
DESCRIPTION
Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.
ARGUMENTS
FAST
to have packets sent every second. Set the interval to SLOW
to have packets sent every 30 seconds.PASSIVE
to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE
to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.EXAMPLES
Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:
syscon-1-active(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
Create a LAG interface named lag1
with the type ieee8023adLag
:
syscon-1-active(config)# interfaces interface lag1 config type ieee8023adLag; commit
Enable LACP on a LAG interface named lag1
:
syscon-1-active(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
#
Create an LACP interface named lag1
with default parameters (internal
is set to SLOW
, lacp-mode
is set to ACTIVE
):
syscon-1-active(config)# lacp interfaces interface lag1 config name lag1; commit
Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1
:
syscon-1-active(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
syscon-1-active(config)# interfaces interface 1/2.0 ethernet config aggregate-id lag1
syscon-1-active(config)# commit
Attach VLANs 1000 and 1001 to a LAG interface named lag1
:
syscon-1-active(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans { 1000 1001 }
COMMAND mgmt-vlans mgmt-vlan
DESCRIPTION Creates a MGMT VLAN object that can be referenced by other configuration commands.
ARGUMENTS
EXAMPLE
Configure mgmt VLAN 11, with the name 11 and a vlan-id of 11:
syscon-1-active(config)# mgmt-vlans mgmt-vlan 11 config name mgmt-vlan-11 mgmt-vlan-tag 11
COMMAND partitions partition
DESCRIPTION Configure options for chassis partitions.
ARGUMENTS
EXAMPLE
Create a chassis partition named newPartition
:
syscon-1-active(config)# partitions partition newPartition
COMMAND partitions partition <partition-name> check-version
DESCRIPTION Check whether a chassis partition is compatible with a specific service version.
ARGUMENTS
EXAMPLE
Verify that the chassis partition is compatible with service version number 1.6.0-7891:
syscon-1-active(config)# partitions partition new check-version service-version 1.6.0-7891
result Partition database upgrade compatibility check succeeded.
COMMAND partitions partition <partition-name> set-version
DESCRIPTION
Trigger an install after verifying software compatibility using check-version
. This operation will cause the chassis partition control plane, blades, and tenants to restart, which interrupts both management and data plane traffic.
ARGUMENTS
no
to show a confirmation prompt prior to beginning the installation of new chassis partition software. Specify yes
to bypass a confirmation prompt.COMMAND partitions partition <partition-name> config
DESCRIPTION Configure a chassis partition.
ARGUMENTS
enabled
to enable a specified chassis partition. Specify disabled
to disable it.Note: Applies only to systems with the FIPS 140 add-on license.
Note: Applies only to systems with the FIPS 140 add-on license.
EXAMPLES
Enable a chassis partition named newPartition
:
syscon-1-active(config)# partitions partition newPartition config enabled
Disable a chassis partition named newPartition
:
syscon-1-active(config)# partitions partition newPartition config disabled
Change the iso-version running on a chassis partition named newPartition
to be version 1.6.0-7891:
syscon-1-active(config)# partitions chassis partition newPartition config iso-version 1.6.0-7891
Change the os-version running on a chassis partition named newPartition
to be version 1.6.0-7891:
syscon-1-active(config)# partitions partition newPartition config os-version 1.6.0-7891
Change the service-version running on a chassis partition named newPartition
to be version 1.6.0-7891:
syscon-1-active(config)# partitions partition newPartition config service-version 1.6.0-7891
COMMAND partitions partition run-integrity-check
DESCRIPTION Run the on-demand integrity check.
Note: Applies only to systems with the FIPS 140 add-on license.
ARGUMENTS
yes
to run the integrity check or no
if you do not want to proceed. The default value is no
.COMMAND slots slot
DESCRIPTION Specify a slot to enable, disable, or reassign to a different chassis partition.
ARGUMENTS
default
.EXAMPLE
Disable slot 1 and verify that it is disabled:
syscon-1-active(config)# slots slot 1 disabled
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
disabled
partition none
!
Enable slot 1 and verify that it is enabled:
syscon-1-active(config)# slots slot 1 enabled
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
enabled
partition none
!
Assign slot 1 to a chassis partition named default
and verify that it is correctly assigned:
syscon-1-active(config)# slots slot 1 partition default
syscon-1-active(config-slot-1)# commit
Commit complete.
syscon-1-active(config-slot-1)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config slots slot 1
slots slot 1
enabled
partition default
!
Assign slots two through four to a chassis partition named default
:
syscon-1-active(config)# slots slot 2-4 partition default
COMMAND
system aaa authentication config authentication-method
DESCRIPTION
Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.
ARGUMENTS
EXAMPLE
Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password
):
syscon-1-active(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }
COMMAND system aaa authentication config basic
DESCRIPTION Specify whether to use basic authentication (user name and password) on the system.
ARGUMENTS
enabled
to enable basic authentication or disabled
to disable it. The default value is enabled
.Note: When the system aaa authentication config basic
is changed from enabled to disabled or vice versa, the system prompts for your confirmation to proceed to restart the HTTP service.
EXAMPLE
Enable basic authentication from disable:
syscon-1-active(config)# system aaa authentication config basic disabled
syscon-1-active(config)# commit
syscon-1-active(config)# system aaa authentication config basic enabled
Changing the basic auth will restart the HTTP service.Proceed? { yes, no } yes
syscon-1-active(config)# commit
COMMAND system aaa authentication config cert-auth
DESCRIPTION Specify whether to use client certificates for authentication.
ARGUMENTS
enabled
to enable client certificate authentication or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable client certificates for authentication:
syscon-1-active(config)# system aaa authentication config cert-auth enabled
COMMAND system aaa authentication clientcert config client-cert-name-field
DESCRIPTION
Specify the client certificate name, which is the field from which the username is extracted from the client certificate. The extracted username must exist in the system before a user logs in and authenticates. Otherwise, the login will fail. This option is visible and configurable only when you have enabled cert-auth
.
If you use LDAP as an authentication method, the LDAP server must be configured before you configure client certificate authentication, and the extracted username from the client certificate must match the existing user in the LDAP server.
ARGUMENTS
EXAMPLES
Use subjectname-cn as the client certificate name field:
syscon-1-active(config)# system aaa authentication clientcert config client-cert-name-field subjectname-cn
Configure an OID using three different valid formats:
syscon-1-active(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID UPN
syscon-1-active(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.1
syscon-1-active(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.3.6.1.4.1.311.20.2.3
COMMAND system aaa authentication config superuser-bash-access
DESCRIPTION
Controls whether users with the superuser
role are given bash
shell access. The default is false.
Note: To maintain enhanced system security, F5 recommends you to set the superuser-bash-access
flag to false
when bash access is not required for non-’root’ users.
ARGUMENTS
true
to enable bash
shell access or false
to disable it. The default value is false
.EXAMPLE
Enable bash
shell access for users with the superuser
role:
syscon-1-active(config)# system aaa authentication state superuser-bash-access true
COMMAND system aaa authentication ldap active_directory
DESCRIPTION
Specify whether to enable LDAP Active Directory (AD).
ARGUMENTS
true
to enable LDAP AD or false
to disable it. The default value is false
.EXAMPLE
Enable LDAP AD on the system:
syscon-1-active(config)# system aaa authentication ldap active_directory true
COMMAND
system aaa authentication ldap base
DESCRIPTION
Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
syscon-1-active(config)# system aaa authentication ldap base dc=xyz,dc=com
syscon-1-active(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }
COMMAND system aaa authentication ldap bind_timelimit
DESCRIPTION
Specify a maximum amount of time to wait for LDAP authentication to return a result.
ARGUMENTS
30
.EXAMPLE
Set a maximum bind time limit of 60
seconds:
syscon-1-active(config)# system aaa authentication ldap bind_timelimit 60
COMMAND
system aaa authentication ldap binddn
DESCRIPTION
Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
Set the distinguished name of a specified account for searching the base DN:
syscon-1-active(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
COMMAND
system aaa authentication ldap bindpw
DESCRIPTION
Specify the password of the search account identified in binddn.
ARGUMENTS
EXAMPLE
Specify a password for the search account on the LDAP server:
syscon-1-active(config)# system aaa authentication ldap bindpw <password>
COMMAND system aaa authentication ldap chase-referrals
DESCRIPTION Specify whether automatic referral chasing should be enabled.
ARGUMENTS
true
to enable referral chasing or false
to disable it. The default value is false
.COMMAND
system aaa authentication ldap idle_timelimit
DESCRIPTION
Configure the maximum amount of time before the LDAP connection can be inactive before it times out.
ARGUMENTS
30
.EXAMPLE
Set a maximum idle timeout of 60
seconds:
syscon-1-active(config)# system aaa authentication ldap idle_timelimit 60
COMMAND
system aaa authentication ldap ldap_version
DESCRIPTION
Specify the LDAP protocol version number.
ARGUMENTS
3
.EXAMPLE
Specify that LDAPv3 is used for the LDAP server:
syscon-1-active(config)# system aaa authentication ldap ldap_version 3
COMMAND
system aaa authentication ldap ssl
DESCRIPTION
Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.
ARGUMENTS
EXAMPLE
Specify that TLS is enabled for all connections:
syscon-1-active(config)# system aaa authentication ldap ssl on
COMMAND
system aaa authentication ldap timelimit
DESCRIPTION
Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.
ARGUMENTS
EXAMPLE
Specify a maximum time limit of 60
seconds for LDAP searches:
syscon-1-active(config)# system aaa authentication ldap timelimit 60
COMMAND
system aaa authentication ldap tls_cacert
DESCRIPTION
Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.
ARGUMENTS
EXAMPLE
Specify a certificate for authenticating the TLS connection:
syscon-1-active(config)# system aaa authentication ldap tls_cacert <path_to_cacert>.pem
COMMAND
system aaa authentication ldap tls_cert
DESCRIPTION
Specify the file that contains the certificate for the client's key.
ARGUMENTS
EXAMPLE
Specify a file that contains the certificate for a client's key:
syscon-1-active(config)# system aaa authentication ldap tls_cacert <path_to_cacert>.pem
COMMAND
system aaa authentication ldap tls_ciphers
DESCRIPTION
Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
ARGUMENTS
EXAMPLE
Specify the cipher suite for the TLS library in use:
syscon-1-active(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
COMMAND
system aaa authentication ldap tls_key
DESCRIPTION
Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert
command.
ARGUMENTS
system aaa authentication ldap tls_cert
command.COMMAND
system aaa authentication ldap tls_reqcert
DESCRIPTION
Specify what checks to perform on certificates in a TLS session. The default value is never
.
ARGUMENTS
EXAMPLE
Specify that a certificate is not required for a TLS session:
syscon-1-active(config)# system aaa authentication ldap tls_reqcert never
COMMAND system aaa authentication ocsp config enabled
DESCRIPTION Specify whether to use Online Certificate Status Protocol (OCSP) for certificate validation.
ARGUMENTS
enabled
to enable OCSP or disabled
to disable it. The default value is disabled
.COMMAND system aaa authentication ocsp config nonce-request
DESCRIPTION Specify whether queries to Online Certificate Status Protocol (OCSP) responders should include a nonce (a unique identifier) in the request.
ARGUMENTS
on
to enable nonce or off
to disable it. The default value is on
.EXAMPLE
Enable nonce for OCSP:
syscon-1-active(config)# system aaa authentication ocsp config nonce-request on
COMMAND system aaa authentication ocsp config override-responder
DESCRIPTION Specify whether the Online Certificate Status Protocol (OCSP) default responder is required for certificate validation.
ARGUMENTS
on
to require the OCSP default responder URI or off
to disable the requirement. The default value is off
.EXAMPLE
Specify that the default responder is required:
syscon-1-active(config)# system aaa authentication ocsp config override-responder on
COMMAND system aaa authentication ocsp config response-max-age
DESCRIPTION Specify the maximum amount of time, in seconds, for Online Certificate Status Protocol (OCSP) responses.
ARGUMENTS
EXAMPLE
Specify a maximum response age:
syscon-1-active(config)# system aaa authentication ocsp config response-max-age 2
COMMAND system aaa authentication ocsp config response-time-skew
DESCRIPTION Specify the maximum allowable time skew, in seconds, for Online Certificate Status Protocol (OCSP) response validation.
ARGUMENTS
EXAMPLE
Specify a maximum time for response validation:
syscon-1-active(config)# system aaa authentication ocsp config response-time-skew 52
COMMAND
system aaa authentication roles role
DESCRIPTION
Specify the primary role assigned to the user.
ARGUMENTS
EXAMPLE
Configure which rolename and system group ID is used for a specified role:
syscon-1-active(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>
Configure an LDAP group for a specified role:
syscon-1-active(config)# system aaa authentication roles role admin config ldap-group
(<string>): cn=my_ldap_group
COMMAND
system aaa authentication users user
DESCRIPTION
Configure options for users.
ARGUMENTS
-1
(no expiration date). Use 1
to indicate expired.0
to force a password change.EXAMPLE
Configure a user named jdoe
so that the user must change their password at their next log in and indicate that the account has no expiration date:
syscon-1-active(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
COMMAND
system aaa password-policy config apply-to-root
DESCRIPTION
Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true
), the system returns an error on failed check if the root user changing the password. If disabled (false
), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.
ARGUMENTS
true
to enforce password policies even if it is the root user configuring passwords or false
to disable it. The default value is false
.COMMAND
system aaa password-policy config max-age
DESCRIPTION
Configure the number of days that users can keep using the same password without changing it.
ARGUMENTS
-1
to indicate that the password never expires.COMMAND system aaa password-policy config max-class-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters, digits, or special characters (such as '!@#$%') are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config max-letter-repeat
DESCRIPTION Configure how many repeated lowercase letters are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config max-login-failures
DESCRIPTION
Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.
ARGUMENTS
COMMAND system aaa password-policy config max-sequence-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters or digits are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND
system aaa password-policy config min-length
DESCRIPTION
Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9
. If you want to allow passwords that are as short as 5 characters, you should not use min-length
.
ARGUMENTS
COMMAND
system aaa password-policy config reject-username
DESCRIPTION
Check whether the user name is contained in the new password, either in straight or reversed form. Passwords that do not meet this requirement are invalid.
ARGUMENTS
false
to allow the user name in a new password or true
to reject new passwords that contain the user name in some form. The default value is false
.COMMAND
system aaa password-policy config required-differences
DESCRIPTION
Configure the number of character changes that are required in the new password that differentiate it from the old password.
ARGUMENTS
5
.COMMAND
system aaa password-policy config required-lowercase
DESCRIPTION
Configure the minimum number of lowercase character required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-numeric
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-special
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config required-uppercase
DESCRIPTION
Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND
system aaa password-policy config retries
DESCRIPTION
Configure the number of retries allowed when user authentication is unsuccessful.
ARGUMENTS
COMMAND
system aaa password-policy config root-lockout
DESCRIPTION
Configure whether the root account can be locked out after unsuccessful login attempts.
ARGUMENTS
false
to disable root lockout after a number of unsuccessful login attempts or true
to enable it. The default value is false
.COMMAND system aaa password-policy config root-unlock-time
DESCRIPTION
Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.
ARGUMENTS
COMMAND
system aaa password-policy config unlock-time
DESCRIPTION
Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.
ARGUMENTS
COMMAND
system aaa primary-key set
DESCRIPTION
Change the system primary encryption key with passphrase and salt. This is useful while migrating configuration from one machine to another.
ARGUMENTS
EXAMPLE
Change the primary key, set a passphrase and salt, and then display the status of the key migration process:
syscon-1-active(config)# system aaa primary-key set
Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): ******
Value for 'salt' (<string, min: 6 chars, max: 255 chars>): *********
Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): *********
response description: Key migration is initiated. Use 'show system primary-key state status' to get status
syscon-1-active# show system aaa primary-key state
system aaa primary-key state hash Jt221bA3Xf3V2ClXPY9pdfQzauNUGODq4EseXZbKcD/4G+Dr3u6hyFoahL+r3iIopJm4IzIInSwYsilAGdY08w==
system aaa primary-key state status "COMPLETE Initiated: Fri Jan 29 22:33:02 2021"
[root@controller-1 ~]#
COMMAND system aaa restconf-token config lifetime
DESCRIPTION Specify a token lifetime for RESTCONF.
ARGUMENTS
15
.EXAMPLE
Configure the token lifetime to be 120 minutes:
syscon-1-active(config)# system aaa restconf-token config lifetime 120
COMMAND system aaa restconf-token invalidate id
DESCRIPTION Invalidate a RESTCONF token.
ARGUMENTS
EXAMPLE
The example below show invalidating a token:
syscon-1-active(config)# system aaa restconf-token invalidate id eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTZXNzaW9uIElEIjoidGVzdDExNzE4MzQ0NjA3IiwiYXV0aGluZm8iOiJhZG1pbiAxMDA0IDkwMDAgXC92YXJcL0Y1XC9zeXN0ZW0iLCJidWZmZXJ0aW1lbGltaXQiOiIxMDAiLCJleHAiOjE3MTgzNDQ5MDcsImlhdCI6MTcxODM0NDYwNywicmVuZXdsaW1pdCI6IjUiLCJ1c2VyaW5mbyI6InRlc3QxIDE3Mi4xOC4yMzguODkifQ.5rnyGIoZ9rTRGRMSnJ_1HRoNEvYvRwI0609qWG6nZzU
COMMAND
system aaa server-groups server-group
DESCRIPTION
Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.
ARGUMENTS
3
(seconds).389
.LDAP
(LDAP over TCP).EXAMPLES
Create a server group named radius-test
of type RADIUS
, assign a specific RADIUS server with the group, and then configure a secret key:
syscon-1-active(config)# system aaa server-groups server-group radius-test
syscon-1-active(config-server-group-radius-test)# config type RADIUS
syscon-1-active(config-server-group-radius-test)# config name radius-test
syscon-1-active(config-server-group-radius-test)# commit
Commit complete.
syscon-1-active(config-server-group-radius-test)#
syscon-1-active(config)# system aaa server-groups server-group radius-test servers server 192.0.2.10 config address 192.0.2.10
syscon-1-active(config-server-192.0.2.10)# radius config secret-key radius-key'
syscon-1-active(config-server-192.0.2.10)# commit
Create a server group named ldap-test
of type LDAP
, assign a specific LDAP server with the group, and then set the LDAP type as LDAP over TCP:
syscon-1-active(config)# system aaa server-groups server-group ldap-test
syscon-1-active(config-server-group-ldap-test)# config type LDAP
syscon-1-active(config-server-group-ldap-test)# config name ldap-test
syscon-1-active(config-server-group-ldap-test)# commit
Commit complete.
syscon-1-active(config-server-group-ldap-test)#
syscon-1-active(config)# system aaa server-groups server-group ldap-test servers server 192.0.2.10 config address 192.0.2.10
syscon-1-active(config-server-192.0.2.10)# ldap config type ldap
syscon-1-active(config-server-192.0.2.10)# commit
COMMAND
system aaa tls config certificate
DESCRIPTION
Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.
ARGUMENTS
EXAMPLE
Add a certificate and key to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key
, and then commit the changes:
syscon-1-active(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-1-active(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-1-active(config)# commit
Commit complete.
COMMAND
system aaa tls config key
DESCRIPTION
Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. The key value is encrypted in database storage.
ARGUMENTS
EXAMPLE
Add a TLS key and certificate to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate
:
syscon-1-active(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-1-active(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-1-active(config)# commit
Commit complete.
COMMAND system aaa tls config passphrase
DESCRIPTION Specify the encryption passphrase for PEM-encoded private key.
ARGUMENTS
COMMAND system aaa tls config verify-client
DESCRIPTION Enable verification of httpd client certificates.
ARGUMENTS
true
to enable httpd client certificate verification or false
to disable it. The default value is false
.COMMAND system aaa tls config verify-client-depth
DESCRIPTION
Configure client certificate verification depth, which indicates the maximum number of Certificate Authority (CA) certificates allowed to be followed while verifying the client certificate. You might need to raise the default depth if you received more than one chained root certificate in addition to a client certificate from your CA. The default depth of 1
indicates that the client certificate can be self-signed or must be signed by a CA that is known to the server. A depth of 0
indicates that only self-signed client certificates are accepted.
ARGUMENTS
1
. EXAMPLE
Specify a depth of 10:
syscon-1-active(config)# system aaa tls config verify-client-depth 10
COMMAND system aaa tls crls crl
DESCRIPTION Configure a Certificate Revocation List Entry (CRL).
ARGUMENTS
EXAMPLE
Add a new CRL to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the CRL key.
syscon-2-active(config)# system aaa tls crls crl *crl Name*
Value for 'config revocation-key' (<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-2-active(config)# commit
Commit complete.
COMMAND system aaa tls create-self-signed-cert
DESCRIPTION Create an OpenSSL key for use with AAA/TLS.
ARGUMENTS
secp521r1
. Available options are:true
to store the self-signed certificate pair in the the system-aaa-tls-config or false
to specify that it should not be stored.EXAMPLE
Create a private key and self-signed certificate:
syscon-1-active(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacd9H4cMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----
COMMAND system aaa tls create-csr
DESCRIPTION Create a certificate signing request (CSR).
ARGUMENTS
secp521r1
. Available options are:EXAMPLE
Create a CSR:
system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
response -----BEGIN CERTIFICATE REQUEST-----
JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
0ov+Osy2iA==
-----END CERTIFICATE REQUEST-----
COMMAND system allowed-ips allowed-ip
DESCRIPTION
Configure the system to allow traffic only from specified IP addresses. Applies only to these ports: 22 (SSH), 80 (HTTP), 161 (SNMP), 443 (HTTPS), 7001 (VCONSOLE), and 8888 (RESTCONF).
ARGUMENTS
EXAMPLE
Add a specified IPv4 address to the system allow list:
syscon-1-active(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
COMMAND system appliance-mode config
DESCRIPTION Configure whether appliance mode is enabled or disabled on the system controller controller. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:
system appliance-mode
on the system controller.system appliance-mode
on the chassis partition.tenants tenant <tenant-name\> config appliance-mode
on the chassis partition.ARGUMENTS
enabled
to enable appliance mode on the system controller. Specify disabled
to disable it.EXAMPLE
Enable appliance mode and then verify that appliance mode is enabled:
syscon-1-active(config)# system appliance-mode config enabled
syscon-1-active(config)# commit
syscon-1-active(config)# exit
syscon-1-active# show system appliance-mode
system appliance-mode state enabled
Disable appliance mode and then verify that appliance mode is disabled:
syscon-1-active(config)# system appliance-mode config disabled
syscon-1-active(config)# commit
syscon-1-active(config)# exit
syscon-1-active# show system appliance-mode
system appliance-mode state disabled
COMMAND system clock
DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid timezone names, see www.iana.org/time-zones.
ARGUMENTS
EXAMPLES
Configure the system to use the America/Los_Angeles time zone:
syscon-1-active(config)# system clock config timezone-name America/Los_Angeles
Configure the system to use the Asia/Calcutta time zone:
syscon-1-active(config)# system clock config timezone-name Asia/Calcutta
COMMAND system database config-backup
DESCRIPTION Generate a backup of the system configuration in the form of an XML file.
ARGUMENTS
yes
to overwrite the file if a file by that name exists or no
to disable the file overwrite. The default value is no
.EXAMPLE
Create a backup file of the system configuration named backup-march2021
and overwrite it if a file by that name already exists:
syscon-1-active(config)# system database config-backup name backup-march2021 overwrite true
response Succeeded.
COMMAND system database config-restore
DESCRIPTION Restore the system configuration from an XML backup file.
ARGUMENTS
EXAMPLE
Restore the system configuration from a backup file named backup-march2021
:
syscon-1-active(config)# system database config-restore name backup-march2021
COMMAND system database reset-to-default
DESCRIPTION Revert the system to the default configuration and clear any existing configuration information.
IMPORTANT: This deletes all configuration on the system, including IP addresses, passwords, all chassis partition configuration, and tenant images.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default or yes
to bypass a confirmation prompt.EXAMPLE
Revert the system to the default configuration:
syscon-1-active(config)# system database reset-to-default proceed yes
Removing all user configuration will delete partitions and stop traffic processing. [no,yes]
COMMAND system dbvars config debug
DESCRIPTION Set debug variables (dbvars) for various components.
ARGUMENTS
The availability of options for this command depends on which debug variable you are configuring.
COMMAND system diagnostics core-files list
DESCRIPTION List core files for the VELOS system.
EXAMPLE
List all core files on the system:
syscon-1-active# system diagnostics core-files list
files { controller-1:/diags/shared/core/container/authd-1.core.gz controller-1:/diags/shared/core/container/orchestration_m-1.core.gz controller-1:/diags/shared/core/host/test-1.core.gz controller-2:/diags/shared/core/container/test-1.core.gz controller-2:/diags/shared/core/host/test-2.core.gz }
COMMAND system diagnostics core-files delete
DESCRIPTION Delete core files from the VELOS system.
ARGUMENTS
EXAMPLE
Delete selected core files from the system:
syscon-1-active# system diagnostics core-files delete files { controller-1:/diags/shared/core/host/test-1.core.gz }
COMMAND system diagnostics ihealth config authserver
DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token.
Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
EXAMPLE
Specify an authentication server for the iHealth service:
syscon-1-active(config)# system diagnostics ihealth config authserver
(<string>) (https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token): https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
COMMAND system diagnostics ihealth config clientid
DESCRIPTION Specify the client identifier used to access iHealth. Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
COMMAND system diagnostics ihealth config clientsecret
DESCRIPTION Specify the secret associated with the client identifier for iHealth.
ARGUMENTS
COMMAND system diagnostics ihealth config server
DESCRIPTION Specify the iHealth service that has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.
ARGUMENTS
EXAMPLE
Specify an upload server for the iHealth service:
syscon-1-active(config)# system diagnostics ihealth config server
(<string>) (https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth2-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
COMMAND system diagnostics ihealth upload
DESCRIPTION Initiate a qkview-file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.
ARGUMENTS
system diagnostics qkview list
command to see a list of available files.
Note: Be sure to add /diags/shared/QKView/
as a prefix to the QKView file name.EXAMPLE
Upload a file named /diags/shared/qkview/test.qkview
to iHealth:
syscon-1-active(config)# system diagnostics ihealth upload qkview-file /diags/shared/qkview/test.qkview description testing service-request-number C523232
message HTTP/1.1 202 Accepted
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:09:08 GMT
Content-Length: 0
COMMAND system diagnostics ihealth cancel
DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.
ARGUMENTS
EXAMPLE
Cancel the QKView upload with an upload-id
of iuw53AYW
.
syscon-1-active(config)# system diagnostics ihealth cancel upload-id iuw53AYW
message HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:10:01 GMT
Content-Length: 44
COMMAND system diagnostics os-utils
DESCRIPTION Provides the capability to restart platform services from the CLI.
ARGUMENTS
EXAMPLES
This example shows restarting the docker service platform monitor:
syscon-1-active(config)# system diagnostics os-utils docker restart node controller-1 service platform-monitor
Restarting container affects configuration and data path. Do you want to proceed? [yes/no] yes
result platform-monitor restarted successfully
Note: The below list of services are restricted from docker restart. - Chassis system controller: controller-identifier - Chassis blade: part_*_vers - cc-switchd
COMMAND system diagnostics proxy
DESCRIPTION Configure a web proxy to upload QKView files to F5 iHealth. This is useful when the VELOS system does not have internet access to reach f5.com.
ARGUMENTS
EXAMPLES
Configure the system to connect to a web proxy using specified credentials:
syscon-1-active(config)# system diagnostics proxy config proxy-server 192.0.2.111 proxy-username jdoe proxy-password
(<AES encrypted string>): ******
Configure a proxy server using the IP address 192.0.2.20 and port 3128:
syscon-1-active(config)# system diagnostics proxy config proxy-server http://192.0.2.20:3128
COMMAND system diagnostics qkview capture
DESCRIPTION Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in a single directory, depending on where the QKView file is executed.
If you request a QKView on a system controller or chassis partition, QKView files are stored in the host directory: diags/shared/qkview/
.
ARGUMENTS
<system-name>.qkview
.0
, which indicates no timeout.true
if core files should be excluded from QKView. The default value is false
.25
MB.500
MB.EXAMPLE
Generate a QKView and name the file client-qkview.tar
, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout:
syscon-1-active# system diagnostics qkview capture filename client-qkview.tar exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
result Qkview file client-qkview.tar is being collected
return code 200
syscon-1-active# system diagnostics qkview status
result {"Busy":true,"Percent":6,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview.tar"}
resultint 0
syscon-1-active# system diagnostics qkview capture
result Qkview file controller-1.qkview is being collected
return code 200
resultint 0
syscon-1-active# system diagnostics qkview capture filename tryagain.tar
result Qkview capture can not be initiated. Another Qkview capture is already in progress
return code 429
resultint -10
COMMAND system diagnostics qkview cancel
DESCRIPTION Cancel a QKView that is in progress.
ARGUMENTS This command has no arguments.
EXAMPLE
Cancel the currently running QKView:
syscon-1-active# system diagnostics qkview cancel
result Qkview with filename client-qkview.tar was canceled
return code 200
resultint 0
COMMAND system diagnostics qkview status
DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.
ARGUMENTS This command has no arguments.
EXAMPLE
View the status of the currently running QKView:
syscon-1-active# system diagnostics qkview status
result {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
resultint 0
syscon-1-active# system diagnostics qkview status
result {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
resultint 0
COMMAND system diagnostics qkview delete
DESCRIPTION Delete a QKView file.
ARGUMENTS
EXAMPLE
Delete the QKView file named client-qkview.tar.canceled
.
syscon-1-active# system diagnostics qkview delete filename client-qkview.tar.canceled
result Deleted Qkview file client-qkview.tar.canceled
return code 200
resultint 0
COMMAND system diagnostics qkview list
DESCRIPTION Show a list of QKView files.
ARGUMENTS This command has no arguments.
EXAMPLE
List all QKView files on the system:
syscon-1-active# system diagnostics qkview list
result {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2020-10-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2020-10-26T23:37:43.786269089Z","Size":668708104}]}
resultint 0
COMMAND system dns servers
DESCRIPTION Configure a DNS server for the system controller to use.
ARGUMENTS
53
.EXAMPLE
Configure a DNS server and then verify that it was completed:
syscon-1-active(config)# system dns servers server 192.0.2.20 config address 192.0.2.20 port 53
syscon-1-active(config-server-192.0.2.20)# commit
Commit complete.
syscon-1-active(config-server-192.0.2.20)# exit
syscon-1-active(config)# exit
syscon-1-active# show running-config system dns
system dns servers server 192.0.2.20
config address 192.0.2.20
config port 53
!
COMMAND system dns host-entries host-entry
DESCRIPTION Configure a DNS host entry for the system to use.
ARGUMENTS
COMMAND system image check-version
DESCRIPTION Check whether the system is compatible with a specific system image service version upgrade version.
ARGUMENTS
EXAMPLE
Verify that the system is compatible with service version number 1.6.0-7891:
syscon-1-active(config)# system image check-version service-version 1.6.0-7891
COMMAND system image set-version
DESCRIPTION Trigger an install after verifying schema compatibility using check-version. This upgrades software on one system controller at a time, without an interruption to system controller availability.
ARGUMENTS
EXAMPLES
Upgrade the system to iso version 1.6.0-7891:
syscon-1-active(config)# system image set-version iso-version 1.6.0-7891
Upgrade the os version to 1.6.0-7891:
syscon-1-active(config)# system image set-version os-version 1.6.0-7891
Upgrade the service version to 1.6.0-7891:
syscon-1-active(config)# system image set-version service-version 1.6.0-7891
COMMAND system image install-abort
DESCRIPTION Cancel an in-progress or pending rolling upgrade of system controller software.
ARGUMENTS
This command has no arguments.
EXAMPLE
Cancel an in-progress software installation:
system image install-abort
You are cancelling rolling upgrade, and may require manual recovery. Do you wish to proceed? [no,yes] yes
syscon-1-active# show system image
SERVICE ISO INSTALL
NUMBER OS VERSION VERSION VERSION STATUS
--------------------------------------------------
1 1.6.0-7891 1.6.0-7891 - aborted
2 1.6.0-7891 1.6.0-7891 - aborted
COMMAND system licensing get-dossier
DESCRIPTION Generate an encrypted system dossier that can be used for retrieving a license from the F5 license server. This is used to perform a manual license installation.
ARGUMENTS
EXAMPLE
Get a system licensing dossier from F5:
syscon-1-active(config)# system licensing get-dossier
system-dossier 3446aa94eaa020b4ccb57a495d8589771b03556ffa0fc89fe8ae2e301dba149163ce139fb3a94333b6e8ecd28053bd97f541649c2c61756712c1d105b6d637c472b5642cf87064ba3ce9bee90e97df863876f885c3015ca2d4fb8bd02898f2912a0f5a161025baf42494279291ac4518578b5ce04fd03af1a44b793b13ddaa81552f46e205aee75d0c3f81c19bf7411bb9549f31d3d856f2bda42125113b5a6892fc3858b525016defe1636cdad2020ffd297c53a8acefa1b093d3d5609269f6483896402f800d40b8f3cb571a9ab0ea482707bd6e7b34545feb966c5e33ba8d6519486eba2fbeb15eda6761f9df0c9ac3a597becf272fb468465793fbbdc86b96c7a95ab44d925ec8677b060552a8415d93ed9e947039cc27b5a734b6e29f83b38fd6d49ba2bff5bde9df7e400632e434698ebd5a5b441f6915f1d1c884b2be52638e7f46b0ca880a1e6ecbbc67091b9938b0039c4c3ed80d808543cff5875b7b081058a6a263cfd6d72f08c06a58a4b13060543647a9979694a0db7c8816d96fd5fa233c878fb472915e0c241a0ee0898d959315d0a3e0daa933ce208a5c0444871001c8aca507a537fe0a7625ce026113ce46cc9d22b09993f67c5dc2084775e221c9ba8a47089cb35be094c70de40dfca0726bde9ea3a6b9b8b0f3b5d054464f3357b07c7cba243a70c011ee5d856337e1465adf94b0dafbbe647c9f6d5a
COMMAND system licensing get-eula
DESCRIPTION Retrieve the End User License Agreement (EULA) from the F5 License Server.
ARGUMENTS
EXAMPLE
Gets the contents of the latest F5 EULA:
syscon-1-active(config)# system licensing get-eula
eula-text END USER LICENSE AGREEMENT
DOC-0355-16
IMPORTANT " READ BEFORE INSTALLING OR OPERATING THIS PRODUCT
YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BY INSTALLING,
HAVING INSTALLED, COPYING, OR OTHERWISE USING THE SOFTWARE. IF YOU
DO NOT AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
This End User License Agreement ("License") applies to the software
product(s) ("Software") you have licensed from us whether on
a stand-alone basis or as part of any hardware ("Hardware") you
purchase from us, (the Hardware and Software together, the "Product").
...
COMMAND system licensing install
DESCRIPTION Perform an automatic system license installation. The system must be connected to the Internet to use the automatic method.
ARGUMENTS
EXAMPLE
Install a base license on the system:
syscon-1-active(config)# system licensing install registration-key Y0922-72141-80658-12653-0642460 proxy-server http://192.0.2.20:3128 proxy-username root proxy-password
Value for 'proxy-password' (<AES encrypted string>): *******
result License installed successfully.
COMMAND system licensing manual-install
DESCRIPTION Perform a manual system license installation.
ARGUMENTS
system licensing manual-install
, you use system licensing get-dossier
to get the system dossier text, and then activate the license at activate.f5.com.EXAMPLE
License the system using license information from activate.f5.com:
syscon-1-active(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
> #
> Auth vers : 5b
> #
> #
> # BIG-IP System License Key File
> # DO NOT EDIT THIS FILE!!
> #
> # Install this file as "/config/bigip.license".
> #
> # Contact information in file /CONTACTS
> #
> #
> # Warning: Changing the system time while this system is running
> # with a time-limited license may make the system unusable.
> #
> Usage : F5 Internal Product Development
> #
> #
> # Only the specific use referenced above is allowed. Any other uses are prohibited.
> #
> Vendor : F5 Networks, Inc.
> #
> # Module List
> #
> active module : Local Traffic Manager, CX410|Y123456-7890123|FIPS 140-2 Compliant Mode, CX410|APM-Lite|Rate Shaping|Max Compression, CX410|DNS-GTM, Base|Max SSL, CX410|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
> optional module : Access Policy Manager, Base, CX410
> optional module : Access Policy Manager, Max, CX410
> optional module : Advanced Firewall Manager, CX410
...
COMMAND system locator config enabled
DESCRIPTION Configure whether the system locator function is enabled. Enabling this function illuminates the F5 logo ball so that you can more easily locate a chassis in a data center.
ARGUMENTS
enabled
to enable the chassis locator function or disabled
to disable it.COMMAND system logging remote-servers remote-server
DESCRIPTION Configure information about remote logging servers.
ARGUMENTS
disabled
.udp
.514
.EXAMPLE
Create a logging destination:
syscon-1-active(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
Delete a logging destination:
syscon-1-active(config)# no system logging remote-servers remote-server 192.0.2.240
COMMAND system logging host-logs
DESCRIPTION Configure settings for sending host logs to remote logging servers.
ARGUMENTS
enabled
to enable remote forwarding of active node host logs. Specify disabled
to disable it.host-logs
is enabled and a remote server configuration is present. Available options are:EXAMPLE
Enable remote forwarding:
syscon-1-active(config)# system logging host-logs config remote-forwarding enabled
COMMAND system logging sw-components sw-component
DESCRIPTION Configure logging for platform software components. Available options are:
ARGUMENTS
COMMAND system logging tls ca-bundles ca-bundle
DESCRIPTION Specify a certificate authority bundle.
ARGUMENTS
COMMAND system logging tls certificate
DESCRIPTION Specify the PEM-encoded certificate.
ARGUMENTS
COMMAND system logging tls key
DESCRIPTION Specifies the PEM-encoded private key.
ARGUMENTS
COMMAND system logging config include-hostname
DESCRIPTION Configure the settings to include hostname in the logs.
ARGUMENTS
EXAMPLE
Configure the logging to be true:
test-hostname# show system logging
system logging state include-hostname true
test-hostname#
f5lab.f5net.com# show system logging
system logging state include-hostname true
f5lab.f5net.com#
COMMAND system mgmt-ip config dhcp-enabled
DESCRIPTION Enable or disable DHCP for controller management IP address.
ARGUMENTS
true
to enable DHCP for the management IP address or false
to disable it. The default value is false
.EXAMPLE
Enable DCHP for the management IP address:
syscon-1-active(config)# system mgmt-ip config dhcp-enabled true
COMMAND system mgmt-ip config ipv4 controller-1
DESCRIPTION Configure the IPv4 management IP address for system controller 1.
ARGUMENTS
EXAMPLE
Configure the IPv4 management IP address for controller-1 to be 192.0.2.2:
syscon-1-active(config)# system mgmt-ip config ipv4 controller-1 address 192.0.2.2
COMMAND system mgmt-ip config ipv4 controller-2
DESCRIPTION Configure the IPv4 management IP address for system controller 2.
ARGUMENTS
EXAMPLE
Configure the IPv4 management IP address for controller-2 to be 192.0.2.3:
syscon-1-active(config)# system mgmt-ip config ipv4 controller-2 address 192.0.2.3
COMMAND system mgmt-ip config ipv4 floating
DESCRIPTION Configure the floating IPv4 management address.
ARGUMENTS
EXAMPLE
Configure the floating IPv4 management IP address to be 192.0.2.4:
syscon-1-active(config)# system mgmt-ip config ipv4 floating address 192.0.2.4
COMMAND system mgmt-ip config ipv4 gateway
DESCRIPTION Configure the gateway IPv4 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv4 address to be 192.0.2.1:
syscon-1-active(config)# system mgmt-ip config ipv4 gateway 192.0.2.1
COMMAND system mgmt-ip config ipv4 prefix-length
DESCRIPTION Configure the IPv4 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv4 prefix length to be 24:
syscon-1-active(config)# system mgmt-ip config ipv4 prefix-length 24
COMMAND system mgmt-ip config ipv6 controller-1
DESCRIPTION Configure the IPv6 management IP address for system controller 1.
ARGUMENTS
EXAMPLE
Configure the IPv6 management IP address for controller-1 to be ::2:
syscon-1-active(config)# system mgmt-ip config ipv6 controller-1 address ::2
COMMAND system mgmt-ip config ipv6 controller-2
DESCRIPTION Configure the IPv6 management IP address for system controller 2.
ARGUMENTS
EXAMPLE
Configure the IPv6 management IP address for controller-2 to be ::3:
syscon-1-active(config)# system mgmt-ip config ipv6 controller-2 address ::3
COMMAND system mgmt-ip config ipv6 floating
DESCRIPTION Configure the floating IPv6 management address.
ARGUMENTS
EXAMPLE
Configure the floating IPv6 management IP address to be ::4:
syscon-1-active(config)# system mgmt-ip config ipv6 floating address ::4
COMMAND system mgmt-ip config ipv6 gateway
DESCRIPTION Configure gateway IPv6 address.
ARGUMENTS
EXAMPLE
Configure the gateway IPv6 address to be ::1:
syscon-1-active(config)# system mgmt-ip config ipv6 gateway ::1
COMMAND system mgmt-ip config ipv6 prefix-length
DESCRIPTION Configure IPv6 prefix length.
ARGUMENTS
EXAMPLE
Configure the IPv6 prefix length to be 64:
syscon-1-active(config)# system mgmt-ip config ipv6 prefix-length 64
COMMAND system mgmt-ip config mgmt-vlan
DESCRIPTION Configure management VLANs for management IP address for system controller.
ARGUMENTS
<vlan-id> - type: unsigned short - description: Numerical value of the VLAN tag associated with the MGMT VLAN. The range is from 1 to 4094 or untagged.
EXAMPLE
Configure management VLAN with an ID to be 11
for management IP address for system controller:
syscon-1-active(config)# system mgmt-ip config mgmt-vlan 11
DESCRIPTION Set the chassis ID that is used to determine internal address ranges.
IMPORTANT: F5 strongly recommends that you do not change this setting.
ARGUMENTS
1
.DESCRIPTION Configure the internal address range.
ARGUMENTS
prefix
. This is the default value.EXAMPLE
Configure the range type to be RFC6598:
syscon-1-active(config)# system network config network-range-type RFC6598
COMMAND system ntp config enable-ntp-auth
DESCRIPTION
Enable Network Time Protocol (NTP) protocol authentication for the system. NTP authentication enhances security by ensuring that the system sends time-of-day requests only to trusted NTP servers. Use the system ntp ntp-keys ntp-key
command to add the key associated with your server.
ARGUMENTS
true
to enable using NTP authentication. Specify false
to disable it.EXAMPLE
Enable the use of NTP authentication:
syscon-1-active(config)# system ntp config enable-ntp-auth true
COMMAND system ntp config
DESCRIPTION Enable the Network Time Protocol (NTP) protocol and indicate that the system should synchronize the system clock with an NTP server from a serves defined in the 'ntp/server' list.
ARGUMENTS
enabled
to enable using NTP. Specify disabled
to disable it.EXAMPLE
Disable the use of NTP:
syscon-1-active(config)# system ntp config disabled
COMMAND system ntp ntp-keys ntp-key
DESCRIPTION Configure the list of Network Time Protocol (NTP) authentication keys.
ARGUMENTS
COMMAND system ntp servers server
DESCRIPTION
Configure which NTP servers can be used for system clock synchronization. If system ntp
is enabled
, then the system will attempt to contact and use the specified NTP servers.
ARGUMENTS
SERVER
.true
to enable iburst for the NTP service. Specify false
to disable it.123
.true
to indicate that this server should be the preferred one. Specify false
if not.key-id
value must match the key-type
and key-value
values provided in system ntp ntp-keys ntp-key
on this client system, and all values must also match the server exactly. EXAMPLES
Configure an NTP server with the address pool.ntp.org
, where the association type is POOL
, and it is the preferred server:
syscon-1-active(config)# system ntp servers server pool.ntp.org config address pool.ntp.org association-type POOL prefer true
syscon-1-active(config-server-pool.ntp.org)# top
syscon-1-active(config)# system ntp config enabled
syscon-1-active(config)# commit
Commit complete.
Configure an NTP server with the address time.f5net.com
, where the association type is SERVER
, iburst is enabled, port is 123
, it is the preferred server, and version number is 4
:
syscon-1-active(config)# system ntp servers server time.f5net.com
syscon-1-active(config-server-time.f5net.com)# config address time.f5net.com
syscon-1-active(config-server-time.f5net.com)# config association-type SERVER
syscon-1-active(config-server-time.f5net.com)# config iburst true
syscon-1-active(config-server-time.f5net.com)# config port 123
syscon-1-active(config-server-time.f5net.com)# config prefer true
syscon-1-active(config-server-time.f5net.com)# config version 4
syscon-1-active(config-server-time.f5net.com)# commit
Commit complete.
COMMAND system packages package
DESCRIPTION Manage independent service packages on the system.
ARGUMENTS
EXAMPLES
Set a new version of a package:
syscon-1-active(config)# system packages package optics-mgr-independent-pkg set-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4 proceed
Possible completions:
no yes
Check the version compatibility of a package:
syscon-1-active(config)# system packages package optics-mgr-independent-pkg check-version version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
response Compatibility verification succeeded.
Remove a package version:
syscon-1-active(config)# system packages package optics-mgr-independent-pkg remove version 4.0.0.2022_08_02_16_17_05.s3a9dffb4
COMMAND system redundancy config mode
DESCRIPTION Change the system controller redundancy mode.
ARGUMENTS
EXAMPLE
Set system controller 2 as the preferred controller:
syscon-1-active(config)# system redundancy config mode prefer-2
COMMAND system redundancy go-standby
DESCRIPTION Cause currently active system controller to switch to standby.
EXAMPLE
Set the currently active system controller switch so that it is the standby controller:
syscon-1-active(config)# system redundancy go-standby
COMMAND system rollback initiate
DESCRIPTION Restores previous version of software and system configuration.
Note: You can restore previous versions of the software for F5OS 1.8.0 and higher versions.
ARGUMENTS
yes
o rollback previous version of software and system configuration. Specify no
to not proceed.EXAMPLE
The example below shows initiating system rollback:
syscon-1-active(config)# system rollback initiate
Initiating system rollback to the state created with version 1.8.0-7818 on 2024-03-27 04:44:31:00:00
This causes system to reboot and restore rollback version configuration
Proceed? [yes/no]: yes
response System rollback initiated successfully
COMMAND system security services service
DESCRIPTION Configure the SSH service (also known as sshd) to use a desired set of encryption ciphers, the HTTP service (also known as httpd) to use a desired set of KEX algorithms, and MAC algorithms to meet the security policy enforced in your environment.
ARGUMENTS
The cipher string can take several additional forms. It can consist of a single cipher suite or a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation.
You can combine lists of KEX algorithms into a single string using the + character as a logical AND operation.
You can combine lists of MAC algorithms into a single string using the + character as a logical AND operation.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
COMMAND system security integrity-check config enabled
DESCRIPTION system integrity check state
Note: Applies only to systems with the FIPS 140 add-on license.
ARGUMENTS
COMMAND system security integrity-check config threshold-value
DESCRIPTION Specify the number of times to verify the system integrity, that is, run the FIPS self tests before the system halts.
Note: Applies only to systems with the FIPS 140 add-on license.
ARGUMENTS
COMMAND system security integrity-check controllers controller
DESCRIPTION Ensure the integrity of all the installed packages and containers in the system.
Note: Applies only to systems with the FIPS 140 add-on license.
ARGUMENTS
yes
to perform an on-demand integrity check. Specify no
to skip it.COMMAND system security integrity-check controllers controller run-integrity-check
DESCRIPTION
Runs on-demand integrity check.
ARGUMENTS
yes
to perform an integrity check. Specify no
to skip it.COMMAND system snmp communities community
DESCRIPTION Configure the SNMP community name and community security model.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure the system to use only the v1 security model:
syscon-1-active(config)# system snmp communities community config v1-comm security-model v1
Configure the system use both v1 and v2c security models:
syscon-1-active(config)# system snmp communities community both-comm config security-model [ v1 v2c ]
COMMAND system snmp config port
DESCRIPTION Configure the non-default port for SNMP.
<port> - type: unsignedShort - description: port number to use for SNMP. The default value is 161. The range is from 1024 to 7000, 7033 to 8887, 8889 to 6553.
EXAMPLE
Configure the snmp port to be 8889
syscon-1-active(config)# system snmp config port 8889
COMMAND system snmp engine-id config value
DESCRIPTION Configure an SNMP engine ID.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
COMMAND system snmp targets target
DESCRIPTION Configure the SNMP target name.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure an SNMP target with a v3 user:
syscon-1-active(config)# system snmp targets target v3-target config user v3-user ipv4 address 192.0.2.224 port 5001
Configure an SNMP target with a community and a security model:
syscon-1-active(config)# system snmp targets target v2c-target config community both-comm security-model v2c ipv4 address 192.0.2.224 port 5001
COMMAND system snmp users user
DESCRIPTION Configure the user name associated with an SNMPv3 group.
ARGUMENTS
EXAMPLE
Configure an SNMP v3 user that uses MD5 and AES for authentication and privacy:
syscon-1-active(config)# system snmp users user v3-user config authentication-protocol md5 privacy-protocol aes authentication-password
(<string, min: 8 chars, max: 32 chars>): ********
syscon-1-active(config-user-v3-user)# config privacy-password
(<string, min: 8 chars, max: 32 chars>): *********
syscon-1-active(config-user-v3-user)# commit
Commit complete.
COMMAND system telemetry exporters exporter
DESCRIPTION Configure the exporter details to push the telemetry data.
ARGUMENTS
true
to enable and configure the Transport Layer Security (TLS) to secure the connections. The default option is false
.EXAMPLE
Configure a telemetry exporter:
syscon-2-active(config)# system telemetry exporters exporter test config endpoint address 10.146.243.109 port 4317 instruments [ platform hardware ] tls secure false
COMMAND system telemetry attributes attribute
DESCRIPTION Attribute name and values for all the configured exporter.
ARGUMENTS
<attribute name> value <attribute value> - type: string - description: Attribute name and values for all the configured exporters.
EXAMPLE
syscon-2-active(config)# system telemetry attributes attribute test.key config key test.key value test.value
syscon-2-active(config-attribute-test.key)# commit
Commit complete.
COMMAND system config hostname
DESCRIPTION Configure a hostname for the system.
ARGUMENTS
EXAMPLE
Configure the hostname to be test.company.com
:
syscon-1-active(config)# system config hostname test.company.com
COMMAND system config login-banner
DESCRIPTION
Configure a banner message to be displayed before users log in to the system.
ARGUMENTS
EXAMPLE
Configure a banner message:
syscon-1-active(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
COMMAND system config motd-banner
DESCRIPTION
Configure a message of the day (MOTD) banner to display after users log in to the system.
EXAMPLE
Configure a MOTD banner message:
syscon-1-active(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.
COMMAND system reboot controllers
DESCRIPTION Trigger a restart of a specified system controller. This resets the management IP connection.
ARGUMENTS
active
to restart the active system controller. Specify standby
to restart the standby system controller.EXAMPLE
Reboot the standby system controller:
syscon-1-active(config)# system reboot controllers controller standby
COMMAND system set-datetime
DESCRIPTION Configure the date and time for the system.
ARGUMENTS
EXAMPLES
Configure the system date to be 2021-01-01:
syscon-1-active(config)# system set-datetime date 2021-01-01
Configure the system time to be 12:01:00:
syscon-1-active(config)# system set-datetime date 12:01:00
COMMAND system settings config idle-timeout
DESCRIPTION Set how long the CLI is inactive before an admin user is logged out of the system. If the user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).EXAMPLE
Set the idle time to be the maximum value:
syscon-1-active(config)# system settings config idle-timeout 8192
COMMAND system settings config sshd-idle-timeout
DESCRIPTION Set how long the CLI is inactive before the root user is logged out of the system. If the root user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND system settings gui advisory config color
DESCRIPTION Configure an advisory banner, including color and text to be displayed.
ARGUMENTS
COMMAND system settings gui advisory config
DESCRIPTION Specify whether to enable an advisory banner for the system webUI.
ARGUMENTS
enabled
to enable an advisory banner or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable and configure an advisory banner:
syscon-1-active(config)# system settings gui advisory config enabled color orange text
(<string, min: 0 chars, max: 80 chars>): TEST ENVIRONMENT
COMMAND system settings gui advisory config text
DESCRIPTION Specify text displayed on advisory banner.
ARGUMENTS
COMMAND system settings config config-prompt
DESCRIPTION Set the configurational mode prompt to persist over sessions and users.
ARGUMENTS
EXAMPLE
syscon-1-active(config)# system settings config config-prompt "\u-\h[F5OS-C]\M# "
COMMAND system settings config oper-prompt
DESCRIPTION Set the operational mode prompt to persist over sessions and users.
ARGUMENTS
EXAMPLE
syscon-1-active(config)# system settings config oper-prompt "\u-\h(Velos)[\\t]# "
COMMAND autowizard
DESCRIPTION Specify whether to query automatically for mandatory elements.
ARGUMENTS
true
to query automatically for mandatory elements. Specify false
to disable it.COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND commit
DESCRIPTION Commit the current set of changes to the running configuration.
ARGUMENTS
persist-id
<id>
argument.commit confirm
command is issued before the timeout expires, then the configuration is reverted to the configuration that was active before the commit confirmed
command was issued. If no timeout is given, then the confirming commit has a timeout of 10 minutes. The configuration session will be terminated after this command since no further editing is possible.
The confirming commit will be rolled back if the CLI session is terminated before confirming the commit, unless the persist argument is also given. If the persist command is given, then the CLI session can be terminated and a later session can confirm the pending commit by supplying the persist token as an argument to the commit
command using the persist-id
argument.persist-id
argument. Include the persist-id
option and specify the same persist token id, to modify the ongoing confirming commit process. This enables you to cancel an ongoing persist commit operation or extend the timeout.COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND complete-on-space
DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.
ARGUMENTS
true
to enable the ability to have the CLI complete a command name automatically when you press the space bar. Specify false
to disable it.COMMAND config
DESCRIPTION
Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit
command.
ARGUMENTS
COMMAND describe
DESCRIPTION Display internal information about how a command is implemented.
ARGUMENTS
COMMAND display-level
DESCRIPTION Set the depth of the configuration shown for show commands.
ARGUMENTS
<depth>
can be a value from 1 through 64.COMMAND exit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND file
DESCRIPTION Perform file operations.
ARGUMENTS
For detailed information about these arguments, see the file
page under System Controller / config-mode-commands.
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND history
DESCRIPTION Configure the command history cache size.
ARGUMENTS
<size>
can be a value from 0 through 1000.COMMAND id
DESCRIPTION Display information about the current user, including user, gid, group, and gids.
ARGUMENTS This command has no arguments.
COMMAND idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND ignore-leading-space
DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.
ARGUMENTS
false
to ignore leading whitespace or true
to consider it.COMMAND leaf-prompting
DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.
ARGUMENTS
false
to disable leaf prompting and specify true
to enable it.COMMAND logout
DESCRIPTION Log out a specific session or user from all sessions.
ARGUMENTS
<session-id>
.<user-name>
.COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND paginate
DESCRIPTION Specify whether to control the pagination of CLI command output.
ARGUMENTS
false
to display command output continuously, regardless of the CLI screen height. Specify true
to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.COMMAND prompt1
DESCRIPTION Set the operational mode prompt.
ARGUMENTS
COMMAND prompt2
DESCRIPTION Set the configuration mode prompt.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND quit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND screen-length
DESCRIPTION Configure the length of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.COMMAND screen-width
DESCRIPTION Configure the width of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 200 through 256.COMMAND send
DESCRIPTION Send a message to the terminal of a specified user or all users.
ARGUMENTS
all
to send a message to all users. Specify username <username>
to send a message only to a specified user.COMMAND show
DESCRIPTION Show information about the system.
ARGUMENTS
COMMAND show-defaults
DESCRIPTION Specify whether to display the default configuration.
ARGUMENTS
true
to display the default values. Specify false
to hide the default values.COMMAND terminal
DESCRIPTION Set the terminal type.
ARGUMENTS
COMMAND timestamp
DESCRIPTION Configure whether to display the timestamp.
ARGUMENTS
enable
to show the timestamp. Specify disable
to hide the timestamp.COMMAND who
DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).
ARGUMENTS This command has no arguments.
COMMAND write
DESCRIPTION
Display the running configuration of the system on the terminal. This command is equivalent to the show running-config
command.
ARGUMENTS
COMMAND system diagnostics net-utils
DESCRIPTION Helps in troubleshooting a range of network utilities to detect and solve problems.
ARGUMENTS
Possible completions: - dig - ping - ping6 - tracepath - tracepath6 - traceroute - traceroute6
EXAMPLES
This example shows running the network diagnostics for ping:
syscon-1-active# system diagnostics net-utils ping -
Possible completions:
-C: Stop after sending count ECHO_REQUEST packets.
-i: Wait interval seconds between sending each packet.
-n: Numeric output only. No attempt will be made to lookup symbolic names for host addresses.
syscon-1-active# system diagnostics net-utils ping -c 4 www.google.com
PING www.google.com (142.250.217.681 56(84) bytes of data.
64 bytes from sea09s29-in-f4.1e100.net (142.250.217.68) : icmp_seq=1 tt1=54 time=73.4 ms
64 bytes from sea09s29-in-f4.1100.net (142.250.217.68) : icmp_seq=2 tt1=54 time=74.3 ms
64 bytes from sea09s29-in-f4.14100.net (142.250.217.68) : icmp_seq=3 tt1=54 time=72.1 ms
64 bytes from sea09s29-in-£4.1100.net (142.250.217.68): icmp seq-4 tt1=54 time=72.6 ms
--- www.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 72.167/73.169/74.388/0.877 ms
COMMAND annotation
DESCRIPTION Display only statements whose annotation matches a provided configuration statement or pattern.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND append
DESCRIPTION Append command output text to a file.
ARGUMENTS
COMMAND begin
DESCRIPTION Display the command output starting at the first match of a specified string.
ARGUMENTS
COMMAND best-effort
DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.
ARGUMENTS This command has no arguments.
COMMAND context-match
DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.
ARGUMENTS
COMMAND count
DESCRIPTION Count the number of lines in the command output.
ARGUMENTS This command has no arguments.
COMMAND csv
DESCRIPTION Display table output in CSV format.
ARGUMENTS This command has no arguments.
COMMAND de-select
DESCRIPTION Do not show a specified field in the command output.
ARGUMENTS
COMMAND debug
DESCRIPTION Display debug information.
ARGUMENTS This command has no arguments.
COMMAND details
DESCRIPTION Display the default values for commands in the running configuration.
ARGUMENTS This command has no arguments.
COMMAND display
DESCRIPTION Display options.
ARGUMENTS This command has no arguments.
COMMAND exclude
DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.
ARGUMENTS
COMMAND extended
DESCRIPTION Display referring entries or elements.
ARGUMENTS This command has no arguments.
COMMAND force
DESCRIPTION Log out any users who are locking the configuration.
ARGUMENTS This command has no arguments.
COMMAND hide
DESCRIPTION Hide display options.
ARGUMENTS This command has no arguments.
COMMAND include
DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.
ARGUMENTS
COMMAND linnum
DESCRIPTION Display a line number at the beginning of each line in the displayed output.
ARGUMENTS This command has no arguments.
COMMAND match-all
DESCRIPTION Display the command output that matches all command output filters.
ARGUMENTS This command has no arguments.
COMMAND match-any
DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.
ARGUMENTS This command has no arguments.
COMMAND more
DESCRIPTION Paginate the command output. This is the default behavior.
ARGUMENTS This command has no arguments.
COMMAND nomore
DESCRIPTION Do not paginate command output.
ARGUMENTS This command has no arguments.
COMMAND notab
DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.
ARGUMENTS This command has no arguments.
COMMAND repeat
DESCRIPTION
Repeat the output of a show
command periodically.
ARGUMENTS
COMMAND save
DESCRIPTION Save the command output text to a file.
ARGUMENTS
COMMAND select
DESCRIPTION Display selected fields in the command output.
ARGUMENTS
COMMAND sort-by
DESCRIPTION Display command output with values sorted in a specified field.
ARGUMENTS
COMMAND suppress-validate-warning-prompt
DESCRIPTION Suppress the validation warning prompt.
ARGUMENTS This command has no arguments.
COMMAND tab
DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.
ARGUMENTS This command has no arguments.
COMMAND tags
DESCRIPTION Display only statements with tags that match a pattern.
ARGUMENTS
COMMAND trace
DESCRIPTION Display trace information.
ARGUMENTS This command has no arguments.
COMMAND until
DESCRIPTION Display the command output, ending with the line that matches a specified string.
ARGUMENTS
COMMAND show F5-ALERT-DEF-MIB
DESCRIPTION Display information about the alert definition MIB.
ARGUMENTS
This command has no arguments.
COMMAND show SNMP-FRAMEWORK-MIB
DESCRIPTION Display information about the SNMP management architecture.
ARGUMENTS
This command has no arguments.
EXAMPLES
Display the SNMP Engine information:
syscon-1-active# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:2f:f4:03:00:0a:49:ff:18:00
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 11
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 155355
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
COMMAND show SNMP-MPD-MIB
DESCRIPTION Display information about message processing and dispatching (MPD) for SNMP.
EXAMPLES
Display MPD information:
syscon-1-active# show SNMP-MPD-MIB
SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
COMMAND show SNMP-TARGET-MIB
DESCRIPTION Display information about configured targets for SNMP.
COMMAND show SNMP-SNMPv2-MIB
DESCRIPTION Display information about SNMPv2.
EXAMPLES
Display SNMPv2 information:
syscon-1-active# show SNMPv2-MIB
SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.71.1.F5.1.el7_8.x86_64 : System controller services version 1.6.0-13984"
SNMPv2-MIB system sysObjectID 1.3.6.1.4.1.12276.1.3.1.5
SNMPv2-MIB system sysUpTime 15538782
SNMPv2-MIB system sysServices 72
SNMPv2-MIB system sysORLastChange 0
SNMPv2-MIB snmp snmpInPkts 0
SNMPv2-MIB snmp snmpInBadVersions 0
SNMPv2-MIB snmp snmpInBadCommunityNames 0
SNMPv2-MIB snmp snmpInBadCommunityUses 0
SNMPv2-MIB snmp snmpInASNParseErrs 0
SNMPv2-MIB snmp snmpSilentDrops 0
SNMPv2-MIB snmp snmpProxyDrops 0
SNMPv2-MIB snmpSet snmpSetSerialNo 1653633286
COMMAND show cli
DESCRIPTION Display the default CLI session settings.
ARGUMENTS
This command has no arguments.
EXAMPLES
Display the current default CLI session settings:
syscon-1-active# show cli
autowizard true
complete-on-space true
devtools false
display-level 99999999
history 100
idle-timeout 1800
ignore-leading-space false
leaf-prompting true
output-file terminal
paginate true
prompt1 \h\M#
prompt2 \h(\m)#
screen-length 57
screen-width 120
service prompt config true
show-defaults false
terminal xterm-256color
timestamp disable
COMMAND show cluster
DESCRIPTION Display the current state of the OpenShift cluster and the last 25 OpenShift events that have occurred during installation and during normal operation.
EXAMPLE
Display the current cluster state:
syscon-1-active# show cluster
NAME STATUS TIME CREATED ROLES CPU PODS MEMORY HUGEPAGES
--------------------------------------------------------------------------------------------
blade-1 Ready 2021-01-26T07:05:29Z compute 28 250 26112336Ki 102890Mi
blade-2 Ready 2021-01-26T07:05:29Z compute 28 250 26112336Ki 102890Mi
controller-1 Ready 2021-01-26T06:36:50Z infra,master - - - -
controller-2 Ready 2021-01-26T06:36:50Z infra,master - - - -
STAGE NAME STATUS
---------------------------------
AddingBlade Done
HealthCheck Done
HostedInstall Done
MasterAdditionalInstall Done
MasterInstall Done
NodeBootstrap Done
NodeJoin Done
Prerequisites Done
ServiceCatalogInstall Done
etcdInstall Done
cluster cluster-status summary-status "Openshift cluster is healthy, and all controllers and blades are ready."
INDEX STATUS
-----------------------------------------------------------------------------------------------------------------------
0 2021-01-26 06:12:18.325648 - Performing network-validations before installing cluster into openshift cluster.
1 2021-01-26 06:12:41.236284 - Installing controllers into openshift cluster.
2 2021-01-26 06:26:41.835981 - Cannot ping blade blade-1.chassis.local (192.0.2.1) [1].
3 2021-01-26 06:27:28.002906 - Cannot ping blade blade-2.chassis.local (192.0.2.2) [1].
4 2021-01-26 06:33:19.463460 - Can now ping blade blade-1.chassis.local (192.0.2.1).
5 2021-01-26 06:33:19.775967 - Can now ping blade blade-2.chassis.local (192.0.2.2).
6 2021-01-26 06:33:41.891690 - Successfully SSH'd to blade blade-2.chassis.local.
7 2021-01-26 06:33:52.639644 - Successfully SSH'd to blade blade-1.chassis.local.
8 2021-01-26 06:56:46.673298 - Controller 1 is ready in openshift cluster.
9 2021-01-26 06:56:46.673409 - Controller 2 is ready in openshift cluster.
10 2021-01-26 06:56:46.673439 - Openshift cluster is ready.
11 2021-01-26 06:57:10.948596 - Installation of controllers into openshift cluster succeeded.
12 2021-01-26 06:57:59.873283 - Blade 1 is being added to the openshift cluster.
13 2021-01-26 06:58:09.992015 - Blade 2 is being added to the openshift cluster.
14 2021-01-26 06:58:12.432213 - New blade(s) are ready join the cluster.
15 2021-01-26 06:58:13.191941 - Adding new blades into the Openshift cluster.
16 2021-01-26 07:06:09.967325 - Blade 1 is ready in openshift cluster.
17 2021-01-26 07:06:09.967406 - Blade 2 is ready in openshift cluster.
18 2021-01-26 07:12:22.252472 - Success adding new blades into the Openshift cluster,
19 2021-01-26 07:19:06.812622 - Orchestration manager transitioning to standby.
20 2021-01-26 07:20:35.970843 - Orchestration manager transitioning to active.
21 2021-01-26 07:24:26.013076 - Blade 1 is NOT ready in openshift cluster.
22 2021-01-26 07:24:50.259240 - Blade 1 is ready in openshift cluster.
23 2021-01-26 09:09:12.465617 - Invalid DNS server configured on controller-1.chassis.local.
24 2021-01-26 09:09:29.959390 - Found valid DNS configuration on controller-1.chassis.local.
COMMAND show cluster cluster-status
DESCRIPTION Display the current state of a specific OpenShift event that has occurred during installation and during normal operation.Nodes in the cluster.
ARGUMENTS
EXAMPLE
Display cluster event number 2:
syscon-1-active# show cluster cluster-status cluster-status 2
INDEX STATUS
-----------------------------------------------------------------------------
2 2021-03-02 00:03:44.551587 - Blade 7 is ready in openshift cluster.
COMMAND show cluster install-progress
DESCRIPTION Display the status of the OpenShift cluster installation, including the state of the various stages of the OpenShift installation.
ARGUMENTS
EXAMPLE
Display the installation progress of only the AddingBlade stage:
syscon-1-active# show cluster install-progress install-progress AddingBlade
STAGE NAME STATUS
---------------------
AddingBlade Done
Display the installation progress of the whole cluster:
syscon-1-active# show cluster install-progress
STAGE NAME STATUS
---------------------------------
AddingBlade Done
HealthCheck Done
HostedInstall Done
MasterAdditionalInstall Done
MasterInstall Done
NodeBootstrap Done
NodeJoin Done
Prerequisites Done
ServiceCatalogInstall Done
etcdInstall Done
COMMAND show cluster nodes
DESCRIPTION Display the status of nodes in the cluster, including the current state of the OpenShift cluster and the individual system controller or blade nodes within the cluster.
ARGUMENTS
EXAMPLES
Display only the status of blade-2:
syscon-1-active# show cluster nodes node blade-1
MEMORY CPU
NAME STATUS TIME CREATED ROLES CPU PODS MEMORY HUGEPAGES USAGE USAGE
-------------------------------------------------------------------------------------------------
blade-1 Ready 2024-10-01T07:56:56Z compute 22 250 26112400Ki 102892Mi 9% 5%
Display the status of all nodes:
syscon-2-active# show cluster nodes node
MEMORY CPU
NAME STATUS TIME CREATED ROLES CPU PODS MEMORY HUGEPAGES USAGE USAGE
-----------------------------------------------------------------------------------------------------------
blade-1 Ready 2024-10-01T07:56:56Z compute 22 250 26112400Ki 102892Mi 9% 5%
blade-2 Ready 2024-10-01T07:56:57Z compute 22 250 33350040Ki 95824Mi 48% 9%
blade-3 Ready 2024-10-01T08:42:39Z compute 22 250 26112408Ki 102892Mi 10% 5%
blade-4 Ready 2024-10-01T07:56:57Z compute 22 250 26112408Ki 102892Mi 12% 4%
controller-1 Ready 2024-10-01T07:25:52Z infra,master - - - - - -
controller-2 Ready 2024-10-01T07:25:52Z infra,master - - - - - -
COMMAND show cluster orchestration-manager
DESCRIPTION Display the status of orchestration manager components in the cluster.
ARGUMENTS
true
, the cluster is initialized. If the output is false
, the cluster is not initialized.true
, the cluster is ready. If the output is false
, the cluster is not ready.true
, HA is initialized. If the output is false
, HA is not initialized.true
, HA is ready. If the output is false
, HA is not ready.EXAMPLE
Display the status of all orchestration manager components:
syscon-1-active# show cluster orchestration-manager
cluster orchestration-manager cluster-initialized true
cluster orchestration-manager cluster-ready true
cluster orchestration-manager active-node controller-1.chassis.local
cluster orchestration-manager etcd-ha-initialized true
cluster orchestration-manager etcd-ha-running true
cluster orchestration-manager multus-status healthy
cluster orchestration-manager kubevirt-status healthy
ABLE ABLE
IN READY TO TO
INDEX NAME INSERTED CLUSTER CLUSTER PING SSH STATE
---------------------------------------------------------------------------------------
1 controller-1.chassis.local true true true true true In Cluster
2 controller-2.chassis.local true true true true true In Cluster
ABLE ABLE
IN READY TO TO PARTITION
INDEX NAME INSERTED CLUSTER CLUSTER PING SSH STATE LABEL
-----------------------------------------------------------------------------------------------
1 blade-1.chassis.local true true true true true In Cluster partition-1
2 blade-2.chassis.local true true true true true In Cluster partition-1
COMMAND show components
DESCRIPTION Display information about hardware inventory and firmware components.
ARGUMENTS
The availability of options for this command depends on which hardware component you are configuring.
running
, and it changes to complete
when the update completes. You can either leave off a specific firmware property to see all properties or specify one of these available options:EXAMPLES
Display details about psu-1:
syscon-1-active# show components component psu-1
components component psu-1
components component psu-1
state serial-no 20182BPJ0036
state part-no PWR-0366-01
state empty false
properties psu-state psu-current-in 3.265
properties psu-state psu-current-out 57.562
properties psu-state psu-power-in 740.0
properties psu-state psu-power-out 709.0
properties psu-state psu-voltage-in 229.5
properties psu-state psu-voltage-out 12.3219
properties psu-state psu-temperature-1 16.5
properties psu-state psu-temperature-2 35.5
properties psu-state psu-temperature-3 32.7
properties psu-state psu-fan-1-speed 7392
properties psu-state psu-fan-2-speed 6944
Display software information on blade-1:
syscon-1# show components component blade-1 software
SOFTWARE INDEX VERSION
--------------------------------
blade-os 1.6.0-7891
partition-services 1.6.0-7891
Display all information about blade-1:
syscon-1# show components component blade-1
components component blade-1
state serial-no bld123456s
state part-no "400-0086-02 REV 2"
state empty false
state tpm-integrity-status Valid
state memory available 22674624512
state memory free 20161323008
state memory used-percent 83
state temperature current 31.0
state temperature average 31.0
state temperature minimum 30.0
state temperature maximum 32.0
UPDATE
NAME NAME VALUE CONFIGURABLE STATUS
------------------------------------------------------------------------------------------
QAT0 - Lewisburg C62X Crypto/Compression false -
QAT1 - Lewisburg C62X Crypto/Compression false -
QAT2 - Lewisburg C62X Crypto/Compression false -
fw-version-bios - 2.03.008.1 false -
fw-version-bios-me - 4.0.4.128 false -
fw-version-cpld - 05.04.00 false -
fw-version-lop-app - 1.00.928.0.1 false -
fw-version-lop-bootloader - 1.02.868.0.1 false -
storage state disks disk nvme0n1
state model "INTEL SSDPELKX010T8"
state vendor Intel
state version VCV10301
...
Show information about all firmware for blade-1 and verify that the fw-version-lop-app
firmware has updated successfully:
syscon-1-active# show components component blade-1 properties
UPDATE
NAME NAME VALUE CONFIGURABLE STATUS
-----------------------------------------------------------------------
fw-version-bios - 1.21.168.1 - none
fw-version-bios-me - 4.0.4.112 false none
fw-version-cpld - 04.03.01 false none
fw-version-drive-nvme0n1 - unknown false none
fw-version-fpga-atse0 - 7.6.59.0 false none
fw-version-fpga-vqf0 - 8.6.63.33 false none
fw-version-lop-app - 1.00.928.0.1 - complete
fw-version-lop-bootloader - 1.02.868.0.1 false none
fw-version-sirr - 1.1.8 false none
COMMAND show configuration commit changes
DESCRIPTION Display changes that were made to the running configuration by previous configuration commits, including changes committed for a specified commit ID.
ARGUMENTS
EXAMPLES
Display information about the last commit:
syscon-1-active# show configuration commit changes
!
! Created by: admin
! Date: 2021-02-09 18:37:47
! Client: system
!
partitions partition default
config os-version 1.6.0-7891
config service-version 1.6.0-7891
!
Display information about commit ID 28:
syscon-1-active# show configuration commit changes 28
!
! Created by: admin
! Date: 2021-02-05 21:57:52
! Client: cli
!
partitions partition ConfdUpgradePartition
!
Display information about concurrent operations:
COMMAND show configuration commit list
DESCRIPTION Display information about the configuration commits stored in the commit database.
ARGUMENTS
EXAMPLE
Display information about the five most recent configuration commits:
syscon-1-active# show configuration commit list 5
2021-02-10 00:30:06
SNo. ID User Client Time Stamp Label Comment
~~~~ ~~ ~~~~ ~~~~~~ ~~~~~~~~~~ ~~~~~ ~~~~~~~
0 10001 admin system 2021-02-09 18:37:47
1 10026 admin system 2021-02-09 18:29:31
2 10025 system system 2021-02-09 18:24:40
3 10024 system system 2021-02-09 18:24:39
4 10023 system system 2021-02-09 18:24:39
COMMAND show configuration rollback changes
DESCRIPTION Display changes that would be made by the rollback configuration command or to display the list of commit IDs.
ARGUMENTS
EXAMPLE
Display changes that would be made by rolling back to the most recent configuration commit:
syscon-1-active# show configuration rollback changes
partitions partition default
config os-version 1.6.0-7891
config service-version 1.6.0-7891
!
COMMAND show ctrlr_status
DESCRIPTION Display the status of the current system controller.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display the status of the current system controller:
syscon-1-active# show ctrlr_status
ctrlr_status chassis_num 1
COMMAND show file
DESCRIPTION Display information about the status of current file transfer operations and known hosts for file transfers.
ARGUMENTS
% No entries found.
Every uploaded file includes a status. Available options include, but are not limited to, these statuses:EXAMPLES
Display information about an in-progress file transfer operation:
syscon-1-active# show file transfer-operations
file transfer-operations transfer-operation images/BIGIP-bigip15.1.x-15.1.5.ALL-VELOS.qcow2.zip 192.0.02.11 build/bigip/v15.1.x/daily/build146.0/VM/BIGIP-bigip15.1.x-15.1.5.ALL-VELOS.qcow2.zip "Import file" "HTTPS "
status "In Progress (12.0%)"
timestamp "Fri Jun 11 21:56:06 2021"
COMMAND show history
DESCRIPTION Display a history of commands run on the system controller.
ARGUMENTS
EXAMPLE
Display the last five commands that were run on the system controller:
syscon-1-active# show history
02-18 16:47:28 -- show cluster
02-18 16:47:43 -- show running-config partitions partition default
02-18 16:47:50 -- show cluster
02-18 16:51:31 -- show running-config partitions partition default
02-18 19:25:59 -- file transfer-status
COMMAND show image controller
DESCRIPTION Display information about the images on the system controllers, including their versions, dates, and whether they are in use.
EXAMPLE
Show all images on the system controllers:
syscon-1-active# show image controller
VERSION OS IN
CONTROLLER CONTROLLER STATUS DATE USE
---------------------------------------------------
1.5.0-6789 1 ready 2022-02-21 true
1.6.0-7891 1 ready 2023-05-21 false
VERSION
SERVICE IN
CONTROLLER CONTROLLER STATUS DATE USE
---------------------------------------------------
1.5.0-6789 1 ready 2022-02-21 true
1.6.0-7891 1 ready 2023-05-21 false
VERSION
ISO IN
CONTROLLER CONTROLLER STATUS DATE USE
---------------------------------------------------
1.5.0-6789 1 ready 2022-02-21 false
1.6.0-7891 1 ready 2023-05-21 false
COMMAND show image partition
DESCRIPTION Display information about the images on the partition.
EXAMPLE
Display all images on the partitions:
syscon-1-active# show image partition
VERSION OS IN
PARTITION CONTROLLER STATUS DATE USE NAME ID
-----------------------------------------------------------------
1.5.0-6789 1 ready 2022-02-21 true default 1
1.6.0-7891 1 ready 2023-05-21 false second 2
VERSION
SERVICE IN
PARTITION CONTROLLER STATUS DATE USE NAME ID
-----------------------------------------------------------------
1.5.0-6789 1 ready 2022-02-21 true default 1
1.6.0-7891 1 ready 2023-05-21 false second 2
COMMAND show interfaces interface
DESCRIPTION Display information about chassis network interfaces. This includes options for link aggregation.
ARGUMENTS
The availability of options for this command depends on which interface you specify.
EXAMPLE
Display information about interface 1/1.1:
syscon-1-active# show interfaces interface lag1
interfaces interface 1/1.1
state name 1/1.1
state type ethernetCsmacd
state loopback-mode false
state enabled
state ifindex 10
state admin-status UP
state oper-status UP
state last-change 65986699140
state counters in-octets 7411812584
state counters in-pkts 17018405
state counters in-unicast-pkts 16294087
state counters in-broadcast-pkts 211701
state counters in-multicast-pkts 512617
state counters in-discards 1898
state counters in-errors 0
state counters in-unknown-protos 0
state counters in-fcs-errors 0
state counters out-octets 8311367596
state counters out-pkts 16766991
state counters out-unicast-pkts 8275243
state counters out-broadcast-pkts 3936076
state counters out-multicast-pkts 4555672
state counters out-discards 0
state counters out-errors 0
hold-time state up 0
hold-time state down 0
ethernet state mac-address 5a:a5:5a:01:01:01
ethernet state auto-negotiate true
ethernet state duplex-mode FULL
ethernet state port-speed SPEED_10GB
ethernet state enable-flow-control false
ethernet state hw-mac-address 5a:a5:5a:01:01:01
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 2582667
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
COMMAND show interfaces interface <interface-name> aggregation state
DESCRIPTION Show the aggregation state for an interface.
ARGUMENTS
These options are available:
COMMAND show interfaces interface <interface-name> ethernet state
DESCRIPTION Show the ethernet state for an interface.
ARGUMENTS
These options are available:
COMMAND show interfaces interface <interface-name> hold-time state
DESCRIPTION Show the hold-time state for an interface.
ARGUMENTS
These options are available:
COMMAND show interfaces interface <interface-name> state
DESCRIPTION Show the hold-time state for an interface.
ARGUMENTS
These options are available:
COMMAND show interfaces interface <interface-name> subinterfaces subinterface
DESCRIPTION Show configured subinterfaces for a specified interface.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND
show lacp
DESCRIPTION
Display the current LACP configuration and state information for global and all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display one level of information about LACP interfaces:
syscon-1-active# show lacp displaylevel 1
lacp interfaces interface cplagg_1.1
lacp interfaces interface cplagg_1.10
lacp interfaces interface cplagg_1.11
lacp interfaces interface cplagg_1.12
COMMAND
show lacp interfaces
DESCRIPTION
Display the current LACP state for all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND
show lacp interfaces interface
DESCRIPTION
Display the current LACP config and state information for an LACP interface.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display information about the cplagg_1.1
interface:
syscon-1-active# show lacp interfaces interface cplagg_1.1
lacp interfaces interface cplagg_1.1
state name cplagg_1.1
state interval FAST
state lacp-mode ACTIVE
PARTNER LACP LACP LACP LACP LACP
SYSTEM OPER PARTNER PORT PORT IN OUT RX TX UNKNOWN LACP
INTERFACE INTERFACE ACTIVITY TIMEOUT SYNCHRONIZATION AGGREGATABLE COLLECTING DISTRIBUTING ID KEY PARTNER ID KEY NUM NUM PKTS PKTS ERRORS ERRORS ERRORS ERRORS
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1/1.1 - ACTIVE SHORT IN_SYNC true true true - 2 0:a:49:ff:80:12 - 4225 2 774811 774113 0 - - -
2/1.1 - ACTIVE SHORT IN_SYNC true true true - 2 0:a:49:ff:80:12 - 8321 4 774810 774111 0 - - -
COMMAND
show lacp state
DESCRIPTION
Display global LACP state information.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND show last-logins
DESCRIPTION Display information about the most recent login attempts to the system controller.
ARGUMENTS
EXAMPLE
Display information about recent logins:
syscon-1-active# show last-logins
last-logins user admin
login 2023-06-21T23:45:15.21265+00:00
authenticating-host controller-1
client-host 192.0.2.111
transport cli-ssh
num-of-failed-logins 0
login 2023-06-21T23:37:36.04187+00:00
authenticating-host controller-1
client-host 192.0.2.111
transport rest-http
num-of-failed-logins 0
login 2023-06-21T23:37:36.014206+00:00
authenticating-host controller-2
client-host 192.0.2.111
transport rest-http
num-of-failed-logins 0
login 2023-06-21T23:37:15.120658+00:00
authenticating-host controller-2
client-host 192.0.2.111
transport rest-http
num-of-failed-logins 0
login 2023-06-21T23:37:14.984611+00:00
authenticating-host controller-1
client-host 192.0.2.111
transport rest-http
num-of-failed-logins 0
COMMAND show mgmt-vlans
DESCRIPTION Displays management VLANs created.
EXAMPLE
Displays management VLANs:
syscon-1-active# show mgmt-vlans
MGMT MGMT
VLAN TAG VLAN TAG NAME
-----------------------------------
untagged untagged mgmt-untagged
11 11 vlan-11
12 12 vlan-12
13 13 vlan-13
14 14 mgmt-14
15 15 mgmt-15
16 16 vlan-16
17 17 mgmt-vlan-11
COMMAND show parser
DESCRIPTION Display information about available commands and their syntax.
ARGUMENTS
EXAMPLES
Display information about all commands:
syscon-1-active# show parser dump
autowizard [false/true]
cd <Dir>
cd
clear history
commit [confirm/abort]
commit [confirm/abort] persist-id <id>
commit
commit persist-id <id>
compare file <File> [brief]
compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
compare file <File> [brief] SNMPv2-MIB system sysContact
compare file <File> [brief] SNMPv2-MIB system sysLocation
compare file <File> [brief] SNMPv2-MIB system sysName
compare file <File> [brief] components component
compare file <File> [brief] image controller config iso iso
compare file <File> [brief] image controller config os os
compare file <File> [brief] image controller config services service
compare file <File> [brief] image partition config iso iso
compare file <File> [brief] image partition config os os
compare file <File> [brief] image partition config services service
compare file <File> [brief] interfaces interface
compare file <File> [brief] lacp config
compare file <File> [brief] lacp interfaces interface
compare file <File> [brief] partitions partition
compare file <File> [brief] slots slot
compare file <File> [brief] system aaa authentication config
compare file <File> [brief] system aaa authentication ldap bind_timelimit
compare file <File> [brief] system aaa authentication ldap idle_timelimit
compare file <File> [brief] system aaa authentication ldap ldap_version
compare file <File> [brief] system aaa authentication ldap ssl
compare file <File> [brief] system aaa authentication ldap timelimit
compare file <File> [brief] system aaa authentication ldap tls_reqcert
compare file <File> [brief] system aaa authentication roles role
compare file <File> [brief] system aaa authentication users user
compare file <File> [brief] system aaa password-policy config apply-to-root
compare file <File> [brief] system aaa password-policy config max-age
compare file <File> [brief] system aaa password-policy config max-login-failures
compare file <File> [brief] system aaa password-policy config min-length
compare file <File> [brief] system aaa password-policy config reject-username
compare file <File> [brief] system aaa password-policy config required-differences
compare file <File> [brief] system aaa password-policy config required-lowercase
compare file <File> [brief] system aaa password-policy config required-numeric
compare file <File> [brief] system aaa password-policy config required-special
compare file <File> [brief] system aaa password-policy config required-uppercase
compare file <File> [brief] system aaa password-policy config retries
compare file <File> [brief] system aaa password-policy config root-lockout
compare file <File> [brief] system aaa password-policy config root-unlock-time
compare file <File> [brief] system aaa password-policy config unlock-time
--More--
Display information only about the commit
command:
syscon-1-active# show parser dump commit
commit [confirm/abort]
commit [confirm/abort] persist-id <id>
commit
commit persist-id <id>
COMMAND show partitions partition
DESCRIPTION Display information about partitions.
ARGUMENTS
true
to enable a partition. The default is false
.EXAMPLE
Display information about the default partition:
syscon-1-active# show partitions partition default
RUNNING
BLADE OS SERVICE PARTITION SERVICE STATUS
NAME ID VERSION VERSION CONTROLLER STATUS VERSION AGE
----------------------------------------------------------------------------------------
default 1 1.6.0-7891 1.6.0-7891 1 running-active 1.6.0-7891 59m
2 running-standby 1.6.0-7891 59m
test 2 1.5.0-6789 1.5.0-6789 1 running-active 1.5.0-6789 19h
2 running-standby 1.5.0-6789 19h
COMMAND show restconf-state
DESCRIPTION Display capabilities supported by the RESTCONF server.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display all supported capabilities:
syscon-1-active# show restconf-state
restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=explicit
restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
COMMAND show running-config
DESCRIPTION Display the current configuration. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.
ARGUMENTS
For information about these arguments, see these sections on the controller show-SNMP-FRAMEWORK-MIB
page.
EXAMPLE
Display the current running configuration for partitions:
syscon-1-active# show running-config partitions
partitions partition none
!
partitions partition default
config enabled
config iso-version 1.8.0-16421
config configuration-volume 10
config images-volume 15
config shared-volume 10
config pxe-server internal
config mgmt-vlans [ 11 12 ]
config mgmt-ip ipv4 address 10.0.11.30
config mgmt-ip ipv4 prefix-length 24
config mgmt-ip ipv4 gateway 10.0.11.1
config mgmt-ip ipv6 address 2001:db9:0:1::30
config mgmt-ip ipv6 prefix-length 64
config mgmt-ip ipv6 gateway 2001:db9:0:1::1
config mgmt-ip mgmt-vlan 11
!
partitions partition partition1
config enabled
config iso-version 1.8.0-16421
config configuration-volume 10
config images-volume 15
config shared-volume 10
config pxe-server internal
config mgmt-ip ipv4 address 10.0.11.31
config mgmt-ip ipv4 prefix-length 24
config mgmt-ip ipv4 gateway 10.0.11.1
config mgmt-ip ipv6 address 2001:db9:0:1::31
config mgmt-ip ipv6 prefix-length 64
config mgmt-ip ipv6 gateway 2001:db9:0:1::1
config mgmt-ip mgmt-vlan 11
!
COMMAND show system aaa
DESCRIPTION Display system user authentication information, including information about roles, users, primary key, server groups, and TLS.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display the default system accounts:
syscon-2-active# show system aaa authentication
system aaa authentication state basic enabled
system aaa authentication state cert-auth disabled
system aaa authentication state superuser-bash-access false
system aaa authentication f5-aaa-token:state basic enabled
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
AUTHORIZED LAST TALLY EXPIRY
USERNAME KEYS CHANGE COUNT ROLE STATUS
-----------------------------------------------------
admin - 19997 0 admin enabled
root - 19997 0 root enabled
REMOTE LDAP
ROLENAME GID GID GROUP DESCRIPTION USERS
-----------------------------------------------------------------------------------------------------------------------------
admin 9000 - - Unrestricted read/write access. -
operator 9001 - - Read-only access to system level data. -
partition_1 9101 - - Provides console access for partition-1. -
partition_2 9102 - - Provides console access for partition-2. -
partition_3 9103 - - Provides console access for partition-3. -
partition_4 9104 - - Provides console access for partition-4. -
partition_5 9105 - - Provides console access for partition-5. -
partition_6 9106 - - Provides console access for partition-6. -
partition_7 9107 - - Provides console access for partition-7. -
partition_8 9108 - - Provides console access for partition-8. -
resource-admin 9003 - - Restricted read/write access. No access to modify authentication configuration. -
superuser 9004 - - Sudo privileges and Bash access to the system (if enabled). -
ts_admin 9100 - - Provides admin access to the terminal server (TS). -
user 9002 - - Read-only access to non-sensitive system level data. -
Display information for the primary key:
syscon-1-active# show system aaa primary-key
system aaa primary-key state hash bIVhabcdtroyOkxMKYjyDEFGTd0NX4Ch1234Mi+5aFk9WbxdM6RTzl5678HYkCwnQkOE1ict0Y7Z3uOLgjYNBQ==
system aaa primary-key state status "COMPLETE Initiated: Tue Mar 7 22:32:04 2023"```
Show the TLS certificate:
syscon-1-active# show system aaa tls state certificate
Show the current CRLs in the system:
syscon-1-active# show system aaa tls crls crl
Show the status of Online Certificate Status Protocol (OCSP) on the system:
syscon-1-active# show system aaa authentication ocsp
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
Show the status of client certificate authentication on the system:
syscon-1-active# show system aaa authentication state cert-auth
system aaa authentication state cert-auth disabled
Show the token lifetime value in minutes:
syscon-1-active# show system aaa restconf-token
system aaa restconf-token state lifetime 15
COMMAND show system alarms
DESCRIPTION Display information about system alarms.
EXAMPLE
Display active alarm conditions:
syscon-1-active# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
--------------------------------------------------------------------------------------------------
65793 psu-1 ERROR PSU fault detected 2020-08-31 10:39:12.113796318 UTC
65536 controller-1 CRITICAL Hardware device fault detected 2020-08-31 11:37:44.190637453 UTC
COMMAND show system appliance-mode
DESCRIPTION Check the current state of appliance mode. It can be either enabled or disabled.
EXAMPLE
Display the current state of appliance mode:
syscon-1-active# show system appliance-mode
system appliance-mode state disabled
COMMAND show system blade-power
DESCRIPTION Display power requested and allocated for each blade in the chassis.
EXAMPLES
Display the requested and allocated power only for blade 1:
syscon-1-active# show system blade-power allocation 1
SLOT REQUESTED ALLOCATED
NUM POWER POWER
----------------------------
1 390 390
Display the requested and allocated power for all blades in the chassis:
syscon-1-active# show system blade-power
system blade-power total available 4555
system blade-power total requested 3120
system blade-power total allocated 3120
SLOT REQUESTED ALLOCATED
NUM POWER POWER
----------------------------
1 390 390
2 390 390
3 390 390
4 390 390
5 390 390
6 390 390
7 390 390
8 390 390
COMMAND show system chassis-macs
DESCRIPTION Display assigned MAC addresses for system components, such as physical front panel ports, LAGs, tenants, networking usage, and partition management.
EXAMPLES
Display the base chassis MAC address:
syscon-1-active# show system chassis-macs base
system chassis-macs base 0014a28e5c01
Display MAC addresses for partitions:
syscon-1-active# show system chassis-macs partitions
IDENTIFIER OFFSET MAC ADDRESS
---------------------------------------
1 8 00:11:b2:c3:4d:08
9 00:11:b2:c3:4d:09
10 00:11:b2:c3:4d:0a
11 00:11:b2:c3:4d:0b
12 00:11:b2:c3:4d:0c
13 00:11:b2:c3:4d:0d
14 00:11:b2:c3:4d:0e
15 00:11:b2:c3:4d:0f
16 00:11:b2:c3:4d:10
17 00:11:b2:c3:4d:11
18 00:11:b2:c3:4d:12
19 00:11:b2:c3:4d:13
20 00:11:b2:c3:4d:14
21 00:11:b2:c3:4d:15
22 00:11:b2:c3:4d:16
23 00:11:b2:c3:4d:17
2 24 00:11:b2:c3:4d:18
25 00:11:b2:c3:4d:19
26 00:11:b2:c3:4d:1a
27 00:11:b2:c3:4d:1b
28 00:11:b2:c3:4d:1c
29 00:11:b2:c3:4d:1d
30 00:11:b2:c3:4d:1e
31 00:11:b2:c3:4d:1f
32 00:11:b2:c3:4d:20
33 00:11:b2:c3:4d:21
34 00:11:b2:c3:4d:22
35 00:11:b2:c3:4d:23
36 00:11:b2:c3:4d:24
37 00:11:b2:c3:4d:25
38 00:11:b2:c3:4d:26
39 00:11:b2:c3:4d:27
COMMAND show system clock
DESCRIPTION Display the current time and time zone name configured for the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display the currently-configured time and time zone name:
syscon-1-active# show system clock
system clock state timezone-name Etc/UTC
CONTROLLER DATE TIME
-----------------------------------------------
1 2023-06-23 19:27:25+00:00 Etc/UTC
2 2023-06-23 19:27:25+00:00 Etc/UTC
COMMAND show system clock state controllers controller
DESCRIPTION Display the current time zone name configured for the system controllers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the current time for all system controllers:
syscon-1-active# show system clock state controllers
CONTROLLER DATE TIME
-----------------------------------------------
1 2023-06-23 19:28:43+00:00 Etc/UTC
2 2023-06-23 19:28:43+00:00 Etc/UTC
Display the current time only for system controller 1:
syscon-1-active# show system clock state controllers controller 1
CONTROLLER DATE TIME
-----------------------------------------------
1 2023-06-23 19:28:59+00:00 Etc/UTC
COMMAND show system database state reset-default-config
DESCRIPTION
Display whether the reset-default-config
flag is enabled in the system configuration.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display the status of the reset-default-config
flag in the system configuration:
syscon-1-active# show system database state reset-default-config
system database state reset-default-config false
COMMAND show system diagnostics
DESCRIPTION Display information about iHealth, QKView, and iHealth web proxy.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the iHealth configuration for the system:
syscon-1-active# show system diagnostics proxy
system diagnostics proxy state proxy-username ""
system diagnostics proxy state proxy-server ""
syscon-2-active# show system diagnostics ihealth
system diagnostics ihealth state server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
system diagnostics ihealth state clientid ""
Display the current status for QKView:
syscon-1-active# show system diagnostics qkview
system diagnostics qkview state status capture-in-progress false
system diagnostics qkview state status percentage 100
system diagnostics qkview state status status-msg "Completed collection."
system diagnostics qkview state status filename 2023-06.tar
FILENAME SIZE CREATED ON
---------------------------------------------------------------------
controller-2:2023-06.tar 377979525 2023-06-22T00:51:39.535500638Z
COMMAND show system dns
DESCRIPTION Display information about DNS servers configured for the system controller to use.
EXAMPLE
Display all configured DNS servers:
syscon-1-active# show system dns
ADDRESS ADDRESS PORT
-----------------------------
192.0.2.100 - 53
192.0.2.111 - 53
COMMAND show system events
DESCRIPTION Display information about system events.
EXAMPLE
Display system events and do not paginate command output:
syscon-1-active# show system events | nomore
LOG
----------------------------------------------------------------------------------------------------------------------------------------
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration health state" "2020-08-30 06:19:03.868597381 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration request-active state" "2020-08-30 06:19:03.880859476 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration grant-active state" "2020-08-30 06:19:03.892291984 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration health state" "2020-08-30 06:19:03.903104866 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration grant-active state" "2020-08-30 06:19:49.863635400 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: local arbitration request-active state" "2020-08-30 06:19:53.619701519 UTC"
65793 psu-3 psu-fault EVENT NA "Deasserted: PSU 3 input OK" "2020-08-30 06:19:53.916775247 UTC"
65793 psu-3 psu-fault EVENT NA "Deasserted: PSU 3 output OK" "2020-08-30 06:19:53.977790694 UTC"
65793 psu-4 psu-fault EVENT NA "Deasserted: PSU 4 input OK" "2020-08-30 06:19:54.036836768 UTC"
65793 psu-4 psu-fault EVENT NA "Deasserted: PSU 4 output OK" "2020-08-30 06:19:54.097780931 UTC"
65792 lcd lcd-fault ASSERT ERROR "Fault detected in LCD module" "2020-08-30 06:20:01.867643203 UTC"
65792 lcd lcd-fault EVENT NA "LCD is in fault state" "2020-08-30 06:20:01.867670273 UTC"
65792 lcd lcd-fault CLEAR ERROR "Fault detected in LCD module" "2020-08-30 06:21:27.989430027 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: peer arbitration request-active state" "2020-08-30 06:21:37.864662916 UTC"
66048 controller-2 arbitration-state EVENT NA "Asserted: peer arbitration health state" "2020-08-30 06:21:37.875784916 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration health state" "2020-08-30 06:21:34.082963396 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration request-active state" "2020-08-30 06:21:34.088761802 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration grant-active state" "2020-08-30 06:21:36.016797509 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration health state" "2020-08-30 06:21:36.022922816 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: local arbitration health state" "2020-08-30 06:21:36.028852414 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: local arbitration request-active state" "2020-08-30 06:21:36.035580745 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration request-active state" "2020-08-30 06:21:38.025136766 UTC"
66048 controller-1 arbitration-state EVENT NA "Asserted: peer arbitration grant-active state" "2020-08-30 06:21:38.032655297 UTC"
66048 controller-2 arbitration-state EVENT NA "Deasserted: peer arbitration request-active state" "2020-08-30 06:21:41.864925695 UTC"
66048 controller-1 arbitration-state EVENT NA "Deasserted: local arbitration request-active state" "2020-08-30 06:21:42.018737589 UTC"
COMMAND show system health
DESCRIPTION Display health information about system components.
ARGUMENTS
The availability of options for this command depends on the hardware component for which you want to view health information.
EXAMPLES
Display high-level hardware health state for controller-1:
syscon-1-active# show system health components component controller-1 hardware state | nomore
KEY NAME HEALTH SEVERITY
-----------------------------------------------------------------------------------------------
controller/hardware/cpu cpu-1 ok info
controller/hardware/cpu/pcie PCIe BUS ok info
controller/hardware/drives Storage Subsystem ok info
controller/hardware/drives/nvme0n1 drive-1 ok info
controller/hardware/lop Controller LOP ok info
controller/hardware/memory Memory ok info
controller/hardware/switch Controller Switch Subsystem ok notice
controller/hardware/switch/switch0 Control Plane Switch 0 ok info
controller/hardware/switch/switch0/hg0 Port hg0 --> Peer Controller ok info
controller/hardware/switch/switch0/hg1 Port hg1 --> Peer Controller ok info
controller/hardware/switch/switch0/xe0 Port xe0 --> slot3 ok info
controller/hardware/switch/switch0/xe1 Port xe1 --> slot4 ok info
controller/hardware/switch/switch0/xe10 Port xe10 --> CPU control plane 01 ok info
controller/hardware/switch/switch0/xe11 Port xe11 --> CPU control plane 02 ok info
controller/hardware/switch/switch0/xe2 Port xe2 --> slot7 ok info
controller/hardware/switch/switch0/xe3 Port xe3 --> slot8 ok info
controller/hardware/switch/switch0/xe4 Port xe4 --> slot1 ok info
controller/hardware/switch/switch0/xe5 Port xe5 --> slot2 ok info
controller/hardware/switch/switch0/xe6 Port xe6 --> slot5 ok info
controller/hardware/switch/switch0/xe7 Port xe7 --> slot6 ok info
controller/hardware/switch/switch0/xe8 Port xe8 --> front-panel mgmt ok info
controller/hardware/switch/switch0/xe9 Port xe9 --> CPU control plane 00 ok info
controller/hardware/switch/switch1 Data Plane Switch 1 ok notice
controller/hardware/switch/switch1/hg0 Port hg0 --> slot1 ok info
controller/hardware/switch/switch1/hg1 Port hg1 --> slot1 ok notice
controller/hardware/switch/switch1/hg10 Port hg10 --> slot3 ok notice
controller/hardware/switch/switch1/hg11 Port hg11 --> slot3 ok info
controller/hardware/switch/switch1/hg12 Port hg12 --> slot6 ok info
controller/hardware/switch/switch1/hg13 Port hg13 --> slot6 ok notice
controller/hardware/switch/switch1/hg14 Port hg14 --> slot2 ok info
controller/hardware/switch/switch1/hg15 Port hg15 --> slot2 ok notice
controller/hardware/switch/switch1/hg2 Port hg2 --> slot5 ok info
controller/hardware/switch/switch1/hg3 Port hg3 --> slot5 ok notice
controller/hardware/switch/switch1/hg4 Port hg4 --> slot8 ok notice
controller/hardware/switch/switch1/hg5 Port hg5 --> slot8 ok info
controller/hardware/switch/switch1/hg6 Port hg6 --> slot4 ok notice
controller/hardware/switch/switch1/hg7 Port hg7 --> slot4 ok info
controller/hardware/switch/switch1/hg8 Port hg8 --> slot7 ok notice
controller/hardware/switch/switch1/hg9 Port hg9 --> slot7 ok info
controller/hardware/switch/switch1/xe0 Port xe0 --> CPU data plane 00 ok info
Display health information about system memory:
syscon-1-active# show system health components component controller-1 hardware controller/hardware/memory
hardware controller/hardware/memory
state name Memory
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------
memory:sensor:temperature Memory temperature (C) ok info 32.75 2021-06-11T10:34:26Z
rasdaemon:mc:corrected:event RAS Daemon MC corrected event ok info 2021-06-11T10:24:21Z
rasdaemon:mc:fatal:event RAS Daemon MC fatal event ok info 2021-06-11T10:24:21Z
rasdaemon:mc:uncorrected:event RAS Daemon MC uncorrected event ok info 2021-06-11T10:24:21Z
Display the status of the tcpdump service on the blades:
syscon-1-active# show system health components component services blade/services/tcpdumpd
system health components component blade-1
services blade/services/tcpdumpd
state name tcpdumpd
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2021-06-17T07:13:48Z
container:event:die Container die event ok info 0 2021-07-12T17:43:23Z
container:event:exec-create Container exec create event ok info 0 2021-07-12T15:56:52Z
container:event:exec-detach Container exec detach event ok info 0 2021-06-17T07:13:48Z
container:event:exec-die Container exec die event ok info 0 2021-06-17T07:13:48Z
container:event:exec-start Container exec start event ok info 0 2021-07-12T15:56:52Z
container:event:kill Container kill event ok info 0 2021-07-12T17:43:23Z
container:event:restart Container restart event ok info 0 2021-07-12T17:48:26Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2021-06-17T07:13:48Z
container:event:start Container start event ok info 0 2021-06-17T07:13:48Z
container:event:stop Container stop event ok info 0 2021-07-12T17:43:23Z
container:running Container running ok info true 2021-07-13T14:24:26Z
system health components component blade-2
services blade/services/tcpdumpd
state name tcpdumpd
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2021-06-17T07:13:47Z
container:event:die Container die event ok info 0 2021-07-13T14:24:52Z
container:event:exec-create Container exec create event ok info 0 2021-07-12T15:56:55Z
container:event:exec-detach Container exec detach event ok info 0 2021-06-17T07:13:47Z
container:event:exec-die Container exec die event ok info 0 2021-06-17T07:13:47Z
container:event:exec-start Container exec start event ok info 0 2021-07-12T15:56:55Z
container:event:kill Container kill event ok info 0 2021-07-13T14:24:52Z
container:event:restart Container restart event ok info 0 2021-07-12T17:47:13Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2021-06-17T07:13:47Z
container:event:start Container start event ok info 0 2021-06-17T07:13:47Z
container:event:stop Container stop event ok info 0 2021-07-13T14:24:52Z
container:running Container running ok info true 2021-07-13T14:24:52Z
...
Display a brief summary of health information for blade-1:
syscon-1-active# show system health summary components component blade-1
COMPONENT COMPONENT COMPONENT ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE UPDATED
NAME NAME HEALTH SEVERITY NAME DESCRIPTION HEALTH SEVERITY VALUE AT
---------------------------------------------------------------------------------------------------------
blade-1 - ok notice
COMMAND show system image
DESCRIPTION Display information about the installed image on the system controllers.
ARGUMENTS
This command has no arguments.
EXAMPLES
Display the currently-installed image on the system controllers:
syscon-1-active# show system image
SERVICE ISO INSTALL
NUMBER OS VERSION VERSION VERSION STATUS
--------------------------------------------------
1 1.6.0-7891 1.6.0-7891 - success
2 1.6.0-7891 1.6.0-7891 - success
COMMAND show system licensing
DESCRIPTION Display information about system license.
EXAMPLES
Display information about the license activated on the system (Note that actual license key values are not shown):
syscon-1-active# show system licensing
system licensing license
Licensed version 7.4.0
Registration Key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
Licensed date 2020/08/29
License start 2020/05/05
License end 2020/09/29
Service check date 2020/08/30
Platform ID F101
Appliance SN chs600103s
Active Modules
Local Traffic Manager, CX410 (XXXXXXX-XXXXXXX)
Best Bundle, CX410
APM-Lite
Advanced Routing
Carrier Grade NAT (AFM ONLY)
Max Compression, CX410
Rate Shaping
Max SSL, CX410
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
Display information about the raw license activated on the system (Note that actual license key values are not shown in this excerpt):
syscon-1-active# show system licensing raw-license
system licensing raw-license #
Auth vers : 5b
#
#
# BIG-IP System License Key File
# DO NOT EDIT THIS FILE!!
#
# Install this file as "/config/bigip.license".
#
# Contact information in file /CONTACTS
#
#
# Warning: Changing the system time while this system is running
# with a time-limited license may make the system unusable.
#
Usage : F5 Internal Product Development
#
#
# Only the specific use referenced above is allowed. Any other uses are prohibited.
#
Vendor : F5 Networks, Inc.
#
# Module List
#
active module : Local Traffic Manager, CX410|XXXXXXX-XXXXXXX|Better Bundle, CX410|APM-Lite|Carrier Grade NAT (AFM ONLY)|Max Compression, CX410|Rate Shaping|Max SSL, CX410|DNS, Max QPS, CX410|Advanced Routing, CX410|Advanced Firewall Manager, CX410|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop
optional module : Access Policy Manager, 60K VPN Users, CX410
optional module : Access Policy Manager, Base, CX410
optional module : Advanced Firewall Manager, CX410
optional module : Advanced Protocols, CX410
optional module : Advanced Routing, CX410
optional module : Advanced Web Application Firewall, CX410
optional module : Anti-Bot Mobile, CX410
optional module : APM, 1000 VPN Users
optional module : APM, 10000 VPN Users
optional module : APM, 25000 VPN Users
optional module : APM, 500 VPN Users
optional module : APM, 5000 VPN Users
optional module : Basic Policy Enforcement Manager, CX410
...
COMMAND show system logging
DESCRIPTION Display information about remote logging.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND show system login-activity
DESCRIPTION Display information about all previous login attempts.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all recent login attempts:
syscon-1-active# show system login-activity
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
ADMIN 2023-06-02 00:57:44 http 192.0.2.33 failed
admin 2023-06-21 21:14:40 ssh 192.0.2.213 success
2023-06-21 22:13:40 http 192.0.2.213 success
2023-06-21 22:31:59 http 192.0.2.213 failed
2023-06-21 22:32:05 http 192.0.2.213 success
2023-06-21 22:50:18 ssh 192.0.2.213 success
2023-06-21 23:45:15 ssh 192.0.2.213 success
2023-06-22 00:33:08 http 192.0.2.213 failed
2023-06-22 00:33:14 http 192.0.2.213 success
COMMAND show system mac-allocation
DESCRIPTION Display information about chassis MAC address allocation.
EXAMPLE
Display current MAC address allocation:
syscon-1-active# show system mac-allocation
system mac-allocation state free-single-macs 144
system mac-allocation state allocated-single-macs 16
system mac-allocation state free-large-blocks 24
system mac-allocation state allocated-large-blocks 0
system mac-allocation state total-free-mac-count 912
system mac-allocation state total-allocated-mac-count 16
system mac-allocation state total-mac-count 928
COMMAND show system mgmt-ip
DESCRIPTION Display information about all configured management IP addresses.
EXAMPLE
Display information about all configured management IP addresses:
syscon-1-active# show system mgmt-ip state floating
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::
syscon-1-active# show system mgmt-ip
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::
IPV4 IPV6
PREFIX IPV6 PREFIX IPV6
CONTROLLER IPV4 ADDRESS LENGTH IPV4 GATEWAY ADDRESS LENGTH GATEWAY
------------------------------------------------------------------------------
1 192.0.2.239 24 192.0.2.254 :: 0 ::
2 192.0.2.226 24 192.0.2.254 :: 0 ::
COMMAND system mgmt-ip state fixed-addresses
DESCRIPTION Display information about all fixed management IP addresses.
EXAMPLE
Display information about the fixed management IP addresses:
syscon-1-active# show system mgmt-ip state fixed-addresses
IPV4 IPV6
PREFIX IPV6 PREFIX IPV6
CONTROLLER IPV4 ADDRESS LENGTH IPV4 GATEWAY ADDRESS LENGTH GATEWAY
------------------------------------------------------------------------------
1 192.0.2.239 24 192.0.2.254 :: 0 ::
2 192.0.2.226 24 192.0.2.254 :: 0 ::
COMMAND system mgmt-ip state floating
DESCRIPTION Display information about the floating management IP addresses.
EXAMPLE
Display information about the floating management IP addresses:
syscon-1-active# show system mgmt-ip state floating
system mgmt-ip state floating ipv4-address 192.0.2.131
system mgmt-ip state floating ipv6-address ::
COMMAND show system network
DESCRIPTION Display information about the configured and active internal network addresses.
EXAMPLE
Display information about the currently-configured internal network:
syscon-1-active# show system network
system network state configured-network-range-type RFC6598
system network state configured-network-range 100.64.0.0/12
system network state configured-chassis-id 1
system network state active-network-range-type RFC6598
system network state active-network-range 100.64.0.0/12
system network state active-chassis-id 1
COMMAND show system ntp
DESCRIPTION Display the current state of the Network Time Protocol (NTP) service.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display the current state of NTP on the system:
syscon-1-active# show system ntp
system ntp state disabled
COMMAND show system ntp ntp-keys
DESCRIPTION Display a list of configured NTP authentication keys.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND show system ntp servers
DESCRIPTION Displays a list of configured NTP servers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display configured NTP servers:
syscon-1-active# show system ntp servers
ASSOCIATION ROOT ROOT POLL
ADDRESS ADDRESS PORT VERSION TYPE IBURST PREFER STRATUM DELAY DISPERSION OFFSET INTERVAL
--------------------------------------------------------------------------------------------------------------------------
time.f5net.com time.f5net.com 123 4 SERVER true true - - - - -
COMMAND show system packages
DESCRIPTION Display information about independent service packages on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show system redundancy
DESCRIPTION Display information about system controller redundancy.
ARGUMENTS
This command has no arguments.
EXAMPLE
Display the currently-configured redundancy mode for the system controllers:
syscon-1-active# show system redundancy
system redundancy state mode auto
system redundancy state current-active controller-2
NAME NAME
--------------------
controller-1 -
controller-2 -
COMMAND show system remote-console
DESCRIPTION Display information about active console sessions.
EXAMPLE
Display active console sessions:
syscon-1-active# show system remote-console
SLOT SLOT CONNECTED
NUM DESCRIPTION CONNECTED VIA AS
-------------------------------------------------------
1 Blade in slot 1 System Controller 1 admin
COMMAND show system rollback
DESCRIPTION Displays the state of previous version software rollback details.
ARGUMENTS
This command has no arguments
EXAMPLE
The example below shows information when the rollback is idle:
syscon-1-active# show system rollback
system rollback state os-version 1.8.0-11909
system rollback state service-version 1.8.0-11909
system rollback state creation-time "2024-06-24 09:26:44+00:00"
system rollback state stage IDLE
The example below shows information when the rollback is completed:
syscon-1-active(config)# show system rollback
system rollback state os-version 1.8.0-7868
system rollback state service-version 1.8.0-7868
system rollback state creation-time "2024-03-27 04:44:31+00:00"
system rollback state stage COMPLETED
system rollback state status "Rollback completed with version 1.8.0-7818"
COMMAND show system security
DESCRIPTION Display the status of system services.
EXAMPLE
Display the currently-configured system services:
syscon-1-active# show system security
system security services service httpd
state ssl-ciphersuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA
system security services service sshd
state ciphers [ aes128-cbc aes128-ctr aes128-gcm@openssh.com aes256-cbc aes256-ctr aes256-gcm@openssh.com ]
state kexalgorithms [ diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 ]
COMMAND show system security state deny-root-ssh
DESCRIPTION Displays the status of system deny root SSH.
EXAMPLE
Display the currently-configured state of system deny root SSH:
syscon-1-active# show system security state deny-root-ssh
system security state deny-root-ssh enabled
syscon-1-active#
COMMAND show system settings
DESCRIPTION Display information about system idle timeout and webUI advisory banner.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the idle timeout for root users:
syscon-1-active# show system settings state idle-timeout
system settings state idle-timeout 8192
COMMAND show system snmp
DESCRIPTION Display SNMP system configuration.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured communities:
syscon-1-active# show system snmp communities
SECURITY
NAME NAME MODEL
--------------------------------------
v1-community v1-community [ v1 ]
Display information about configured targets:
syscon-1-active# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v3-target v3-target v3-user - - 192.0.2.224 5001 - -
Display information about configured users:
syscon-1-active# show system snmp users
AUTHENTICATION PRIVACY
NAME NAME PROTOCOL PROTOCOL
--------------------------------------------
v3-user v3-user md5 aes
COMMAND show system state
DESCRIPTION Display information about the system, such as hostname, login banner, and message of the day (MOTD) banner.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the current date and time:
syscon-1-active# show system state current-datetime
Display the hostname for the system:
syscon-1-active# show system state hostname
Display the login banner for the system:
syscon-1-active# show system state login-banner
Display the message of the day banner for the system:
syscon-1-active# show system state motd-banner
COMMAND show system telemetry instruments
DESCRIPTION Display information about supported instruments.
ARGUMENTS
This command has no arguments
EXAMPLES
Display all supported instrument information:
syscon-2-active# show system telemetry instruments
NAME DESCRIPTION
--------------------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs Report all F5OS logs file through the OpenTelemetry 'log' API
platform-log Export the F5OS platform log through the OpenTelemetry 'log' API
event-log Export the F5OS confd event log through the OpenTelemetry 'log' API
metrics Report all F5OS metrics through the OpenTelemetry 'metric' API
platform F5OS platform metrics such as: memory, disk, cpu, interface, file system, and RAID stats
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tmstat F5OS tmstat tables exported as metrics
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
COMMAND show system telemetry exporters
DESCRIPTION Display the current state of the exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
Display the current state of the exporter: Following example displays the state of an exporter with secure connection disabled:
syscon-2-active# show system telemetry exporters exporter test-mtls
system telemetry exporters exporter test-mtls
state enabled
state endpoint address 10.238.678.16
state endpoint port 4315
state instruments [ all ]
state tls secure false
COMMAND show system telemetry attributes
DESCRIPTION Display the attribute name and values for all the configured exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
syscon-2-active# show system telemetry attributes
KEY KEY VALUE
--------------------------------
test.key test.key test.value
COMMAND show system uptime
DESCRIPTION Displays information about system's uptime since the last reboot or power ON.
ARGUMENTS
This command has no arguments
EXAMPLE
Displays system's uptime information:
syscon-1-active# show system uptime
system uptime state uptime "1w, 1d, 2h, 5m, 45s"
COMMAND show system version
DESCRIPTION Display information about the currently-running system software version.
EXAMPLE
Display software version information:
syscon-1-active# show system version
system version os-version 1.6.0-7891
system version service-version 1.6.0-7891
system version product F5OS-C
COMMAND
SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry <community-name> snmpCommunityName <community-name> snmpCommunitySecurityName <community-name>
DESCRIPTION Configure an SNMP community.
ARGUMENTS
EXAMPLE
Configure the SNMP community name to be test_community
:
default-1(config)# SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry test_community snmpCommunityName test_community snmpCommunitySecurityName test_community
COMMAND
SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry <vacmSecurityModel> <community_name> vacmGroupName <group-name>
DESCRIPTION Configure SNMP VIEW BASED ACM for the given community. This configuration maps a combination of securityModel and securityName into a groupName that is used to define an access control policy for a group of principals.
ARGUMENTS
1
for SNMP v1, and the default value is 2
for SNMP v2c.Note: Use group-name as read-access
while configuring the SNMP VACM.
EXAMPLE
Configure the SNMP v2c VACM read access
group for community test_community
:
default-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 2 test_community vacmGroupName read-access
EXAMPLE
Configure the SNMP v1 VACM read access
group for community test_community
:
default-1(config)# SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry 1 test_community vacmGroupName read-access
IMPORTANT: To enable SNMP Traps, a DUT is required when configuring with snmpNotifyTable
, snmpTargetParamsTable
, and snmpTargetAddrTable
, as shown below.
COMMAND
SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry <snmpNotifyName> snmpNotifyTag <snmpNotifyName> snmpNotifyType trap
DESCRIPTION Configure the SNMP NOTIFICATION MIB Table. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
EXAMPLE
Configure the SNMP NOTIFICATION MIB entry to be v2_trap
for trap
notifications:
default-1(config)# SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry v2_trap snmpNotifyTag v2_trap snmpNotifyType trap
COMMAND
SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry <snmpTargetParamsName> snmpTargetParamsMPModel <snmpTargetParamsMPModel> snmpTargetParamsSecurityModel <snmpTargetParamsSecurityModel> snmpTargetParamsSecurityName <snmpTargetParamsSecurityName> snmpTargetParamsSecurityLevel <snmpTargetParamsSecurityLevel>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetParamsTable. This table is used in the generation of SNMP messages.
ARGUMENTS
**Note:** snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1)
**Note:** snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2)
**Note:** This must be one of the configured SNMP communities.
**Note:** This must be `noAuthNoPriv` for SNMP v1 and v2c.
EXAMPLES
Configure the SNMP snmpTargetParamsTable to be group2
for SNMP v2 model with test_community
:
default-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group2 snmpTargetParamsMPModel 1 snmpTargetParamsSecurityModel 2 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
Configure the SNMP snmpTargetParamsTable to be group1
for SNMP v1 model with test_community
:
default-1(config)# SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry group1 snmpTargetParamsMPModel 0 snmpTargetParamsSecurityModel 1 snmpTargetParamsSecurityName test_community snmpTargetParamsSecurityLevel noAuthNoPriv
COMMAND
SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry <snmpTargetAddrName> snmpTargetAddrTDomain <snmpTargetAddrTDomain> snmpTargetAddrTAddress <snmpTargetAddrTAddress> snmpTargetAddrTagList <snmpTargetAddrTagList> snmpTargetAddrParams <snmpTargetAddrParams>
DESCRIPTION Configure the SNMP-TARGET-MIB snmpTargetAddrTable. This table is used to select management targets that should receive notifications, as well as the type of notification that should be sent to each selected management target.
ARGUMENTS
**Note:** Use OID 1.3.6.1.6.1.1 for IPv4 and 1.3.6.1.2.1.100.1.2 for IPv6.
**Note:**
For an IPv4 address, the value should be ipv4 + port (6 dot-separated octets).
For an IPv6 address, the value should be ipv6 + port (18 dot-separated octets).
**Note:** This value must be one of the configured snmpNotifyTable rows (snmpNotifyName).
EXAMPLES
Configure the SNMP snmpTargetAddrTable to be v2_trap
with ipv4 address x.x.x.x
and port 6011
:
Port Octet Conversion:
6011 >> 8 = 23 (1st octet)
6011 & 255 = 123 (2nd octet)
default-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v2_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v2_trap snmpTargetAddrParams group2
Configure the SNMP snmpTargetAddrTable to be v1_trap
with ipv4 address x.x.x.x
and port 6011
:
default-1(config)# SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry v1_trap snmpTargetAddrTDomain 1.3.6.1.6.1.1 snmpTargetAddrTAddress x.x.x.x.23.123 snmpTargetAddrTagList v1_trap snmpTargetAddrParams group1
COMMAND
SNMPv2-MIB system
DESCRIPTION Configure the SNMP system information such as system contact, location, and name.
ARGUMENTS
EXAMPLES
The example configures SNMP name, location and contact:
default-1(config)# SNMPv2-MIB system sysName f5System sysLocation boston sysContact support@f5.com
COMMAND abort
DESCRIPTION Abort a configuration session.
ARGUMENTS This command has no arguments.
COMMAND annotate
DESCRIPTION Associate an annotation (comment) with a given configuration or validation statement or pattern. To remove an annotation, leave the text empty.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND commit
DESCRIPTION Commit the current set of changes.
ARGUMENTS
persist-id
argument.COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND copy
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND describe
DESCRIPTION Display detailed information about a command.
ARGUMENTS
COMMAND do
DESCRIPTION Run a command in operational (user) mode.
ARGUMENTS
COMMAND end
DESCRIPTION Exit configuration mode. If no changes have been made, you are prompted to save the changes before exiting configuration mode.
ARGUMENTS
COMMAND exit
DESCRIPTION Exit from the current mode in the configuration or exit configuration mode completely.
ARGUMENTS
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND insert
DESCRIPTION Insert a parameter or element.
ARGUMENTS
COMMAND move
DESCRIPTION Move an element or parameter.
ARGUMENTS
COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND resolved
DESCRIPTION Indicate that conflicts have been resolved.
ARGUMENTS This command has no arguments.
COMMAND revert
DESCRIPTION Copy the running configuration.
ARGUMENTS
COMMAND rollback
DESCRIPTION Roll back database to last committed version
ARGUMENTS
current running configuration. The oldest configuration is the one with highest number. <number> Select rollback version
COMMAND show
DESCRIPTION Display a specified parameter.
ARGUMENTS
COMMAND tag
DESCRIPTION Configure statement tags.
ARGUMENTS
COMMAND top
DESCRIPTION Exit to the top level of the configuration hierarchy. You can optionally run a command after exiting to the top level.
ARGUMENTS
COMMAND validate
DESCRIPTION
Verify that the candidate configuration contains no errors. This performs the same operation as commit check
.
ARGUMENTS This command has no arguments.
COMMAND cluster nodes node <blade-num> config
DESCRIPTION Configure whether a node is enabled or disabled in a partition.
ARGUMENTS
EXAMPLE
Disable blade-1 in the partition:
default-1(config)# cluster nodes node blade-1 config disabled
COMMAND cluster nodes node <blade-num> reboot
DESCRIPTION Reboot a node in the partition.
ARGUMENTS
This command has no arguments.
EXAMPLE
Reboot blade-1:
default-1(config)# cluster nodes node blade-1 reboot
COMMAND cluster disk-usage-threshold config critical-limit
DESCRIPTION Configure the percentage of disk usage allowed before triggering a critical alarm.
ARGUMENTS
COMMAND cluster disk-usage-threshold config error-limit
DESCRIPTION Configure the percentage of disk usage allowed before triggering an error alarm.
ARGUMENTS
COMMAND cluster disk-usage-threshold config growth-rate-limit
DESCRIPTION Configure the percentage of disk usage growth rate allowed.
ARGUMENTS
COMMAND cluster disk-usage-threshold config interval
DESCRIPTION Configure the interval measured, in minutes, at which disk usage is monitored.
ARGUMENTS
COMMAND cluster disk-usage-threshold config warning-limit
DESCRIPTION Configure the percentage of disk usage allowed before triggering a warning alarm.
ARGUMENTS
COMMAND cluster reboot
DESCRIPTION Reboot cluster nodes.
ARGUMENTS
COMMAND fdb mac-table entries entry
DESCRIPTION Configure a Layer 2 forwarding database (FDB) entry in the system.
IMPORTANT: The FDB table is managed by the system, and manual configuration requires intricate knowledge of the hardware data path. You should configure an FDB object only under the guidance of F5 Technical Support. Manually configuring FDB objects can potentially impact the flow of network traffic through the system.
ARGUMENTS
xx:xx:xx:xx:xx:xx
.COMMAND file config concurrent-operations-limit
DESCRIPTION Specify how many concurrent file operations are allowed at a time.
ARGUMENTS
COMMAND file known-hosts known-host
DESCRIPTION Add the IP address (and therefore, the public key) of a specified remote-host to the system known_hosts file.
ARGUMENTS
COMMAND file import
DESCRIPTION
Transfer a file from a chassis partition to a remote system. These directories are available for use for file import
operations on the chassis partition:
ARGUMENTS
EXAMPLE
Transfer a file named myfile.iso
from the remote host files.company.com
on port 443
to the images
directory on the chassis partition:
default-1# file import local-file images remote-file images/myfile.iso remote-host files.company.com remote-port 443
result File transfer is initiated.(images/myfile.iso)
COMMAND file export
DESCRIPTION
Transfer a file from a chassis partition to a remote system. These directories are available for use for file export
operations on the chassis partition:
ARGUMENTS
EXAMPLE
Transfer a file named velos.log
from the local host to the /home/jdoe/
directory at files.company.com
, using the username jdoe
:
default-1# file export local-file log/velos.log remote-host files.company.com remote-file home/jdoe/velos.log username jdoe password
Value for 'password' (<string>): *********
result File transfer is initiated.(log/velos.log)
COMMAND file delete
DESCRIPTION
Delete a specified file from the chassis partition. You can use file delete
only on files in the diags/shared
directory.
ARGUMENTS
EXAMPLE
Delete a specified QKView file from the system:
default-1# file delete file-name diags/shared/qkview/default-76ee4321-786d-11eb-a48b-12345a000007-qkview.tar.gz
result Deleting the file
COMMAND file transfer-status
DESCRIPTION Display the status of file transfer operations.
ARGUMENTS
EXAMPLE
Check the status of file transfers:
default-1-active# file transfer-status
result
S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status
1 |Import file|HTTPS |/images/myfile.iso |files.company.com |images/myfile.iso |In Progress (15.0%)
COMMAND file list
DESCRIPTION Display a list of directories and files in a specified path.
ARGUMENTS
EXAMPLE
Display a list of files in /images
:
default-1# file list path images
entries {
name
BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
}
COMMAND file show
DESCRIPTION Display the contents of a specified file.
ARGUMENTS
EXAMPLE
Display the contents of the file log/velos.log
:
default-1# file show log/velos.log
2021-02-26T18:23:05.160009+00:00 controller-1(p1) partition-bladesd[7]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2021-02-26T18:23:05.161038+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000002 msg="tcpdumpd-master starting" VERSION="1.3.18" DATE="Wed Feb 10 17:04:45 2021".
2021-02-26T18:23:05.161047+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="/usr/bin/tcpdumpd_master".
2021-02-26T18:23:05.161053+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="-r".
2021-02-26T18:23:05.161057+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="1".
2021-02-26T18:23:05.161062+00:00 controller-1(p1) tcpdumpd-master[10]: priority="Notice" version=1.0 msgid=0x5402000000000004 msg="tcpdumpd-master args." ARGS="-l".
2021-02-26T18:23:05.161067+00:00 controller-1(p1) partition-bladesd[7]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
...
COMMAND file tail
DESCRIPTION Display only the last 10 lines of a specified file.
ARGUMENTS
EXAMPLES
Display only the last 10 lines of log/velos.log
:
default-1# file tail log/velos.log
2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:39:49+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
Display the last 10 lines of log/velos.log
and keep appending output as the file grows:
default-1# file tail -f log/velos.log
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:40:48+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:41:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
Display only the last five lines of log/velos.log
:
default-1# file tail -n 5 log/velos.log
2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_0.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.1'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.2'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
2021-03-16T00:42:53+00:00 100.65.17.7 blade-7(p1) diag-agent[1]: priority="Err" msg="Event: 'Task OnEvent 'tmstat:atse-gbx-stat' Error: 'unable to find ATSE Gearbox component for name='portgroup_1.3'''", severity="Error", area="Task", task="ATSE Monitor", profile="Functional FPGA Monitoring" container="diag-agent" level="Error" interface="psf-diag-agent"
COMMAND images remove
DESCRIPTION Remove a tenant image.
ARGUMENTS
EXAMPLE
Remove the .bundle file named BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
:
partition1(config)# images remove name BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
result Successful.
COMMAND interfaces interface
DESCRIPTION Configure network interface attributes.
ARGUMENTS
ieee8023adLag
when creating LAG interfaces.EXAMPLE
Configure a description for interface 1.0 on blade-1 and verify that it was configured correctly:
default-1(config)# interfaces interface 1/1.0 config description "40G Link"
default-1(config-interface-1/1.0)# commit
Commit complete.
default-1(config-interface-1/1.0)# exit
default-1(config)# exit
default-1# show running-config interfaces interface 1/1.0 config
interfaces interface 1/1.0
config name 1/1.0
config type ethernetCsmacd
config description "40G Link"
config enabled
!
COMMAND interfaces interface <lag-name> aggregation config
DESCRIPTION Configure LAGs and their attributes.
ARGUMENTS
EXAMPLE
Create a LAG named test-lag
that uses dst-mac
for the hash, assign trunk VLAN IDs 99
and 101
, and then verify that it was configured correctly:
default-1(config)# interfaces interface test-lag aggregation config distribution-hash dst-mac
default-1(config)# commit
default-1(config)# interfaces interface test-lag aggregation switched-vlan config trunk-vlans { 99 101 }
default-1(config)# commit
default-1# show running-config interfaces interface test-lag aggregation switched-vlan config
interfaces interface test-lag
aggregation switched-vlan config trunk-vlans { 99 101 }
!
COMMAND interfaces interface ethernet
DESCRIPTION Configure physical interfaces attributes.
ARGUMENTS
COMMAND interfaces interface <interface> config forward-error-correction
DESCRIPTION Configure the forward error correction for an interface.
ARGUMENTS
interfaces interface <interface> config forward-error-correction
Example
default-1(config)# interfaces interface 3/1.0 config forward-error-correction
Possible completions:
auto disabled enabled
COMMAND iptunnels iptunnel geneve
DESCRIPTION Configure network virtualization using GENEVE (Generic Network Virtualization Encapsulation) tunnel.
ARGUMENTS
true
to enable support for IP tunnel type or false
to disable it. The default value is false
.COMMAND iptunnels iptunnel nvgre
DESCRIPTION Configure network virtualization using NVGRE (Network Virtualization using Generic Routing Encapsulation) tunnel.
ARGUMENTS
ethertype
are a hexadecimal value, with a leading '0x' followed by 4 digits.COMMAND iptunnels iptunnel vxlan
DESCRIPTION Configure network virtualization using VXLAN (Virtual Extensible LAN) multipoint tunnel.
ARGUMENTS
true
to enable support for VXLAN GPE tunnel type or false
to disable it. The default value is false
.true
to enable support for VXLAN GPE NSH tunnel type or false
to disable it. The default value is false
.COMMAND lacp config system-priority
DESCRIPTION
System priority and system MAC are combined as system-id
, which is required by the LACP protocol. Each partition has a system mac which is not configurable. The default system priority is 32768.
ARGUMENTS
EXAMPLES
Configure system priority to be 1000
:
default-1(config)# lacp config system-priority 1000
COMMAND lacp interfaces interface
DESCRIPTION
Configure LACP to manage the LAG interface. To use LACP to manage a LAG interface, the LAG interface must already exist or be created first. LAG interfaces can have multiple interface members, and the LAG interface state is up as long as there is at least one active member. There must be valid VLANs attached to LAG interface to pass user traffic. Be sure that the VLAN exists before attaching it to a LAG interface.
ARGUMENTS
FAST
to have packets sent every second. Set the interval to SLOW
to have packets sent every 30 seconds.PASSIVE
to place a port into a passive negotiating state, in which the port responds to received LACP packets, but does not initiate LACP negotiation. Set to ACTIVE
to place a port into an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets.EXAMPLES
Configure an LACP interface, set it to place the port into an active negotiating state, and set the interval to have packets sent every second:
default-1(config)# lacp interfaces interface lag1 config lacp-mode ACTIVE interval FAST
Create a LAG interface named lag1
with the type ieee8023adLag
:
default-1(config)# interfaces interface lag1 config type ieee8023adLag; commit
Enable LACP on a LAG interface named lag1
:
default-1(config)# interfaces interface lag1 aggregation config lag-type LACP; commit
Create an LACP interface named lag1
with default parameters (internal
is set to SLOW
, lacp-mode
is set to ACTIVE
):
default-1(config)# lacp interfaces interface lag1 config name lag1; commit
Add interface 1/1.0 and 1/2.0 as interface members into a LAG named lag1
:
default-1(config)# interfaces interface 1/1.0 ethernet config aggregate-id lag1
default-1(config)# interfaces interface 1/2.0 ethernet config aggregate-id lag1
default-1(config)# commit
Attach VLANs 1000 and 1001 to a LAG interface named lag1
:
default-1(config)# interfaces interface lag1 aggregation switched-vlan config trunk-vlans { 1000 1001 }
default-1(config)# commit
COMMAND lldp config
DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
10
.2
.2
.4
.30
.EXAMPLE
Configure a system-description for LLDP and verify that it was configured correctly:
default-1(config)# lldp config system-description "Test system description"
default-1(config)# commit
Commit complete.
default-1(config)# exit
default-1# show running-config lldp config
lldp config enabled
lldp config system-description "Test system description"
lldp config tx-interval 30
lldp config tx-hold 4
lldp config reinit-delay 2
lldp config tx-delay 2
lldp config max-neighbors-per-port 10
COMMAND lldp interfaces interface
DESCRIPTION Configure Link Layer Discovery Protocol (LLDP) for an interface.
ARGUMENTS
type: string description: The name of the interface. The minimum length is 1 character, and the maximum length is 63 characters.
EXAMPLE
Create an LLDP interface:
default-1(config)# lldp interfaces interface 1/1.0 config name 1/1.0
COMMAND lldp interfaces interface <interface-name> config
DESCRIPTION Configure LLDP attributes for an interface.
ARGUMENTS
EXAMPLE
Configure a tlv-advertisement-state for LLDP interface 1.0 on blade-1 and verify that it was configured correctly:
default-1(config)# lldp interfaces interface 1/1.0 config tlv-advertisement-state txrx
default-1(config-interface-1/1.0)# commit
Commit complete.
default-1(config-interface-1/1.0)# top
default-1(config)# exit
default-1# show running-config lldp interfaces interface 1/1.0
lldp interfaces interface 1/1.0
config name 1/1.0
config enabled
config tlv-advertisement-state txrx
config tlvmap chassis-id,port-id,ttl,port-description,system-name,system-description,system-capabilities,pvid,ppvid,vlan-name,protocol-identity,macphy,link-aggregation,power-mdi,mfs,product-model
!
COMMAND portgroups portgroup
DESCRIPTION Configure port group attributes.
ARGUMENTS
EXAMPLE
Configure a port group on blade-1 to use a DDM polling frequency of 20 seconds:
default-1(config)# portgroups portgroup 1/1 config ddm ddm-poll-frequency 20
---
Configure the port mode on blade 1 to be MODE_40GB:
---
default-1(config-portgroup-1/1)# portgroups portgroup 1/2 config mode MODE_40GB
default-1(config-portgroup-1/2)# commit
The following warnings were generated:
'portgroups portgroup': Blade(s) 1 will reboot
Proceed? [yes,no] no
COMMAND qos global-setting
DESCRIPTION Configure whether Quality of Service (QOS) is disabled or enabled for either 802.1p or DSCP.
ARGUMENTS
EXAMPLE
Enable QOS for DSCP:
default-1(config)# qos global-setting config status DSCP-enabled
COMMAND qos global-setting config mapping-8021p
DESCRIPTION Configure traffic priorities for 802.1p values.
ARGUMENTS
EXAMPLE
Create a traffic priority for VOIP traffic to numeric priority 7
:
default-1(config)# qos global-setting config mapping-8021p traffic-priority VOIP value 7
COMMAND qos global-setting config mapping-DSCP
DESCRIPTION Configure traffic priorities for DSCP values.
ARGUMENTS
COMMAND qos global-setting config traffic-priorities traffic-priority
DESCRIPTION Create traffic priorities
ARGUMENTS
EXAMPLE
Create a traffic priority named VOIP
:
default-1(config)# qos global-setting config traffic-priorities traffic-priority VOIP
COMMAND qos meter-setting config interfaces interface
DESCRIPTION Map a meter group for a selected interface.
ARGUMENTS
EXAMPLE
Assign port 1/1.0
to a meter group named mg1
:
default-1(config)# qos meter-setting config interfaces interface 1/1.0 meter-group mg1
COMMAND qos meter-setting config meter-groups meter-group
DESCRIPTION Create a meter group.
ARGUMENTS
EXAMPLE
Create a meter group named mg1
and assign weights to a traffic priority named VOIP
:
default-1(config)# qos meter-setting config meter-groups meter-group mg1 meters traffic-priority VOIP weight 120
COMMAND stp
DESCRIPTION Configure Spanning Tree Protocol (STP) on the system.
COMMAND stp global config enabled-protocol
DESCRIPTION
Configures whether Spanning Tree Protocol (STP) is enabled on the partition. If empty, STP is disabled. There can be only one spanning tree protocol enabled at a time. When configuring anything for stp stp, stp rstp, or stp mstp, ensure that the respective protocol has been configured as the global enabled-protocol
.
When any spanning-tree protocol is configured, all interfaces in the partition not configured for the respective spanning-tree protocol will be blocked to avoid broadcast storms. Deleting the enabled-protocol removes the blocking state.
ARGUMENTS
EXAMPLE
Enable STP as the as the global STP protocol and verify that it was configured correctly:
default-1(config)# stp global config enabled-protocol { STP } ; commit
Commit complete.
default-1(config)# show full-configuration stp global
stp global config enabled-protocol { STP }
Enable RSTP as the as the global STP protocol and verify that it was configured correctly:
default-1(config)# stp global config enabled-protocol { RSTP } ; commit
Commit complete.
default-1(config)# show full-configuration stp global
stp global config enabled-protocol { RSTP }
Enable MSTP as the as the global STP protocol and verify that it was configured correctly:
default-1(config)# stp global config enabled-protocol { MSTP } ; commit
Commit complete.
default-1(config)# show full-configuration stp global
stp global config enabled-protocol { MSTP }
Disable STP on the partition:
default-1(config)# no stp global config enabled-protocol ; commit
Commit complete.
default-1(config)# show full-configuration stp global
% No entries found.
COMMAND stp interfaces interface
DESCRIPTION Configure specific STP features for an interface.
ARGUMENTS
COMMAND stp mstp config
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.
ARGUMENTS
EXAMPLES
Configure MSTP named my-region
with a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds, a hold count of 7 BPDUs per second, a revision level of 1, and a maximum hop of 21 hops, and then verify that it was configured correctly:
default-1(config)# stp mstp config forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 name my-region revision 1 max-hop 21 ; commit
Commit complete.
default-1(config)# show full-configuration stp mstp config
stp mstp config name my-region
stp mstp config revision 1
stp mstp config max-hop 21
stp mstp config hello-time 3
stp mstp config max-age 21
stp mstp config forwarding-delay 16
stp mstp config hold-count 7
COMMAND stp mstp mst-instances mst-instance
DESCRIPTION Configure a specific MST instance.
ARGUMENTS
EXAMPLE
Configure MST instance 5 with a bridge priority of 36864, MST identifier of 5, and mapped to VLANs 100 and 101, and then verify that it was configured correctly:
default-1(config)# stp mstp mst-instances mst-instance 5 config bridge-priority 36864 mst-id 5 vlan { 100 101 }
default-1(config-mst-instance-5)# commit
Commit complete.
default-1(config-mst-instance-5)# show full
stp mstp mst-instances mst-instance 5
config mst-id 5
config vlan { 100 101 }
config bridge-priority 36864
!
COMMAND stp mstp mst-instances mst-instance {mst-id} interfaces interface
DESCRIPTION Configure data for MSTP on each interface. Must be configured in conjunction with an STP interface
ARGUMENTS
EXAMPLE
Configure MST instance 5 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
default-1(config)# show full-configuration stp interfaces
stp interfaces interface 1/1.0
config name 1/1.0
config edge-port EDGE_AUTO
config link-type P2P
!
default-1(config)# stp mstp mst-instances mst-instance 5 interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
Commit complete.
default-1(config-interface-1/1.0)# top
default-1(config)# show full-configuration stp mstp mst-instances mst-instance 5
stp mstp mst-instances mst-instance 5
config mst-id 5
config vlan { 100 101 }
config bridge-priority 36864
interfaces interface 1/1.0
config name 1/1.0
config cost 100
config port-priority 128
!
COMMAND stp rstp config
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the RSTP protocol.
ARGUMENTS
EXAMPLES
Configure RSTP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds,and a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:
default-1(config)# stp rstp config bridge-priority 36864 forwarding-delay 16 hello-time 3 max-age 21 hold-count 7 ; commit
Commit complete.
default-1(config)# show full-configuration stp rstp config
stp rstp config hello-time 3
stp rstp config max-age 21
stp rstp config forwarding-delay 16
stp rstp config hold-count 7
stp rstp config bridge-priority 36864
COMMAND stp rstp interfaces interface
DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.
ARGUMENTS
EXAMPLE
Configure RSTP instance 1/1.0 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
default-1(config)# show full-configuration stp interfaces
stp interfaces interface 1/1.0
config name 1/1.0
config edge-port EDGE_AUTO
config link-type P2P
!
default-1(config)# stp rstp interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
Commit complete.
default-1(config-interface-1/1.0)# show full
stp rstp interfaces interface 1/1.0
config name 1/1.0
config cost 100
config port-priority 128
!
COMMAND stp stp config bridge-priority
DESCRIPTION Configure the system to handle spanning tree frames (BPDUs) in accordance with the MSTP protocol.
ARGUMENTS
EXAMPLES
Configure STP with a bridge priority of 36864, a forwarding delay of 16 seconds, a hello time of 3 seconds, a maximum age of 21 seconds,and a hold count of 7 BPDUs per seconds, and then verify that it was configured correctly:
default-1(config)# stp stp config bridge-priority 36864 forwarding-delay 16 hello-time 3 hold-count 7 max-age 21 ; commit
Commit complete.
default-1(config)# show full-configuration stp stp config
stp stp config hello-time 3
stp stp config max-age 21
stp stp config forwarding-delay 16
stp stp config hold-count 7
stp stp config bridge-priority 36864
COMMAND stp stp interfaces interface
DESCRIPTION Configuration data for MSTP on each interface. Must be configured in conjunction with an STP interface.
ARGUMENTS
EXAMPLE
Configure STP instance 1/1.0 with interface 1.0 on blade-1, with a cost of 100 and a port priority of 128, and then verify that it was configured correctly:
default-1(config)# show full-configuration stp interfaces
stp interfaces interface 1/1.0
config name 1/1.0
config edge-port EDGE_AUTO
config link-type P2P
!
default-1(config)# stp stp interfaces interface 1/1.0 config name 1/1.0 cost 100 port-priority 128 ; commit
Commit complete.
default-1(config-interface-1/1.0)# show full
stp stp interfaces interface 1/1.0
config name 1/1.0
config cost 100
config port-priority 128
!
COMMAND system aaa authentication config authentication-method
DESCRIPTION Specify which authentication methods can be used to authenticate and authorize users. You can enable all methods and indicate the order in which you'd like the methods to be attempted when a user logs in.
ARGUMENTS
EXAMPLE
Attempt to authenticate in this order: LDAP, then RADIUS, and then local (/etc/password
):
default-1(config)# system aaa authentication config authentication-method { LDAP_ALL RADIUS_ALL LOCAL }
COMMAND system aaa authentication config basic
DESCRIPTION
Specify whether to use basic authentication (user name and password) on the system.
ARGUMENTS
enabled
to enable basic authentication or disabled
to disable it. The default value is enabled
.Note: When the system aaa authentication config basic
is changed from enabled to disabled or vice versa, the system prompts for your confirmation to proceed to restart the HTTP service.
EXAMPLE
Enable basic authentication from disable:
default-1(config)# system aaa authentication config basic disabled
default-1(config)# commit
default-1(config)# system aaa authentication config basic enabled
Changing the basic auth will restart the HTTP service.Proceed? { yes, no } yes
default-1(config)# commit
COMMAND system aaa authentication config cert-auth
DESCRIPTION Specify whether to use client certificates for authentication.
ARGUMENTS
enabled
to enable client certificate authentication or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable client certificates for authentication:
default-1(config)# system aaa authentication config cert-auth enabled
COMMAND system aaa authentication clientcert config client-cert-name-field
DESCRIPTION
Specify the client certificate name, which is the field from which the username is extracted from the client certificate. The extracted username must exist in the system before a user logs in and authenticates. Otherwise, the login will fail. This option is visible and configurable only when you have enabled cert-auth
.
If you use LDAP as an authentication method, the LDAP server must be configured before you configure client certificate authentication, and the extracted username from the client certificate must match the existing user in the LDAP server.
ARGUMENTS
EXAMPLES
Use subjectname-cn as the client certificate name field:
default-1# system aaa authentication clientcert config client-cert-name-field subjectname-cn
Configure an OID using three different valid formats:
default-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID UPN
default-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.1
default-1(config)# system aaa authentication clientcert config client-cert-name-field san-gen-othername OID 1.3.6.1.4.1.311.20.2.3
COMMAND system aaa authentication ldap active_directory
DESCRIPTION Specify whether to enable LDAP Active Directory (AD) on the chassis partition.
ARGUMENTS
true
to enable LDAP AD or false
to disable it. The default value is false
.EXAMPLE
Enable LDAP AD on the system:
default-1-active(config)# system aaa authentication ldap active_directory true
COMMAND system aaa authentication ldap base
DESCRIPTION Specify the search base distinguished name (DN) for LDAP authentication. Note that the configuration of base values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters. These must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
Search for a specified distinguished name:
default-1(config)# system aaa authentication ldap base dc=xyz,dc=com
default-1(config)# system aaa authentication ldap base { dc=xyz,dc=com dc=abc,dc=com }
COMMAND system aaa authentication ldap bind_timelimit
DESCRIPTION Specify a maximum amount of time to wait for LDAP authentication to return a result.
ARGUMENTS
30
.EXAMPLE
Set a maximum bind time limit of 60
seconds:
default-1(config)# system aaa authentication ldap bind_timelimit 60
COMMAND system aaa authentication ldap binddn
DESCRIPTION Specify the distinguished name (DN) of an account that can search the base DN. If no account is specified, the LDAP connection establishes without authentication. Note that the configuration of binddn values are case-sensitive and must be a full DN path. This includes spaces, commas, and other characters; these must be the same as what is configured in the LDAP server.
ARGUMENTS
EXAMPLE
Set the distinguished name of a specified account for searching the base DN:
default-1(config)# system aaa authentication ldap binddn cn=admin,dc=xyz,dc=com
COMMAND system aaa authentication ldap bindpw
DESCRIPTION Specify the password of the search account identified in binddn.
ARGUMENTS
EXAMPLE
Specify a password for the search account on the LDAP server:
default-1(config)# system aaa authentication ldap bindpw <password\>
COMMAND system aaa authentication ldap chase-referrals
DESCRIPTION Specify whether automatic referral chasing should be enabled.
ARGUMENTS
true
to enable referral chasing or false
to disable it. The default value is false
.COMMAND system aaa authentication ldap idle_timelimit
DESCRIPTION Configure the maximum amount of time before the LDAP connection can be inactive before it times out.
ARGUMENTS
30
.EXAMPLE
Set a maximum idle timeout of 60
seconds:
default-1(config)# system aaa authentication ldap idle_timelimit 60
COMMAND system aaa authentication ldap ldap_version
DESCRIPTION Specify the LDAP protocol version number.
ARGUMENTS
3
.EXAMPLE
Specify that LDAPv3 is used for the LDAP server:
default-1(config)# system aaa authentication ldap ldap_version 3
COMMAND system aaa authentication ldap ssl
DESCRIPTION Specify whether to enable Transport Layer Security (TLS) functionality for the LDAP server.
ARGUMENTS
EXAMPLE
Specify that TLS is enabled for all connections:
default-1(config)# system aaa authentication ldap ssl on
COMMAND system aaa authentication ldap timelimit
DESCRIPTION Specify a maximum time limit to use when performing LDAP searches to receive an LDAP response.
ARGUMENTS
EXAMPLE
Specify a maximum time limit of 60
seconds for LDAP searches.
default-1(config)# system aaa authentication ldap timelimit 60
COMMAND system aaa authentication ldap tls_cacert
DESCRIPTION Specify the CA certificate to be used for authenticating the TLS connection with the CA server. Also validates an issued certificate from a CA prior to accepting it into the system.
ARGUMENTS
EXAMPLE
Specify a certificate for authenticating the TLS connection:
default-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND system aaa authentication ldap tls_cert
DESCRIPTION Specify the file that contains the certificate for the client's key.
ARGUMENTS
EXAMPLE
Specify a file that contains the certificate for a client's key:
default-1(config)# system aaa authentication ldap tls_cacert <path-to-cacert>.pem
COMMAND system aaa authentication ldap tls_ciphers
DESCRIPTION Specify acceptable cipher suites for the TLS library in use. For example, ECDHE-RSAAES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
ARGUMENTS
EXAMPLE
Specify the cipher suite for the TLS library in use:
default-1(config)# system aaa authentication ldap tls_cyphers <cipher-suite>
COMMAND system aaa authentication ldap tls_key
DESCRIPTION
Specify the file that contains the the private key that matches the certificates that you configured with the system aaa authentication ldap tls_cert
command.
ARGUMENTS
system aaa authentication ldap tls_cert
command.COMMAND system aaa authentication ldap tls_reqcert
DESCRIPTION
Specify what checks to perform on certificates in a TLS session. The default value is never
.
ARGUMENTS
EXAMPLE
Specify that a certificate is not required for a TLS session:
default-1(config)# system aaa authentication ldap tls_reqcert never
COMMAND system aaa authentication ocsp config
DESCRIPTION Specify whether to use Online Certificate Status Protocol (OCSP) for certificate validation.
ARGUMENTS
enabled
to enable OCSP or disabled
to disable it. The default value is disabled
.COMMAND system aaa authentication ocsp config nonce-request
DESCRIPTION Specify whether queries to Online Certificate Status Protocol (OCSP) responders should include a nonce (a unique identifier) in the request.
ARGUMENTS
on
to enable nonce or off
to disable it. The default value is on
.EXAMPLE
Enable nonce for OCSP:
default-1(config)# system aaa authentication ocsp config nonce-request on
COMMAND system aaa authentication ocsp config override-responder
DESCRIPTION Specify whether the Online Certificate Status Protocol (OCSP) default responder is required for certificate validation.
ARGUMENTS
on
to require the OCSP default responder URI or off
to disable the requirement. The default value is off
.EXAMPLE
Specify that the default responder is required:
default-1(config)# system aaa authentication ocsp config override-responder on
COMMAND system aaa authentication ocsp config response-max-age
DESCRIPTION Specify the maximum amount of time, in seconds, for Online Certificate Status Protocol (OCSP) responses.
ARGUMENTS
EXAMPLE
Specify a maximum response age:
default-1(config)# system aaa authentication ocsp config response-max-age 2
COMMAND system aaa authentication ocsp config response-time-skew
DESCRIPTION Specify the maximum allowable time skew, in seconds, for Online Certificate Status Protocol (OCSP) response validation.
ARGUMENTS
EXAMPLE
Specify a maximum time for response validation:
default-1(config)# system aaa authentication ocsp config response-time-skew 52
COMMAND system aaa authentication roles role
DESCRIPTION Specify the primary role assigned to the user.
ARGUMENTS
EXAMPLE
Configure which rolename and system group ID is used for a specified role:
default-1(config)# system aaa authentication roles role <rolename> config rolename <rolename> gid <unix-gid>
Configure a remote GID for a specified role:
default-1(config)# system aaa authentication roles role admin config remote-gid
(<unsignedInt>) (9000): 6000
Configure an LDAP group for a specified role:
default-1(config)# system aaa authentication roles role admin config ldap-group
(<string>): cn=my_ldap_group
COMMAND system aaa authentication users user
DESCRIPTION Configure options for users.
ARGUMENTS
-1
(no expiration date). Use 1
to indicate expired.0
to force a password change.EXAMPLE
Configure a user named jdoe
so that the user must change their password at their next log in and indicated that the account has no expiration date:
default-1(config)# system aaa authentication users user jdoe config last-change 0 expiry-date -1
COMMAND system aaa password-policy config apply-to-root
DESCRIPTION
Specify whether to enforce password policies when the user configuring passwords is the root user. If enabled (true
), the system returns an error on failed check if the root user changing the password. If disabled (false
), the system displays a message about the failed check, but allows the root user to change the password and bypass password policies.
ARGUMENTS
true
to enforce password policies even if it is the root user configuring passwords or false
to disable it. The default value is false
.COMMAND system aaa password-policy config max-age
DESCRIPTION Configure the number of days that users can keep using the same password without changing it.
ARGUMENTS
COMMAND system aaa password-policy config max-class-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters, digits, or special characters (such as '!@#$%') are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config max-letter-repeat
DESCRIPTION Configure how many repeated lowercase letters are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config max-login-failures
DESCRIPTION Configure the maximum number of unsuccessful login attempts that are permitted before a user is locked out.
ARGUMENTS
COMMAND system aaa password-policy config max-sequence-repeat
DESCRIPTION Configure how many repeated upper/lowercase letters or digits are allowed in the password. Passwords that do not meet this requirement are invalid.
ARGUMENTS
COMMAND system aaa password-policy config min-length
DESCRIPTION
Configure a minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9
. If you want to allow passwords that are as short as 5 characters, you should not use min-length
.
ARGUMENTS
COMMAND system aaa password-policy config reject-username
DESCRIPTION Check whether the user name is contained in the new password, either in straight or reversed form. If it is found, the new password is rejected.
ARGUMENTS
false
to allow the user name in a new password or true
to reject new passwords that contain the user name in some form. The default value is false
.COMMAND system aaa password-policy config required-differences
DESCRIPTION Configure the number of character changes that are required in the new password that differentiate it from the old password.
ARGUMENTS
5
.COMMAND system aaa password-policy config required-lowercase
DESCRIPTION Configure the minimum number of lowercase character required for a password.
ARGUMENTS
COMMAND system aaa password-policy config required-numeric
DESCRIPTION Configure the minimum number of numeric characters required for a password.
ARGUMENTS
COMMAND system aaa password-policy config required-special
DESCRIPTION Configure the minimum number of numeric characters required for a password. minimum number of special characters required for a password.
ARGUMENTS
COMMAND system aaa password-policy config required-uppercase
DESCRIPTION Configure the minimum number of numeric characters required for a password. minimum number of uppercase characters required for a password.
ARGUMENTS
COMMAND system aaa password-policy config retries
DESCRIPTION Configure the number of retries allowed when user authentication is unsuccessful.
ARGUMENTS
COMMAND system aaa password-policy config root-lockout
DESCRIPTION Configure whether the root account can be locked out after unsuccessful login attempts.
ARGUMENTS
false
to disable root lockout after a number of unsuccessful login attempts or true
to enable it. The default value is false
.COMMAND system aaa password-policy config root-unlock-time
DESCRIPTION Configure the time in seconds before the root user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts.
ARGUMENTS
COMMAND system aaa password-policy config unlock-time
DESCRIPTION Configure the time in seconds before a user can retry logging in after exceeding the maximum number of allowed unsuccessful authentication attempts. If this option is not configured, the account is locked until the lock is removed manually by an administrator.
ARGUMENTS
COMMAND system aaa restconf-token config lifetime
DESCRIPTION Specify a token lifetime for RESTCONF.
ARGUMENTS
15
.EXAMPLE
Configure the token lifetime to be 120 minutes:
default-1(config)# system aaa restconf-token config lifetime 120
COMMAND system aaa restconf-token invalidate id
DESCRIPTION Invalidate a RESTCONF token.
ARGUMENTS
EXAMPLE
The example below show invalidating a token:
default-1(config)# system aaa restconf-token invalidate id eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTZXNzaW9uIElEIjoidGVzdDExNzE4MzQ0NjA3IiwiYXV0aGluZm8iOiJhZG1pbiAxMDA0IDkwMDAgXC92YXJcL0Y1XC9zeXN0ZW0iLCJidWZmZXJ0aW1lbGltaXQiOiIxMDAiLCJleHAiOjE3MTgzNDQ5MDcsImlhdCI6MTcxODM0NDYwNywicmVuZXdsaW1pdCI6IjUiLCJ1c2VyaW5mbyI6InRlc3QxIDE3Mi4xOC4yMzguODkifQ.5rnyGIoZ9rTRGRMSnJ_1HRoNEvYvRwI0609qWG6nZzU
COMMAND system aaa server-groups server-group
DESCRIPTION Configure one or more AAA servers of type RADIUS, LDAP, or TACACS+. The first server in the list is always used by default unless it is unavailable, in which case the next server in the list is used. You can configure the order of servers in the server group.
ARGUMENTS
3
(seconds).389
.LDAP
(LDAP over TCP).EXAMPLE
Create a server group named radius-test
of type RADIUS
, assign a specific RADIUS server with the group, and then configure a secret key:
default-1(config)# system aaa server-groups server-group radius-test
default-1(config-server-group-radius-test)# config type RADIUS
default-1(config-server-group-radius-test)# config name radius-test
default-1(config-server-group-radius-test)# commit
Commit complete.
default-1(config-server-group-radius-test)#
default-1(config)# system aaa server-groups server-group radius-test servers server 192.0.2.10 config address 192.0.2.10
default-1(config-server-192.0.2.10)# radius config <tab>
Possible completions:
auth-port secret-key timeout
default-1(config-server-192.0.2.10)# radius config secret-key radius-key'
default-1(config-server-192.0.2.10)# commit
Create a server group named ldap-test
of type LDAP
, assign a specific LDAP server with the group, and then set the LDAP type as LDAP over TCP:
default-1(config)# system aaa server-groups server-group ldap-test
default-1(config-server-group-ldap-test)# config type LDAP
default-1(config-server-group-ldap-test)# config name ldap-test
default-1(config-server-group-ldap-test)# commit
Commit complete.
default-1(config-server-group-ldap-test)#
default-1(config)# system aaa server-groups server-group ldap-test servers server 192.0.2.10 config address 192.0.2.10
default-1(config-server-192.0.2.10)# ldap config type ldap
default-1(config-server-192.0.2.10)# commit
COMMAND
system aaa tls config certificate
DESCRIPTION
Configure an SSL server certificate to be used for the webUI (HTTPS) or REST interface of the system.
ARGUMENTS
EXAMPLE
Add a certificate and key to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the certificate/key. After you have added a certificate, you must add a key using system aaa tls config key
, and then commit the changes:
default-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
default-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
default-1(config)# commit
Commit complete.
COMMAND
system aaa tls config key
DESCRIPTION
Configure a PEM-encoded private key to be used for the webUI (HTTPS) or REST interface of the system. Key value is encrypted in DB storage.
ARGUMENTS
EXAMPLE
Add a TLS key and certificate to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the key/certificate. After you have added a key, you must add a certificate using system aaa tls config certificate
:
default-1(config)# system aaa tls config key
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
default-1(config)# system aaa tls config certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
default-1(config)# commit
Commit complete.
COMMAND system aaa tls config passphrase
DESCRIPTION Specify the encryption passphrase for PEM-encoded private key.
ARGUMENTS
COMMAND system aaa tls config verify-client
DESCRIPTION Enable verification of httpd client certificates.
ARGUMENTS
true
to enable httpd client certificate verification or false
to disable it. The default value is false
.COMMAND system aaa tls config verify-client-depth
DESCRIPTION
Configure client certificate verification depth, which indicates the maximum number of Certificate Authority (CA) certificates allowed to be followed while verifying the client certificate. You might need to raise the default depth if you received more than one chained root certificate in addition to a client certificate from your CA. The default depth of 1
indicates that the client certificate can be self-signed or must be signed by a CA that is known to the server. A depth of 0
indicates that only self-signed client certificates are accepted.
ARGUMENTS
1
. EXAMPLE
Specify a depth of 10:
default-1(config)# system aaa tls config verify-client-depth 10
COMMAND system aaa tls crls crl
DESCRIPTION Configure a Certificate Revocation List Entry (CRL).
ARGUMENTS
string
EXAMPLE
Add a new CRL to the system. When you press Enter, you enter multi-line mode, at which point you can copy in the CRL key.
syscon-2-active(config)# system aaa tls crls crl *crl Name*
Value for 'config revocation-key' (<string>):
[Multiline mode, exit with ctrl-D.]
> ...
syscon-2-active(config)# commit
Commit complete.
COMMAND system aaa tls create-self-signed-cert
DESCRIPTION Create an OpenSSL key for use with AAA/TLS.
ARGUMENTS
secp521r1
. Available options are:true
to store the self-signed certificate pair in the the system-aaa-tls-config or false
to specify that it should not be stored.EXAMPLE
Create a private key and self-signed certificate:
default-1(config)# system aaa tls create-self-signed-cert city Seattle country US days-valid 365 email j.doe@company.com key-type ecdsa name company.com organization "Company" region Washington unit IT version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECA1d8wiyJEVihDTnVi+v9RjfK3LhZ2Pd4R7B1MJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacd9H4cMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCl1t462pbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzORBTWGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZRWPuB9tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBB5T9ScBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----
COMMAND system aaa tls create-csr
DESCRIPTION Create a certificate signing request (CSR).
ARGUMENTS
secp521r1
. Available options are:EXAMPLE
Create a CSR:
system aaa tls create-csr name company.com email j.doe@company.com organization "Company" unit IT
response -----BEGIN CERTIFICATE REQUEST-----
JRISPzCCAbsCAQEwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdTZWF0dGxlMRQwEgYDVQQKFAtGNVH4TW03b3JrczEUMBIGA1UE
CxMLZGV2ZWxvcG1lbnQxGTAXBgkqhkiG9w0BCQEWCmRldkBmNS5jb20xEDAOBgNV
BAMTB3Rlc3Rjc3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCinnAV
Dv/G6+qbiBVO7zIPmFFatYcrzdUnvpTGXfPuh6VBRqcW90jJy12FwtYOL8P6mED+
gfjpxRWe+PNursjZSIDpyh7Dn+F3MRF3zkgnSKlYKI9qqzlRHRAwi2U7GfujeR5H
CXrJ4uxYK2Wp8WVSa7TWwj6Bnps8Uldnj0kenBJ1eUVUXoQAbUmZQg6l+qhKRiDh
3E/xMOtaGWg0SjD7dEQij5l+8FBEHVhQKEr93GT1ifR62/MZSnPw2MY5OJ69p2Wn
k7Fr7m4I5z9lxJduYDNmiddVilpWdqRaCB2j29XCmpVJduF2v6EsMx693K18IJ1h
iRice6oKL7eoI/NdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAGjWSAqKUPqMY
eLlSDJ9Bc4R+ckia5r/TITqamMN+m8TqQI8Pk0tAnwHCl8HHS+4cI8QuupgS/3aU
ls7OtxceoQZ1VFX2sQFkrDJFe0ewZQLm5diip5kxFrnap0oA0wRy84ks0wxeiCWD
New3hgSXfzyXI0g0auT6KNwsGaO8ZuhOX3ICNnSLbfb9T4zbhfI9jKopXQgZG/LO
pOct33fdpf/U6kQA9Rw/nzs3Hz/nsVleOrl3TH1+9veMMF+6eq8KKPpbYKh9bhA+
pYI3TtbZHuyRyQbq/r4gf4JkIu/PGszzy/rsDWy+b9g9nXMh1oFj+xhTrBjBk8a2
0ov+Osy2iA==
-----END CERTIFICATE REQUEST-----
COMMAND system allowed-ips allowed-ip
DESCRIPTION
Configure the chassis partition to allow traffic only from specified IP addresses. Applies only to these ports: 22 (SSH), 80 (HTTP), 161 (SNMP), 443 (HTTPS), 7001 (VCONSOLE), and 8888 (RESTCONF).
ARGUMENTS
EXAMPLE
Add a specified IPv4 address to the chassis partition allow list:
default-1(config)# system allowed-ips allowed-ip test config ipv4 address 192.0.2.33 port 161
COMMAND system appliance-mode config
DESCRIPTION Configure whether appliance mode is enabled or disabled on the chassis partition. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console. You can enable appliance mode at these levels:
system appliance-mode
on the system controller.system appliance-mode
on the chassis partition.tenants tenant <tenant-name\> config appliance-mode
on the chassis partition.ARGUMENTS
enabled
to enable appliance mode on the chassis partition. Specify disabled
to disable it.EXAMPLE
Enable appliance mode on the chassis partition and then verify that appliance mode is enabled:
default-1(config)# system appliance-mode config enabled
default-1(config)# commit
default-1(config)# exit
default-1# show system appliance-mode
system appliance-mode state enabled
Disable appliance mode on the chassis partition and then verify that appliance mode is disabled:
default-1(config)# system appliance-mode config disabled
default-1(config)# commit
default-1(config)# exit
default-1# show system appliance-mode state
system appliance-mode state disabled
COMMAND system clock
DESCRIPTION Configure the time zone (tz) database name (for example, Europe/Stockholm) to use for the system. For a list of valid timezone names, see www.iana.org/time-zones.
ARGUMENTS
EXAMPLES
Configure the system to use the America/Los_Angeles time zone:
default-1(config)# system clock config timezone-name America/Los_Angeles
Configure the system to use the Asia/Calcutta time zone:
default-1(config)# system clock config timezone-name Asia/Calcutta
COMMAND system database config-backup
DESCRIPTION Generate a backup of the chassis partition configuration database as an XML file.
ARGUMENTS
yes
to overwrite the file if a file by that name exists or no
to disable the file overwrite. The default value is no
.EXAMPLE
Create a backup file of the chassis partition configuration named backup-march2022
and overwrite it if a file by that name already exists:
default-1(config)# system database config-backup name backup-march2021 proceed yes
response Succeeded.
COMMAND system database config-restore
DESCRIPTION Restore the chassis partition configuration from an XML backup file.
ARGUMENTS
yes
to overwrite the file if a file by that name exists or no
to disable the file overwrite. The default value is no
.EXAMPLE
Restore the chassis partition configuration from a backup file named backup-march2021
:
default-1(config)# system database config-restore name backup-march2021
COMMAND system database config reset-to-default
DESCRIPTION Revert the chassis partition to the default configuration and clear any existing configuration information.
IMPORTANT: This deletes all configuration on the chassis partition, including IP addresses, passwords, and tenant images.
ARGUMENTS
no
to show a confirmation prompt prior to resetting the configuration to the default or yes
to bypass a confirmation prompt.EXAMPLE
Revert the chassis partition to the default configuration:
default-1(config)# system database config reset-to-default proceed yes
COMMAND system diagnostics core-files list
DESCRIPTION List core files for the VELOS system.
EXAMPLE
List all core files on the system:
default-1# system diagnostics core-files list
files { controller-1:/var/shared/core/container/authd-1.core.gz controller-1:/var/shared/core/container/orchestration_m-1.core.gz controller-1:/var/shared/core/host/test-1.core.gz controller-2:/var/shared/core/container/test-1.core.gz controller-2:/var/shared/core/host/test-2.core.gz }
COMMAND system diagnostics core-files delete
DESCRIPTION Delete core files from the VELOS system.
ARGUMENTS
EXAMPLE
Delete selected core files from the system:
default-1# system diagnostics core-files delete files { controller-1:/var/shared/core/host/test-1.core.gz }
COMMAND system diagnostics ihealth config authserver
DESCRIPTION Specify a separate endpoint for authenticating and uploading QKView files to the iHealth service. The authserver config element enables you to specify an authentication server URL for the iHealth service. By default, authserver is set to the F5 iHealth authentication server https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token.
Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
EXAMPLE
Specify an authentication server for the iHealth service:
default-1(config)# system diagnostics ihealth config authserver
(<string>) (https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token): https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
COMMAND system diagnostics ihealth config clientid
DESCRIPTION Specify the client identifier used to access iHealth. Before you can log in to the new iHealth system, you must first generate API token credentials at https://ihealth2.f5.com/qkview-analyzer/settings".
ARGUMENTS
COMMAND system diagnostics ihealth config clientsecret
DESCRIPTION Specify the secret associate with the Okta client identifier used to access iHealth.
ARGUMENTS
COMMAND system diagnostics ihealth config server
DESCRIPTION Specify the iHealth service has a separate endpoint for authenticating and uploading QKView files. The server config element enables you to specify an upload server URL for the iHealth service. By default, the server is set to the F5 iHealth upload server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True.
ARGUMENTS
EXAMPLE
Specify an upload server for the iHealth service:
default-1(config)# system diagnostics ihealth config server
(<string>) (https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True): https://ihealth2-api.f5networks.net/qkview-analyzer/api/qkviews?visible_in_gui=True
COMMAND system diagnostics ihealth upload
DESCRIPTION Initiate a qkview-file upload to iHealth. It returns a upload id, which is needed to check upload status or cancel an upload.
ARGUMENTS
system diagnostics qkview list
command to see a list of available files.Note: Be sure to add diags/shared/QKView/
as a prefix to the QKView file name.
EXAMPLE
Upload a file named diags/shared/qkview/test.qkview
to iHealth:
default-1# config
default-1# system diagnostics ihealth upload qkview-file diags/shared/qkview/test.qkview description testing service-request-number C523232
message HTTP/1.1 202 Accepted
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:09:08 GMT
Content-Length: 0
COMMAND system diagnostics ihealth cancel
DESCRIPTION Cancel a QKView upload that is in progress. If the upload is already complete, it cannot be cancelled. To remove the QKView, log in to the iHealth server and manually delete the QKView, if needed.
ARGUMENTS
EXAMPLE
Cancel the QKView upload with an upload-id
of iuw53AYW
.
default-1# config
default-1# system diagnostics ihealth cancel upload-id iuw53AYW
message HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Location: /support/ihealth/status/iuw53AYW
Date: Tue, 30 Jun 2020 12:10:01 GMT
Content-Length: 44
COMMAND system diagnostics os-utils
DESCRIPTION Provides the capability to restart platform services from the CLI.
ARGUMENTS
EXAMPLES
This example shows restarting the docker service platform monitor:
default-1(config)# system diagnostics os-utils docker restart node blade-1 service platform-monitor
Restarting container affects configuration and data path. Do you want to proceed? [yes/no] yes
result platform-monitor restarted successfully
Note: The below list of services are restricted from docker restart. - Partition: “part_*_vers” - dma-agent - line-dma-agent - firmware-fpga - firmware
COMMAND system diagnostics proxy
DESCRIPTION Configure a web proxy to upload QKView files to F5 iHealth. This is useful when the VELOS system does not have internet access to reach f5.com.
ARGUMENTS
EXAMPLES
Configure the system to connect to a web proxy using specified credentials:
default-1(config)# system diagnostics proxy config proxy-server 192.0.2.111 proxy-username jdoe proxy-password
(<AES encrypted string>): ******
Configure a proxy server using the IP address 192.0.2.20 and port 3128:
default-1(config)# system diagnostics proxy config proxy-server http://192.0.2.20:3128
COMMAND system diagnostics qkview capture
DESCRIPTION
Generate a system diagnostic snapshot, called a QKView. The system can support only one snapshot collection at a time. QKView files are stored in a single directory, depending on where the QKView file is executed.
If you request a QKView on a system controller or chassis partition, QKView files are stored in the host directory: diags/shared/qkview/
.
ARGUMENTS
*machine-name*.qkview
.0
, which indicates no timeout.true
if core files should be excluded from QKView. The default value is false
.EXAMPLE
Generate a QKView and name the file client-qkview.tar
, exclude core files, set the maximum core size to 500 MB, set the maximum file size to 500 MB, and set a timeout value of 0 (zero), which indicates no timeout:
default-1# system diagnostics qkview capture filename client-qkview.tar exclude-cores true maxcoresize 500 maxfilesize 500 timeout 0
result Qkview file client-qkview.tar is being collected
return code 200
default-1# system diagnostics qkview status
result {"Busy":true,"Percent":6,"Status":"collecting","Message":"Collecting Data","Filename":"client-qkview.tar"}
resultint 0
default-1# system diagnostics qkview capture
result Qkview file controller-1.qkview is being collected
return code 200
resultint 0
default-1# system diagnostics qkview capture filename tryagain.tar
result Qkview capture can not be initiated. Another Qkview capture is already in progress
return code 429
resultint -10
COMMAND system diagnostics qkview cancel
DESCRIPTION Cancel a QKView that is in progress.
ARGUMENTS This command has no arguments.
EXAMPLE
Cancel the currently running QKView:
default-1# system diagnostics qkview cancel
result Qkview with filename client-qkview.tar was canceled
return code 200
resultint 0
COMMAND system diagnostics qkview status
DESCRIPTION Get the status of a QKView that is in progress or the status of the last QKView collected.
ARGUMENTS This command has no arguments.
EXAMPLE
View the status of the currently running QKView:
default-1# system diagnostics qkview status
result {"Busy":true,"Percent":73,"Status":"collecting","Message":"Collecting Data","Filename":"myqkview.tar"}
resultint 0
default-1# system diagnostics qkview status
result {"Busy":false,"Percent":100,"Status":"canceled","Message":"Collection canceled by user. Partial qkview saved.","Filename":"client-qkview.tar.canceled"}
resultint 0
COMMAND system diagnostics qkview delete
DESCRIPTION Delete a QKView file.
ARGUMENTS
EXAMPLE
Delete the QKView file named client-qkview.tar.canceled
.
default-1# system diagnostics qkview delete filename client-qkview.tar.canceled
result Deleted Qkview file client-qkview.tar.canceled
return code 200
resultint 0
COMMAND system diagnostics qkview list
DESCRIPTION Show a list of QKView files.
ARGUMENTS This command has no arguments.
EXAMPLE
List all QKView files on the system:
default-1# system diagnostics qkview list
result {"Qkviews":[{"Filename":"client-qkview.tar.canceled","Date":"2020-10-26T23:39:48.783066588Z","Size":131310},{"Filename":"myqkview.tar","Date":"2020-10-26T23:37:43.786269089Z","Size":668708104}]}
resultint 0
COMMAND system logging host-logs
DESCRIPTION Configure settings for sending host logs to remote logging servers.
ARGUMENTS
enabled
to enable remote forwarding of active node host logs. Specify disabled
to disable it.host-logs
is enabled and a remote server configuration is present. Available options are:EXAMPLES
Enable remote forwarding:
default-1-active(config)# system logging host-logs config remote-forwarding enabled
Include non-active nodes (blade 1 and blade 2) when forwarding logs:
default-1-active(config)# system logging host-logs config remote-forwarding include-blades { 1 2 }
COMMAND system logging remote-servers remote-server
DESCRIPTION Configure information about remote logging servers.
ARGUMENTS
disabled
.udp
.514
.EXAMPLES
Configure a logging destination:
default-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp
Delete a logging destination:
default-1(config)# no system logging remote-servers remote-server 192.0.2.240
Configure a secure logging destination:
default-1(config)# system logging remote-servers remote-server 192.0.2.240 config proto tcp remote-port 80 authentication enabled
COMMAND system logging sw-components sw-component
DESCRIPTION Configure logging for platform software components. Available options are:
ARGUMENTS
INFORMATIONAL
. Available options, in decreasing order of severity, are:COMMAND system logging tls ca-bundles ca-bundle
DESCRIPTION Specify a certificate authority bundle.
ARGUMENTS
COMMAND system logging tls certificate
DESCRIPTION Specify the PEM-encoded certificate.
ARGUMENTS
COMMAND system logging tls key
DESCRIPTION Specifies the PEM-encoded private key.
ARGUMENTS
COMMAND system logging config include-hostname
DESCRIPTION Configure the settings to include hostname in the logs.
ARGUMENTS
EXAMPLE
Configure the logging to be true:
test-hostname# show system logging
system logging state include-hostname true
test-hostname#
f5lab.f5net.com# show system logging
system logging state include-hostname true
f5lab.f5net.com#
COMMAND system redundancy config auto-failback
DESCRIPTION Configure whether the active location should switch (failback) from a non-preferred location to the preferred location.
ARGUMENTS
enabled
to enable auto-failback. Specify disabled
to disable it. The default value is disabled
, which means that the active location only changes when a failure occurs.EXAMPLES
Enable auto-failback:
partition(config)# system redundancy config auto-failback enabled
Configure auto-failback with a failback-delay of 60 seconds:
partition1(config)# system redundancy config auto-failback failback-delay 60
COMMAND system redundancy config mode
DESCRIPTION Configure the redundancy mode to be used by the system controllers.
ARGUMENTS
EXAMPLE
Configure the redundancy mode to be active-controller
:
partition(config)# system redundancy config mode active-controller
COMMAND system redundancy go-standby
DESCRIPTION Request that the active system controller relinquish control and allow the standby controller to become active. This action has no effect if the standby is not ready to take over. If the current active does relinquish control, the SSH sessions to the management IP will be disconnected, and any outstanding, but uncommitted configuration changes will be discarded.
ARGUMENTS This command has no arguments.
EXAMPLE
Make the currently-active system controller the standby controller:
partition(config)# system redundancy go-standby
COMMAND system security services service
DESCRIPTION Configure the SSH service (also known as sshd) to use a desired set of encryption ciphers, the HTTP service (also known as httpd) to use a desired set of KEX algorithms, and MAC algorithms to meet the security policy enforced in your environment.
ARGUMENTS
The cipher string can take several additional forms. It can consist of a single cipher suite or a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation.
You can combine lists of KEX algorithms into a single string using the + character as a logical AND operation.
You can combine lists of MAC algorithms into a single string using the + character as a logical AND operation.
The cipher string can take several additional forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can combine lists of cipher suites into a single cipher string using the + character as a logical AND operation. For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.
COMMAND system snmp communities community
DESCRIPTION Configure the SNMP community name and community security model.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure the system to use only the v1 security model:
default-1(config)# system snmp communities community config v1-comm security-model v1
Configure the system use both v1 and v2c security models:
default-1(config)# system snmp communities community both-comm config security-model [ v1 v2c ]
COMMAND system snmp config port
DESCRIPTION Configure the non-default port for SNMP.
<port> - type: unsignedShort - description: port number to use for SNMP. The default value is 161. The range is from 1024 to 7000, 7033 to 8887, 8889 to 6553.
EXAMPLE
Configure the snmp port to be 8889
default-1(config)# system snmp config port 8889
COMMAND system snmp engine-id config value
DESCRIPTION Configure an SNMP engine ID.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
COMMAND system snmp targets target
DESCRIPTION Configure the SNMP target name.
IMPORTANT: By default, SNMP traffic is not allowed on the system. Before you configure SNMP, you must use the system allowed-ips
command to enable the out-of-band management port to allow SNMP traffic. For more information, see system allowed-ips
.
ARGUMENTS
EXAMPLE
Configure an SNMP target with a v3 user:
default-1(config)# system snmp targets target v3-target config user v3-user ipv4 address 192.0.2.224 port 5001
Configure an SNMP target with a community and a security model:
default-1(config)# system snmp targets target v2c-target config community both-comm security-model v2c ipv4 address 192.0.2.224 port 5001
COMMAND system snmp users user
DESCRIPTION Configure the user name associated with an SNMPv3 group.
ARGUMENTS
EXAMPLE
Configure an SNMP v3 user that uses MD5 and AES for authentication and privacy:
default-1(config)# system snmp users user v3-user config authentication-protocol md5 privacy-protocol aes authentication-password
(<string, min: 8 chars, max: 32 chars>): ********
default-1(config-user-v3-user)# config privacy-password
(<string, min: 8 chars, max: 32 chars>): *********
default-1(config-user-v3-user)# commit
Commit complete.
COMMAND system telemetry exporters exporter
DESCRIPTION Configure the exporter details to push the telemetry data.
ARGUMENTS
true
to enable and configure the Transport Layer Security (TLS) to secure the connections. The default option is false
.EXAMPLE
Configure a telemetry exporter:
default-2# system telemetry exporters exporter test1 config endpoint address 10.144.74.171 port 4317 instruments [all] tls secure false
COMMAND system telemetry attributes attribute
DESCRIPTION Attribute name and values for all the configured exporter.
ARGUMENTS
<attribute name> value <attribute value> - type: string - description: Attribute name and values for all the configured exporters.
EXAMPLE
default-2#(config)# system telemetry attributes attribute test.key config key test1.key value test.value
default-2#(config-attribute-test.key)# commit
Commit complete.
COMMAND system config hostname
DESCRIPTION Configure a hostname for the chassis partition.
ARGUMENTS
EXAMPLE
Configure the hostname to be test.company.com
:
default-1(config)# system config hostname test.company.com
COMMAND system config login-banner
DESCRIPTION
Configure a banner message to be displayed before users log in to the chassis partition.
ARGUMENTS
EXAMPLE
Configure a banner message:
default-1(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
COMMAND system config motd-banner
DESCRIPTION
Configure a message of the day (MOTD) banner to display after users log in to the chassis partition.
EXAMPLE
Configure a MOTD banner message:
default-1(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.
COMMAND system settings config idle-timeout
DESCRIPTION Set how long the CLI is inactive before an admin user is logged out of the chassis partition. If the user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).EXAMPLE
Set the idle time to be the maximum value:
default-1(config)# system settings config idle-timeout 8192
COMMAND system settings config sshd-idle-timeout
DESCRIPTION Set how long the CLI is inactive before the root user is logged out of the chassis partition. If the root user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND system settings gui advisory config color
DESCRIPTION Configure an advisory banner, including color and text to be displayed.
ARGUMENTS
COMMAND system settings gui advisory config
DESCRIPTION Specify whether to enable an advisory banner for the chassis partition webUI.
ARGUMENTS
enabled
to enable an advisory banner or disabled
to disable it. The default value is disabled
.EXAMPLE
Enable and configure an advisory banner:
default-1(config)# system settings gui advisory config enabled color orange text
(<string, min: 0 chars, max: 80 chars>): TEST ENVIRONMENT
COMMAND system settings gui advisory config text
DESCRIPTION Specify text displayed on advisory banner.
ARGUMENTS
COMMAND system settings config config-prompt
DESCRIPTION Set the configurational mode prompt to persist over sessions and users.
ARGUMENTS
EXAMPLE
default-1(config)# system settings config config-prompt "\u-\h[F5OS-C]\M# "
COMMAND system settings config oper-prompt
DESCRIPTION Set the operational mode prompt to persist over sessions and users.
ARGUMENTS
EXAMPLE
default-1(config)# system settings config oper-prompt "\u-\h(Velos)[\\t]# "
COMMAND tenants tenant
DESCRIPTION Provision and deploy a tenant within the partition.
ARGUMENTS
enabled
to enable appliance node at the tenant level. Specify disabled
to disable it. You cannot configure this option when a tenant is
in the deployed
running state. enabled
to enable crypto devices for the tenant level. Specify disabled
to disable it.deployed
state.76
GB. The range is from 22 to 700 GB.EXAMPLE
Configure a tenant named bigip-vm
of type BIG-IP
, using a specific image file, assigned to blade-1, using port 22
, a management IP address of 192.0.2.61
, a netmask of 255.255.255.0
, a gateway of 192.0.2.1
, using VLAN 100
, and a running state of deployed
.
default-1(config)# tenants tenant bigip-vm config type BIG-IP image BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle nodes 1 port 22 mgmt-ip 192.0.2.71 netmask 255.255.255.0 gateway 192.0.2.254 vlans 100 running-state deployed
Configure a tenant to have appliance mode enabled by first setting the tenant's running-state
to provisioned
and then enabling appliance mode:
default-1# tenants tenant bigip-vm config running-state provisioned
default-1(config)# commit
// NOTE: Wait until the tenant's `running-state` is `provisioned`.
default-1# show tenants tenant bigip-vm state running-state
state running-state provisioned
default-1# tenants tenant bigip-vm config appliance-mode enabled
default-1# tenants tenant bigip-vm config running-state deployed
default-1(config)# commit
default-1# show tenants tenant bigip-vm
tenants tenant bigip-vm
state type BIG-IP
state mgmt-ip 192.0.2.71
state prefix-length 24
state gateway 192.0.2.254
state vlans { 1040 1041 }
state cryptos enabled
state vcpu-cores-per-node 2
state memory 7680
state running-state deployed
state mac-data base-mac 00:1a:2b:3c:4d:5e
state mac-data mac-pool-size 1
state appliance-mode enabled
state status Running
state primary-slot 1
state image-version "BIG-IP 15.1.5 0.0.11"
NDI MAC
----------------------------
default 00:1a:2b:3c:4d:0e
state instances instance 1
instance-id 1
phase Running
image-name BIGIP-15.1.5-0.0.11.ALL-VELOS.qcow2.zip.bundle
creation-time 2021-03-12T04:29:47Z
ready-time 2021-03-12T04:29:44Z
status "Started tenant instance"
mgmt-mac ea:45:15:37:e7:22
COMMAND virtual-networks virtual-network
DESCRIPTION The name of the virtual network.
ARGUMENTS
default
.COMMAND virtual-wires virtual-wire
DESCRIPTION Configured virtual-wire keyed by name.
ARGUMENTS
true
to enable link status or false
to disable it. The default value is false
.COMMAND vlan-listeners vlan-listener
DESCRIPTION
IMPORTANT: A vlan-listener is a system-generated object and should only be configured manually under the guidance of F5 Technical Support. Manually configuring a vlan-listener object could potentially impact the flow of network traffic through the system.
ARGUMENTS
COMMAND vlans vlan
DESCRIPTION Creates a VLAN object that can be referenced by other configuration commands. This command is intended to be expanded for future use and is currently not necessary for proper configuration of the system.
ARGUMENTS
EXAMPLE
Configure VLAN 100, with the name 100
and a vlan-id
of 100
:
default-1(config)# vlans vlan 100 config name 100 vlan-id 100
COMMAND autowizard
DESCRIPTION Specify whether to query automatically for mandatory elements.
ARGUMENTS
true
to query automatically for mandatory elements or false
to disable it.COMMAND clear
DESCRIPTION Remove all configuration changes.
ARGUMENTS
COMMAND compare
DESCRIPTION Compare two configuration subtrees.
ARGUMENTS
COMMAND complete-on-space
DESCRIPTION Specify whether to have the CLI complete a command name automatically when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar.
ARGUMENTS
true
to enable the ability to have the CLI complete a command name automatically when you press the space bar or false
to disable it.COMMAND config
DESCRIPTION
Enter configuration mode. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit
command.
ARGUMENTS
COMMAND describe
DESCRIPTION Display internal information about how a command is implemented.
ARGUMENTS
COMMAND display-level
DESCRIPTION Set the depth of the configuration shown for show commands.
ARGUMENTS
<depth>
can be a value from 1 through 64.COMMAND exit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND file
DESCRIPTION Perform file operations.
ARGUMENTS
For detailed information about these arguments, see the file
page under partition config-mode-commands.
COMMAND help
DESCRIPTION Display help information about a specified command.
ARGUMENTS
COMMAND history
DESCRIPTION Configure the command history cache size.
ARGUMENTS
<size>
can be a value from 0 through 1000.COMMAND id
DESCRIPTION Display information about the current user, including user, gid, group, and gids.
ARGUMENTS This command has no arguments.
COMMAND idle-timeout
DESCRIPTION Set how long the CLI is inactive before a user is logged out of the system. If a user is connected using an SSH connection, the SSH connection is closed after this time expires.
ARGUMENTS
1800
seconds (30 minutes).COMMAND ignore-leading-space
DESCRIPTION Specify whether to consider or ignore leading whitespace at the beginning of a command.
ARGUMENTS
false
to ignore leading whitespace or true
to consider it.COMMAND leaf-prompting
DESCRIPTION Specify whether to enable or disable automatic querying for leaf values.
ARGUMENTS
false
to disable leaf prompting or true
to enable it.COMMAND logout
DESCRIPTION Log out a specific session or user from all sessions.
ARGUMENTS
<session-id>
.<user-name>
.COMMAND no
DESCRIPTION Delete or unset a configuration command.
ARGUMENTS
COMMAND paginate
DESCRIPTION Specify whether to control the pagination of CLI command output.
ARGUMENTS
false
to display command output continuously, regardless of the CLI screen height. Specify true
to display all command output one screen at a time. To display the next screen of output, press the space bar. This is the default setting.COMMAND prompt1
DESCRIPTION Set the operational mode prompt.
ARGUMENTS
COMMAND prompt2
DESCRIPTION Set the configuration mode prompt.
ARGUMENTS
COMMAND pwd
DESCRIPTION Display the current path in the configuration hierarchy.
ARGUMENTS This command has no arguments.
COMMAND rollback
DESCRIPTION Returns the configuration to a previously committed configuration.
ARGUMENTS
COMMAND quit
DESCRIPTION Exit the CLI session.
ARGUMENTS This command has no arguments.
COMMAND screen-length
DESCRIPTION Configure the length of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 0 through 256. When you set the screen length to 0 (zero), the CLI does not paginate command output.COMMAND screen-width
DESCRIPTION Configure the width of the terminal window.
ARGUMENTS
<number-of-rows>
can be from 200 through 256.COMMAND send
DESCRIPTION Send a message to the terminal of a specified user or all users.
ARGUMENTS
all
to send a message to all users. Specify username <username>
to send a message only to a specified user.COMMAND show
DESCRIPTION Show information about the system.
ARGUMENTS
COMMAND show-defaults
DESCRIPTION Specify whether to display the default configuration.
ARGUMENTS
true
to display the default values or false
to hide the default values.COMMAND system
DESCRIPTION Perform system operations for aaa, database, diagnostics, or events.
ARGUMENTS
For information about applicable arguments, see these pages under config-mode-commands:
system aaa-authentication
system-aaa-password-policy
system-aaa-server-groups
system-aaa-tls
system-database
system-diagnostics-core-files
system-diagnostics-ihealth
system-diagnostics-qkview
COMMAND system diagnostics tcpdump
DESCRIPTION
ARGUMENTS
"0/0.0"
.host
, port
, tcp.flags
, and so on.EXAMPLES
Generate a tcpdump using bpf
that only captures packets that go in or go out of blade 7's interface 1.0, are to/from 40.40.40.4, and the source or destination port is `80.n:
default-1# system diagnostics tcpdump bpf "host 40.40.40.4 and port 80"
running /usr/sbin/tcpdump -ni velo "host 40.40.40.4 and port 80"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on velo, link-type EN10MB (Ethernet), capture size 262144 bytes
Generate a tcpdump that redirects the output to a PCAP file named capture.pcap
:
default-1# system diagnostics tcpdump outfile capture.pcap
running /usr/sbin/tcpdump -ni velo "-w" "/var/F5/partition/capture.pcap"
tcpdump: listening on velo, link-type EN10MB (Ethernet), capture size 262144 bytes
COMMAND terminal
DESCRIPTION Set the terminal type.
ARGUMENTS
COMMAND timestamp
DESCRIPTION Configure whether to display the timestamp.
ARGUMENTS
enable
to show the timestamp or disable
to hide the timestamp.COMMAND who
DESCRIPTION Display information on currently-logged on users. The command output displays the session ID, user name, context, from (IP address), protocol, date, and mode (operational or configuration).
ARGUMENTS This command has no arguments.
COMMAND write
DESCRIPTION
Display the running configuration of the system on the terminal. This command is equivalent to the show running-config
command.
ARGUMENTS
COMMAND annotation
DESCRIPTION Show only statements whose annotation matches a provided configuration statement or pattern.
Note: Only available when the system has been configured with attributes enabled.
ARGUMENTS
COMMAND append
DESCRIPTION Append command output text to a file.
ARGUMENTS
COMMAND begin
DESCRIPTION Display the command output starting at the first match of a specified string.
ARGUMENTS
COMMAND best-effort
DESCRIPTION Display command output or continue loading a file, even if a failure has occurred that might interfere with this process.
ARGUMENTS This command has no arguments.
COMMAND context-match
DESCRIPTION Display the upper hierarchy in which a pattern appears in the configuration.
ARGUMENTS
COMMAND count
DESCRIPTION Count the number of lines in the command output.
ARGUMENTS This command has no arguments.
COMMAND csv
DESCRIPTION Show table output in CSV format.
ARGUMENTS This command has no arguments.
COMMAND de-select
DESCRIPTION Do not show a specified field in the command output.
ARGUMENTS
COMMAND debug
DESCRIPTION Display debug information.
ARGUMENTS This command has no arguments.
COMMAND details
DESCRIPTION Display the default values for commands in the running configuration.
ARGUMENTS This command has no arguments.
COMMAND display
DESCRIPTION Display options.
ARGUMENTS This command has no arguments.
COMMAND exclude
DESCRIPTION Exclude lines from the command output that match a string defined by a specified regular expression.
ARGUMENTS
COMMAND extended
DESCRIPTION Display referring entries or elements.
ARGUMENTS
COMMAND force
DESCRIPTION Log out any users who are locking the configuration.
ARGUMENTS This command has no arguments.
COMMAND hide
DESCRIPTION Hide display options.
ARGUMENTS This command has no arguments.
COMMAND include
DESCRIPTION Include only lines in the command output that contain the string defined by a specified regular expression.
ARGUMENTS
COMMAND linnum
DESCRIPTION Display a line number at the beginning of each line in the displayed output.
ARGUMENTS This command has no arguments.
COMMAND match-all
DESCRIPTION Display the command output that matches all command output filters.
ARGUMENTS This command has no arguments.
COMMAND match-any
DESCRIPTION Display the command output that matches any one of the the command output filters. This is the default behavior when matching command output.
ARGUMENTS This command has no arguments.
COMMAND more
DESCRIPTION Paginate the command output. This is the default behavior.
ARGUMENTS This command has no arguments.
COMMAND nomore
DESCRIPTION Do not paginate command output.
ARGUMENTS This command has no arguments.
COMMAND notab
DESCRIPTION Display tabular command output in a list instead of in a table. If the tabular command output is wider than the screen width, the output automatically displays in a list.
ARGUMENTS This command has no arguments.
COMMAND repeat
DESCRIPTION
Repeat the output of a show
command periodically.
ARGUMENTS
COMMAND save
DESCRIPTION Save the command output text to a file.
ARGUMENTS
COMMAND select
DESCRIPTION Display selected fields in the command output.
ARGUMENTS
COMMAND sort-by
DESCRIPTION Display command output with values sorted in a specified field.
ARGUMENTS
DESCRIPTION Suppress validation warning prompt
ARGUMENTS This command has no arguments.
COMMAND tab
DESCRIPTION Display tabular command output in table, even if the table is wider than the screen width. If the command output is wider than the screen width, wrap the output onto two or more lines.
ARGUMENTS This command has no arguments.
COMMAND tags
DESCRIPTION Show only statements with tags that match a pattern.
ARGUMENTS
COMMAND trace
DESCRIPTION Display trace information.
ARGUMENTS
COMMAND until
DESCRIPTION Display the command output, ending with the line that matches a specified string.
ARGUMENTS
COMMAND show SNMP-FRAMEWORK-MIB
DESCRIPTION Display information about the SNMP management architecture.
EXAMPLES
Display the SNMP engine information:
default-1# show SNMP-FRAMEWORK-MIB
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:61:81:05:01
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineBoots 1
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineTime 1632463
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineMaxMessageSize 50000
COMMAND show SNMP-MPD-MIB
DESCRIPTION Display information about message processing and dispatching (MPD) for SNMP.
EXAMPLES
Display MPD information:
default-1# show SNMP-MPD-MIB
SNMP-MPD-MIB snmpMPDStats snmpUnknownSecurityModels 0
SNMP-MPD-MIB snmpMPDStats snmpInvalidMsgs 0
SNMP-MPD-MIB snmpMPDStats snmpUnknownPDUHandlers 0
COMMAND show SNMP-TARGET-MIB
DESCRIPTION Display information about configured targets for SNMP.
COMMAND show SNMP-SNMPv2-MIB
DESCRIPTION Display information about SNMPv2.
EXAMPLES
Display SNMPv2 information:
default-1# show SNMPv2-MIB
SNMPv2-MIB system sysDescr "Linux 3.10.0-1160.71.1.F5.1.el7_8.x86_64 : Partition services version 1.6.0-13984"
SNMPv2-MIB system sysObjectID 1.3.6.1.4.1.12276.1.3.1.6
SNMPv2-MIB system sysUpTime 15447983
SNMPv2-MIB system sysServices 72
SNMPv2-MIB system sysORLastChange 31
SNMPv2-MIB snmp snmpInPkts 0
SNMPv2-MIB snmp snmpInBadVersions 0
SNMPv2-MIB snmp snmpInBadCommunityNames 0
SNMPv2-MIB snmp snmpInBadCommunityUses 0
SNMPv2-MIB snmp snmpInASNParseErrs 0
SNMPv2-MIB snmp snmpSilentDrops 0
SNMPv2-MIB snmp snmpProxyDrops 0
SNMPv2-MIB snmpSet snmpSetSerialNo 363566322
SYS
SYS ORUP
ORINDEX SYS ORID SYS ORDESCR TIME
-----------------------------------------------------------------------------------------------------------------
1 1.3.6.1.4.1.12276.1 F5 Networks enterprise Platform MIB 31
2 1.3.6.1.2.1.31 The MIB module to describe generic objects for network interface sub-layers 31
COMMAND show cli
DESCRIPTION Display the default CLI session settings.
ARGUMENTS
This command has no arguments.
EXAMPLES
Display the current default CLI session settings:
default-1# show cli
autowizard true
complete-on-space false
devtools false
display-level 99999999
history 100
idle-timeout 1800
ignore-leading-space false
leaf-prompting true
output-file terminal
paginate true
prompt1 \h\M#
prompt2 \h(\m)#
screen-length 57
screen-width 120
service prompt config true
show-defaults false
terminal xterm-256color
timestamp disable
COMMAND show cluster
DESCRIPTION Display the state of all the nodes in the chassis partition, including some data related to OpenShift nodes and the state of the FPGA and DMA devices.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the current state of nodes in the partition:
default-1# show cluster
cluster state
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
cluster nodes node blade-1
state enabled true
state assigned true
state node-running-state running
state present single
state platform-id B60100
state slots [ 1 ]
state platform fpga-state FPGA_RDY
state platform dma-agent-state DMA_AGENT_RDY
state platform node-status "services running"
state slot-number 1
state node-info creation-time 2023-05-19T07:03:12Z
state node-info cpu 28
state node-info pods 250
state node-info memory 131576224Ki
state ready-info ready true
state ready-info last-transition-time 2023-06-21T22:43:08Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info out-of-disk false
state out-of-disk-info last-transition-time 2023-06-21T22:42:58Z
state out-of-disk-info message "kubelet has sufficient disk space available"
state disk-pressure-info disk-pressure false
state disk-pressure-info last-transition-time 2023-06-21T22:42:58Z
state disk-pressure-info message "kubelet has no disk pressure"
state disk-usage used-percent 4
state disk-usage growth-rate 1
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 852380565504
capacity 979105116160
used 76965007360
images 22861561856
TENANT NAME QAT DEVICE NAME BDF
----------------------------------------------
big-ip-next qat_dev_vf00pf00_hi b5:01.0
qat_dev_vf00pf01_hi b6:01.0
qat_dev_vf00pf02_hi b7:01.0
qat_dev_vf01pf00_hi b5:01.1
qat_dev_vf01pf01_hi b6:01.1
qat_dev_vf01pf02_hi b7:01.1
qat_dev_vf02pf00_hi b5:01.2
qat_dev_vf02pf01_hi b6:01.2
bigi-ip-17-1-0 qat_dev_vf00pf00_hi b5:01.0
qat_dev_vf00pf01_hi b6:01.0
qat_dev_vf00pf02_hi b7:01.0
qat_dev_vf01pf00_hi b5:01.1
qat_dev_vf01pf01_hi b6:01.1
qat_dev_vf01pf02_hi b7:01.1
qat_dev_vf02pf00_hi b5:01.2
state disk-pressure-info last-transition-time 2023-06-21T22:42:58Z
state disk-pressure-info message "kubelet has no disk pressure"
state disk-usage used-percent 4
state disk-usage growth-rate 1
state disk-usage status in-range
...
COMMAND show cluster disk-usage-threshold
DESCRIPTION Display the current configuration of disk usage threshold.
ARGUMENTS
EXAMPLE
Display the current configuration for all disk usage threshold options:
default-1# show cluster disk-usage-threshold
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
COMMAND
show cluster nodes node
DESCRIPTION Display the state of a specific node in the chassis partition, including some data about OpenShift nodes and the state of the FPGA and DMA devices.
ARGUMENTS
EXAMPLE
Display the state of the node blade-1:
default-1# show cluster nodes node blade-1
cluster nodes node blade-1
state enabled true
state assigned true
state node-running-state running
state present single
state platform-id B60100
state slots [ 1 ]
state platform fpga-state FPGA_RDY
state platform dma-agent-state DMA_AGENT_RDY
state platform node-status "services running"
state slot-number 1
state node-info creation-time 2023-05-19T07:03:12Z
state node-info cpu 28
state node-info pods 250
state node-info memory 131576224Ki
state ready-info ready true
state ready-info last-transition-time 2023-06-21T22:43:08Z
state ready-info message "kubelet is posting ready status"
state out-of-disk-info out-of-disk false
state out-of-disk-info last-transition-time 2023-06-21T22:42:58Z
state out-of-disk-info message "kubelet has sufficient disk space available"
state disk-pressure-info disk-pressure false
state disk-pressure-info last-transition-time 2023-06-21T22:42:58Z
state disk-pressure-info message "kubelet has no disk pressure"
state disk-usage used-percent 4
state disk-usage growth-rate 1
state disk-usage status in-range
DISK DATA DISK DATA
NAME VALUE
-------------------------
available 852380749824
capacity 979105116160
used 76964823040
images 22861561856
TENANT NAME QAT DEVICE NAME BDF
----------------------------------------------
big-ip-next qat_dev_vf00pf00_hi b5:01.0
qat_dev_vf00pf01_hi b6:01.0
qat_dev_vf00pf02_hi b7:01.0
qat_dev_vf01pf00_hi b5:01.1
qat_dev_vf01pf01_hi b6:01.1
qat_dev_vf01pf02_hi b7:01.1
qat_dev_vf02pf00_hi b5:01.2
qat_dev_vf02pf01_hi b6:01.2
bigi-ip-17-1-0 qat_dev_vf00pf00_hi b5:01.0
qat_dev_vf00pf01_hi b6:01.0
qat_dev_vf00pf02_hi b7:01.0
qat_dev_vf01pf00_hi b5:01.1
qat_dev_vf01pf01_hi b6:01.1
qat_dev_vf01pf02_hi b7:01.1
qat_dev_vf02pf00_hi b5:01.2
qat_dev_vf02pf01_hi b6:01.2
qat_dev_vf02pf02_hi b7:01.2
COMMAND show cluster disk-usage-threshold
DESCRIPTION Display current threshold settings for disk usage.
EXAMPLE
Display the current disk usage threshold:
default-1# show cluster disk-usage-threshold
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
COMMAND show cluster summary
DESCRIPTION Displays a summary of the cluster status on each node.
EXAMPLE
default-1# show cluster summary
NODE
VIRTUAL RUNNING PLATFORM
NAME ENABLED SLOT ASSIGNED STATE PRESENT ID SLOTS NODE STATUS
------------------------------------------------------------------------------------------
blade-1 true 1 true running single BX110 [ 1 ] services running
blade-2 true 2 true running single BX110 [ 2 ] services running
blade-3 true - true - empty - - -
blade-4 true - true - empty - - -
blade-5 true - true - empty - - -
blade-6 true - true - empty - - -
blade-7 true - true - empty - - -
blade-8 true - true - empty - - -
COMMAND show components
DESCRIPTION Show information about hardware inventory and firmware, including:
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the FPGAs and their firmware version present on blade-1:
default-1# show components component blade-1 integrated-circuit
FPGA NUM NUM
INDEX VERSION ID SLOT DID DMS SEPS
-------------------------------------------
atse_0 7.10.6 0 1 15 3 64
vqf_0 8.10.0
Display the serial numbers of blades in a partition:
default-1# show components component state serial-no
NAME SERIAL NO
---------------------
blade-1 bld424267s
blade-2 bld424373s
blade-3 bld421633s
Display storage information about the disks from all components:
default-1# show components component storage |tab
READ WRITE
DISK TOTAL READ READ LATENCY WRITE WRITE LATENCY
NAME NAME MODEL VENDOR VERSION SERIAL NO SIZE TYPE IOPS IOPS MERGED READ BYTES MS IOPS MERGED WRITE BYTES MS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
blade-1 nvme0n1 SAMSUNG MZ1LB960HAJQ-00007 Samsung EDA7602Q S435NA0N925773 683.00GB nvme 0 75355 110 2547757056 17359 400935747 379789471 3820731731968 15437375
blade-2 nvme0n1 SAMSUNG MZ1LB960HAJQ-00007 Samsung EDA7602Q S435NA0N926054 683.00GB nvme 0 17286615 5 945281335296 6417593 522851373 547550270 7580303458816 424210002
COMMAND
show dag-states
DESCRIPTION
Display blade level packet disaggregation (DAG) state on the system. This table is populated by the system with a row per running tenant. The data shows the blades that a packet can be distributed to when received by an interface.
EXAMPLE
Display the current disaggregation state:
default-1# show dag-states
COMMIT TENANT SDAG
PUBLISHER PUBLISH TENANT COMMIT DAG INSTANCE TABLE
TENANT NAME PUBLISHER INSTANCE TIME INSTANCE TIME VERSION IDS SDAG TABLE HASH
-------------------------------------------------------------------------------------------------------------------------------------------------
defaultbip-1 dagd 1 1614908520 1 1614908520 16 { 1 } 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0
defaultbip-2 dagd 1 1615231250 1 1615231250 16 { 1 2 } 1 2 1 1 1 2 2 2 1 1 2 1 2 2 2 1 1 2 2 2 1 1 2 1 36876
default-1#
COMMAND
show dag-states dag-state
DESCRIPTION
Display only a specific dag-state
for a given tenant name.
ARGUMENTS
Available options are:
EXAMPLE
default-1# show dag-states dag-state defaultbip-2
COMMIT TENANT SDAG
PUBLISHER PUBLISH TENANT COMMIT DAG INSTANCE TABLE
TENANT NAME PUBLISHER INSTANCE TIME INSTANCE TIME VERSION IDS SDAG TABLE HASH
-------------------------------------------------------------------------------------------------------------------------------------------------
defaultbip-2 dagd 1 1615231250 1 1615231250 16 { 1 2 } 1 2 1 1 1 2 2 2 1 1 2 1 2 2 2 1 1 2 2 2 1 1 2 1 36876
COMMAND show dma-states
DESCRIPTION Display statistics pertaining to software DMA transfers to and from blade hardware. These stats include packets transmitted, received, and dropped at the software/hardware boundary of each blade. Also included are PVA acceleration operations sent to and from the hardware on each blade. The statistics are kept per-blade, but are global/shared over all partitions.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display statistics for active ePVAs on blade-1:
default-1# show dma-states dma-state blade-1 state active-sep-epvas
RX
TX SYN TX SYN FSD RX
TX L4 TX L4 VIP VIP DROPS RX SYN
SVC SEP SNOOP SNOOP SNOOP SNOOP NO L4 VIP
ID ID QOS INSERTS EVICTS INSERTS EVICTS ROOM FSD FSD
-------------------------------------------------------------------
2 0 0 0 0 0 0 0 0 0
2 0 1 0 0 0 0 0 0 0
2 0 2 0 0 0 0 0 0 0
2 0 3 0 0 0 0 0 0 0
5 0 0 0 0 0 0 0 0 0
5 0 1 0 0 0 0 0 0 0
5 0 2 0 0 0 0 0 0 0
5 0 3 0 0 0 0 0 0 0
8 0 0 0 0 0 0 0 0 0
8 0 1 0 0 0 0 0 0 0
8 0 2 0 0 0 0 0 0 0
8 0 3 0 0 0 0 0 0 0
COMMAND show fdb
DESCRIPTION Show Layer 2 forwarding database (FDB) entries in the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display all FDB information using table output:
default-1# show fdb | tab
show fdb | tab
NDI
MAC ADDRESS VLAN TAG TYPE VLAN TAG TYPE VID ENTRY TYPE OWNER AGE ID SVC VTC SEP DMS DID CMDS MIRRORING INTERFACE
-----------------------------------------------------------------------------------------------------------------------------------------------------
00:94:a1:8e:4c:09 1040 tag_type_vid 1040 tag_type_vid 1040 L2-LISTENER - - 4095 8 - - - - 1 - -
00:94:a1:8e:4c:09 1041 tag_type_vid 1041 tag_type_vid 1041 L2-LISTENER - - 4095 8 - - - - 1 - -
Show FDB MAC table information:
default-1# show fdb mac-table
fdb mac-table entries entry 00:94:a1:8e:4c:09 100 tag_type_vid
state vlan 100
state tag-type tag_type_vid
state vid 100
state entry-type L2-LISTENER
state owner defaultbip-1
state ifh-fields ndi-id 4095
state ifh-fields svc 8
state ifh-fields cmds 1
fdb mac-table entries entry 00:94:a1:8e:4c:09 101 tag_type_vid
state vlan 101
state tag-type tag_type_vid
state vid 101
state entry-type L2-LISTENER
state owner defaultbip-1
state ifh-fields ndi-id 4095
state ifh-fields svc 8
state ifh-fields cmds 1
COMMAND show file
DESCRIPTION Display current configuration for known hosts and state of file transfers.
ARGUMENTS
This command has no arguments.
EXAMPLES
Display the status of a current file transfer
default-1# show file transfer-operations
file transfer-operations transfer-operation images/BIGIP-bigip15.1.x.ALL-VELOS.qcow2.zip 192.0.2.11 build/bigip/v15.1.x/BIGIP-bigip15.1.x.ALL-VELOS.qcow2.zip "Import file" "HTTPS "
status "In Progress (12.0%)"
timestamp "Fri Jun 11 21:56:06 2021"
COMMAND show history
DESCRIPTION Display a history of commands run on the partition.
ARGUMENTS
EXAMPLE
Display the last five commands that were run on the partition:
default-1# show history 5
02:22:41 -- show running-config stp
02:22:57 -- show running-config system
02:23:05 -- show running-config cluster
02:24:13 -- show running-config vlans
02:28:39 -- show history
COMMAND show images
DESCRIPTION Display all images in the partition. Also shows which image is currently in use and which have been replicated to the other system controller.
ARGUMENTS This command has no arguments.
EXAMPLE
Display all images on the current partition:
default-1# show images
IN
NAME USE STATUS
--------------------------------------------------------------------------------------
BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle true replicated
COMMAND show interfaces
DESCRIPTION Display information about blade network interfaces. This includes options for link aggregation.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display only the first level of interface information:
default-1# show interfaces displaylevel 1
interfaces interface 1/1.0
interfaces interface 1/2.0
interfaces interface 2/1.0
interfaces interface 2/2.0
Display information two levels deep for all interfaces:
default-1# show interfaces displaylevel 2
interfaces interface 1/1.0
state name 1/1.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status DOWN
state counters in-octets 0
state counters in-unicast-pkts 0
state counters in-broadcast-pkts 0
state counters in-multicast-pkts 0
state counters in-discards 0
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:00
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
interfaces interface 1/2.0
state name 1/2.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status UP
state counters in-octets 12912213797284
state counters in-unicast-pkts 522514104
state counters in-broadcast-pkts 200979372285
state counters in-multicast-pkts 17092141
state counters in-discards 3949892934
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:01
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
interfaces interface 2/1.0
state name 2/1.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status UP
state counters in-octets 35352746791704
state counters in-unicast-pkts 128530545045
state counters in-broadcast-pkts 16241112162
state counters in-multicast-pkts 137385018018
state counters in-discards 2984046990
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:80
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
interfaces interface 2/2.0
state name 2/2.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status UP
state counters in-octets 35352746816000
state counters in-unicast-pkts 128530545045
state counters in-broadcast-pkts 16241112170
state counters in-multicast-pkts 137385018209
state counters in-discards 2984047014
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:81
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
Display information only about interface 1/1.0:
default-1# show interfaces interface 1/1.0
interfaces interface 1/1.0
state name 1/1.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status DOWN
state counters in-octets 0
state counters in-unicast-pkts 0
state counters in-broadcast-pkts 0
state counters in-multicast-pkts 0
state counters in-discards 0
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:00
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
Display state information for interface 1/1.0:
default-1# show interfaces interface 1/1.0 state
state name 1/1.0
state type ethernetCsmacd
state mtu 9600
state enabled true
state oper-status DOWN
state counters in-octets 0
state counters in-unicast-pkts 0
state counters in-broadcast-pkts 0
state counters in-multicast-pkts 0
state counters in-discards 0
state counters in-errors 0
state counters in-fcs-errors 0
state counters out-octets 0
state counters out-unicast-pkts 0
state counters out-broadcast-pkts 0
state counters out-multicast-pkts 0
state counters out-discards 0
state counters out-errors 0
state forward-error-correction auto
state lacp_state LACP_DEFAULTED
Display Ethernet information for interface 1/1.0:
default-1# show interfaces interface 1/1.0 ethernet
ethernet state port-speed SPEED_100GB
ethernet state hw-mac-address 00:94:a1:8e:f8:00
ethernet state counters in-mac-control-frames 0
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-8021q-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-control-frames 0
ethernet state counters out-mac-pause-frames 0
ethernet state counters out-8021q-frames 0
ethernet state flow-control rx on
Display information about interface 1/1.0 using table output:
default-1# show interfaces interface 1/1.0 | tab
OUT
IN IN IN OUT OUT OUT FORWARD IN MAC IN MAC IN IN IN IN OUT MAC MAC OUT
OPER IN UNICAST BROADCAST MULTICAST IN IN IN FCS OUT UNICAST BROADCAST MULTICAST OUT OUT ERROR LAG LAG DISTRIBUTION MAC CONTROL PAUSE OVERSIZE JABBER FRAGMENT 8021Q IN CRC CONTROL PAUSE 8021Q MEMBER MEMBER
NAME NAME TYPE MTU ENABLED STATUS OCTETS PKTS PKTS PKTS DISCARDS ERRORS ERRORS OCTETS PKTS PKTS PKTS DISCARDS ERRORS CORRECTION LACP STATE TYPE SPEED HASH ADDRESS LAGID PORT SPEED HW MAC ADDRESS FRAMES FRAMES FRAMES FRAMES FRAMES FRAMES ERRORS FRAMES FRAMES FRAMES RX VLAN NAME STATUS
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1/1.0 1/1.0 ethernetCsmacd 9600 true DOWN 0 0 0 0 0 0 0 0 0 0 0 0 0 auto LACP_DEFAULTED - - - - - SPEED_100GB 00:94:a1:8e:f8:00 0 0 0 0 0 0 0 0 0 0 on -
Display aggregation-specific output for a LAG named test-lag
:
default-1# show interfaces interface test-lag aggregation
aggregation state lag-type STATIC
aggregation state lag-speed 200
aggregation state distribution-hash src-dst-ipport
aggregation state mac-address 00:0a:49:ff:48:0c
aggregation state lagid 2
MEMBER MEMBER
NAME STATUS
----------------
4/1.0 UP
4/2.0 UP
Display information about a LAG interface named lag1
:
default-1# show interfaces interface lag1
interfaces interface lag1
aggregation state lag-type STATIC
aggregation state lag-speed 0
aggregation state mac-address 00:94:a1:8d:18:0a
COMMAND show interfaces interface state forward-error-correction
DESCRIPTION Displays forward error correction state
ARGUMENTS
Example
default-1# show interfaces interface state forward-error-correction | tab
FORWARD
ERROR
NAME CORRECTION
------------------
1.0 enabled
2.0 disabled
3.0 not_supported
4.0 not_supported
5.0 not_supported
6.0 not_supported
7.0 not_supported
8.0 not_supported
9.0 not_supported
10.0 enabled
11.0 disabled
COMMAND show iptunnels
DESCRIPTION Display all IP tunnel configurations.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all IP tunnel information on the system:
default-1# show iptunnels
iptunnels iptunnel vxlan state dport 4789
iptunnels iptunnel vxlan state gpe enabled
iptunnels iptunnel vxlan state gpe dport 4790
iptunnels iptunnel vxlan state gpe nsh disabled
iptunnels iptunnel nvgre state ethertype 0x6558
iptunnels iptunnel geneve state dport 6081
iptunnels iptunnel geneve state enabled
COMMAND
show lacp
DESCRIPTION
Display the current LACP configuration and state information for global and all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display information about configured LACP interfaces:
default-1# show lacp
lacp state system-id-mac 00:94:a1:8e:4c:08
lacp interfaces interface testLAG
state name testLAG
state interval FAST
state lacp-mode ACTIVE
state system-id-mac 0:94:a1:8e:4c:8
Display one level of information about configured LACP interfaces:
default-1# show lacp displaylevel 1
lacp state system-id-mac 00:94:a1:8e:4c:08
lacp interfaces interface testLAG
COMMAND
show lacp interfaces
DESCRIPTION
Show current LACP state for all LACP interfaces.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.system-priority
and the stack MAC address.COMMAND
show lacp interfaces interface
DESCRIPTION
Show current LACP config and state information for an LACP interface.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display information about the testLAG
interface:
default-1# show lacp interfaces interface testLAG
lacp interfaces interface testLAG
state name testLAG
state interval FAST
state lacp-mode ACTIVE
state system-id-mac 0:94:a1:8e:4c:8
COMMAND
show lacp state
DESCRIPTION
Display global LACP state information.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.system-priority
and the stack MAC address.EXAMPLE
Display the global state of LACP:
default-1# show lacp state
lacp state system-id-mac 00:94:a1:66:e0:08
COMMAND show last-logins
DESCRIPTION Display information about the most recent logins to the chassis partition.
ARGUMENTS
EXAMPLE
Display information about all recent logins:
default-1# show last-logins
last-logins user admin
login 2023-06-23T19:00:51.628405+00:00
authenticating-host partition1
client-host 172.18.65.191
transport cli-ssh
num-of-failed-logins 0
login 2023-06-23T17:11:59.38705+00:00
authenticating-host partition1
client-host 172.18.64.215
transport cli-ssh
num-of-failed-logins 0
login 2023-06-22T23:39:10.061758+00:00
authenticating-host partition1
client-host 172.18.64.164
transport rest-http
num-of-failed-logins 0
login 2023-06-22T23:39:10.042378+00:00
authenticating-host partition1
client-host 172.18.64.164
transport rest-http
num-of-failed-logins 0
login 2023-06-22T23:39:10.018109+00:00
authenticating-host partition1
client-host 172.18.64.164
transport rest-http
num-of-failed-logins 0
COMMAND show lldp
DESCRIPTION Display the information about Link Layer Discovery Protocol (LLDP) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display all LLDP information:
default-1# show lldp
lldp state enabled
lldp state chassis-id "Temporary ChassisId"
lldp state chassis-id-type LOCAL
lldp interfaces interface 1/1.0
state name 1/1.0
state enabled
state counters frame-in 0
state counters frame-out 8
neighbors neighbor DL?U?uEthernet16/1
config
state system-name SDSW-100gb
state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
state chassis-id 44:4c:a8:55:82:75
state chassis-id-type MAC_ADDRESS
state ttl 120
state port-id Ethernet16/1
state port-id-type INTERFACE_NAME
state management-address 192.0.2.4
TYPE OUI OUI SUBTYPE CONFIG TYPE OUI OUI SUBTYPE VALUE
-------------------------------------------------------------------------------------------------------------------
127 IEEE802.1 PVID - 127 IEEE802.1 PVID 1
127 IEEE802.3 Aggregation Port Id - 127 IEEE802.3 Aggregation Port Id 0
127 IEEE802.3 Aggregation Status - 127 IEEE802.3 Aggregation Status 1
127 IEEE802.3 MAC/PHY Auto-negotiation Status - 127 IEEE802.3 MAC/PHY Auto-negotiation Status 0
127 IEEE802.3 MAC/PHY MAU Type - 127 IEEE802.3 MAC/PHY MAU Type 0
127 IEEE802.3 MAC/PHY PMD Capability - 127 IEEE802.3 MAC/PHY PMD Capability 0
127 IEEE802.3 Maximum Frame Size - 127 IEEE802.3 Maximum Frame Size 9236
Display only the first level of LLDP information:
default-1# show lldp displaylevel 1
lldp state enabled
lldp state chassis-id "Temporary ChassisId"
lldp state chassis-id-type LOCAL
lldp interfaces interface 1/1.0
Display only the interface level LLDP information:
default-1# show lldp interfaces interface 1/1.0
state name 1/1.0
state enabled
state counters frame-in 0
state counters frame-out 8
neighbors neighbor DL?U?uEthernet16/1
config
state system-name SDSW-100gb
state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
state chassis-id 44:4c:a8:55:82:75
state chassis-id-type MAC_ADDRESS
state ttl 120
state port-id Ethernet16/1
state port-id-type INTERFACE_NAME
state management-address 192.0.2.4
TYPE OUI OUI SUBTYPE CONFIG TYPE OUI OUI SUBTYPE VALUE
-------------------------------------------------------------------------------------------------------------------
127 IEEE802.1 PVID - 127 IEEE802.1 PVID 1
127 IEEE802.3 Aggregation Port Id - 127 IEEE802.3 Aggregation Port Id 0
127 IEEE802.3 Aggregation Status - 127 IEEE802.3 Aggregation Status 1
127 IEEE802.3 MAC/PHY Auto-negotiation Status - 127 IEEE802.3 MAC/PHY Auto-negotiation Status 0
127 IEEE802.3 MAC/PHY MAU Type - 127 IEEE802.3 MAC/PHY MAU Type 0
127 IEEE802.3 MAC/PHY PMD Capability - 127 IEEE802.3 MAC/PHY PMD Capability 0
127 IEEE802.3 Maximum Frame Size - 127 IEEE802.3 Maximum Frame Size 9236
Display only the interface neighbor information:
default-1# show lldp interfaces interface 1/1.0 neighbors neighbor
neighbors neighbor DL?U?uEthernet16/1
config
state system-name SDSW-100gb
state system-description "Arista Networks EOS version 4.16.7FX-7060X running on an Arista Networks DCS-7060CX-32S"
state chassis-id 44:4c:a8:55:82:75
state chassis-id-type MAC_ADDRESS
state ttl 120
state port-id Ethernet16/1
state port-id-type INTERFACE_NAME
state management-address 192.0.2.4
TYPE OUI OUI SUBTYPE CONFIG TYPE OUI OUI SUBTYPE VALUE
-------------------------------------------------------------------------------------------------------------------
127 IEEE802.1 PVID - 127 IEEE802.1 PVID 1
127 IEEE802.3 Aggregation Port Id - 127 IEEE802.3 Aggregation Port Id 0
127 IEEE802.3 Aggregation Status - 127 IEEE802.3 Aggregation Status 1
127 IEEE802.3 MAC/PHY Auto-negotiation Status - 127 IEEE802.3 MAC/PHY Auto-negotiation Status 0
127 IEEE802.3 MAC/PHY MAU Type - 127 IEEE802.3 MAC/PHY MAU Type 0
127 IEEE802.3 MAC/PHY PMD Capability - 127 IEEE802.3 MAC/PHY PMD Capability 0
127 IEEE802.3 Maximum Frame Size - 127 IEEE802.3 Maximum Frame Size 9236
COMMAND show parser
DESCRIPTION Display information about available commands and their syntax.
ARGUMENTS
EXAMPLE
Display information about all commands:
default-1# show parser dump
autowizard [false/true]
cd <Dir>
cd
clear history
compare file <File> [brief]
compare file <File> [brief] SNMP-COMMUNITY-MIB snmpCommunityTable snmpCommunityEntry
compare file <File> [brief] SNMP-NOTIFICATION-MIB snmpNotifyTable snmpNotifyEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetAddrTable snmpTargetAddrEntry
compare file <File> [brief] SNMP-TARGET-MIB snmpTargetParamsTable snmpTargetParamsEntry
compare file <File> [brief] SNMP-USER-BASED-SM-MIB usmUserTable usmUserEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmAccessTable vacmAccessEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmSecurityToGroupTable vacmSecurityToGroupEntry
compare file <File> [brief] SNMP-VIEW-BASED-ACM-MIB vacmViewTreeFamilyTable vacmViewTreeFamilyEntry
compare file <File> [brief] SNMPv2-MIB snmp snmpEnableAuthenTraps
compare file <File> [brief] SNMPv2-MIB system sysContact
compare file <File> [brief] SNMPv2-MIB system sysLocation
compare file <File> [brief] SNMPv2-MIB system sysName
compare file <File> [brief] cluster nodes node
compare file <File> [brief] components component
compare file <File> [brief] fdb mac-table entries entry
compare file <File> [brief] interfaces interface
compare file <File> [brief] lacp config system-priority
compare file <File> [brief] lacp interfaces interface
compare file <File> [brief] lldp config disabled
compare file <File> [brief] lldp interfaces interface
compare file <File> [brief] portgroups portgroup
compare file <File> [brief] stp global config
compare file <File> [brief] stp interfaces interface
compare file <File> [brief] stp mstp config hold-count
compare file <File> [brief] stp mstp mst-instances mst-instance
compare file <File> [brief] stp rstp config hold-count
compare file <File> [brief] stp rstp interfaces interface
compare file <File> [brief] stp stp config hold-count
compare file <File> [brief] stp stp interfaces interface
compare file <File> [brief] system aaa authentication config
compare file <File> [brief] system aaa authentication ldap bind_timelimit
compare file <File> [brief] system aaa authentication ldap idle_timelimit
compare file <File> [brief] system aaa authentication ldap ldap_version
compare file <File> [brief] system aaa authentication ldap ssl
compare file <File> [brief] system aaa authentication ldap timelimit
compare file <File> [brief] system aaa authentication ldap tls_reqcert
compare file <File> [brief] system aaa authentication roles role
compare file <File> [brief] system aaa authentication users user
compare file <File> [brief] system aaa password-policy config apply-to-root
compare file <File> [brief] system aaa password-policy config max-age
compare file <File> [brief] system aaa password-policy config max-login-failures
compare file <File> [brief] system aaa password-policy config min-length
compare file <File> [brief] system aaa password-policy config reject-username
compare file <File> [brief] system aaa password-policy config required-differences
compare file <File> [brief] system aaa password-policy config required-lowercase
compare file <File> [brief] system aaa password-policy config required-numeric
compare file <File> [brief] system aaa password-policy config required-special
compare file <File> [brief] system aaa password-policy config required-uppercase
compare file <File> [brief] system aaa password-policy config retries
compare file <File> [brief] system aaa password-policy config root-lockout
compare file <File> [brief] system aaa password-policy config root-unlock-time
--More--
COMMAND show partition
DESCRIPTION Display information about the partition, including the chassis base MAC address. All MAC addresses in the partition are offset of the base MAC address.
ARGUMENTS This command has no arguments.
EXAMPLE
Display information about the current partition:
default-1# show partition
partition chassis-base-mac 00:94:a1:8e:e8:00
COMMAND show port-listeners
DESCRIPTION Display information about configured port listeners.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.COMMAND show portgroups
DESCRIPTION Display information about portgroups.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the first level of information for portgroup 1/1:
default-1# show portgroups portgroup 1/1 state displaylevel 1
state vendor-name "F5 NETWORKS INC."
state vendor-oui 009065
state vendor-partnum "OPT-0031 "
state vendor-revision A0
state vendor-serialnum "X1KA007 "
state transmitter-technology "850 nm VCSEL"
state media 100GBASE-SR4
state optic-state QUALIFIED
state ddm rx-pwr low-threshold alarm -14.0
state ddm rx-pwr low-threshold warn -11.0
state ddm rx-pwr instant val-lane1 -2.93
state ddm rx-pwr instant val-lane2 -2.81
state ddm rx-pwr instant val-lane3 -2.77
state ddm rx-pwr instant val-lane4 -2.9
state ddm rx-pwr high-threshold alarm 3.4
state ddm rx-pwr high-threshold warn 2.4
state ddm tx-pwr low-threshold alarm -10.0
state ddm tx-pwr low-threshold warn -8.0
state ddm tx-pwr instant val-lane1 -1.2
state ddm tx-pwr instant val-lane2 -1.01
state ddm tx-pwr instant val-lane3 -1.03
state ddm tx-pwr instant val-lane4 -1.13
state ddm tx-pwr high-threshold alarm 5.0
state ddm tx-pwr high-threshold warn 3.0
state ddm temp low-threshold alarm -5.0
state ddm temp low-threshold warn 0.0
state ddm temp instant val 33.3007
state ddm temp high-threshold alarm 75.0
state ddm temp high-threshold warn 70.0
state ddm bias low-threshold alarm 0.003
state ddm bias low-threshold warn 0.005
state ddm bias instant val-lane1 0.00754
state ddm bias instant val-lane2 0.00752
state ddm bias instant val-lane3 0.00747
state ddm bias instant val-lane4 0.007526
state ddm bias high-threshold alarm 0.013
state ddm bias high-threshold warn 0.011
state ddm vcc low-threshold alarm 2.97
state ddm vcc low-threshold warn 3.135
state ddm vcc instant val 3.2288
state ddm vcc high-threshold alarm 3.63
state ddm vcc high-threshold warn 3.465
Display all information about portgroup 1/1:
default-1# show portgroups portgroup 1/1
portgroups portgroup 1/1
state vendor-name "F5 NETWORKS INC."
state vendor-oui 009065
state vendor-partnum "OPT-0031 "
state vendor-revision A0
state vendor-serialnum "X1KA007 "
state transmitter-technology "850 nm VCSEL"
state media 100GBASE-SR4
state optic-state QUALIFIED
state ddm rx-pwr low-threshold alarm -14.0
state ddm rx-pwr low-threshold warn -11.0
state ddm rx-pwr instant val-lane1 -2.9
state ddm rx-pwr instant val-lane2 -2.8
state ddm rx-pwr instant val-lane3 -2.76
state ddm rx-pwr instant val-lane4 -2.92
state ddm rx-pwr high-threshold alarm 3.4
state ddm rx-pwr high-threshold warn 2.4
state ddm tx-pwr low-threshold alarm -10.0
state ddm tx-pwr low-threshold warn -8.0
state ddm tx-pwr instant val-lane1 -1.19
state ddm tx-pwr instant val-lane2 -0.98
state ddm tx-pwr instant val-lane3 -0.98
state ddm tx-pwr instant val-lane4 -1.1
state ddm tx-pwr high-threshold alarm 5.0
state ddm tx-pwr high-threshold warn 3.0
state ddm temp low-threshold alarm -5.0
state ddm temp low-threshold warn 0.0
state ddm temp instant val 33.3359
state ddm temp high-threshold alarm 75.0
state ddm temp high-threshold warn 70.0
state ddm bias low-threshold alarm 0.003
state ddm bias low-threshold warn 0.005
state ddm bias instant val-lane1 0.00746
state ddm bias instant val-lane2 0.00754
state ddm bias instant val-lane3 0.00753
state ddm bias instant val-lane4 0.007516
state ddm bias high-threshold alarm 0.013
state ddm bias high-threshold warn 0.011
state ddm vcc low-threshold alarm 2.97
state ddm vcc low-threshold warn 3.135
state ddm vcc instant val 3.2288
state ddm vcc high-threshold alarm 3.63
state ddm vcc high-threshold warn 3.465
Display the optic-state
of portgroup 1/1:
default-1# show portgroups portgroup 1/1 state optic-state
state optic-state QUALIFIED
Display the vendor-name
of portgroup 1/1:
default-1# show portgroups portgroup 1/1 state vendor-name
state vendor-name "F5 NETWORKS INC."
default-1#
COMMAND
show qos
DESCRIPTION
Display the state of Quality of Service (QOS) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display the current state of QOS on the system:
default-1# show qos
qos global-setting state status 8021P-enabled
TRAFFIC PRIORITIES
NAME VTC
-----------
BE 0
BRZ 1
CTRL 2
GOLD 3
SIG 4
SIX 5
SVL 6
VOIP 7
qos global-setting state mapping-8021p default-traffic-priority BE
802.1p TRAFFIC PRIORITY MAPPING
NAME VALUE
-------------
BRZ 1
CTRL 3
GOLD 4
SIG 5-6
SVL 2
VOIP 7
NAME NAME WEIGHT
--------------------
mg1 BE 12
BRZ 1
CTRL 5
GOLD 5
SIG 10
SVL 5
VOIP 60
METER
NAME GROUP
------------------------
single-port-lag mg1
qos pmq-table type 8021P-enabled
VTC VALUE
--------------
0 { 0 }
1 { 1 }
2 { 3 }
3 { 4 }
4 { 5 6 }
6 { 2 }
7 { 7 }
BLADE MG
ID DID ID
----------------
1 20 1
2 20 1
DID NAME STATUS TYPE
------------------------------
20 2/1.0 UP IN_TRUNK
BLADE MG
ID ID VTC CIR CBS
-------------------------------------
1 1 0 2629571813 30612
1 219130984 2551
2 1095654922 12755
3 1095654922 12755
4 2191309844 25510
6 1095654922 12755
7 13147859069 153061
2 1 0 2629571813 30612
1 219130984 2551
2 1095654922 12755
3 1095654922 12755
4 2191309844 25510
6 1095654922 12755
7 13147859069 153061
YELLOW RED RED
TRAFFIC FORWARD BYTES FORWARD BYTES BYTES YELLOW BYTES BYTES BYTES
INTERFACE PRIORITY IN OUT IN OUT IN OUT
-----------------------------------------------------------------------------------------------
2/1.0 BE 2110864454001191 131307771322650 0 103916809262888 0 0
2/1.0 BRZ 0 131312895910348 0 129030133658924 0 0
2/1.0 CTRL 0 131317575236946 0 119903658605678 0 0
2/1.0 GOLD 0 131323436227602 0 119908472120928 0 0
2/1.0 SIG 0 262645909350346 0 239815984025754 0 0
2/1.0 SVL 0 131317514644604 0 119903604393560 0 0
2/1.0 VOIP 0 131326550473990 0 145599086 0 0
COMMAND
show qos state
DESCRIPTION
Display statistics for the Quality of Service (QOS) on the system.
ARGUMENTS
EXAMPLE
default-1# show qos state
YELLOW RED RED
TRAFFIC FORWARD BYTES FORWARD BYTES BYTES YELLOW BYTES BYTES BYTES
INTERFACE PRIORITY IN OUT IN OUT IN OUT
-----------------------------------------------------------------------------------------------
2/1.0 BE 2114664587148973 131544148433582 0 104103869411150 0 0
2/1.0 BRZ 0 131549277022618 0 129262405053096 0 0
2/1.0 CTRL 0 131553956091998 0 120119490686078 0 0
2/1.0 GOLD 0 131559803979756 0 120124291107562 0 0
2/1.0 SIG 0 263118645760244 0 240247622890914 0 0
2/1.0 SVL 0 131553892928998 0 120119433915478 0 0
2/1.0 VOIP 0 131562922186388 0 145599086 0 0
COMMAND show restconf-state
DESCRIPTION Display capabilities supported by the RESTCONF server.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display all supported capabilities:
default-1# show restconf-state
restconf-state capabilities capability urn:ietf:params:restconf:capability:defaults:1.0?basic-mode=report-all
restconf-state capabilities capability urn:ietf:params:restconf:capability:depth:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:fields:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:with-defaults:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:filter:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:replay:1.0
restconf-state capabilities capability urn:ietf:params:restconf:capability:yang-patch:1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/collection/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/query-api/1.0
restconf-state capabilities capability http://tail-f.com/ns/restconf/unhide/1.0
COMMAND show running-config
DESCRIPTION Display the current configuration for a partition. By default, the whole configuration is displayed. You can limit what is shown by supplying a pathfilter. The pathfilter may be either a path pointing to a specific instance, or if an instance id is omitted, the part following the omitted instance is treated as a filter.
ARGUMENTS
For information about these arguments, see these sections on the partition show-SNMP-FRAMEWORK-MIB
page.
EXAMPLE
Display the current running configuration for VLANs:
default-1# show running-config vlans
vlans vlan 1
!
vlans vlan 2
!
vlans vlan 3
!
vlans vlan 4
!
vlans vlan 5
!
vlans vlan 7
!
vlans vlan 100
!
vlans vlan 101
!
vlans vlan 1004
!
vlans vlan 1005
!
vlans vlan 1025
!
vlans vlan 1028
!
vlans vlan 1029
!
vlans vlan 1037
!
vlans vlan 1038
!
Display information about configured portgroups:
default-1# show running-config portgroups portgroup 1/1 config
portgroups portgroup 1/1
config name 1/1
config mode MODE_100GB
config ddm ddm-poll-frequency 30
Display information about interface 1.0 on blade-1:
default-1# show running-config interfaces interface 1/1.0 config
interfaces interface 1/1.0
config name 1/1.0
config type ethernetCsmacd
config enabled
Display information about a LAG named test-lag
:
default-1# show running-config interfaces interface test-lag aggregation config
interfaces interface test-lag
aggregation config lag-type STATIC
aggregation config distribution-hash src-dst-ipport
Display information about the LAG assigned to interface 1.0 on blade-4:
default-1# show running-config interfaces interface 4/1.0 ethernet config
interfaces interface 4/1.0
ethernet config aggregate-id test-lag
!
COMMAND show service-instances
DESCRIPTION
Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.
This command displays all the service instances in a partition.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the service-type
value for each service-instance:
default-1# show service-instances service-instance service-type| tab
SLOT
TENANT NAME ID SERVICE TYPE
---------------------------------------
L2FwdSvc-1 1 ST_SYSTEM_SERVICE
L2FwdSvc-2 2 ST_SYSTEM_SERVICE
L2FwdSvc-3 3 ST_SYSTEM_SERVICE
L2FwdSvc-4 4 ST_SYSTEM_SERVICE
L2FwdSvc-5 5 ST_SYSTEM_SERVICE
L2FwdSvc-6 6 ST_SYSTEM_SERVICE
L2FwdSvc-7 7 ST_SYSTEM_SERVICE
L2FwdSvc-8 8 ST_SYSTEM_SERVICE
SwRbcaster-1 1 ST_SYSTEM_SERVICE
SwRbcaster-2 2 ST_SYSTEM_SERVICE
SwRbcaster-3 3 ST_SYSTEM_SERVICE
SwRbcaster-4 4 ST_SYSTEM_SERVICE
SwRbcaster-5 5 ST_SYSTEM_SERVICE
SwRbcaster-6 6 ST_SYSTEM_SERVICE
SwRbcaster-7 7 ST_SYSTEM_SERVICE
SwRbcaster-8 8 ST_SYSTEM_SERVICE
defaultbip-1 1 ST_TENANT_SERVICE
defaultbip-1 2 ST_TENANT_SERVICE
defaultbip-1 3 ST_TENANT_SERVICE
endtraffic 7 ST_TENANT_SERVICE
samit109s 1 ST_TENANT_SERVICE
Display the tenant-id
value for each service-instance:
default-1# show service-instances service-instance tenant-id
SLOT TENANT
TENANT NAME ID ID
----------------------------
L2FwdSvc-1 1 0
L2FwdSvc-2 2 0
L2FwdSvc-3 3 0
L2FwdSvc-4 4 0
L2FwdSvc-5 5 0
L2FwdSvc-6 6 0
L2FwdSvc-7 7 0
L2FwdSvc-8 8 0
SwRbcaster-1 1 0
SwRbcaster-2 2 0
SwRbcaster-3 3 0
SwRbcaster-4 4 0
SwRbcaster-5 5 0
SwRbcaster-6 6 0
SwRbcaster-7 7 0
SwRbcaster-8 8 0
defaultbip-1 1 1
defaultbip-1 2 1
defaultbip-1 3 1
endtraffic 7 9
samit109s 1 8
COMMAND show service-pods
DESCRIPTION
Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.
This command displays all the system service pods in a partition.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display all service pods:
default-1# show service-pods
SERVICE POD POD
SERVICE CLUSTER SLOT POD RESTART POD
SERVICE NAME CLUSTER IP PORT ID STATUS COUNT STATE POD MESSAGE
--------------------------------------------------------------------------------------------
lacpd 192.0.2.162 80 6 true 0 Running Running Successfully
lldpd 192.0.2.119 80 2 true 0 Running Running Successfully
stpd 192.0.2.161 80 2 true 0 Running Running Successfully
tmstat-rsync 192.0.2.96 1069 4 true 0 Running Running Successfully
Display pod messages for service pods:
default-1# show service-pods service-pod pod-message
SERVICE NAME POD MESSAGE
------------------------------------
lacpd Running Successfully
lldpd Running Successfully
stpd Running Successfully
tmstat-rsync Running Successfully
COMMAND show service-table
DESCRIPTION Display service tables for a partition.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND show services
DESCRIPTION
Services are deployed for system features such as the Link Aggregation Control Protocol, Spanning Tree Protocol, etc., as well as for tenants deployed on the system. A service may have multiple instances. A system service is deployed in a Pod.
This command displays the internal configuration of services in a partition.
IMPORTANT: The detailed information displayed by this command is intended for use by F5 support engineers, rather than by end users.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.id
, you can specify a service ID or one of these options: EXAMPLE
Display currently-running services:
default-1# show services
USE USE
SERVICE HASH FIELD FULL TUNNEL IP HASH FIELD FULL TUNNEL IP
ID ALG SELECT MASK MASK SELECT PROTO ALG SELECT MASK MASK SELECT PROTO TENANT NAME
-----------------------------------------------------------------------------------------------------------
8 dagv2 port true outer false dagv2 port true outer false defaultbip-1
11 dagv2 port true outer false dagv2 port true outer false endtraffic
COMMAND
show stp
DESCRIPTION
Displays the state of Spanning Tree Protocol (STP) on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display all STP information:
default-1# show stp
stp global state enabled-protocol { STP }
stp rstp state hold-count 6
stp mstp state hold-count 6
LINK
NAME NAME EDGE PORT TYPE
----------------------------------
2/1.0 2/1.0 EDGE_DISABLE P2P
2/2.0 2/2.0 - P2P
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:8d:18:8
stp stp state designated-root-priority 8192
stp stp state designated-root-address 2:1c:73:ff:64:bb
stp stp state root-port 3
stp stp state root-cost 2200
stp stp state topology-changes 3
stp stp state time-since-topology-change 102
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 200 100 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 2 24 134
2/2.0 2/2.0 200 100 4 ALTERNATE BLOCKING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 45 1 20 203
default-1#
Display only the first level of STP information:
default-1# show stp stp displaylevel 1
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:8d:18:8
stp stp state designated-root-priority 8192
stp stp state designated-root-address 2:1c:73:ff:64:bb
stp stp state root-port 3
stp stp state root-cost 2200
stp stp state topology-changes 3
stp stp state time-since-topology-change 568
stp stp interfaces interface 2/1.0
stp stp interfaces interface 2/2.0
default-1# show stp stp displaylevel 2
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:8d:18:8
stp stp state designated-root-priority 8192
stp stp state designated-root-address 2:1c:73:ff:64:bb
stp stp state root-port 3
stp stp state root-cost 2200
stp stp state topology-changes 3
stp stp state time-since-topology-change 610
stp stp interfaces interface 2/1.0
state name 2/1.0
state cost 200
state port-priority 100
state port-num 3
state role ROOT
state port-state FORWARDING
state designated-root-priority 8192
state designated-root-address 2:1c:73:ff:64:bb
state designated-cost 2000
state designated-bridge-priority 32768
state designated-bridge-address 0:be:75:ae:1b:31
state designated-port-priority 128
state designated-port-num 37
state forward-transisitions 2
state counters bpdu-sent 40
state counters bpdu-received 455
stp stp interfaces interface 2/2.0
state name 2/2.0
state cost 200
state port-priority 100
state port-num 4
state role ALTERNATE
state port-state BLOCKING
state designated-root-priority 8192
state designated-root-address 2:1c:73:ff:64:bb
state designated-cost 2000
state designated-bridge-priority 32768
state designated-bridge-address 0:be:75:ae:1b:31
state designated-port-priority 128
state designated-port-num 45
state forward-transisitions 1
state counters bpdu-sent 20
state counters bpdu-received 526
default-1#
COMMAND
show stp global state enabled-protocol
DESCRIPTION
Display which STP protocol is currently enabled for the partition. There is either one enabled protocol per partition or None.
EXAMPLE
Display the currently-enabled protocol:
default-1# show stp global state enabled-protocol
stp global state enabled-protocol { STP }
COMMAND
show stp interfaces interface
DESCRIPTION
Display information about configured STP interfaces, including the current link type and edge port status.
ARGUMENTS
EXAMPLE
Display information about all configured STP interfaces:
default-1# show stp interfaces
LINK
NAME NAME EDGE PORT TYPE
----------------------------------
2/1.0 2/1.0 EDGE_DISABLE P2P
default-1#
Display information about STP interface 2/1.0:
default-1# show stp interfaces interface 2/1.0
LINK
NAME NAME EDGE PORT TYPE
----------------------------------
2/1.0 2/1.0 EDGE_DISABLE P2P
default-1#
COMMAND
show stp mstp
DESCRIPTION
Display all system state related to the MSTP protocol. These fields are populated only when the STP global enabled-protocol
is MSTP
.
EXAMPLE
Display MSTP information:
default-1# show stp mstp
stp mstp state name f5-mstp-test
stp mstp state revision 1
stp mstp state max-hop 20
stp mstp state hello-time 2
stp mstp state max-age 20
stp mstp state forwarding-delay 15
stp mstp state hold-count 6
stp mstp mst-instances mst-instance 555
state mst-id 555
state vlan { 555 }
state bridge-priority 61440
state designated-root-priority 61440
state designated-root-address 0:94:a1:8d:18:8
state root-port 0
state root-cost 0
state topology-changes 1
state time-since-topology-change 136
DESIGNATED DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 3 1 3 70
2/2.0 2/2.0 100 128 4 ALTERNATE BLOCKING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 4 0 2 71
default-1#
COMMAND
show stp mstp mst-instances
DESCRIPTION
Display all configured MST instances and their state.
EXAMPLE
Display information about all configured MST instances:
default-1# show stp mstp mst-instances
stp mstp mst-instances mst-instance 555
state mst-id 555
state vlan { 555 }
state bridge-priority 61440
state designated-root-priority 61440
state designated-root-address 0:94:a1:8d:18:8
state root-port 0
state root-cost 0
state topology-changes 1
state time-since-topology-change 274
DESIGNATED DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 3 1 3 139
2/2.0 2/2.0 100 128 4 ALTERNATE BLOCKING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 4 0 2 140
default-1#
COMMAND
show stp mstp mst-instances mst-instance
DESCRIPTION
Display information about a specific MST instance and its state. You can optionally specify a single attribute. Available options are:
root-port
.stp mstp mst-instances mst-instances {mst-id} interfaces interface {name} state port-num
.EXAMPLE
Display information about mst-instance
555:
default-1# show stp mstp mst-instances mst-instance 555
stp mstp mst-instances mst-instance 555
state mst-id 555
state vlan { 555 }
state bridge-priority 61440
state designated-root-priority 61440
state designated-root-address 0:94:a1:8d:18:8
state root-port 0
state root-cost 0
state topology-changes 1
state time-since-topology-change 396
DESIGNATED DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 3 1 3 200
2/2.0 2/2.0 100 128 4 ALTERNATE BLOCKING 0 0:0:0:0:0:0 0 61440 0:94:a1:8d:18:8 128 4 0 2 201
default-1#
COMMAND
show stp mstp state
DESCRIPTION
Display the global state for the MSTP protocol. You can optionally specify a single attribute. Available options are:
EXAMPLE
Display information about the global state for MSTP:
default-1# show stp mstp state
stp mstp state name f5-mstp-test
stp mstp state revision 1
stp mstp state max-hop 20
stp mstp state hello-time 2
stp mstp state max-age 20
stp mstp state forwarding-delay 15
stp mstp state hold-count 6
Display the MSTP name:
default-1# show stp mstp state name
stp mstp state name f5-mstp-test
Display the MSTP revision:
default-1# show stp mstp state revision
stp mstp state revision 1
Display the MSTP max-hop:
default-1# show stp mstp state max-hop
stp mstp state max-hop 20
Display the MSTP hello-time:
default-1# show stp mstp state hello-time
stp mstp state hello-time 2
Display the MSTP max-age:
default-1# show stp mstp state max-age
stp mstp state max-age 20
Display the MSTP forwarding-delay:
default-1# show stp mstp state forwarding-delay
stp mstp state forwarding-delay 15
Display the MSTP hold-count:
default-1# show stp mstp state hold-count
stp mstp state hold-count 6
COMMAND
show stp rstp
DESCRIPTION
Display all system state related to the RSTP protocol. These fields are only populated when the stp global enabled-protocol
is RSTP
.
EXAMPLE
Display RSTP information:
default-1# show stp rstp
stp rstp state hello-time 2
stp rstp state max-age 20
stp rstp state forwarding-delay 15
stp rstp state hold-count 6
stp rstp state bridge-priority 32768
stp rstp state bridge-address 0:94:a1:8d:18:8
stp rstp state designated-root-priority 8192
stp rstp state designated-root-address 2:1c:73:ff:64:bb
stp rstp state root-port 3
stp rstp state root-cost 2100
stp rstp state topology-changes 1
stp rstp state time-since-topology-change 10
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 1 2 7
2/2.0 2/2.0 100 128 4 ALTERNATE BLOCKING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 45 0 2 8
default-1#
COMMAND
show stp rstp interfaces interface
DESCRIPTION
Display information about configured RSTP interfaces
EXAMPLE
Display information about all configured RSTP interfaces:
default-1# show stp rstp interfaces
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 1 2 70
2/2.0 2/2.0 100 128 4 ALTERNATE BLOCKING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 45 0 2 71
default-1#
Display information about RSTP interface 2/1.0:
default-1# show stp rstp interfaces interface 2/1.0
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 100 128 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 1 2 98
default-1#
COMMAND
show stp stp
DESCRIPTION
Display all system state related to the STP protocol. These fields are only populated
when the STP global enabled-protocol
is STP
.
EXAMPLE
default-1# show stp stp
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:8d:18:8
stp stp state designated-root-priority 8192
stp stp state designated-root-address 2:1c:73:ff:64:bb
stp stp state root-port 3
stp stp state root-cost 2200
stp stp state topology-changes 3
stp stp state time-since-topology-change 1268
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 200 100 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 2 40 784
2/2.0 2/2.0 200 100 4 ALTERNATE BLOCKING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 45 1 20 853
default-1#
COMMAND
show stp stp interfaces
DESCRIPTION
Display all system state related to interfaces configured for the STP protocol.
EXAMPLE
default-1# show stp stp interfaces
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 200 100 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 2 40 841
2/2.0 2/2.0 200 100 4 ALTERNATE BLOCKING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 45 1 20 910
default-1#
COMMAND
show stp stp interfaces interface
DESCRIPTION
Display information about configured STP interfaces.
EXAMPLE
Display information about STP interface 2/1.0:
default-1# show stp stp interfaces interface 2/1.0
DESIGNATED DESIGNATED DESIGNATED
PORT PORT ROOT DESIGNATED ROOT DESIGNATED BRIDGE DESIGNATED PORT DESIGNATED FORWARD BPDU BPDU
NAME NAME COST PRIORITY NUM ROLE PORT STATE PRIORITY ADDRESS COST PRIORITY BRIDGE ADDRESS PRIORITY PORT NUM TRANSISITIONS SENT RECEIVED
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2/1.0 2/1.0 200 100 3 ROOT FORWARDING 8192 2:1c:73:ff:64:bb 2000 32768 0:be:75:ae:1b:31 128 37 2 40 914
default-1#
COMMAND
show stp stp state
DESCRIPTION
Display any global state specific to the STP protocol. You can optionally specify a single attribute. Available options are:
root-port
.stp rstp interfaces interface {name} state port-num
.EXAMPLE
Display information about the global state for STP:
default-1# show stp stp state
stp stp state hello-time 2
stp stp state max-age 20
stp stp state forwarding-delay 15
stp stp state hold-count 6
stp stp state bridge-priority 32768
stp stp state bridge-address 0:94:a1:8d:18:8
stp stp state designated-root-priority 8192
stp stp state designated-root-address 2:1c:73:ff:64:bb
stp stp state root-port 3
stp stp state root-cost 2100
stp stp state topology-changes 1
stp stp state time-since-topology-change 418
Display the STP hello-time:
default-1# show stp stp state hello-time
stp stp state hello-time 2
Display the STP max-age:
default-1# show stp stp state max-age
stp stp state max-age 20
Display the STP forwarding-delay:
default-1# show stp stp state forwarding-delay
stp stp state forwarding-delay 15
Display the STP hold-count:
default-1# show stp stp state hold-count
stp stp state hold-count 6
Display the STP bridge-priority:
default-1# show stp stp state bridge-priority
stp stp state bridge-priority 32768
Display the STP bridge-address:
default-1# show stp stp state bridge-address
stp stp state bridge-address 0:94:a1:8d:18:8
Display the STP designated-root-priority:
default-1# show stp stp state designated-root-priority
stp stp state designated-root-priority 8192
Display the STP designated-root-address:
default-1# show stp stp state designated-root-address
stp stp state designated-root-address 2:1c:73:ff:64:bb
Display the STP root-port:
default-1# show stp stp state root-port
stp stp state root-port 3
Display the STP root-cost:
default-1# show stp stp state root-cost
stp stp state root-cost 2100
Display the STP topology-changes:
default-1# show stp stp state topology-changes
stp stp state topology-changes 1
Display the STP time-since-topology-change:
default-1# show stp stp state time-since-topology-change
stp stp state time-since-topology-change 486
COMMAND show system aaa
DESCRIPTION Display chassis partition user authentication information, including information about roles, users, primary key, server groups, and TLS.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the default chassis partition accounts:
default-2# show system aaa authentication
system aaa authentication state basic enabled
system aaa authentication state cert-auth disabled
system aaa authentication f5-aaa-token:state basic enabled
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
AUTHORIZED LAST TALLY EXPIRY
USERNAME KEYS CHANGE COUNT ROLE STATUS
-----------------------------------------------------
admin - 0 0 admin enabled
root - 0 0 root enabled
REMOTE LDAP
ROLENAME GID GID GROUP DESCRIPTION USERS
-----------------------------------------------------------------------------------------------------------------------------
admin 9000 - - Unrestricted read/write access. -
operator 9001 - - Read-only access to system level data. -
resource-admin 9003 - - Restricted read/write access. No access to modify authentication configuration. -
user 9002 - - Read-only access to non-sensitive system level data. -
Display information for the primary key:
default-1# show system aaa primary-key
system aaa primary-key state hash bIVhabcdtroyOkxMKYjyDEFGTd0NX4Ch1234Mi+5aFk9WbxdM6RTzl5678HYkCwnQkOE1ict0Y7Z3uOLgjYNBQ==
system aaa primary-key state status "COMPLETE Initiated: Tue Mar 7 22:32:04 2023"
Show the TLS certificate:
default-1# show system aaa tls state certificate
Show the current CRLs in the system:
default-1# show system aaa tls crls crl
Show the status of Online Certificate Status Protocol (OCSP) on the system:
default-1# show system aaa authentication ocsp
system aaa authentication ocsp state override-responder off
system aaa authentication ocsp state response-max-age -1
system aaa authentication ocsp state response-time-skew 300
system aaa authentication ocsp state nonce-request on
system aaa authentication ocsp state disabled
Show the current RESTCONF token lifetime:
default-1# show system aaa restconf-token
system aaa restconf-token state lifetime 25
Show the status of client certificate authentication on the system:
default-1# show system aaa authentication state cert-auth
system aaa authentication state cert-auth disabled
Show the token lifetime value in minutes:
default-1# show system aaa restconf-token
system aaa restconf-token state lifetime 15
COMMAND show system alarms
DESCRIPTION Display information about system alarms.
EXAMPLE
Display active alarm conditions:
default-1# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
-------------------------------------------------------------------------------------------------
65545 blade-1 EMERGENCY Power fault detected in hardware 2020-08-31 11:50:24.042169447 UTC
COMMAND
show system appliance-mode
DESCRIPTION
Check the current state of appliance mode. It can be either enabled or disabled.
EXAMPLE
Get the current state of appliance-mode:
default-1# show system appliance-mode
system appliance-mode state disabled
COMMAND show system clock
DESCRIPTION Display the current time and time zone configured for the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display the currently-configured time and time zone name:
default-1# show system clock
system clock state timezone-name Etc/UTC
NAME DATE TIME
-----------------------------------------
blade-1 2023-06-23 19:26:52+00:00
controller-1 2023-06-23 19:26:52+00:00
controller-2 2023-06-23 19:26:52+00:00
COMMAND show system clock state nodes
DESCRIPTION Display the current time zone name configured for nodes (blade or system controller).
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLE
Display the current time for all nodes:
default-1# show system clock state nodes node
NAME DATE TIME
-----------------------------------------
blade-1 2023-06-23 19:33:28+00:00
controller-1 2023-06-23 19:33:28+00:00
controller-2 2023-06-23 19:33:28+00:00
COMMAND show system diagnostics
DESCRIPTION Display information about iHealth, QKView, and iHealth web proxy.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the iHealth configuration for the system:
default-1# show system diagnostics ihealth
system diagnostics ihealth state server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
system diagnostics ihealth state clientid ""
default-2# show system diagnostics ihealth
system diagnostics ihealth state server https://ihealth2-api.f5.com/qkview-analyzer/api/qkviews?visible_in_gui=True
system diagnostics ihealth state authserver https://identity.account.f5.com/oauth2/ausp95ykc80HOU7SQ357/v1/token
system diagnostics ihealth state clientid ""
Display the current status for QKView:
default-1# show system diagnostics qkview
system diagnostics qkview state status capture-in-progress true
system diagnostics qkview state status percentage 2
system diagnostics qkview state status status-msg "Collecting Data"
system diagnostics qkview state status filename 2023-06.tar
COMMAND show system events
DESCRIPTION Display information about system events.
EXAMPLE
Show a list of system events:
default-1# show system events | nomore
LOG
---------------------------------------------------------------------------------------------------------------------------
65550 blade-4 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:28.733241080 UTC"
65550 blade-3 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:29.902888478 UTC"
65550 blade-5 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.046717591 UTC"
65550 blade-8 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.051940195 UTC"
65550 blade-7 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.142001647 UTC"
65550 blade-1 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.374032006 UTC"
65550 blade-2 firmware-update-status EVENT NA "Firmware update is running for vqf 0" "2021-06-07 07:30:30.931862196 UTC"
65546 blade-1 thermal-fault EVENT NA "Deasserted: VQF hot" "2021-06-07 07:30:34.424898975 UTC"
65550 blade-4 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:36.732847474 UTC"
65550 blade-4 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:36.740437691 UTC"
65550 blade-3 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:37.888844718 UTC"
65550 blade-3 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:37.896351348 UTC"
65550 blade-5 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.035980475 UTC"
65550 blade-8 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.051669894 UTC"
65550 blade-5 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.042799411 UTC"
65550 blade-8 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.058516384 UTC"
65550 blade-7 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.141770789 UTC"
65550 blade-7 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.148985854 UTC"
65550 blade-6 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.227215000 UTC"
65550 blade-1 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.373658790 UTC"
65550 blade-1 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.380764421 UTC"
65550 blade-2 firmware-update-status EVENT NA "Firmware update completed for vqf 0" "2021-06-07 07:30:38.923931779 UTC"
65550 blade-2 firmware-update-status EVENT NA "Firmware update is running for atse 0" "2021-06-07 07:30:38.930746599 UTC"
65546 blade-1 thermal-fault ASSERT WARNING "Thermal fault detected in hardware" "2021-06-07 07:30:40.371912934 UTC"
...
COMMAND show system health
DESCRIPTION Display health information about system components.
ARGUMENTS
The availability of options for this command depends on the hardware component for which you want to view health information.
EXAMPLES
Display high-level hardware health state for blade-5:
default-1# show system health components component blade-5 hardware state | nomore
KEY NAME HEALTH SEVERITY
--------------------------------------------------------------------------------
blade/hardware/cpu CPU ok info
blade/hardware/cpu/interfaces/ctrlplane00 Control Plane 00 ok info
blade/hardware/cpu/interfaces/ctrlplane01 Control Plane 01 ok info
blade/hardware/cpu/interfaces/ctrlplane02 Control Plane 02 ok info
blade/hardware/cpu/interfaces/ctrlplane03 Control Plane 03 ok info
blade/hardware/cpu/pcie PCIe BUS ok info
blade/hardware/dma/dm0 DMA ok info
blade/hardware/dma/dm1 DMA ok info
blade/hardware/dma/dm2 DMA ok info
blade/hardware/dma/sep SEP ok info
blade/hardware/dma/stream-manager Stream-Manager ok info
blade/hardware/drives Drives ok info
blade/hardware/drives/nvme0n1 Drive NVME 0 ok info
blade/hardware/fpga/atse0 FPGA ATSE-0 ok info
blade/hardware/fpga/atse0/be2 Bandwidth Engine ok info
blade/hardware/fpga/atse0/fp0 FP0<->Optic-0 ok info
blade/hardware/fpga/atse0/fp1 FP1<->Optic-1 ok info
blade/hardware/fpga/atse0/gearbox0 Gearbox-0 ok info
blade/hardware/fpga/atse0/gearbox1 Gearbox-1 ok info
blade/hardware/fpga/atse0/ifh0 ATSE<->VQF Host0 ok info
blade/hardware/fpga/atse0/ifh1 ATSE<->VQF FP1 ok info
blade/hardware/fpga/atse0/ifh2 ATSE<->VQF FP0 ok info
blade/hardware/fpga/atse0/pcie0 ATSE<->CPU PCIe0 ok info
blade/hardware/fpga/atse0/pcie1 ATSE<->CPU PCIe1 ok info
blade/hardware/fpga/atse0/pcie2 ATSE<->CPU PCIe2 ok info
blade/hardware/fpga/vqf VQF FPGA ok info
blade/hardware/fpga/vqf/bp0 VQF<->CC1 BP0 ok info
blade/hardware/fpga/vqf/bp1 VQF<->CC2 BP1 ok info
blade/hardware/fpga/vqf/ifh0 VQF<->ATSE FP0 ok info
blade/hardware/fpga/vqf/ifh1 VQF<->ATSE FP1 ok info
blade/hardware/fpga/vqf/ifh2 VQF<->ATSE Host0 ok info
blade/hardware/fpga/vqf/nse NSE ok info
blade/hardware/fpga/vqf/nse/nse-fp0 NSE FP0 ok info
blade/hardware/fpga/vqf/nse/nse-fp1 NSE FP1 ok info
blade/hardware/fpga/vqf/pcie0 VQF PCIe Config ok info
blade/hardware/fpga/vqf/voq VOQ ok info
blade/hardware/fpga/vqf/voq/blade1.cpu VOQ -> blade1.cpu ok info
blade/hardware/fpga/vqf/voq/blade1.fp0 VOQ -> blade1.fp0 ok info
blade/hardware/fpga/vqf/voq/blade1.fp1 VOQ -> blade1.fp1 ok info
blade/hardware/fpga/vqf/voq/blade2.cpu VOQ -> blade2.cpu ok info
blade/hardware/fpga/vqf/voq/blade2.fp0 VOQ -> blade2.fp0 ok info
blade/hardware/fpga/vqf/voq/blade2.fp1 VOQ -> blade2.fp1 ok info
blade/hardware/fpga/vqf/voq/blade3.cpu VOQ -> blade3.cpu ok info
blade/hardware/fpga/vqf/voq/blade3.fp0 VOQ -> blade3.fp0 ok info
blade/hardware/fpga/vqf/voq/blade3.fp1 VOQ -> blade3.fp1 ok info
blade/hardware/fpga/vqf/voq/blade4.cpu VOQ -> blade4.cpu ok info
blade/hardware/fpga/vqf/voq/blade4.fp0 VOQ -> blade4.fp0 ok info
blade/hardware/fpga/vqf/voq/blade4.fp1 VOQ -> blade4.fp1 ok info
blade/hardware/fpga/vqf/voq/blade5.cpu VOQ -> blade5.cpu ok info
blade/hardware/fpga/vqf/voq/blade5.fp0 VOQ -> blade5.fp0 ok info
blade/hardware/fpga/vqf/voq/blade5.fp1 VOQ -> blade5.fp1 ok info
blade/hardware/fpga/vqf/voq/blade6.cpu VOQ -> blade6.cpu ok info
blade/hardware/fpga/vqf/voq/blade6.fp0 VOQ -> blade6.fp0 ok info
blade/hardware/fpga/vqf/voq/blade6.fp1 VOQ -> blade6.fp1 ok info
blade/hardware/fpga/vqf/voq/blade7.cpu VOQ -> blade7.cpu ok info
blade/hardware/fpga/vqf/voq/blade7.fp0 VOQ -> blade7.fp0 ok info
blade/hardware/fpga/vqf/voq/blade7.fp1 VOQ -> blade7.fp1 ok info
blade/hardware/fpga/vqf/voq/blade8.cpu VOQ -> blade8.cpu ok info
blade/hardware/fpga/vqf/voq/blade8.fp0 VOQ -> blade8.fp0 ok info
blade/hardware/fpga/vqf/voq/blade8.fp1 VOQ -> blade8.fp1 ok info
blade/hardware/lop LOP ok info
blade/hardware/memory Memory ok info
blade/hardware/optic0 optic-0 ok info
blade/hardware/optic1 optic-1 ok info
blade/hardware/qat QAT ok info
blade/hardware/tpm TPM ok info
Display the status of the tcpdump service on the blades:
default-1-active# show system health components component services blade/services/tcpdumpd
system health components component blade-1
services blade/services/tcpdumpd
state name tcpdumpd
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2021-06-17T07:13:48Z
container:event:die Container die event ok info 0 2021-07-12T17:43:23Z
container:event:exec-create Container exec create event ok info 0 2021-07-12T15:56:52Z
container:event:exec-detach Container exec detach event ok info 0 2021-06-17T07:13:48Z
container:event:exec-die Container exec die event ok info 0 2021-06-17T07:13:48Z
container:event:exec-start Container exec start event ok info 0 2021-07-12T15:56:52Z
container:event:kill Container kill event ok info 0 2021-07-12T17:43:23Z
container:event:restart Container restart event ok info 0 2021-07-12T17:48:26Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2021-06-17T07:13:48Z
container:event:start Container start event ok info 0 2021-06-17T07:13:48Z
container:event:stop Container stop event ok info 0 2021-07-12T17:43:23Z
container:running Container running ok info true 2021-07-13T14:24:26Z
system health components component blade-2
services blade/services/tcpdumpd
state name tcpdumpd
state health ok
state severity info
NAME DESCRIPTION HEALTH SEVERITY VALUE UPDATED AT
----------------------------------------------------------------------------------------------------------------------------
container:event:attach Container attach event ok info 0 2021-06-17T07:13:47Z
container:event:die Container die event ok info 0 2021-07-13T14:24:52Z
container:event:exec-create Container exec create event ok info 0 2021-07-12T15:56:55Z
container:event:exec-detach Container exec detach event ok info 0 2021-06-17T07:13:47Z
container:event:exec-die Container exec die event ok info 0 2021-06-17T07:13:47Z
container:event:exec-start Container exec start event ok info 0 2021-07-12T15:56:55Z
container:event:kill Container kill event ok info 0 2021-07-13T14:24:52Z
container:event:restart Container restart event ok info 0 2021-07-12T17:47:13Z
container:event:restart-last-hour Container restart count in the last hour ok info 0 2021-06-17T07:13:47Z
container:event:start Container start event ok info 0 2021-06-17T07:13:47Z
container:event:stop Container stop event ok info 0 2021-07-13T14:24:52Z
container:running Container running ok info true 2021-07-13T14:24:52Z
...
Display a high-level summary of all system components:
default-1# show system health summary
system health summary components component blade-1
state health ok
state severity notice
system health summary components component blade-2
state health unhealthy
state severity error
attributes attribute "blade/firmware/fpga/atse0 - firmware:update-status"
description "Firmware update status"
health unhealthy
severity error
value error
updatedAt 2022-04-21T17:11:52Z
attributes attribute "blade/services/partition_fpga - service:ready"
description "Service ready status"
health ok
severity warning
value false
updatedAt 2022-04-21T07:55:32Z
attributes attribute "blade/services/partition_fpga - service:message-error"
description "Service health monitor error"
health ok
severity warning
value "No response to ready request"
updatedAt 2022-04-21T07:55:32Z
attributes attribute "blade/services/partition_fpga - service:message-error-count"
description "Service health monitor error count"
health ok
severity warning
value 1000
updatedAt 2022-04-21T07:55:34Z
system health summary components component blade-3
system health summary components component blade-4
system health summary components component blade-5
system health summary components component blade-6
system health summary components component blade-7
system health summary components component blade-8
system health summary components component controller-1
state health ok
state severity info
system health summary components component controller-2
state health ok
state severity info
COMMAND show system licensing
DESCRIPTION Display information about partition licence.
EXAMPLE
Display license information for the default partition Note: commented license key values.
default-1# show system licensing
system licensing license
Licensed version 7.4.0
Registration Key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX
Licensed date 2020/08/29
License start 2020/05/05
License end 2020/09/29
Service check date 2020/08/30
Platform ID F101
Appliance SN chs600103s
Active Modules
Local Traffic Manager, CX410 (XXXXXXX-XXXXXXX)
Best Bundle, CX410
APM-Lite
Advanced Routing
Carrier Grade NAT (AFM ONLY)
Max Compression, CX410
Rate Shaping
Max SSL, CX410
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
COMMAND show system logging
DESCRIPTION Display information about remote logging.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.COMMAND show system login-activity
DESCRIPTION Display information about all previous login attempts.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display all recent login attempts:
syscon-1-active# show system login-activity
NAME LOGIN TIME METHOD HOST STATUS
------------------------------------------------------------
admin 2023-06-15 18:07:34 http 192.0.2.81 success
2023-06-21 23:40:32 ssh 192.0.2.213 success
2023-06-22 22:28:34 ssh 192.0.2.164 success
2023-06-22 22:33:53 http 192.0.2.164 success
2023-06-22 22:38:38 ssh 192.0.2.164 success
2023-06-23 17:11:59 ssh 192.0.2.215 success
2023-06-23 19:00:51 ssh 192.0.2.191 success
2023-06-23 19:39:08 http 192.0.2.191 success
COMMAND show system mac-allocation
DESCRIPTION Display information about chassis MAC address allocation.
EXAMPLE
Display current MAC address allocation:
default-1# show system mac-allocation
system mac-allocation state free-single-macs 14
system mac-allocation state allocated-single-macs 2
system mac-allocation state free-large-blocks 0
system mac-allocation state allocated-large-blocks 0
system mac-allocation state free-medium-blocks 0
system mac-allocation state allocated-medium-blocks 0
system mac-allocation state free-small-blocks 3
system mac-allocation state allocated-small-blocks 1
system mac-allocation state total-free-mac-count 38
system mac-allocation state total-allocated-mac-count 10
system mac-allocation state total-mac-count 48
COMMAND show system redundancy
DESCRIPTION Display the redundancy state of the system; tracks the database synchronization status for both the system cControllers and the blades.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the current redundancy state:
default-1# show system redundancy
system redundancy state mode prefer-1
system redundancy state auto-failback enabled
system redundancy state auto-failback failback-delay 30
system redundancy state current-active controller-1
system redundancy state status redundant
SERVICES
NAME STATUS FAULT STARTUP TIME LAST TRANSITION OS VERSION VERSION
------------------------------------------------------------------------------------------------
blade-1 replica false 2020-09-16 15:31:35 2020-09-16 15:31:37 1.0.0-0000 1.0.0-0000
blade-2 - - - - - -
controller-1 active false 2020-09-16 15:30:41 2020-09-16 15:30:44 1.0.0-0000 1.0.0-0000
controller-2 standby false 2020-09-16 15:31:16 2020-09-16 15:31:16 1.0.0-0000 1.0.0-0000
COMMAND show system redundancy state
DESCRIPTION Display the state of all system redundancy configuration settings.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the state of all redundancy settings:
default-1# show system redundancy state
system redundancy state mode auto
system redundancy state auto-failback disabled
system redundancy state auto-failback failback-delay 30
system redundancy state current-active controller-1
system redundancy state status redundant
COMMAND show system redundancy nodes node
DESCRIPTION Display the redundancy state of a specific node in the partition. The node can be either a system controller or blade.
ARGUMENTS
EXAMPLE
Display the redundancy state of blade-1:
default-1# show system redundancy nodes node blade-1
STARTUP STATUS SERVICES
NAME STATUS STATUS REASON FAULT AGE AGE OS VERSION VERSION
--------------------------------------------------------------------------------------
blade-1 replica services running false 58m 58m 1.6.0-7891 1.6.0-7891
COMMAND show system security
DESCRIPTION Display the status of system services.
EXAMPLE
Display the currently-configured system services:
default-1# show system security
system security services service httpd
state ssl-ciphersuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA
system security services service sshd
state ciphers [ aes128-cbc aes128-ctr aes128-gcm@openssh.com aes256-cbc aes256-ctr aes256-gcm@openssh.com ]
state kexalgorithms [ diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 ]
COMMAND show system security state deny-root-ssh
DESCRIPTION Displays the status of system deny root SSH.
EXAMPLE
Display the currently-configured state of system deny root SSH:
default-1# show system security state deny-root-ssh
system security state deny-root-ssh enabled
default-1#
COMMAND show system settings
DESCRIPTION Display information about system idle timeout and webUI advisory banner.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display the idle timeout for root users:
default-1# show system settings state idle-timeout
system settings state idle-timeout 8192
COMMAND show system snmp
DESCRIPTION Display SNMP system configuration.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLES
Display information about configured communities:
syscon-1-active# show system snmp communities
SECURITY
NAME NAME MODEL
--------------------------------------
v1-community v1-community [ v1 ]
Display information about configured targets:
syscon-1-active# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v3-target v3-target v3-user - - 192.0.2.224 5001 - -
Display information about configured users:
syscon-1-active# show system snmp users
AUTHENTICATION PRIVACY
NAME NAME PROTOCOL PROTOCOL
--------------------------------------------
v3-user v3-user md5 aes
COMMAND show system state
DESCRIPTION Display information about the current chassis partition and system controllers.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the name of current partition:
default-1# show system state partition-name
system state partition-name default
Display the IPv4 management address for the system controller:
default-1# show system state controller-ipv4
system state controller-ipv4 192.0.200.1
COMMAND show system telemetry instruments
DESCRIPTION Display information about supported instruments.
ARGUMENTS
This command has no arguments
EXAMPLES
Display all supported instrument information:
default-2# show system telemetry instruments
NAME DESCRIPTION
--------------------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs Report all F5OS logs file through the OpenTelemetry 'log' API
platform-log Export the F5OS platform log through the OpenTelemetry 'log' API
event-log Export the F5OS confd event log through the OpenTelemetry 'log' API
metrics Report all F5OS metrics through the OpenTelemetry 'metric' API
platform F5OS platform metrics such as: memory, disk, cpu, interface, file system, and RAID stats
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tenant Low level tenant reported metrics such as: memory, disk, cpu, interface stats
datapath F5OS data-path metrics such as those generated by the FPGA and DMA
tmstat F5OS tmstat tables exported as metrics
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
COMMAND show system telemetry exporters
DESCRIPTION Display the current state of the exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
Display the current state of the exporter:
Following example displays the state of an exporter with secure connection disabled:
default-2# show system telemetry exporters exporter test-mtls
system telemetry exporters exporter test-mtls
state enabled
state endpoint address 10.144.74.171
state endpoint port 4315
state instruments [ tenant ]
state tls secure false
COMMAND show system telemetry attributes
DESCRIPTION Display the attribute name and values for all the configured exporter.
ARGUMENTS
This command has no arguments
EXAMPLES
default-2# show system telemetry attributes
KEY KEY VALUE
--------------------------------
test1.key test.key test.value
COMMAND show system settings dag
DESCRIPTION Display information about the disaggregator (DAG) state for the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 through 64.EXAMPLES
Display the current DAG state:
default-1# show system settings dag
system settings dag state ipv6-prefix-length 128
COMMAND show system state
DESCRIPTION Display the name of the current partition.
ARGUMENTS
EXAMPLES
Display the current partition:
default-1# show system state
system state partition-name default
Display the current partition:
default-1# show system state partition-name
system state partition-name default
COMMAND show tenants
DESCRIPTION Display the state of all configured tenants in the partition.
ARGUMENTS This command has no arguments.
EXAMPLE
Display the state of configured tenants on the current partition:
default-1# show tenants
tenants tenant bigip-vm
state unit-key-hash mHBqOf9bDlLkKb9erpvjx++nwQBMOk4seGfONpRZ2/30k6ycrUhOEMcSxFSSWRl1qNSIm392m+HUdDUfs3Kn8A==
state type BIG-IP
state mgmt-ip 192.0.2.61
state prefix-length 24
state gateway 192.0.2.1
state vlans { 100 }
state cryptos disabled
state vcpu-cores-per-node 2
state memory 7680
state running-state deployed
state mac-data base-mac 00:94:a1:8c:e8:09
state mac-data mac-pool-size 1
state appliance-mode disabled
state status Running
state primary-slot 1
state image-version "BIG-IP 15.1.2.8 0.0.496"
NDI MAC
----------------------------
default 00:94:a1:8c:e8:0a
state instances instance 1
instance-id 1
phase Running
image-name BIGIP-bigip15.1.x-15.1.2.8-0.0.496.ALL-VELOS.qcow2.zip.bundle
creation-time 2021-01-26T19:17:19Z
ready-time 2021-01-26T19:17:15Z
status "Started tenant instance"
mgmt-mac ae:ce:3c:8c:df:4e
COMMAND
show tenants tenant
DESCRIPTION Displays the state of a specific configured tenants in the partition.
ARGUMENTS
EXAMPLE
Display the state of a tenant named bigip-vm
:
default-1# show tenants tenant
tenants tenant cbip1
state unit-key-hash bItHjJgS6U90HGRq2Tj64fYJB4cvbcntoqetgRcWbwLdtKWEJerORYatSEP2Ah/W3B7JvdE2O1FLIR3lbw+qvg==
state type BIG-IP
state image BIGIP-17.1.1.3-0.0.5.ALL-F5OS.qcow2.zip.bundle
state nodes [ 1 ]
state mgmt-ip 10.0.11.53
state prefix-length 24
state gateway 10.0.11.1
state dag-ipv6-prefix-length 128
state vlans [ 11 ]
state cryptos enabled
state tenant-auth-support disabled
state vcpu-cores-per-node 4
state qat-vf-count 6
state memory 14848
state storage size 82
state running-state deployed
state appliance-mode disabled
state feature-flags stats-stream-capable true
state status Running
state primary-slot 1
state image-version "BIG-IP 17.1.1.3 0.0.5"
state mgmt-vlan 11
state mgmt-vlan-accessible true
state mac-data base-mac 00:94:a1:8e:b8:0a
state mac-data mac-pool-size 1
MAC
-------------------
00:94:a1:8e:b8:0a
NODE CPUS
---------------------
1 [ 21 7 22 8 ]
state instances instance 1 cbip1-1
instance-id 1
tenant-slot 1
phase Running
creation-time 2024-09-12T11:38:16Z
ready-time 2024-09-12T11:38:59Z
status "Started tenant instance"
mgmt-mac 6e:32:c2:23:b8:86
COMMAND show virtual-networks
DESCRIPTION Display information about virtual-networks configured on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about all configured virtual networks:
default-1# show virtual-networks
NDI MEMBER
NAME ID MODE NAME
---------------------------------
vn1 1 virtual-wire
vn2 2 virtual-wire
COMMAND show virtual-wires
DESCRIPTION Display information about virtual-wires configured on the system.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at depth 3 below a given element will be displayed, etc. The range is from 1 to 64.EXAMPLE
Display information about all configured virtual wires:
default-1# show virtual-wires
VWIRE
PROPAGATE VIRTUAL
NAME LINKSTATUS NETWORKS
--------------------------------
vwire true [ vn1 vn2 ]
COMMAND show vlan-listeners
DESCRIPTION
Displays configured vlan-listeners
. These objects are system created and available for display for technical support purposes only.
ARGUMENTS
show
command. If a display level of 1
is specified, then only the direct children of an element will be shown. If a display level of 3
is specified, then only elements at a depth of three below a given element will be displayed, etc. The range is from 1 through 64.vlan-listener
associated with an interface and VLAN pair.EXAMPLE
Display the vlan-listener on interface 1/1.0 with the VLAN ID of 100:
show vlan-listeners vlan-listener 1/1.0 100
NDI SERVICE
INTERFACE VLAN ENTRY TYPE OWNER ID SVC VTC SEP DMS DID CMDS MIRRORING IDS
------------------------------------------------------------------------------------------------
1/1.0 100 VLAN-LISTENER tenant-1 4095 8 - 15 - - - disabled -