Mellanox MLNX-OS® User Manual for SX1018HP Ethernet Managed Blade Switch Rev 2.10 Software Version 3.3.4304 www.mellanox.
Rev 2.10 NOTE: THIS HARDWARE, SOFTWARE OR TEST SUITE PRODUCT (“PRODUCT(S)”) AND ITS RELATED DOCUMENTATION ARE PROVIDED BY MELLANOX TECHNOLOGIES “AS-IS” WITH ALL FAULTS OF ANY KIND AND SOLELY FOR THE PURPOSE OF AIDING THE CUSTOMER IN TESTING APPLICATIONS THAT USE THE PRODUCTS IN DESIGNATED SOLUTIONS. THE CUSTOMER'S MANUFACTURING TEST ENVIRONMENT HAS NOT MET THE STANDARDS SET BY MELLANOX TECHNOLOGIES TO FULLY QUALIFY THE PRODUCTO(S) AND/OR THE SYSTEM USING IT.
Rev 2.10 Table of Contents Document Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 About this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rev 2.10 3.4.3 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.4.4 Remote Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 3.4.5 Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Chapter 4 System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rev 2.10 4.11 Scheduled Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 4.11.1 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 4.12 Statistics and Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 4.12.1 4.12.2 4.12.3 4.12.4 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rev 2.10 5.5.7 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 5.6 OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 5.6.1 Flow Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 5.6.2 Configuring OpenFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 5.6.
Rev 2.10 Document Revision History Table 1 - Document Revision History Document Revision Rev 2.10 Date December, 2013 Description Updated: • • • • • • • • • • • • • • • • Section 2.2, “Starting the Command Line (CLI),” on page 19 Section 2.3, “Starting the Web User Interface,” on page 20 Section 4.3.1, “Upgrading MLNX-OS Software,” on page 135 with EULA note Section 4.14, “Puppet Agent,” on page 365 Section 5.
Rev 2.10 Table 1 - Document Revision History Document Revision Date Description Rev 1.80 October 2013 Added Section 4.14, “Puppet Agent,” on page 365 Added Section 5.5.6, “MSTP,” on page 431 Added Section 5.6, “OpenFlow,” on page 453 Added Section 5.7.3, “IGMP Snooping Querier,” on page 463 Added command “ip igmp snooping querier” Added command “igmp snooping querier query-interval” Added command “show ip igmp snooping querier” Added Section 5.8.
Rev 2.10 About this Manual This manual provides general information concerning the scope and organization of this User’s Manual. Intended Audience This manual is intended for network administrators who are responsible for configuring and managing Mellanox Technologies’ SwitchX based Switch Platforms. Related Documentation The following table lists the documents referenced in this User’s Manual. Table 2 - Reference Documents Document Name Description InfiniBand Architecture Specification, Vol.
Rev 2.10 Glossary Table 3 - Glossary AAA Authentication, Authorization, and Accounting. Authentication - verifies user credentials (username and password). Authorization - grants or refuses privileges to a user/client for accessing specific services. Accounting - tracks network resources consumption by users. ARP Address Resolution Protocol. A protocol that translates IP addresses into MAC addresses for communication over a local area network (LAN). CLI Command Line Interface.
Rev 2.10 Table 3 - Glossary MTU (Maximum Transfer Unit) The maximum size of a packet payload (not including headers) that can be sent /received from a port Network Adapter A hardware device that allows for communication between computers in a network PFC/FC Priority Based Flow Control applies pause functionality to traffic classes OR classes of service on the Ethernet link. RADIUS Remote Authentication Dial In User Service.
Rev 2.10 1 Introduction Mellanox® Operating System (MLNX-OS®) enables the management and configuration of Mellanox Technologies’ SwitchX® silicon based switch platforms. MLNX-OS supports the Virtual Protocol Interconnect (VPI) technology which enables it to be used for both Ethernet and InfiniBand technology providing the user with greater flexibility.
Rev 2.10 1.2 Ethernet Features Table 5 - Ethernet Features Feature Description General • • • Jumbo Frames (9K) ACL - 24K rules (permit/deny) Breakout cables Ethernet support • • • • • • • • • 48K Unicast MAC addresses VLAN (802.1Q) - 4K LAG/LACP (802.3ad), 16 links per LAG (36 LAGs) Rapid Spanning Tree (802.1w) Flow control (802.3x) IGMP snooping v1,2 LLDP ETS (802.1Qaz) PFC (802.
Rev 2.10 2 Getting Started The procedures described in this chapter assume that you have already installed and powered on your switch according to the instructions in the Hardware Installation Guide, which was shipped with the product. 2.1 Configuring the Switch for the First Time Connect to the HP Chassis Manager and run “connect interconnect ”. Step 1. No remote IP connection is available at this stage. Configure a serial terminal from EM with the settings described below. Step 2.
Rev 2.10 Table 7 - Configuration Wizard Session - IP Configuration by DHCP (Sheet 2 of 3) Wizard Session Display (Example) Comments Step 2: Use DHCP on mgmt0 interface? [yes] Perform this step to obtain an IP address for the switch. (mgmt0 is the management port of the switch.) If you wish the DHCP server to assign the IP address, type “yes” and press . If you type “no” (no DHCP), then you will be asked whether you wish to use the “zeroconf” configuration or not.
Rev 2.10 Table 7 - Configuration Wizard Session - IP Configuration by DHCP (Sheet 3 of 3) Wizard Session Display (Example) You have entered the following information: 1. Hostname: 2. Use DHCP on mgmt0 interface: yes 3. Enable IPv6: yes 4. Enable IPv6 autoconfig (SLAAC) on mgmt0 interface: yes 5. Admin password (Enter to leave unchanged): (CHANGED) To change an answer, enter the step number to return to. Otherwise hit to save changes and exit.
Rev 2.10 Table 8 - Configuration Wizard Session - IP Zeroconf Configuration Wizard Session Display - IP Zeroconf Configuration (Example) Mellanox configuration wizard Do you want to use the wizard for initial configuration? y Step 1: Hostname? [switch-112126] Step 2: Use DHCP on mgmt0 interface? [no] Step 3: Use zeroconf on mgmt0 interface? [no] yes Step 4: Default gateway? [192.168.10.
Rev 2.10 Table 9 - Configuration Wizard Session - Static IP Configuration Wizard Session Display - Static IP Configuration (Example) Mellanox configuration wizard Do you want to use the wizard for initial configuration? y Step 1: Hostname? [switch-112126] Step 2: Use DHCP on mgmt0 interface? [yes] n Step 3: Use zeroconf on mgmt0 interface? [no] Step 4: Primary IP address? 192.168.10.4 Mask length may not be zero if address is not zero (interface mgmt0) Step 5: Netmask? [0.0.0.0] 255.255.255.
Rev 2.10 Step 5. Check the mgmt0 interface configuration before attempting a remote (for example, SSH) connection to the switch. Specifically, verify the existence of an IP address. switch # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 169.254.15.134 Netmask: 255.255.0.
Rev 2.10 Step 5. Once you get the prompt, you are ready to use the system. Mellanox MLNX-OS Switch Management Password: Last login:
Rev 2.10 Step 5. Read and accept the EULA if prompted. You are only prompted if you have not accessed the switch via CLI before. Figure 3: EULA Prompt The following figure shows an example of the login window for remote management of the switch. After you log in to MLNX-OS, a (default) status summary window is displayed as shown in Figure 4.
Rev 2.10 Figure 4: Display After Login 2.4 Licenses MLNX-OS software package can be extended with premium features. Installing a license allows you to access the specified premium features. This section is relevant only to switch systems with an internal management capability.
Rev 2.10 Table 10 - MLNX-OS Licenses OPN 2.4.1 Valid on product Description UPGR-6036F-56E SX6036 56GbE link speed UPGR-1036-GW SX1036 InfiniBand, Ethernet L3, Gateway UPGR-1036F-56E SX1036 56GbE link speed UPGR-1024-GW SX1024 InfiniBand, Ethernet L3, Gateway UPGR-1024-56E SX1024 56GbE link speed LIC-fabric-inspector SX6036F/T/ SX65XX InfiniBand fabric inspector monitoring and health. Installing MLNX-OS® License (CLI) To install an MLNX-OS license via CLI: Step 1.
Rev 2.10 Figure 5: No Licenses Installed Step 3. Enter your license key(s) in the text box. If you have more than one license, please enter each license in a separate line. Click “Add Licenses” after entering the last license key to install them. If you wish to add another license key in the future, you can simply enter it in the text box and click “Add Licenses” to install it.
Rev 2.10 Figure 6: Enter Licence Key(s) in Text Box All installed licenses should now be displayed.
Rev 2.10 Step 4. Save the configuration to complete the license installation. If you do not save the installation session, you will lose the installed licenses at the next system boot. 2.4.3 Retrieving a Lost License Key In case of a lost MLNX-OS® license key, contact your authorized Mellanox reseller and provide the switch’s chassis serial number. To obtain the switch’s chassis serial number: Step 1. Login to the switch. Step 2.
Rev 2.10 2.4.4 Commands show licenses show licenses Displays a list of all installed licenses. For each license, the following is displayed: • • • • • a unique ID which is a small integer the text of the license key as it was added whether or not it is valid and active which feature(s) it is activating a list of all licensable features specifying whether or not it is currently activated by a license Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 3 User Interfaces 3.1 Command Line Interface (CLI) Overview MLNX-OS® is equipped with an industry-standard CLI. The CLI is accessed through SSH or Telnet sessions, or directly via the console port on the front panel (if it exists). 3.1.1 CLI Modes The CLI can be in one of following modes, and each mode makes available a certain group (or level) of commands for execution.
Rev 2.10 3.1.2 Syntax Conventions To help you identify the parts of a CLI command, this section explains conventions of presenting the syntax of commands. Table 12 - Syntax Conventions Syntax Convention Description Example < > Angled brackets Indicate a value/variable that must be replaced. <1...65535> or [ ] Square brackets Enclose optional parameters. However, only one parameter out of the list of parameters listed can be used.
Rev 2.
Rev 2.
Rev 2.10 CLI current session settings: Maximum line size: 8192 Terminal width: 157 columns Terminal length: 60 rows Terminal type: xterm Auto-logout: disabled Paging: enabled Progress tracking: enabled Prefix modes: enabled ... // 4. Re-enable auto-logout after 15 minutes switch (config) # cli session auto-logout 15 // 5.
Rev 2.10 Table 13 - Angled Brackets Parameter Description Parameter 3.2 Description A MAC address. The segments may be 8 bits or 16 bits at a time, and may be delimited by “:” or “.”. So you could say “11:22:33:44:55:66”, “1122:3344:5566”, “11.22.33.44.55.66”, or “1122.3344.5566”. A netmask (e.g. “255.255.255.0”) or mask length prefixed with a slash (e.g. “/ 24”). These two express the same information in different formats.
Rev 2.10 • Security • Ports • Status • IB SM Management • Fabric Inspector • Ethernet Management Make sure to save your changes before switching between menus or sub-menus. Click the “Save” button to the right of “Save Changes?”.
Rev 2.10 3.2.1 Setup Menu The Setup menu makes available the following submenus (listed in order of appearance from top to bottom): Table 14 - Setup Submenus Submenu Title Description Interfaces Used to obtain the status of, configure, or disable interfaces to the InfiniBand fabric. Thus, you can: set or clear the IP address and netmask of an interface; enable DHCP to dynamically assign the IP address and netmask; and set interface attributes such as MTU, speed, duplex, etc. HA Not functional.
Rev 2.10 3.2.2 System Menu The System menu makes available the following sub-menus (listed in order of appearance from top to bottom): Table 15 - System Submenus Submenu Title 3.2.3 Description Modules Displays a graphic illustration of the system modules. By moving the mouse over the ports in the front view, a pop-up caption is displayed to indicate the status of the port. The port state (active/down) is differentiated by a color scheme (green for active, gray/black for down).
Rev 2.10 3.2.4 Ports Menu The Ports menu displays the port state and enables some configuration attributes of a selected port. It also enables modification of the port configuration. A graphical display of traffic over time (last hour or last day) through the port is also available. Table 17 - Ports Submenus Submenu Title 3.2.5 Description Ports Manages port attributes, counters, transceiver info and displays a graphical counters histogram. Phy Profile Provides the ability to manage phy profiles.
Rev 2.10 Table 18 - Status Submenus Submenu Title Alerts 3.2.6 Description Used to display a list of the recent health alerts and enables the user to configure health settings. IB SM Mgmt The IB SM MGMT menu is not supported in Ethernet systems. The IB SM Mgmt menu makes available the following sub-menus (listed in order of appearance from top to bottom): Table 19 - IB SM Mgmt Submenus Submenu Title 3.2.
Rev 2.10 The Fabric Inspctr menu makes available the following sub-menus (listed in order of appearance from top to bottom): Table 20 - Fabric Inspctr Submenus Submenu Title 3.2.8 Description Summary Displays a fabric status summary, including the time of last fabric update, what systems are in the fabric, what InfiniBand devices are identified, etc. IB Systems Displays information about all identified InfiniBand systems in the fabric (adapters, switches, etc).
Rev 2.10 3.3 Secure Shell (SSH) It is recommended not to use more than 100 concurrent SSH sessions to the switch. 3.3.1 Adding a Host and Providing an SSH Key To add entries to the global known-hosts configuration file and its SSH value: Step 1. Change to Config mode Run: switch [standalone: master] > enable switch [standalone: master] # configure terminal switch [standalone: master] (config) # Step 2. Add an entry to the global known-hosts configuration file and its SSH value.
Rev 2.10 3.4 Commands 3.4.1 CLI Session This chapter displays all the relevant commands used to manage CLI session terminal. cli clear-history cli clear-history Clears the command history of the current user. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 cli default cli default {auto-logout | paging enable | prefix-modes {enable | showconfig} | progress enable | prompt {confirm-reload | confirm-reset | confirmunsaved | empty-password} no cli default {auto-logout | paging enable | prefix-modes {enable | show-config} | progress enable prompt {confirm-reload | confirm-reset | confirm-unsaved | empty-password} Configures default CLI options for all future sessions. The no form of the command deletes or disables the default CLI options.
Rev 2.
Rev 2.10 cli session cli session {auto-logout | paging enable | prefix-modes {enable | showconfig} | progress enable | terminal {length | resize | type | width} | x-display full } no cli session {auto-logout | paging enable | prefix-modes {enable | show-config} | progress enable | terminal type | x-display} Configures default CLI options for all future sessions. The no form of the command deletes or disables the CLI sessions.
Rev 2.
Rev 2.10 show cli show cli Displays the CLI configuration and status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 3.4.2 Banner banner login banner {login | login-remote | login-local} no banner login Sets the CLI welcome banner message. The login-remote refers to the SSH connections banner, while the login-local refers to the serial connection banner. The no form of the command resets the system login banner to its default. Syntax Description string Default “Mellanox MLNX-OS Switch Management” Configuration Mode Config History 3.1.
Rev 2.10 banner login-local banner login-local no banner login-local Sets system login local banner. The no form of the command resets the banner. Syntax Description string Text string. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # banner login-local Testing switch (config) # Related Commands show banner Note If more then one word is used (there is a space) quotation marks should be added (i.e. “xxxx xxxx”).
Rev 2.10 banner login-remote banner login-remote no banner login-remote Sets system login remote banner. The no form of the command resets the banner. Syntax Description string Text string. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # banner login-remote Testing switch (config) # Related Commands show banner Note If more then one word is used (there is a space) quotation marks should be added (i.e. “xxxx xxxx”).
Rev 2.10 banner motd banner motd no banner motd Sets the contents of the /etc/motd file. The no form of the command resets the system Message of the Day banner. Syntax Description string Text string. Default “Mellanox Switch” Configuration Mode Config History 3.1.
Rev 2.10 show banner show banner Displays configured banners. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 3.4.3 SSH ssh server enable ssh server enable no ssh server enable Enables the SSH server. The no form of the command disables the SSH server. Syntax Description N/A Default SSH server is enabled Configuration Mode Config History 3.1.
Rev 2.10 ssh server host-key ssh server host-key { {private-key | public-key } | generate} Manipulates host keys for SSH. Syntax Description key type • • • private-key Sets new private-key for the host keys of the specified type. public-key Sets new public-key for the host keys of the specified type. generate Generates new RSA and DSA host keys for SSH. Default SSH keys are locally generated Configuration Mode Config History 3.1.
Rev 2.10 Example switch (config) # ssh server host-key dsa2 private-key Key: *********************************************** Confirm: *********************************************** switch (config) # show ssh server host-keys SSH server configuration: SSH server enabled: yes Minimum protocol version: 2 X11 forwarding enabled: no SSH server ports: 22 Interface listen enabled: yes No Listen Interfaces.
Rev 2.10 ssh server listen ssh server listen {enable | interface } no ssh server listen {enable | interface } Enables the listen interface restricted list for SSH. If enabled, and at least one nonDHCP interface is specified in the list, the SSH connections are only accepted on those specified interfaces. The no form of the command disables the listen interface restricted list for SSH. When disabled, SSH connections are not accepted on any interface.
Rev 2.10 ssh server min-version ssh server min-version no ssh server min-version Sets the minimum version of the SSH protocol that the server supports. The no form of the command resets the minimum version of SSH protocol supported. Syntax Description version Possible versions are 1 and 2. Default 2 Configuration Mode Config History 3.1.
Rev 2.10 ssh server ports ssh server ports { [...]} Specifies which ports the SSH server listens on. Syntax Description port Port number in [1...65535]. Default 22. Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ssh server ports 22 switch (config) # show ssh server SSH server configuration: SSH server enabled: yes Minimum protocol version: 2 X11 forwarding enabled: no SSH server ports: 22 Interface listen enabled: yes No Listen Interfaces.
Rev 2.10 ssh server x11-forwarding ssh server x11-forwarding enable no ssh server x11-forwarding enable Enables X11 forwarding on the SSH server. The no form of the command disables X11 forwarding. Syntax Description N/A Default X11-forwarding is disabled. Configuration Mode Config History 3.1.
Rev 2.10 ssh client global ssh client global {host-key-check } | known-host } no ssh client global {host-key-check | known-host localhost} Configures global SSH client settings. The no form of the command negates global SSH client settings. Syntax Description host-key-check Sets SSH client configuration to control how host key checking is performed. This parameter may be set in 3 ways.
Rev 2.
Rev 2.10 ssh client user ssh client user {authorized-key sshv2 | identity {generate | private-key [] | public-key []} | known-host remove} no ssh client user admin {authorized-key sshv2 | identity } Adds an entry to the global known-hosts configuration file, either by generating new key, or by adding manually a public or private key.
Rev 2.10 slogin slogin [] Invokes the SSH client. The user is returned to the CLI when SSH finishes. Syntax Description slogin options usage: slogin [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host:hostport] [user@]hostname [command] Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show ssh client show ssh client Displays the client configuration of the SSH server. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show ssh client SSH client Strict Hostkey Checking: ask SSH Global Known Hosts: Entry 1: 72.30.2.2 Finger Print: 1e:b7:8b:ec:ab:35:98:be:6b:d6:12:c2:18:72:12:d6 No SSH user identities configured. No SSH authorized keys configured.
Rev 2.10 show ssh server show ssh server Displays SSH server configuration. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show ssh server SSH server configuration: SSH server enabled: yes Minimum protocol version: 2 X11 forwarding enabled: no SSH server ports: 22 Interface listen enabled: yes No Listen Interfaces.
Rev 2.10 3.4.4 Remote Login telnet-server enable telnet-server enable no telnet-server enable Enables the telnet server. The no form of the command disables the telnet server. Syntax Description N/A Default Telnet server is disabled Configuration Mode Config History 3.1.
Rev 2.10 show telnet-server show telnet-server Displays telnet server settings. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 3.4.5 Web Interface web auto-logout web auto-logout no web auto-logout Configures length of user inactivity before auto-logout of a web session. The no form of the command disables the web auto-logout (web sessions will never logged out due to inactivity). Syntax Description number of minutes Default 60 minutes Configuration Mode Config History 3.1.
Rev 2.10 web client cert-verify web client cert-verify no web client cert-verify Enables verification of server certificates during HTTPS file transfers. The no form of the command disables verification of server certificates during HTTPS file transfers. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.
Rev 2.10 web client ca-list web client ca-list { | default-ca-list | none} no web client ca-list Configures supplemental CA certificates for verification of server certificates during HTTPS file transfers. The no form of the command uses no supplemental certificates. Syntax Description ca-list-name Specifies CA list to configure. default-ca-list Configures default supplemental CA certificate list. none Uses no supplemental certificates.
Rev 2.10 web enable web enable no web enable Enables the web-based management console. The no form of the command disables the web-based management console. Syntax Description N/A Default enable Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # web enable switch (config) # show web Web-based management console enabled: yes HTTP enabled: yes HTTP port: 80 HTTP redirect to HTTPS: no HTTPS enabled: yes HTTPS port: 443 Listen enabled: No Listen Interfaces.
Rev 2.10 web http web http {enable | port | redirect} no web http {enable | port | redirect} Configures HTTP access to the web-based management console. The no form of the command negates HTTP settings for the web-based management console. Syntax Description enable Enables HTTP access to the web-based management console. port number Sets a port for HTTP access. redirect Enables redirection to HTTPS.
Rev 2.10 Related Commands show web web enable Note Enabling HTTP is meaningful if the WebUI as a whole is enabled.
Rev 2.10 web httpd web httpd listen {enable | interface } no web httpd listen {enable | interface } Enables the listen interface restricted list for HTTP and HTTPS. The no form of the command disables the HTTP server listen ability. Syntax Description enable Enables Web interface restrictions on access to this system. interface Adds interface to Web server access restriction list (i.e. mgmt0, mgmt1) Default Listening is enabled. all interfaces are permitted.
Rev 2.10 web https web https {certificate {regenerate | name | default-cert} | enable | port } no web https {enable | port } Configures HTTPS access to the web-based management console. The no form of the command negates HTTPS settings for the web-based management console. Syntax Description certificate regenerate Re-generates certificate to use for HTTPS connections.
Rev 2.10 Related Commands show web web enable Note • • Enabling HTTPS is meaningful if the WebUI as a whole is enabled.
Rev 2.10 web session web session {renewal | timeout } no web session {renewal | timeout} Configures session settings. The no form of the command resets session settings to default. Syntax Description renewal Configures time before expiration to renew a session. timeout Configures time after which a session expires. Default timeout - 2.5 hours renewal - 30 min Configuration Mode Config History 3.1.
Rev 2.10 web proxy auth web proxy auth {authtype | basic [password | username ]} no web proxy auth {authtype | basic {password | username } Configures authentication settings for web proxy authentication. The no form of the command resets the attributes to their default values. Syntax Description type Configures the type of authentication to use with web proxy.
Rev 2.
Rev 2.10 web proxy host web proxy host [port ] no web proxy Adds and enables a proxy to be used for any HTTP or FTP downloads. The no form of the command disables the web proxy. Syntax Description IP address IPv4 or IPv6 address. port number Sets the web proxy default port. Default 1080 Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # web proxy host 10.10.10.
Rev 2.10 show web show web Displays the web configuration. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show web Web-based management console enabled: yes HTTP enabled: yes HTTP port: 80 HTTP redirect to HTTPS: no HTTPS enabled: yes HTTPS port: 443 Listen enabled: No Listen Interfaces.
Rev 2.10 4 System Management 4.1 Management Interface 4.1.1 Configuring Management Interfaces with Static IP Addresses If your switch system was set during initialization to obtain dynamic IP addresses through DHCP and you wish to switch to static assignments, perform the following steps: Step 1. Change to Config mode. Run: switch > switch > enable switch # configure terminal Step 2.
Rev 2.10 4.1.4 Default Gateway In order to configure manually the default gateway, use the “ip route” command, with “0.0.0.0” as prefix and mask. The next-hop address must be within the range of one of the IP interfaces on the system. switch (config)# switch (config)# Destination default 10.209.0.0 switch (config)# 4.1.5 ip route 0.0.0.0 0.0.0.0 10.209.0.2 show ip route Mask Gateway Interface 0.0.0.0 10.209.0.2 mgmt0 255.255.254.0 0.0.0.
Rev 2.
Rev 2.10 4.1.6 Commands 4.1.6.1 Interface This chapter describes the commands should be used to configure and monitor the management interface. interface interface {mgmt0 | mgmt1 | lo | vlan} Enters a management interface context. Syntax Description mgmt0 Management port 0 (out of band). mgmt1 Management port 1 (out of band). lo Loopback interface. vlan In-band management interface (e.g. vlan10). Default N/A Configuration Mode Config History 3.1.
Rev 2.10 . interface vlan create interface vlan create no interface vlan create Creates an in-band management interface. The no form of the command deletes the in-band management interface. Syntax Description id Default N/A Configuration Mode Config History 3.3.3500 Role admin Example switch (config) # interface vlan 10 create switch (config) # Related Commands interface show interfaces Note • • • • • VLAN ID. Range is 1-4094.
Rev 2.10 ip address ip address no ip address Sets the IP address and netmask of this interface. The no form of the command clears the IP address and netmask of this interface. Syntax Description IP address IPv4 address netmask Subnet mask of IP address Default 0.0.0.0/0 Configuration Mode Config Interface Management History 3.1.0000 Role admin Example switch (config) # interface mgmt0 switch (config interface mgmt0) # ip address 10.10.10.10 255.255.255.
Rev 2.10 alias alias ip address < IP address> no alias Adds an additional IP address to the specified interface. The secondary address will appear in the output of “show interface” under the data of the primary interface along with the alias. The no form of the command removes the secondary address to the specified interface. Syntax Description index A number that is to be aliased to (associated with) the secondary IP. IP address Additional IP address.
Rev 2.
Rev 2.10 mtu mtu no mtu Sets the Maximum Transmission Unit (MTU) of this interface. The no form of the command resets the MTU to its default. Syntax Description bytes Default 1500 Configuration Mode Config Interface Management History 3.1.0000 Role admin Example switch (config interface mgmt0) # mtu 1500 switch (config interface mgmt0) # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 172.30.2.2 Netmask: 255.255.0.0 Secondary address: 9.9.9.
Rev 2.10 duplex duplex no duplex Sets the interface duplex. The no form of the command resets the duplex setting for this interface to its default value. Syntax Description duplex Sets the duplex mode of the interface. The following are the possible values: • • • half - half duplex full - full duplex auto - auto duplex sensing (half or full) Default auto Configuration Mode Config Interface Management History 3.1.
Rev 2.
Rev 2.10 speed speed no speed Sets the interface speed. The no form of the command resets the speed setting for this interface to its default value. Syntax Description speed Sets the speed of the interface. The following are the possible values: • • • • 10 - fixed to 10Mbps 100 - fixed to 1000Mbps 1000 - fixed to 1000Mbps auto - auto speed sensing (10/100/1000Mbps) Default auto Configuration Mode Config Interface Management History 3.1.
Rev 2.
Rev 2.10 dhcp dhcp [renew] no dhcp Enables DHCP on the specified interface. The no form of the command disables DHCP on the specified interface. Syntax Description renew Forces a renewal of the IP address. A restart on the DHCP client for the specified interface will be issued. Default Could be enabled or disabled (per part number) manufactured with 3.2.0500 Configuration Mode Config Interface Management History 3.1.
Rev 2.10 shutdown shutdown no shutdown Disables the specified interface. The no form of the command enables the specified interface. Syntax Description N/A Default no shutdown Configuration Mode Config Interface Management History 3.1.
Rev 2.10 zeroconf zeroconf no zeroconf Enables zeroconf on the specified interface. It randomly chooses a unique link-local IPv4 address from the 169.254.0.0/16 block. This command is an alternative to DHCP. The no form of the command disables the use of zeroconf on the specified interface. Syntax Description N/A Default no zeroconf Configuration Mode Config Interface Management History 3.1.
Rev 2.10 comment comment no comment Adds a comment for an interface. The no form of the command removes a comment for an interface. Syntax Description comment Default no comment Configuration Mode Config Interface Management History 3.1.0000 Role admin Example switch (config interface mgmt0) # comment my-interface switch (config interface mgmt0) # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 172.30.2.2 Netmask: 255.255.0.
Rev 2.10 ipv6 enable ipv6 enable no ipv6 enable Enables all IPv6 addressing for this interface. The no form of the command disables all IPv6 addressing for this interface. Syntax Description N/A Default IPv6 addressing is disabled Configuration Mode Config Interface Management History 3.1.0000 Role admin Example switch (config interface mgmt0) # ipv6 enable switch (config interface mgmt0) # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 172.30.2.
Rev 2.10 Related Commands ipv6 address show interface Note • • • The interface identifier is a 64-bit long modified EUI-64, which is based on the MAC address of the interface If IPv6 is enabled on an interface, the system will automatically add a link-local address to the interface. Link-local addresses can only be used to communicate with other hosts on the same link, and packets with link-local addresses are never forwarded by a router.
Rev 2.10 ipv6 address ipv6 address { | autoconfig [default | privacy]} no ipv6 { | autoconfig [default | privacy]} Configures IPv6 address and netmask to this interface, static or autoconfig options are possible. The no form of the command removes the given IPv6 address and netmask or disables the autoconfig options. Syntax Description IPv6 address/netmask Configures a static IPv6 address and netmask. Format example: 2001:db8:1234::5678/64.
Rev 2.10 Example switch (config interface mgmt0) # ipv6 fe80::202:c9ff:fe5e:a5d8/64 switch (config interface mgmt0) # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 172.30.2.2 Netmask: 255.255.0.
Rev 2.10 show interface show interface { [configured | brief]} Displays information about the specified interface, configuration status, and counters. Syntax Description ifname The interface name e.g., “mgmt0”, “mgmt1”, “lo” (loopback), etc. configured Displays the interface configuration. brief Displays a brief info on the interface configuration and status. Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.
Rev 2.10 4.1.6.2 Hostname Resolution hostname hostname no hostname Sets a static system hostname. The no form of the command clears the system hostname. Syntax Description hostname Default Default hostname Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # hostname my-switch-hostname my-switch-hostname (config) # Related Commands show hosts Note • • • • • A free-form string.
Rev 2.10 ip name-server ip name-server no name-server Sets the static name server. The no form of the command clears the name server. Syntax Description IPv4/v6 address IPv4 or IPv6 address. Default No server name Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ip name-server 9.9.9.9 switch (config) # show hosts Hostname: switch Name server: 9.9.9.9 (configured) Name server: 10.211.0.121 (dynamic) Name server: 172.30.0.
Rev 2.10 ip domain-list ip domain-list no ip domain-list Sets the static domain name. The no form of the command clears the domain name. Syntax Description domain-name The domain name in a string form. A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS).
Rev 2.10 ip/ipv6 host {ip | ipv6} host no {ip | ipv6} host Configures the static hostname IPv4 or IPv6 address mappings. The no form of the command clears the static mapping. Syntax Description hostname The hostname in a string form. IP Address The IPv4 or IPv6 address. Default No static domain name. Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ip host my-host 2.2.2.
Rev 2.10 ip/ipv6 map-hostname {ip |ipv6} map-hostname no {ip | ipv6} map-hostname Maps between the currently-configured hostname and the loopback address 127.0.0.1. The no form of the command clears the mapping. Syntax Description N/A Default IPv4 mapping is enabled by default IPv6 mapping is disabled by default Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ip map-hostname switch (config) # # show hosts Hostname: switch Name server: 9.9.9.
Rev 2.10 show hosts show hosts Displays hostname, DNS configuration, and static host mappings. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show hosts Hostname: my-host-name Name server: 9.9.9.9 (configured) Name server: 10.211.0.121 (dynamic) Name server: 172.30.0.126 (dynamic) Name server: 10.4.0.135 (dynamic) Domain name: mydomain.com (configured) Domain name: lab.mtl.com (dynamic) Domain name: vmlab.mtl.
Rev 2.10 4.1.6.3 Routing ip/ipv6 route {ip | ipv6} route { | } no ip route { | } Sets a static route for a given IP. The no form of the command deletes the static route. Syntax Description network-prefix netmask IPv4 or IPv6 network prefix. IPv4 netmask formats are: • • /24 255.255.255.
Rev 2.10 ipv6 default-gateway ipv6 default-gateway { | } no ipv6 default-gateway Sets a static default gateway. The no form of the command deletes the default gateway. Syntax Description ip address The default gateway IP address (IPv4 or IPv6). ifname The interface name (e.g., mgmt0, mgmt1). Default N/A Configuration Mode Config History 3.1.0000 Initial version 3.2.
Rev 2.10 show ip/ipv6 route show {ip | ipv6} route [static] Displays the routing table in the system. Syntax Description static Filters the table with the static route entries. Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show ip route Destination default 10.10.10.10 20.10.10.10 20.20.20.0 172.30.0.0 Mask 0.0.0.0 255.255.255.255 255.255.255.255 255.255.255.0 255.255.0.0 Gateway 172.30.0.1 0.0.0.0 172.30.0.1 0.0.0.0 0.0.0.
Rev 2.10 show ip/ipv6 default-gateway show {ip | ipv6} default-gateway [static] Displays the default gateway. Syntax Description static Displays the static configuration of the default gateway. Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # ip default-gateway 10.10.10.10 switch (config) # show ip default-gateway Active default gateways: 172.30.0.
Rev 2.10 4.1.6.4 Network to Media Resolution (ARP & NDP) IPv4 network use Address Resolution Protocol (ARP) to resolve IP address to MAC address, while IPv6 network uses Network Discovery Protocol (NDP) that performs basically the same as ARP. ip arp ip arp no ip arp Sets a static ARP entry. The no form of the command deletes the static ARP. Syntax Description IP address IPv4 address. MAC address MAC address.
Rev 2.10 ip arp timeout ip arp timeout no ip arp timeout Sets the dynamic ARP cache timeout. The no form of the command sets the timeout to default. Syntax Description timeout-value Time (in seconds) that an entry remains in the ARP cache. Valid values are from 240 to 28800. Default 1500 seconds Configuration Mode Config History 3.2.
Rev 2.10 show ip arp show ip arp [interface | | count] Displays ARP table. Syntax Description interface type Filters the table according to a specific interface (i.e. mgmt0) ip-address Filters the table to the specific ip-address count Shows ARP statistics Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 ipv6 neighbor ipv6 neighbor no ipv6 neighbor Adds a static neighbor entry. The no form of the command deletes the static entry. Syntax Description IPv6 address The IPv6 address. ifname The management interface (i.e. mgmt0, mgmt1). MAC address The MAC address. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 clear ipv6 neighbors clear ipv6 neighbors Clears the dynamic neighbors cache. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show ipv6 neighbors show ipv6 neighbors [static] Displays the Neighbor Discovery Protocol (NDP) table. Syntax Description static Filters only the table of the static entries. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.1.6.5 DHCP ip dhcp ip dhcp {default-gateway yield-to-static| hostname | primary-intf | send-hostname } no ip dhcp {default-gateway yield-to-static| hostname | | primary-intf | send-hostname} Sets global DHCP configuration. The no form of the command deletes the DHCP configuration. Syntax Description yield-to-static| Does not allow you to install a default gateway from DHCP if there is already a statically configured one.
Rev 2.10 show ip dhcp show ip dhcp Displays the DHCP configuration and status. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 4.1.6.6 General IPv6 Commands ipv6 enable ipv6 enable no ipv6 enable Enables IPv6 globally on the management interface. The no form of the command disables IPv6 globally on the management interface. Syntax Description N/A Default IPv6 is disabled Configuration Mode Config History 3.1.
Rev 2.10 4.1.6.7 IP Diagnostic Tools ping ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline] [-p pattern] [-s packetsize] [-t ttl] [-I interface or address] [-M mtu discovery hint] [-S sndbuf] [T timestamp option ] [-Q tos ] [hop1 ...] destination Sends ICMP echo requests to a specified host. Syntax Description Linux Ping options http://linux.about.com/od/commands/l/ blcmdl8_ping.htm Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ping 172.
Rev 2.10 traceroute traceroute [-46dFITUnrAV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] host [packetlen] Traces the route packets take to a destination.
Rev 2.10 Syntax Description -4 Uses IPv4. -6 Uses IPv6. -d Enables socket level debugging. -F Sets DF (do not fragment bit) on. -I Uses ICMP ECHO for tracerouting. -T Uses TCP SYN for tracerouting. -U Uses UDP datagram (default) for tracerouting. -n Does not resolve IP addresses to their domain names. -r Bypasses the normal routing and send directly to a host on an attached network.
Rev 2.10 Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # traceroute 192.168.10.70 traceroute to 192.168.10.70 (192.168.10.70), 30 hops max, 40 byte packets 1 172.30.0.1 (172.30.0.1) 3.632 ms 2.849 ms 3.544 ms 2 10.222.128.46 (10.222.128.46) 3.176 ms 3.289 ms 3.656 ms 3 10.158.128.30 (10.158.128.30) 15.331 ms 15.819 ms 16.388 ms 4 10.158.128.65 (10.158.128.65) 20.468 ms 7.893 ms 12.27 ms 5 10.7.34.115 (10.7.34.115) 16.405 ms 11.985 ms 12.264 ms 6 192.168.
Rev 2.10 tcpdump tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -Z user ] [ expression ] Invokes standard binary, passing command line parameters straight through. Runs in foreground, printing packets as they arrive, until the user hits Ctrl+C. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.2 NTP, Clock & Time Zones Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC) and is designed to mitigate the effects of variable network latency.
Rev 2.10 4.2.1 Commands clock set clock set [] Sets the time and date. Syntax Description hh:mm:ss Time. yyyy/mm/dd Date. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # clock set 23:23:23 2010/08/19 switch (config) # show clock Time: 23:23:26 Date: 2010/08/19 Time zone: UTC (Etc/UTC) UTC offset: same as UTC switch (config) # Related Commands show clock Note If not specified, the date will be left the same.
Rev 2.10 clock timezone clock timezone [ [ [] []]] Sets the system time zone. The time zone may be specified in one of three ways: • • • A nearby city whose time zone rules to follow. The system has a large list of cities which can be displayed by the help and completion system. They are organized hierarchically because there are too many of them to display in a flat list.
Rev 2.10 ntp ntp {disable | enable | {peer | server} [version | disable]} no ntp {disable | enable | {peer | server} [disable]} Configures NTP. The no form of the command negates NTP options. Syntax Description disable Disables NTP. enable Enables NTP. peer or server Configures an NTP peer or server node. IP address IPv4 or IPv6 address. version Specifies the NTP version number of this peer. Possible values are 3 or 4. Default NTP is enabled.
Rev 2.10 ntpdate ntpdate Sets the system clock using the specified SNTP server. Syntax Description IP address IP. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # ntpdate 192.168.10.10 26 Feb 17:25:40 ntpdate[15206]: adjust time server 192.168.10.10 offset -0.000092 sec switch (config) # Related Commands N/A Note This is a one-time operation and does not cause the clock to be kept in sync on an ongoing basis.
Rev 2.10 show clock show clock Displays the current system time, date and time zone. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show ntp show ntp Displays the current NTP settings. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show ntp NTP is enabled. Clock is unsynchronized. No NTP peers or servers configured.
Rev 2.10 4.3 Software Management 4.3.1 Upgrading MLNX-OS Software When upgrading from a software version older than 3.2.0100 to software version 3.3.0000 or higher, the upgrade procedure must be done in two steps. First update the software to 3.2.0300-100 (for InfiniBand platforms) or 3.2.0506 (for Ethernet platforms), then update to the desired software version. The system being upgraded becomes indisposed throughout the upgrade procedure.
Rev 2.10 No image install currently in progress. Boot manager password is set. No image install currently in progress. Require trusted signature in image being installed: yes (default) switch (config) # Step 3. Delete the old image (if one exists) that is listed under Images available to be installed prior to fetching the new image. Use the command image delete for this purpose. switch (config) # image delete image-PPC_M460EX-SX_3.0.1224.
Rev 2.10 Boot manager password is set. No image install currently in progress. Require trusted signature in image being installed: yes (default) switch (config) # Step 6. Install the new image. switch (config) # image install Step 1 of 4: Verify Image 100.0% [#############################################################] Step 2 of 4: Uncompress Image 100.0% [#############################################################] Step 3 of 4: Create Filesystems 100.
Rev 2.10 Step 9. Save current configuration. Run: switch (config) # configuration write switch (config)# Step 10. Reboot the switch to run the new image. Run: switch (config) # reload Configuration has been modified; save first? [yes] yes Configuration changes saved. Rebooting... switch (config)# After software reboot, the software upgrade will also automatically upgrade the firmware version. On SX65XX systems with dual management, the software must be upgraded on both the Master and the Slave units.
Rev 2.10 Last boot partition: 1 Next boot partition: 1 Boot manager password is set. No image install currently in progress. Require trusted signature in image being installed: yes switch (config) # Step 3. Delete the unused images. Run: switch config) # image delete image-PPC_M460EX-SX_3.0.1224.img switch (config) # When deleting an image, you delete the file but not the partition. This is recommended so as to not overload system resources. 4.3.
Rev 2.10 Step 6. Delete all previous images from the Images available to be installed prior to fetching the new image. Run: switch (config) # image delete image-EFM_PPC_M405EX-ppc-m405ex 20090531-190132.img Step 7. Fetch the requested software image. Run: switch (config) # image fetch scp://username:password@192.168.10.125/var/www/html/ 100.0%[################################################## ###############] 4.3.3.
Rev 2.10 Step 5. Show all image files on the system. Run: switch (config) # show images Images available to be installed: new_image.img 2010-09-19 16:52:50 Installed images: Partition 1: 2010-09-19 03:46:25 Partition 2: 2010-09-19 16:52:50 Last boot partition: 1 Next boot partition: 2 No boot manager password is set. switch (config) # Step 6. Set the boot location to be the other partition (next).
Rev 2.10 Step 1. Run the command: switch (config)# no boot next fallback-reboot enable Step 2. Set the boot partition. Run: switch (config)# image boot next Step 3. Save the configuration. Run: switch (config)# configuration write Step 4. Reload the system. Run: switch (config)# reload 4.3.4 Upgrading System Firmware Each MLNX-OS software package version has a default switch firmware version.
Rev 2.10 Default Firmware Change on Standalone Systems Step 1. Import the firmware image (.tgz file). Run: switch (config) # image fetch switch (config) # image default-chip-fw fw-SX-rel-9_1_2090.tgz Default Firmware 9.1.2090 updated. Please save configuration and reboot for new FW to take effect. switch (config) # Step 2. Save the configuration. Run: switch (config) # configuration write switch (config) # Step 3. Reboot the system to enable auto update. Step 4.
Rev 2.10 4.3.5 Commands This chapter displays all the relevant commands used to manage the system software image. image boot image boot {location | next} Specifies the default location where the system should be booted from. Syntax Description location ID Specifies the default destination location. There can be up to 2 images on the system. The possible values are 1 or 2.
Rev 2.10 boot next boot next fallback-reboot enable no boot next fallback-reboot enable Sets the default setting for next boot. Normally, if the system fails to apply the configuration on startup (after attempting upgrades or downgrades, as appropriate), it will reboot to the other partition as a fallback. The no form of the command tells the system not to do that, only for the next boot. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.
Rev 2.10 image default-chip-fw image default-chip-fw Sets the default firmware package to be installed. Syntax Description filename Specifies the firmware filename. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # image default-chip-fw image-SX_PPC_M460EX-ppc-m460ex20120122-084759.
Rev 2.10 image delete image delete Deletes the specified image file. Syntax Description image name Specifies the image name. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # image delete image-MLXNX-OS-201140526-010145.
Rev 2.10 image fetch image fetch [] Downloads an image from the specified URL or via SCP. Syntax Description URL HTTP, HTTPS, FTP, TFTP, SCP and SFTP are supported. Example: scp://username[:password]@hostname/path/filename. filename Specifies a filename for this image to be stored as locally. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # image fetch scp://@192.168.10.125/var/www/ html/ Password ****** 100.
Rev 2.10 image install image install [location ] | [progress ] [verify ] Installs the specified image file. Syntax Description image filename Specifies the image name. location ID Specifies the image destination location.
Rev 2.10 image move image move Renames the specified image file. Syntax Description src image name Specifies the old image name. dest image name Specifies the new image name. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # image move image1.img image2.
Rev 2.10 image options image options require-sig no image options require-sig Requires from all the installed images a valid signature. The no form of the command does not require a signature. However if one is present, it must be valid. Syntax Description require-sig Requires images to be signed by a trusted signature. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show bootvar show bootvar Displays the installed system images and the boot parameters. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show bootvar Installed images: Partition 1: SX_PPC_M460EX 3.0.0000-dev-HA 2012-01-22 08:47:59 ppc Last dobincp: 2012/01/23 14:54:23 Partition 2: SX_PPC_M460EX 3.0.
Rev 2.10 show images show image Displays information about the system images and boot parameters. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show images Images available to be installed: image-SX_PPC_M460EX-ppc-m460ex-20120122-084759.img SX_PPC_M460EX 3.0.0000-dev-HA 2012-01-22 08:47:59 ppc Installed images: Partition 1: SX_PPC_M460EX 3.0.
Rev 2.10 4.4 Configuration Management 4.4.1 Saving a Configuration File To save the current configuration to the active configuration file, you can either use the configuration write command (requires running in Config mode) or the write memory command (requires running in Enable mode).
Rev 2.10 4.4.4.1 BIN Configuration Files BIN configuration files are not human readable and cannot be edited.
Rev 2.10 To apply a text-based configuration file: switch (config) # configuration text file my-filename apply When applying a text-based configuration file, the configuration is appended to the switch’s existing configuration. Reboot is not required.
Rev 2.10 4.4.5 Commands 4.4.5.1 File System debug generate dump debug generate dump Generates a debug dump. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # debug generate dump Generated dump sysdump-switch-112104-201140526-091707.tgz switch (config) # Related Commands file debug-dump Note The dump can then be manipulated using the “file debug-dump...” commands.
Rev 2.10 file debug-dump file debug-dump {delete { | latest} | email { | latest} | upload {{ | latest} }} Manipulates debug dump files. Syntax Description delete { | latest} Deletes a debug dump file. email { | latest} Emails a debug dump file to pre-configured recipients for “informational events”, regardless of whether they have requested to receive “detailed” notifications or not.
Rev 2.10 file stats file stats {delete | move { | } | upload } Manipulates statistics report files. Syntax Description delete Deletes a stats report file. move Renames a stats report file. upload Uploads a stats report file. URL - HTTP, HTTPS, FTP, TFTP, SCP and SFTP are supported. Example: scp://username[:password]@hostname/path/filename.
Rev 2.10 file tcpdump file tcpdump {delete | upload } Manipulates tcpdump output files. Syntax Description delete Deletes the specified tcpdump output file. upload Uploads the specified tcpdump output file to the specified URL. URL - HTTP, HTTPS, FTP, TFTP, SCP and SFTP are supported. Example: scp://username[:password]@hostname/path/filename. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 reload reload [force | halt [noconfirm] | noconfirm] Reboots or shuts down the system. Syntax Description force Forces an immediate reboot of the system even if the system is busy. halt Shuts down the system. noconfirm Reboots the system without asking about unsaved changes. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # reload Configuration has been modified; save first? [yes] yes Configuration changes saved. ...
Rev 2.10 reset factory reset factory [keep-all-config | keep-basic | only-config] [halt] Clears the system and resets it entirely to its factory state. Syntax Description keep-all-cofig Preserves everything in the running configuration file. The user will be prompted for confirmation before honoring this command, unless confirmation is disabled with the command: “no cli default prompt confirmreset”. keep-basic Preserves licenses in the running configuration file.
Rev 2.10 show files debug-dump show files debug-dump [] Displays a list of debug dump files. Syntax Description filename Displays a summary of the contents of a particular debug dump file. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show files debug-dump sysdump-switch-112104-20114052091707.tgz System information: Hostname: Version: Date: Uptime: switch-112104 SX_PPC 3.1.
Rev 2.10 show files stats show files stats Displays a list of statistics report files. Syntax Description filename Display the contents of a particular statistics report file. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show files stats memory-201140524-111745.
Rev 2.10 show files system show files system [detail] Displays usage information of the file systems on the system. Syntax Description detail Displays more detailed information on file-system. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show files tcpdump show files tcpdump Displays a list of statistics report files. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.4.5.2 Configuration Files configuration audit configuration audit max-changes Chooses settings related to configuration change auditing. Syntax Description max-changes Set maximum number of audit messages to log per change. Default 1000 Configuration Mode Config History 3.1.
Rev 2.10 configuration copy configuration copy Copies a configuration file. Syntax Description source name Name of source file. dest name Name of destination file. If the file of specified filename does not exist a new file will be created with said filename. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # configuration copy initial.
Rev 2.10 configuration delete configuration delete Deletes a configuration file. Syntax Description filename Name of file to delete. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show configuration files example initial initial.bak initial.prev switch (config) # configuration delete example switch (config) # show configuration files initial initial.bak initial.
Rev 2.10 configuration fetch configuration fetch [] Downloads a configuration file from a remote host. Syntax Description name Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # configuration fetch scp://root:password@ 192.168.10.125/tmp/conf1 switch (config) # Related Commands configuration switch-to Note • • • The configuration file name.
Rev 2.10 configuration jump-start configuration jump-start Runs the initial-configuration wizard. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # configuration jump-start Mellanox configuration wizard Step 1: Hostname? [switch-3cc29c] Step 2: Use DHCP on mgmt0 interface? y Step 3: Admin password (Enter to leave unchanged)? You have entered the following information: 1. Hostname: switch-3cc29c 2.
Rev 2.10 configuration merge configuration merge Merges the “shared configuration” from one configuration file into the running configuration. Syntax Description filename Name of file from which to merge settings. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 configuration move configuration move Moves a configuration file. Syntax Description source name Old name of file to move. dest name New name for moved file. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show configuration files example1 initial initial.bak initial.prev switch (config) # configuration move example1 example2 switch (config) # show configuration files example2 initial initial.bak initial.
Rev 2.10 configuration new configuration new [factory [keep-basic] [keep-connect]] Creates a new configuration file under the specified name. The parameters specify what configuration, if any, to carry forward from the current running configuration. Syntax Description filename Names for new configuration file. factory Creates new file with only factory defaults. keep-basic Keeps licenses and host keys.
Rev 2.10 configuration revert configuration revert {factory [keep-basic | keep-connect]| saved} Reverts the system configuration to a previous state. Syntax Description factory Reverts running and saved configurations to factory defaults. If no parameter is set the default is to keep licenses and host keys. keep-basic Keeps licenses and host keys. keep-connect Keeps configuration necessary for connectivity (interfaces, routes, and ARP).
Rev 2.10 configuration switch-to configuration switch-to Loads the configuration from the specified file and makes it the active configuration file. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show configuration files initial (active) newcon initial.prev initial.bak switch (config) # configuration switch-to newcon switch (config) # show configuration files initial newcon (active) initial.prev initial.
Rev 2.10 configuration text fetch configuration text fetch [apply [discard | fail-continue | filename | overwrite | verbose] | filename | overwrite [apply | filename ]] Fetches a text configuration file (list of CLI commands) from a specified URL. Syntax Description apply Applies the file to the running configuration (i.e. executes the commands in it).
Rev 2.10 configuration text file configuration text file {apply [fail-continue] [verbose] | delete | rename | upload < URL>} Performs operations on text-based configuration files. Syntax Description filename Specifies the filename. apply Applies the configuration on the system. fail-continue Continues execution of the commands even if some commands fail. verbose Displays all commands being executed and their output, instead of just those that get errors.
Rev 2.10 configuration text generate configuration text generate {active {running | saved} | file } {save | upload } Generates a new text-based configuration file from this system's configuration. Syntax Description active Generates from currently active configuration. running Uses running configuration. saved Uses saved configuration. file Generates from inactive saved configuration. save Saves new file to local persistent storage.
Rev 2.10 configuration upload configuration upload {active | } Uploads a configuration file to a remote host. Syntax Description active Upload the active configuration file. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # configuration upload active scp://root:password@ 192.168.10.
Rev 2.10 write write {memory [local] | terminal} Saves or displays the running configuration. Syntax Description memory Saves running configuration to the active configuration file. It is the same as “configuration write”. local Saves the running configuration only on the local node. It is the same as “configuration write local”. terminal Displays commands to recreate current running configuration. It is the same as “show running-config”. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show configuration show configuration [audit | | files [] | full | running [full] | text files] Displays a list of CLI commands that will bring the state of a fresh system up to match the current persistent state of this system. Syntax Description audit Displays settings for configuration change auditing. files [] Displays a list of configuration files in persistent storage if no filename is specified.
Rev 2.10 show running-config show running-config [full] Displays commands to recreate current running configuration. Syntax Description full Does not exclude commands that set default values. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.5 Logging 4.5.1 Monitor To print logging events to the terminal: Set the modules or events you wish to print to the terminal. For example, run: switch (config) # logging monitor events notice switch (config) # logging monitor sx-sdk warning These commands print system events in severity “notice” and sx-sdk module notifications in severity “warning” to the screen. For example, in case of interface-down event, the following gets printed to the screen.
Rev 2.10 4.5.3 Commands logging local override logging local override [class priority ] no logging local override [class priority ] Enables class-specific overrides to the local log level. The no form of the command disables all class-specific overrides to the local log level without deleting them from the configuration, but disables them so that the logging level for all classes is determined solely by the global setting.
Rev 2.10 Example switch (config) # logging local override class mgmt-front priority warning switch (config) # show logging Local logging level: info Override for class mgmt-front: warning Default remote logging level: notice No remote syslog servers configured. Allow receiving of messages from remote hosts: no Number of archived log files to keep: 10 Log rotation size threshold: 5.
Rev 2.10 logging logging [trap { | override class priority }] no logging [trap { | override class priority }] Enables (by setting the IP address) sending logging messages, with ability to filter the logging messages according to their classes. The no form of the command stops sending messages to the remote syslog server.
Rev 2.10 Example switch (config) # logging local info switch (config) # show logging Local logging level: info Default remote logging level: notice No remote syslog servers configured. Allow receiving of messages from remote hosts: no Number of archived log files to keep: 10 Log rotation size threshold: 5.
Rev 2.10 logging receive logging receive no logging receive Enables receiving logging messages from a remote host. The no form of the command disables the option of receiving logging messages from a remote host. Syntax Description N/A Default Receiving logging is disabled Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # logging receive switch (config) # show logging Local logging level: info Default remote logging level: notice No remote syslog servers configured.
Rev 2.10 logging format logging format {standard | welf [fw-name ]} no logging format {standard | welf [fw-name ]} Sets the format of the logging messages. The no form of the command resets the format to its default. Syntax Description standard Standard format. welf WebTrends Enhanced Log file (WELF) format. hostname Specifies the firewall hostname that should be associated with each message logged in WELF format. If no firewall name is set, the hostname is used by default.
Rev 2.10 logging fields logging fields seconds {enable | fractional-digits | whole-digits } no logging fields seconds {enable | fractional-digits | whole-digits } Specifies whether to include an additional field in each log message that shows the number of seconds since the Epoch or not. The no form of the command disallows including an additional field in each log message that shows the number of seconds since the Epoch.
Rev 2.10 Related Commands show logging Note This is independent of the standard syslog date and time at the beginning of each message in the format of “July 15 18:00:00”. Aside from indicating the year at full precision, its main purpose is to provide subsecond precision.
Rev 2.10 logging level logging level {cli commands | audit mgmt } Sets the severity level at which CLI commands or the management audit message that the user executes are logged. This includes auditing of both configuration changes and actions. Syntax Description cli commands Sets the severity level at which CLI commands which the user executes are logged. audit mgmt Sets the severity level at which all network management audit messages are logged.
Rev 2.10 logging files delete logging files delete {current | oldest []} Deletes the current or oldest log files. Syntax Description current Deletes current log file. oldest Deletes oldest log file. number of files Sets the number of files to be deleted. Default CLI commands and audit message are set to notice logging level Configuration Mode Config History 3.1.
Rev 2.10 logging files rotation logging files rotation {criteria { frequency | size | size-pct } | force | max-number } Sets the rotation criteria of the logging files. Syntax Description freq Sets rotation criteria according to time. Possible options are: • • • Daily Weekly Monthly size-mb Sets rotation criteria according to size in mega bytes. The range is 1-9999.
Rev 2.10 Example switch (config) # logging files rotation criteria size-pct 6 switch (config) # show logging Local logging level: info Override for class mgmt-front: warning Default remote logging level: notice No remote syslog servers configured. Allow receiving of messages from remote hosts: no Number of archived log files to keep: 10 Log rotation size threshold: 6.000% of partition (51.
Rev 2.10 logging files upload logging files upload {current | } Uploads a log file to a remote host. Syntax Description current The current log file. The current log file will have the name “messages” if you do not specify a new name for it in the upload URL. file-number An archived log file. The archived log file will have the name “messages.gz” (while “n” is the file number) if you do not specify a new name for it in the upload URL. The file will be compressed with gzip.
Rev 2.10 logging monitor logging monitor no logging monitor Sets monitor log facility and level to print to the terminal. The no form of the command disables printing logs of facilities to the terminal.
Rev 2.10 logging debug-files logging debug-files {delete {current | oldest} | rotation {criteria | force | maxnum} | update { | current}} Configures settings for debug log files. Syntax Description delete {current | oldest} Deletes certain debug-log files. • • rotation {criteria {frequency {daily | weekly | monthly} | size | size-pct } | force | max-num} Configures automatic rotation of debug-logging files.
Rev 2.10 show logging show logging Displays the logging configurations. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show logging Local logging level: info Override for class mgmt-front: warning Default remote logging level: notice No remote syslog servers configured. Allow receiving of messages from remote hosts: no Number of archived log files to keep: 10 Log rotation size threshold: 5.
Rev 2.10 show log show log [continues | files []] [[not] matching ] Displays the log file with optional filter criteria. Syntax Description continues Displays the last few lines of the current log file and then continues to display new lines as they come in until the user hits Ctrl+C, similar to LINUX “tail” utility. files Displays the list of log files.
Rev 2.
Rev 2.10 4.6 Debugging To use the debugging logs feature: Step 1. Enable debugging. Run: switch (config) # debug ethernet Step 2. Display the debug level set. Run: switch (config) # show debug ethernet Step 3. Display the logs.
Rev 2.10 4.6.1 Commands debug ethernet all debug ethernet all no debug ethernet all Enables debug traces for Ethernet modules. The no form of the command disables the debug traces for all Ethernet modules. Syntax Description N/A Default N/A Configuration Mode Config History 3.3.
Rev 2.10 debug ethernet dcbx debug ethernet dcbx {all | management | fail-all | control-panel | tlv} Configures the trace level for DCBX. The no form of the command disables the configured DCBX debug traces. Syntax Description all Enables all traces. management Management messages. fail-all All failure traces. control-panel Control plane traces. tlv TLV related trace configuration. Default N/A Configuration Mode Config History 3.3.
Rev 2.
Rev 2.10 Syntax Description all Enables debug traces for all routing modules. arp all Enables the trace level for ARP. dhcp-relay {all | error} Configures the trace level for DHCP. • • igmp-snooping {all | forward-db-messages | group-info | Init-shut | packet-dump | query | system-resources-management | source-info | timer | vlan-info} Configures the trace level for IGMP snooping.
Rev 2.
Rev 2.10 debug ethernet lacp debug ethernet lacp {all | all-resource | data-path | fail-all | init-shut | management | memory | packet} no debug ethernet lacp {all | all-resources | data-path | fail-all | init-shut | management | memory | packet} Configures the trace level for LACP. The no form of the command disables the configured LACP debug traces. Syntax Description all Enables all traces. all-resource BPDU related messages. data-path Init and shutdown traces. fail-all Management messages.
Rev 2.10 debug ethernet lldp debug ethernet lldp {all | control-panel | critical-event | data-path | fail-all | initshut | management | memory | neigh-add | neigh-age-out | neigh-del | neigh-drop | neigh-updt | tlv} no debug ethernet lldp {all | control-panel | critical-event | data-path | fail-all | init-shut | management | memory | neigh-add | neigh-age-out | neigh-del | neighdrop | neigh-updt | tlv} Configures the trace level for LLDP.
Rev 2.10 debug ethernet port debug ethernet port all Configures the trace level for port. The no form of the command disables the configured port debug traces. Syntax Description N/A Default N/A Configuration Mode Config History 3.3.
Rev 2.10 debug ethernet qos debug ethernet qos {all | all-resource | control-panel | fail-all | filters | init-shut | management | memory | packet} no debug ethernet qos {all | all-resource | control-panel | fail-all | filters | init-shut | management | memory | packet} Configures the trace level for QoS. The no form of the command disables the configured QoS debug traces. Syntax Description all Enables all traces. all-resource OS resource traces. control-panel Control plane traces.
Rev 2.
Rev 2.
Rev 2.10 debug ethernet vlan debug ethernet vlan {all | fwd | priority | filters} no debug ethernet vlan {all | fwd | priority | filters} Configures the trace level for VLAN. The no form of the command disables the configured VLAN debug traces. Syntax Description all Enables all traces fwd Forward. priority Priority. filters Lower layer traces. Default N/A Configuration Mode Config History 3.3.
Rev 2.10 show debug ethernet show debug ethernet {dcbx | ip {arp | dhcp-relay | igmp-snooping | interface | ospf} | lacp | lldp | port | qos | spanning-tree | vlan} Displays debug level configuration on a specific switch. Syntax Description dcbx Displays the trace level for spanning tree. ip Displays debug trace level for ethernet routing module. • • • • • arp dhcp-relay igmp-snooping interface ospf lacp Displays the trace level for LACP. lldp Displays the trace level for LLDP.
Rev 2.10 show log debug show log debug [continuous | files | matching | not] Displays current event debug-log file in a scrollable pager. Syntax Description continuous Displays new event log messages as they arrive. files Displays archived debug log files. matching Displays event debug logs that match a given regular expression. not Displays event debug logs that do not meet certain criteria. Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 4.7 Event Notifications MLNX-OS features a variety of supported events. Events are printed in the system log file, and, optionally, can be sent to the system administrator via email, SNMP trap or directly prompted to the terminal. 4.7.1 Supported Events The following table presents the supported events and maps them to their relevant MIB OID.
Rev 2.
Rev 2.10 4.7.4 Email Notifications To configure MLNX-OS to send you emails for all configured events and failures: Step 1. Enter to Config mode. Run: switch > switch > enable switch # configure terminal Step 2. Set your mailhub to the IP address to be your mail client’s server – for example, Microsoft Outlook exchange server. switch (config) # email mailhub Step 3. Add your email address for notifications. Run: switch (config) # email notify recipient Step 4.
Rev 2.10 Uptime: 17h 8m 28.060s This is a test email. ==== Done.
Rev 2.10 4.7.5 Commands 4.7.5.1 Email Notification email autosupport ssl mode email autosupport ssl mode {none | tls | tls-none} no email autosupport ssl mode Configures type of security to use for auto-support email. The no form of the command resets auto-support email security mode to its default. Syntax Description none Does not use TLS to secure auto-support email. tls Uses TLS over the default server port to secure autosupport email and does not send an email if TLS fails.
Rev 2.10 email autosupport ssl cert-verify email autosupport ssl cert-verify no email autosupport ssl cert-verify Verifies server certificates. The no form of the command does not verify server certificates. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.
Rev 2.10 email autosupport ssl ca-list email autosupport ssl ca-list { | default_ca_list | none} no email autosupport ssl ca-list Configures supplemental CA certificates for verification of server certificates. The no form of the command removes supplemental CA certificate list. Syntax Description default_ca_list Default supplemental CA certificate list. none No supplemental list; uses built-in list only. Default default_ca_list Configuration Mode Config History 3.2.
Rev 2.10 email dead-letter email dead-letter {cleanup max-age | enable} no email dead-letter Configures settings for saving undeliverable emails. The no form of the command disables sending of emails to vendor auto-support upon certain failures. Syntax Description duration Example: “5d4h3m2s” for 5 days, 4 hours, 3 minutes, 2 seconds. enable Saves dead-letter files for undeliverable emails.
Rev 2.10 email domain email domain no email domain Sets the domain name from which the emails will appear to come from (provided that the return address is not already fully-qualified). This is used in conjunction with the system hostname to form the full name of the host from which the email appears to come. The no form of the command clears email domain override. Syntax Description hostname or IP address IP address.
Rev 2.10 email mailhub email mailhub no email mailhub Sets the mail relay to be used to send notification emails. The no form of the command clears the mail relay to be used to send notification emails. Syntax Description hostname or IP address Hostname or IP address. Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # email mailhub 10.0.8.11 switch (config) # show email Mail hub: 10.0.8.
Rev 2.10 email mailhub-port email mailhub-port no email mailhub-port Sets the mail relay port to be used to send notification emails. The no form of the command resets the port to its default. Syntax Description hostname or IP address hostname or IP address. Default 25 Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # email mailhub-port 125 switch (config) # show email Mail hub: 10.0.8.
Rev 2.10 email notify event email notify event no email notify event Enables sending email notifications for the specified event type. The no form of the command disables sending email notifications for the specified event type. Syntax Description event name Example event names would include “process-crash” and “cpu-util-high”. Default No events are enabled Configuration Mode Config History 3.1.
Rev 2.10 email notify recipient email notify recipient [class {info | failure} | detail] no email notify recipient [class {info | failure} | detail] Adds an email address from the list of addresses to which to send email notifications of events. The no form of the command removes an email address from the list of addresses to which to send email notifications of events. Syntax Description email addr Email address of intended recipient.
Rev 2.10 email return-addr email return-addr no email domain Sets the username or fully-qualified return address from which email notifications are sent. • • If the string provided contains an “@” character, it is considered to be fully-qualified and used as-is. Otherwise, it is considered to be just the username, and we append “@.”. The default is “do-not-reply”, but this can be changed to “admin” or whatnot in case something along the line does not like fictitious addresses.
Rev 2.10 email return-host email return-host no email return-host Includes the hostname in the return address for emails. The no form of the command does not include the hostname in the return address for emails. Syntax Description N/A Default No return host Configuration Mode Config History 3.1.
Rev 2.10 email send-test email send-test Sends test-email to all configured event and failure recipients. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 email ssl mode email ssl mode {none | tls | tls-none} no email ssl mode Sets the security mode(s) to try for sending email. The no form of the command resets the email SSL mode to its default. Syntax Description none No security mode, operates in plaintext. tls Attempts to use TLS on the regular mailhub port, with STARTTLS. If this fails, it gives up. tls-none Attempts to use TLS on the regular mailhub port, with STARTTLS. If this fails, it falls back on plaintext.
Rev 2.10 email ssl cert-verify email ssl cert-verify no email ssl cert-verify Enables verification of SSL/TLS server certificates for email. The no form of the command disables verification of SSL/TLS server certificates for email. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.3000 Role admin Example switch (config) # email ssl cert-verify Related Commands N/A Note This command has no impact unless TLS is used.
Rev 2.10 email ssl ca-list email ssl ca-list { | default-ca-list | none} no email ssl ca-list Specifies the list of supplemental certificates of authority (CA) from the certificate configuration database that is to be used for verification of server certificates when sending email using TLS, if any. The no form of the command uses no list of supplemental certificates. Syntax Description ca-list-name Specifies CA list name. default-ca-list Uses default supplemental CA certificate list.
Rev 2.10 show email show email [events] Shows email configuration or events for which email should be sent upon. Syntax Description events show event list Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show email Mail hub: Mail hub port: 25 Domain: (system domain name) Return address: my-address Include hostname in return address: no Current reply address: host@localdomain Dead letter settings: Save dead.
Rev 2.10 4.8 mDNS Multicast DNS (mDNS) protocol is used by the SM HA to deliver control information between the InfiniBand nodes via the management interface.
Rev 2.10 4.8.1 Commands ha dns enable ha dns enable no ha dns enable Allows mDNS traffic. The no form of the command blocks mDNS traffic from being sent from mgmt0. Syntax Description N/A Default Enabled. Configuration Mode Config History 3.3.
Rev 2.10 4.9 User Management and Security 4.9.1 Authentication, Authorization and Accounting (AAA) AAA is a term describing a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.
Rev 2.10 4.9.1.2 TACACS+ TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected users.
Rev 2.10 4.9.3 Commands 4.9.3.1 User Accounts username username [capability | disable [login | password] | full-name | nopassword | password [0 | 7] ] no username [capability | disable [login | password] | full-name] Creates a user and sets its capabilities, password and name. The no form of the command deletes the user configuration. Syntax Description Default username Specifies a username and creates a user account.
Rev 2.10 Related Commands show usernames show users Note • • • To enable a user account, just set a password on it (or use the “...
Rev 2.10 show usernames show usernames Displays list of users and their capabilities. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show users show users [history] Displays logged in users and related information such as idle time and what host they have connected from. Syntax Description history Displays current and historical sessions. Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show whoami show whoami Displays username and capabilities of user currently logged in. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 4.9.3.2 AAA Methods aaa accounting aaa accounting changes default stop-only tacacs+ no aaa accounting changes default stop-only tacacs+ Enables logging of system changes to an AAA accounting server. The no form of the command disables the accounting. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Initial version 3.2.3000 Removed ‘time’ parameter from the command.
Rev 2.10 aaa authentication login aaa authentication login default [ [ [ []]]] no aaa authentication login Sets a sequence of authentication methods. Up to four methods can be configured. The no form of the command resets the configuration to its default. Syntax Description auth-method Default local Configuration Mode Any Command Mode History 3.1.
Rev 2.10 aaa authentication attempts track enable aaa authentication attempts track enable no aaa authentication attempts track enable Enables tracking of authentication failures. The no form of the command disables tracking of authentication failures. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.
Rev 2.10 aaa authentication attempts lockout aaa authentication attempts lockout {enable | lock-time | max-fail | unlock-time} no aaa authentication attempts lockout {enable | lock-time | max-fail | unlocktime} Configures lockout of accounts based on failed authentication attempts. The no form of the command clears configuration for lockout of accounts based on failed authentication attempts.
Rev 2.10 Syntax Description enable Enables locking out of user accounts based on authentication failures. This both suspends enforcement of any existing lockouts, and prevents any new lockouts from being recorded. If lockouts are later re-enabled, any lockouts that had been recorded previously resume being enforced; but accounts which have passed the max-fail limit in the meantime are NOT automatically locked at this time.
Rev 2.10 Default N/A Configuration Mode Config History 3.2.
Rev 2.10 aaa authentication attempts class-override aaa authentication attempts class-override {admin [no-lockout] | unknown {notrack | hash-username}} no aaa authentication attempts class-override {admin | unknown {no-track | hash-username}} Overrides the global settings for tracking and lockouts for a type of account. The no form of the command removes this override and lets the admin be handled according to the global settings.
Rev 2.10 aaa authentication attempts reset aaa authentication attempts reset {all | user } [{no-clear-history | nounlock}] Clears the authentication history for and/or unlocks specified users. Syntax Description all Applies function to all users. user Applies function to specified user. no-clear-history Leaves the history of login failures but unlocks the account. no-unlock Leaves the account locked but clears the history of login failures.
Rev 2.10 clear aaa authentication attempts clear aaa authentication attempts {all | user } [no-clear-history | nounlock] Clears the authentication history for and/or unlocks specified users Syntax Description all Applies function to all users. user Applies function to specified user. no-clear-history Clears the history of login failures. no-unlock Unlocks the account. Default N/A Configuration Mode Config History 3.2.
Rev 2.10 aaa authorization aaa authorization map [default-user | order ] no aaa authorization map [default-user | order] Sets the mapping permissions of a user in case a remote authentication is done. The no form of the command resets the attributes to default. Syntax Description username Specifies what local account the authenticated user will be logged on as when a user is authenticated (via RADIUS or TACACS+) and does not have a local account.
Rev 2.10 Related Commands show aaa username Note If, for example, the user is locally defined to have admin permission, but in a remote server such as RADIUS the user is authenticated as monitor and the order is remotefirst, then the user will be given monitor permissions.
Rev 2.10 show aaa show aaa Displays the AAA configuration. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show aaa authentication attempts show aaa authentication attempts [configured | status user ]] Shows the current authentication, authorization and accounting settings. Syntax Description authentication attempts Displays configuration and history of authentication failures. configured Displays configuration of authentication failure tracking. status user Displays status of authentication failure tracking and lockouts for specific user.
Rev 2.10 4.9.3.3 RADIUS radius-server radius-server {key | retransmit | timeout } no radius-server {key | retransmit | timeout} Sets global RADIUS server attributes. The no form of the command resets the attributes to their default values. Syntax Description secret Sets a secret key (shared hidden text string), known to the system and to the RADIUS server. retries Number of retries (0-5) before exhausting from the authentication.
Rev 2.10 radius-server host radius-server host {enable | auth-port | key | retransmit | timeout } no radius-server host {enable | auth-port } Configures RADIUS server attributes. The no form of the command resets the attributes to their default values and deletes the RADIUS server. Syntax Description IP address RADIUS server IP address. enable Administrative enable of the RADIUS server. port RADIUS server UDP port number.
Rev 2.10 show radius show radius Displays RADIUS configurations. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show radius RADIUS defaults: Key: 3333 Timeout: 3 Retransmit: 1 RADIUS servers: 40.40.40.
Rev 2.10 4.9.3.4 TACACS+ tacacs-server tacacs-server {key | retransmit | timeout } no tacacs-server {key | retransmit | timeout} Sets global TACACS+ server attributes. The no form of the command resets the attributes to default values. Syntax Description secret Set a secret key (shared hidden text string), known to the system and to the TACACS+ server. retries Number of retries (0-5) before exhausting from the authentication.
Rev 2.10 tacacs-server host tacacs-server host {enable | auth-port | auth-type | key | retransmit | timeout } no tacacs-server host {enable | auth-port} Configures TACACS+ server attributes. The no form of the command resets the attributes to their default values and deletes the TACACS+ server. Syntax Description IP address TACACS+ server IP address. enable Administrative enable for the TACACS+ server.
Rev 2.10 Related Commands aaa authorization show tacacs tacacs-server Note • • • TACACS+ servers are tried in the order they are configured A PAP auth-type similar to an ASCII login, except that the username and password arrive at the network access server in a PAP protocol packet instead of being typed in by the user, so the user is not prompted If the user does not specify a parameter for this configured TACACS+ server, the configuration will be taken from the global TACACS+ server configuration.
Rev 2.10 show tacacs show tacacs Displays TACACS+ configurations. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show tacacs TACACS+ defaults: Key: 3333 Timeout: 3 Retransmit: 1 TACACS+ servers: 40.40.40.
Rev 2.10 4.9.3.5 LDAP ldap base-dn ldap base-dn no ldap base-dn Sets the base distinguished name (location) of the user information in the schema of the LDAP server. The no form of the command resets the attribute to its default values. Syntax Description string Default ou=users,dc=example,dc=com Configuration Mode Config History 3.1.
Rev 2.10 ldap bind-dn/bind-password ldap {bind-dn | bind-password} no ldap {bind-dn | bind-password} Gives the distinguished name or password to bind to on the LDAP server. This can be left empty for anonymous login (the default). The no form of the command resets the attribute to its default values. Syntax Description string A case-sensitive string that specifies distinguished name or password to bind to on the LDAP server. Default “” Configuration Mode Config History 3.1.
Rev 2.10 ldap group-attribute/group-dn ldap {group-attribute { |member | uniqueMember} | group-dn } no ldap {group-attribute | group-dn} Sets the distinguished name or attribute name of a group on the LDAP server. The no form of the command resets the attribute to its default values. Syntax Description group-att Specifies a custom attribute name. member groupOfNames or group membership attribute. uniqueMember groupOfUniqueNames membership attribute.
Rev 2.10 ldap host ldap host [order last] no ldap host Adds an LDAP server to the set of servers used for authentication. The no form of the command deletes the LDAP host. Syntax Description IP Address IPv4 or IPv6 address. number The order of the LDAP server. last The LDAP server will be added in the last location. Default No hosts configured Configuration Mode Config History 3.1.
Rev 2.10 ldap login-attribute ldap login-attribute { | uid | sAMAccountName} no ldap login-attribute Sets the attribute name which contains the login name of the user. The no form of the command resets this attribute to its default. Syntax Description string Custom attribute name. uid LDAP login name is taken from the user login username. sAMAccountName SAM Account name, active directory login name. Default sAMAccountName Configuration Mode Config History 3.1.
Rev 2.10 ldap port ldap port no ldap port Sets the TCP port on the LDAP server to connect to for authentication. The no form of the command resets this attribute to its default value. Syntax Description port TCP port number. Default 389 Configuration Mode Config History 3.1.
Rev 2.10 ldap referrals ldap referrals no ldap referrals Enables LDAP referrals. The no form of the command disables LDAP referrals. Syntax Description N/A Default LDAP referrals are enabled Configuration Mode Config History 3.1.
Rev 2.10 ldap scope ldap scope no ldap scope Specifies the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request. The no form of the command resets the attribute to its default value. Syntax Description scope Default subtree Configuration Mode Config History 3.1.
Rev 2.10 ldap ssl ldap ssl {ca-list | cert-verify | mode | port } no ldap ssl {cert-verify | mode | port} Sets SSL parameter for LDAP. The no form of the command resets the attribute to its default value. Syntax Description options This command specifies the list of supplemental certificates of authority (CAs) from the certificate configuration database that is to be used by LDAP for authentication of servers when in TLS or SSL mode.
Rev 2.10 History 3.1.0000 Initial version 3.2.3000 Added ca-list argument.
Rev 2.10 ldap timeout ldap {timeout-bind | timeout-search} no ldap {timeout-bind | timeout-search} Sets a global communication timeout in seconds for all LDAP servers to specify the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request. The no form of the command resets the attribute to its default value. Syntax Description timeout-bind Sets the global LDAP bind timeout for all LDAP servers.
Rev 2.10 ldap version ldap version no ldap version Sets the LDAP version. The no form of the command resets the attribute to its default value. Syntax Description version Sets the LDAP version. Possible values are 2 and 3. Default 3 Configuration Mode Config History 3.1.
Rev 2.10 show ldap show ldap Displays LDAP configurations. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 4.10 Cryptographic (X.509, IPSec) This chapter displays X.509 and IPSec related commands. 4.10.
Rev 2.10 Syntax Description enable Enables IPSec peering. ike Configures IPSec peering using IKE ISAKMP to manage SA keys.
Rev 2.
Rev 2.10 crypto certificate ca-list crypto certificate ca-list [default-ca-list name { | system-selfsigned}] no crypto certificate ca-list [default-ca-list name { | system-selfsigned}] Adds the specified CA certificate to the default CA certificate list. The no form of the command removes the certificate from the default CA certificate list. Syntax Description cert-name Default N/A Configuration Mode Config History 3.2.
Rev 2.10 crypto certificate default-cert crypto certificate default-cert name { | system-self-signed} no crypto certificate default-cert name { | system-self-signed} Designates the named certificate as the global default certificate role for authentication of this system to clients. The no form of the command reverts the default-cert name to “system-self-signed” (the “cert-name” value is optional and ignored). Syntax Description cert-name The name of the certificate.
Rev 2.10 crypto certificate generation crypto certificate generation default {country-code | days-valid | email-addr | key-size-bits | locality | org-unit | organization | state-or-prov} Configures default values for certificate generation. Syntax Description country-code Configures the default certificate value for country code with a two-alphanumeric-character code or -- for none. days-valid Configures the default certificate value for days valid.
Rev 2.10 crypto certificate name crypto certificate name { | system-self-signed} {comment | generate self-signed | private-key pem | public-cert [comment | pem ] | regenerate days-valid | rename } no crypto certificate name Configures default values for certificate generation. The no form of the command clears/deletes certain certificate settings.
Rev 2.10 Example switch (config) # crypto certificate name system-self-signed comment test Related Commands N/A Note The certificate parameter of the no form of this command deletes the comment on the certificate.
Rev 2.10 crypto certificate system-self-signed crypto certificate system-self-signed regenerate [days-valid ] Configures default values for certificate generation. Syntax Description days-valid Specifies the number of days the certificate is valid Default N/A Configuration Mode Config History 3.2.
Rev 2.10 show crypto certificate show crypto certificate [detail | public-pem | default-cert [detail | public-pem] | [name [detail | public-pem] | ca-list [default-ca-list]] Displays information about all certificates in the certificate database. Syntax Description ca-list Displays the list of supplemental certificates configured for the global default system CA certificate role. default-ca-list Displays information about the currently configured default certificates of the CA list.
Rev 2.
Rev 2.10 show crypto ipsec show crypto ipsec [brief | configured | ike | policy | sa ] Displays information ipsec configuration. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.1000 Role admin Example switch (config)# show crypto ipsec IPSec Summary ------------Crypto IKE is using pluto (Openswan) daemon. Daemon process state is stopped. No IPSec peers configured. IPSec IKE Peering State ----------------------Crypto IKE is using pluto (Openswan) daemon.
Rev 2.10 4.11 Scheduled Jobs Use the commands in this section to manage and schedule the execution of jobs 4.11.1 Commands job job no job Creates a job. The no form of the command deletes the job. Syntax Description job ID Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # job 100 switch (config job 100) # Related Commands show jobs Note Job state is lost on reboot. An integer.
Rev 2.10 command command | no command Adds a CLI command to the job. The no form of the command deletes the command from the job. Syntax Description sequence # An integer that controls the order the command is executed relative to other commands in this job. The commands are executed in an ascending order. command A CLI command. Default N/A Configuration Mode Config job History 3.1.
Rev 2.10 comment comment no comment Adds a comment to the job. The no form of the command deletes the comment. Syntax Description comment The comment to be added (string). Default “” Configuration Mode Config job History 3.1.
Rev 2.10 enable enable no enable Enables the specified job. The no form of the command disables the specified job. Syntax Description N/A Default N/A Configuration Mode Config job History 3.1.0000 Role admin Example switch (config)# job 100 switch (config job 100) # enable switch (config job 100) # Related Commands show jobs Note If a job is disabled, it will not be executed automatically according to its schedule; nor can it be executed manually.
Rev 2.10 execute execute Forces an immediate execution of the job. Syntax Description N/A Default N/A Configuration Mode Config job History 3.1.0000 Role admin Example switch (config)# job 100 switch (config job 100) # execute switch (config job 100) # Related Commands show jobs Note • • The job timer (if set) is not canceled and the job state is not changed: i.e.
Rev 2.10 fail-continue fail-continue no fail-continue Continues the job execution regardless of any job failures. The no form of the command returns fail-continue to its default. Syntax Description N/A Default A job will halt execution as soon as any of its commands fails Configuration Mode Config job History 3.1.
Rev 2.10 name name no name Configures a name for this job. The no form of the command resets the name to its default. Syntax Description name Specifies a name for the job (string). Default “”. Configuration Mode Config job History 3.1.
Rev 2.10 schedule type schedule type no schedule type Sets the type of schedule the job will automatically execute on. The no form of the command resets the schedule type to its default.
Rev 2.10 schedule schedule no schedule Sets the type of schedule the job will automatically execute on. The no form of the command resets the schedule type to its default.
Rev 2.10 show jobs show jobs [] Displays configuration and state (including results of last execution, if any exist) of all jobs, or of one job if a job ID is specified. Syntax Description job-id Job ID. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.12 Statistics and Alarms 4.12.1 Commands stats alarm clear stats alarm clear Clears alarm state.
Rev 2.10 stats alarm enable stats alarm enable no stats alarm enable Enables the alarm. The no form of the command disables the alarm, notifications will not be received.
Rev 2.10 stats alarm event-repeat stats alarm event-repeat {single | while-not-cleared} no stats alarm event-repeat Configures repetition of events from this alarm.
Rev 2.10 stats alarm {rising | falling} stats alarm {rising | falling} {clear-threshold | error-threshold} Configure alarms thresholds.
Rev 2.10 stats alarm rate-limit stats alarm rate-limit {count | reset | window } Configures alarms rate limit.
Rev 2.10 stats chd clear stats chd clear Clears CHD counters.
Rev 2.10 stats chd enable stats chd enable no stats chd enable Enables the CHD. The no form of the command disables the CHD.
Rev 2.10 stats chd compute time stats chd compute time {interval | range} Sets parameters for when this CHD is computed.
Rev 2.
Rev 2.10 stats sample clear stats sample clear Clears sample history.
Rev 2.10 stats sample enable stats sample enable no states sample enable Enables the sample. The no form of the command disables the sample.
Rev 2.10 stats sample interval stats sample interval Sets the amount of time between samples for the specified group of sample data.
Rev 2.10 stats clear-all stats clear all Clears data for all samples, CHDs, and status for all alarms. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 stats export stats export [{after | before} ] [filename ] Exports statistics to a file. Syntax Description format Currently the only supported value for is “csv” (comma-separated value). report name Determines dataset to be exported. Possible report names are: • • • memory - Memory utilization paging - Paging I/O cpu_util - CPU utilization after | before Only includes stats collected after or before a specific time.
Rev 2.10 show stats alarm show stats alarm [ [rate-limit]] Displays status of all alarms or the specified alarm.
Rev 2.10 show stats chd show stats chd [] Displays configuration of all statistics CHDs.
Rev 2.10 show stats cpu show stats cpu Displays some basic stats about CPU utilization: • • • the current level the peak over the past hour the average over the past hour Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show stats cpu CPU 0 Utilization: 6% Peak Utilization Last Hour: 16% at 2012/02/28 08:47:32 Avg.
Rev 2.10 show stats sample show stats sample [] Displays sampling interval for all samples, or the specified one.
Rev 2.10 LWR is relevant only for 40GbE and InfiniBand FDR speeds in which the links are operational at a 4X width. When “show interfaces” is used, a port’s speed appears unchanged even when only one lane is active. LWR has three operating modes per interface: • Disabled – LWR does not operate and the link remains in 4X under all circumstances. • Automatic – the link automatically alternates between 4X and 1X based on traffic flow.
Rev 2.10 Examples: To fetch an image from a USB device, run the command: switch (config) # “image fetch scp://admin:admin@10.10.10.10/var/mnt/usb1/image.
Rev 2.10 4.12.4 Commands 4.12.4.1 Chassis Management clear counters clear counters [all | interface ] Clears switch counters. Syntax Description all Clears all switch counters. type A specific interface type number The interface number. Default N/A Configuration Mode Config interface ethernet Config Interface Port Channel History 3.2.
Rev 2.10 health health {max-report-len | re-notif-cntr | report-clear} Configures health daemon settings. Syntax Description max-report-len Sets the length of the health report - number of line entries. Possible values: 10-2048. re-notif-cntr Health control changes notification counter, in seconds. Possible values: 120-7200 seconds. report-clear Clears the health report. Default max-report-len: 50 re-notif-cntr: Configuration Mode Config History 3.1.
Rev 2.10 power enable power enable no power enable Powers on the module. The no form of the command shuts down the module. Syntax Description module name Enables power for selected module. Default Power is enabled on all modules. Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # power enable L01 switch (config) # Related Commands show power show power consumers Note This command is not applicable for 1U systems.
Rev 2.10 usb eject usb eject Gracefully turns off the USB interface. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # usb eject switch (config) # Related Commands N/A Note Applicable only for systems with USB interface.
Rev 2.10 show fan show fan Displays fans status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show fan switch (config) # show fan ===================================================== Module Device Fan Speed Status (RPM) ===================================================== FAN FAN F1 5340.00 OK FAN FAN F2 5340.00 OK FAN FAN F3 5640.00 OK FAN FAN F4 5640.00 OK PS1 FAN F1 5730.
Rev 2.10 show version show version [concise] Displays version information for the currently running system image. Syntax Description concise Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show version Product name: SX_PPC_M460EX Product release: 3.0.0000-dev-HA Build ID: #1-dev Build date: 2012-02-26 08:47:51 Target arch: ppc Target hw: m460ex Built by: root@r-fit16 Related Commands The concise variant fits the description onto one line.
Rev 2.10 show inventory show inventory Displays system inventory. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show module show module Displays modules status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Initial version 3.3.
Rev 2.10 show memory show memory Displays memory status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show asic-version show asic-version Displays firmware ASIC version. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show asic-version =========================== SX module Version =========================== SX 9.1.
Rev 2.10 show power show power Displays power supplies and power usage. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show power ================================================================= Module Power Voltage Current Capacity Grid Status (Watts) (Amp) (Watts) Group ================================================================= PS1 0.00 47.11 0.00 1008 A OK PS2 248.82 48.05 5.18 1008 A OK PS3 0.00 46.88 0.
Rev 2.10 show power consumers show power consumers Displays power consumers. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show power consumers ================================================ Module Power Voltage Current Status (Watts) (Amp) ================================================ MGMT 17.47 48.00 0.36 OK S01 33.26 48.00 0.69 OK S02 33.50 48.00 0.70 OK L01 31.73 48.00 0.66 OK L02 29.76 48.00 0.62 OK L30 28.61 48.00 0.
Rev 2.10 show temperature show temperature Displays the system's temperature sensors status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show temperature =================================================== Module Component Reg CurTemp Status (Celsius) =================================================== MGMT BOARD_MONITOR T1 25.00 OK MGMT CPU_BOARD_MONITOR T1 26.00 OK MGMT CPU_BOARD_MONITOR T2 41.00 OK MGMT QSFP_TEMP1 T1 23.
Rev 2.10 show voltage show voltage Displays power supplies voltage level. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show voltage ======================================================================= Module Power Meter Reg Expected Actual Status High Low Voltage Voltage Range Range ======================================================================= MGMT BOARD_MONITOR V1 5.00 5.15 OK 5.55 4.45 MGMT BOARD_MONITOR V2 2.
Rev 2.10 show health-report show health-report Displays health report. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Initial version 3.3.
Rev 2.10 show resources show resources Displays system resources. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Role admin Example switch (config) # show resources Total Used Free Physical 2027 MB 761 MB 1266 MB Swap 0 MB 0 MB 0 MB Number of CPUs: 1 CPU load averages: 0.11 / 0.23 / 0.23 CPU 1 Utilization: 5% Peak Utilization Last Hour: 19% at 2012/02/15 13:26:19 Avg.
Rev 2.10 show system profile show system profile Displays system profile. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.2.
Rev 2.10 show system capabilities show system capabilities Displays system capabilities. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0000 Initial version. 3.3.0000 Added gateway support.
Rev 2.10 show system mac show system mac Displays system MAC address. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show protocols show protocols Displays all protocols enabled in the system. Syntax Description N/A Default N/A Configuration Mode Config History 3.2.
Rev 2.10 show bios show bios Displays the bios version information. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.3.4150 Role admin Example switch (config) # show bios BIOS version : 4.6.5 BIOS subversion : Official AMI Release BIOS release date : 07/02/2013 switch (config) # Related Commands Note The command is available only on X86 systems (not on PPC).
Rev 2.
Rev 2.10 4.13 Network Management Interfaces 4.13.1 SNMP Simple Network Management Protocol (SNMP), is a network protocol for the management of a network and the monitoring of network devices and their functions. SNMP supports asynchronous event (trap) notifications and queries. MLNX-OS supports: • SNMP versions v1, v2c and v3 • SNMP trap notifications • Standard MIBs • Mellanox private MIBs 4.13.1.
Rev 2.
Rev 2.10 4.13.1.2 Private MIB Table 28 - Private MIBs Supported MIB Comments MELLANOX-SMI-MIB Mellanox Private MIB main structure (no objects) MELLANOX-PRODUCTS-MIB List of OID – per managed system (sysObjID) MELLANOX-IF-VPI-MIB IfTable extensions MELLANOX-EFM-MIB Deprecated MIB (based on Mellanox-MIB) Traps definitions are supported. MELLANOX-ENTITY-MIB Enhances the standard ENTITY-MIB (contains GUID and ASIC revision). Mellanox private MIBs can be downloaded from the Mellanox Support webpage.
Rev 2.10 For additional information refer to MELLANOX-EFM-MIB. For event-to-MIB mapping, please refer to Table 22, “Supported Event Notifications and MIB Mapping,” on page 218. 4.13.1.4 Configuring SNMP To set up the SNMP: Step 1. Activate the SNMP server on the MLNX-OS switch (in configure mode) using the following commands: Community strings are case sensitive. Director switches (SX65xx systems) require SNMP timeout configuration on the agent of 60 seconds.
Rev 2.10 Privacy password: ******** Confirm: ******** switch (config) # To retrieve the system table, run the following SNMP command: snmpwalk -v3 -l authPriv -a MD5 -u admin -A “” -x DES -X “” SNMPv2-MIB::system 4.13.1.6 Configuring an SNMP Notification To set up the SNMP Notification (traps or informs) follow the next steps Step 1. Make sure SNMP and SNMP notification are enable.
Rev 2.10 Step 5. Verify the list of traps and informs being sent to out of the system.
Rev 2.10 4.13.3 Commands 4.13.3.1 SNMP The commands in this section are used to manage the SNMP server. snmp-server auto-refresh snmp-server auto-refresh {enable | interval} no snmp-server auto-refresh enable Configures SNMPD refresh settings. The no form of the command disables SNMPD refresh mechanism. Syntax Description enable Enables SNMPD refresh mechanism. interval Sets SNMPD refresh interval. Default Enabled. Interval: 60 secs Configuration Mode Config History 3.1.
Rev 2.10 snmp-server community snmp-server community [ ro | rw] no snmp-server community Sets a community name for either read-only or read-write SNMP requests. The no form of the command sets the community string to default. Syntax Description community Community name. ro Sets the read-only community string. rw Sets the read-write community string. Default Read-only community: “public” Read-write community: “” Configuration Mode Config History 3.1.
Rev 2.10 snmp-server contact snmp-server contact no snmp-server contact Sets a value for the sysContact variable in MIB-II. The no form of the command resets the parameter to its default value. Syntax Description contact name Contact name. Default “” Configuration Mode Config History 3.1.
Rev 2.10 snmp-server enable snmp-server enable [communities | mult-communities | notify] no snmp-server enable [communities | mult-communities | notify] Enables SNMP-related functionality. The no form of the command disables the SNMP server. Syntax Description enable Enables SNMP-related functionality: • • SNMP engine SNMP traps communities Enables community-based authentication on this system. mult-communities Enables multiple communities to be configured.
Rev 2.10 snmp-server host snmp-server host {disable | {traps | informs} [ | | version ]} no snmp-server host {disable | {traps| informs} [ | ]} Configures hosts to which to send SNMP traps. The no form of the commands removes a host from which SNMP traps should be sent. Syntax Description IP address IPv4 or IPv6 address. disable Temporarily disables sending of traps to this host.
Rev 2.10 Example switch (config) # snmp-server host 10.10.10.10 traps version 1 switch (config) # show snmp SNMP enabled: yes SNMP port: 161 System contact: System location: Read-only communities: public Read-write communities: (none) Interface listen enabled: yes No Listen Interfaces. Traps enabled: Default trap community: Default trap port: yes public 162 Trap sinks: 10.10.10.
Rev 2.10 snmp-server listen snmp-server listen {enable | interface } no snmp-server listen {enable | interface } Configures SNMP server interface access restrictions. The no form of the command disables the listen interface restricted list for SNMP server. Syntax Description enable Enables SNMP interface restrictions on access to this system. ifName Adds an interface to the “listen” list for SNMP server. For example: “mgmt0”, “mgmt1”.
Rev 2.10 snmp-server location snmp-server location no snmp-server location Sets a value for the sysLocation variable in MIB-II. The no form of the command clears the contents of the sysLocation variable. Syntax Description system location String. Default “” Configuration Mode Config History 3.1.
Rev 2.10 snmp-server notify snmp-server notify {community | event | port | send-test} no snmp-server notify {community | event | port} Configures SNMP notifications (traps and informs). The no form of the commands negate the SNMP notifications. Syntax Description community Sets the default community for traps sent to hosts which do not have a custom community string set. event Specifies which events will be sent as traps.
Rev 2.10 snmp-server port snmp-server port no snmp-server port Sets the UDP listening port for the SNMP agent. The no form of the command resets the parameter to its default value. Syntax Description port UDP port. Default 161 Configuration Mode Config History 3.1.
Rev 2.10 snmp-server user snmp-server user {admin | } v3 {[encrypted] auth [priv []] | capability | enable | prompt auth [priv ]} no snmp-server user {admin | } v3 {[encrypted] auth [priv []] | capability | enable | prompt auth [priv ]} Specifies an existing username, or a new one to be added.
Rev 2.10 show snmp show snmp [auto-refresh | engineID | events | host | user] Displays SNMP-server configuration and status. Syntax Description auto-refresh SNMP refreshed mechanism status. engineID SNMP Engine ID. events SNMP events. host List of notification sinks. user SNMP users. Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show snmp auto-refresh show snmp auto-refresh Displays SNMPD refresh mechanism status. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.13.3.2 XML API xml-gw enable xml-gw enable no xml-gw enable Enables the XML gateway. The no form of the command disables the XML gateway. Syntax Description N/A Default XML Gateway is enabled Configuration Mode Config History 3.1.
Rev 2.10 show xml-gw show xml-gw Displays the XML gateway setting. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 4.14 Puppet Agent MLNX-OS includes a built-in agent for the open-source “Puppet” configuration change management system. The Puppet agent enables configuring Mellanox switches in accordance with the standard “puppet-netdev-stdlib” type library and with the “Mellanox-netdev-stdlib-mlnxos” and “Mellanox-netdev-ospf-stdlib” type libraries provided by Mellanox Technologies to the Puppet community. For more information, please refer to the CLI commands, to the NetDev documentation at https:/ /github.
Rev 2.10 Figure 9: Accepting an Agent Request through the Console 4.14.3 Installing Modules on the Puppet Server Mellanox uses netdev-stdlib types and provides a package of Mellanox providers for those types which have to be installed at the Puppet server prior to the first Puppet configuration run (before configuring resources on the Mellanox switch).
Rev 2.10 If you have a puppet console, you may assign classes of configuration in the following way: • • Step 2. Add the relevant classes (using the console add class button on the “nodes” page). Assign the classes to the relevant nodes/groups in the puppet server console (in the console node/group page -> edit -> Classes). Update VLAN Manifest example (located in “/etc/puppetlabs/puppet/manifests/netdev_vlan_example.pp”).
Rev 2.10 Step 4. Update LAG. Manifest example (located in “/etc/puppetlabs/puppet/manifests/netdev_lag_example.
Rev 2.10 4.14.5.2 VLAN Capabilities Table 31 - VLAN Capabilities Field Description Values Example ensure Creates or destroys the VLAN given as a resource ID absent, present ensure => present vlan_id The VLAN ID 1-4094 (integer) vlan_id => 245 4.14.5.3 Layer 2 Ethernet Interface Capabilities Table 32 - L2 Ethernet and Port-Channel Interface Capabilities Field Description Values Example ensure Sets the given values or restores the Layer 2 interface to default.
Rev 2.10 Table 34 - L3 Interface Capabilities Field Description Values Example ipaddress Sets IP address on the Layer 3 interface (requires netmask). A valid IP address ipaddress => ‘192.168.4.2’ netmask Sets netmask for the IP address. A valid netmask (of the form X.1X2.X3.X4), which creates a valid combination with the given IP address netmask => ‘255.255.255.0’ method Configures the method of the L3 interface (currently supports only static method). static method => static 4.14.5.
Rev 2.10 4.14.5.8 Router OSPF Capabilities Table 37 - Router OSPF Capabilities Field ensure Description Enables/disables the router ID specified in the resource ID Values Example present, absent ensure => present 4.14.5.9 Protocol LLDP, SNMP, IP Routing and Spanning Tree Capabilities Table 38 - Protocol Enable/Disable Capabilities Field ensure Description Enables/disables the protocol specified in the resource ID Values Example present, absent ensure => present 4.14.5.
Rev 2.10 4.14.5.11Fetched Image Capabilities Table 40 - Fetched Image Capabilities Field Description Values Example ensure Specifies if the image version given in as resource id is ensured to be installed or not present, absent ensure => present is_next_boot Ensures that the installed image is the next boot partition yes, no is_next_boot => yes host Writes configurations to database. yes, no configuration_write => yes user Reload if image is in other partition.
Rev 2.10 4.14.
Rev 2.10 4.14.7.1 Switch and Server Clocks are not Synchronized This can be fixed by using NTP to synchronize the clocks at the switch (using the CLI command ntp) and at the server (e.g. using ntpdate). 4.14.7.2 Outdated or Invalid SSL Certificates Either on the Switch or the Server This can be fixed on the switch using the CLI command puppet-agent clear-certificates (requires puppet-agent restart to take effect).
Rev 2.10 4.14.8 Commands puppet-agent puppet-agent Enters puppet agent configuration mode. Syntax Description N/A Default None Configuration Mode Config History 3.3.
Rev 2.10 master-hostname master-hostname no master-hostname Sets the puppet server hostname. The no form of the command resets the parameter to its default. Syntax Description hostname Puppet server hostname. Free string may be entered. Default puppet Configuration Mode Config Puppet History 3.3.
Rev 2.10 enable enable no enable Enables the puppet server on the switch. The no form of the command disables the puppet server. Syntax Description N/A Default Disabled Configuration Mode Config Puppet History 3.3.
Rev 2.10 run-interval run-interval
Rev 2.10 restart puppet-agent restart Restarts the puppet agent. Syntax Description N/A Default N/A Configuration Mode Config Puppet History 3.3.
Rev 2.10 show puppet-agent show puppet-agent Displays Puppet agent status and configuration. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.3.4200 3.3.
Rev 2.10 show puppet-agent log show puppet-agent log [[not] [matching | continuous] | files [[not] matching] ] Displays the Puppet agent’s log file. Syntax Description continuous Puppet agent log messages as they arrive. files Displays archived Puppet agent log files. matching Displays Puppet agent log that match a given string. not Displays Puppet agent log that do not meet a certain string. string Free string. Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 5 Ethernet Switching 5.1 Interface Interface Ethernet have the following physical set of configurable parameters 5.1.1 • Admin state – enabling or disabling the interface.
Rev 2.10 Specific ports can be split by using a QSFP 1X4 breakout cable to split one 40 Gb/s port into 4 lanes (4 SFP+ connectors). These 4 lanes then go, one lane to each of the 4 SFP+ connectors. Some ports can be split into 2 10 Gb/s ports, using lanes 1 and 2 only. When a QSFP port is split into 2 10Gb/s ports then only SFP+ connectors #1 and #2 are used. Connectors #3 and #4 are left unconnected. Splitting the interface deletes all configuration on that interface.
Rev 2.10 • in case of split-2, shut down the current interface only • in case of split-4, shut down the current interface and the other interface switch switch switch switch switch Step 2. (config) # interface ethernet 1/1 (config interface ethernet 1/1) # shutdown (config interface ethernet 1/1) # exit (config) # interface ethernet 1/4 (config interface ethernet 1/4) # shutdown Split the ports as desired.
Rev 2.10 5.1.2 Transceiver Information MLNX-OS offers the option of viewing the transceiver information of a module or cable connected to a specific interface. The information is a set of read-only parameters burned onto the EEPROM of the transceiver by the manufacture. The parameters include identifier (connector type), cable type, speed and additional inventory attributes.
Rev 2.10 5.1.3 Commands interface ethernet interface ethernet /[/]-[/[/]] Enters the Ethernet interface or Ethernet interface range configuration mode. Syntax Description / Ethernet port number. subport Ethernet subport number. to be used in case of split port. Default N/A Configuration Mode Config History 3.1.0000 Initial version. 3.2.1100 Added range support.
Rev 2.10 flowcontrol flowcontrol {receive | send} {off | on} [force] Enables or disables IEEE 802.3x link-level flow control per direction for the specified interface. Syntax Description receive | send receive - ingresses direction send - egresses direction off | on on - enables IEEE 802.3x link-level flow control for the specified interface on receive or send. off - disables IEEE 802.3x link-level flow control for the specified interface on receive or send force Forces command implementation.
Rev 2.10 mtu mtu Configures the Maximum Transmission Unit (MTU) frame size for the interface. Syntax Description frame-size This value may be 1518-9216 bytes. Default 1522 bytes Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 shutdown shutdown no shutdown Disables the interface. The no form of the command enables the interface. Syntax Description N/A Default The interface is enabled. Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 description description no description Sets an interface description. The no form of the command returns the interface description to its default value. Syntax Description string 40 bytes Default “” Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 speed speed [force] no speed Sets the speed of the interface. The no form of the command sets the speed of the interface to its default value. Syntax Description port speed 10000 - 10GbE 40000 - 40GbE auto - auto negotiates link speed force force changing the speed. Default Depends on the port module type, see the “Notes” section below. Configuration Mode Config interface ethernet History 3.1.0000 3.3.
Rev 2.10 load-interval load-interval
Rev 2.10 clear counters clear counters Clears the interface counters. Syntax Description N/A Default N/A Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 show interfaces ethernet show interfaces ethernet [counters [priority]] Displays the configuration and status for the interface. Syntax Description inf Interface number: /. counters Displays interface extended counters. priority Displays interface extended counters, per priority (0-7). Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show interfaces ethernet [] capabilities show interfaces ethernet [] capabilities Displays the interface capabilities. shows only one interface capabilities. Interface number: /. Syntax Description inf Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show interfaces ethernet [] description show interfaces ethernet [] description Displays the admin status and protocol status for the specified interface. Syntax Description inf Interface number: /. Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show interfaces ethernet [] status show interfaces ethernet [] status Displays the status, speed and negotiation mode of the specified interface. Syntax Description inf Default N/A Configuration Mode Any Command Mode History 3.1.0000 Role admin Example switch (config) # show interfaces ethernet status Port Interface number: /. Operational state Eth1/1 Up Eth1/2 Up Eth1/3 Up ...
Rev 2.10 show interfaces ethernet [] transceiver show interfaces ethernet [] transceiver Displays the transceiver info. Syntax Description inf interface number: / Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 module-type module-type [force] Splits or un-splits the interface, as desired. Syntax Description type qsfp - Port runs at 40000/56000Mbps. qsfp-split-2 - Port is split and runs at 2X10000Mbps. qsfp-split-4 - Port is split and runs at 4X10000Mbps. force force the split operation without asking for user confirmation. Default interface module type is qsfp (if the interface supports 40Gbps speed) Configuration Mode Config interface ethernet History 3.1.
Rev 2.10 5.2 Link Aggregation Group (LAG) Link Aggregation protocol describes a network operation in which several same speed links are combined into a single logical entity with the accumulated bandwidth of the originating ports. LAG groups exchange Lag Aggregation Control Protocol (LACP) packets in order to align the functionality between both endpoints of the LAG. To equally send traffic on all LAG links, the switch uses a hash function which can use a set of attributes as key to the hash function.
Rev 2.10 Step 4. Change back to config mode. Run: switch (config interface port-channel 1) # exit switch (config) # Step 5. Enable LACP in the switch. Run: switch (config) # lacp switch (config) # Step 6. Add a physical port to the port-channel. Run: switch (config interface ethernet 1/4) # channel-group 1 mode active/passive switch (config interface ethernet 1/4) # 5.2.
Rev 2.10 lacp lacp no lacp Enables LACP in the switch. The no form of the command disables LACP in the switch. Syntax Description N/A Default LACP is disabled. Configuration Mode Config History 3.1.
Rev 2.10 lacp system-priority lacp system-priority <1-65535> no lacp system-priority Configures the LACP system priority. The no form of the command sets the LACP system-priority to default. Syntax Description 1-65535 LACP system-priority. Default 32768 Configuration Mode Config History 3.1.
Rev 2.10 lacp (interface) lacp {rate fast | port-priority <1-65535>} no lacp {rate fast | port-priority} Configures the LACP interface parameters. The no form of the command sets the LACP interface configuration to default. Syntax Description rate fast Sets LACP PDUs on the port to be in fast (1 second) or slow rate. (30 seconds). 1-65535 LACP port-priority. Default rate - slow (30 seconds) port-priority 32768 Configuration Mode Config History 3.1.
Rev 2.10 port-channel load-balance port-channel load-balance no port-channel load-balance Configures the port-channel load balancing distribution function method. The no form of the command sets the distribution function method to default.
Rev 2.10 channel-group channel-group <1-4096> [mode {on | active | passive}] no channel-group Assigns and configures a physical interface to a port channel. The no form of the command removes a physical interface from the port-channel. Syntax Description 1-4096 The port channel number. mode on Static assignment the port to LAG. LACP will not be enabled on this port. mode active/passive Dynamic assignment of the port to LAG. LACP will be enabled in either passive or active mode.
Rev 2.10 show lacp system-identifier show lacp system-identifier Displays the system identifier of LACP. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show lacp counters show lacp counters Displays the LACP PDUs counters. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show lacp interface ethernet show lacp interface etherent Displays the LACP interface configuration and status. Syntax Description inf Default N/A Configuration Mode Any Command Mode History 3.1.1400 Role admin Example switch (config) # show lacp interfaces ethernet 1/4 Port : 1/4 ------------- Interface number, for example “1/1”.
Rev 2.10 show lacp interface neighbor show lacp interface neighbor Displays the LACP interface neighbor status. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show lacp interfaces port-channel show lacp interfaces port-channel Displays the LACP global parameters. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show interfaces port-channel show interfaces port-channel {compatibility-parameters | load-balance | summary} Displays port-channel parameters. Syntax Description compatibility-parameters Displays the parameters that must be the same among the member ports of the port-channel interface. load-balance Displays the type of load-balancing in use for portchannels. summary Displays a summary of the port-channel interfaces. Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 A Virtual Local Area Network (VLAN) is an L2 segment of the network which defines a broadcast domain and is identified by a tag added to all Ethernet frames running within the domain. This tag is called a VLAN ID (VID) and can take a value of 1-4094. Each port can have a switch mode of either: 5.3.1 • Access – Access port is a port connected to a host. It can accept only untagged frames, and assigns them a default configured VLAN (Port VLAN ID).
Rev 2.10 5.3.2 Configuring Hybrid Mode and Assigning Port VLAN ID (PVID) To configure Hybrid mode and assign PVID to interfaces: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Create a VLAN. Run: switch (config) # vlan 6 switch (config vlan 6) # Step 4. Change back to config mode. Run: switch (config vlan 6) # exit switch (config) # Step 5. Enter the interface context.
Rev 2.10 Step 6. From within the interface context, configure the interface mode to Trunk. Run: switch [standalone: master] (config interface ethernet 1/35) # switchport mode trunk switch [standalone: master] (config interface ethernet 1/35) # 5.3.4 Configuring Hybrid Mode VLAN Membership To configure Hybrid mode VLAN membership: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Create a VLAN.
Rev 2.10 5.3.5 Commands vlan vlan { | } no vlan { | } Creates a VLAN or range of VLANs, and enters a VLAN context. The no form of the command deletes the VLAN or VLAN range. Syntax Description vlan-id 1-4094. vlan-range Any range of VLANs. Default VLAN 1 is enabled by default. Configuration Mode Config History 3.1.
Rev 2.10 name name no name Adds VLAN name. The no form of the command deletes the VLAN name. Syntax Description vlan-name Default No name available. Configuration Mode Config Vlan History 3.1.1400 Role admin Example switch (config) # vlan 10 switch (config vlan 10) # name my-vlan-name switch (config vlan 10) # show vlan VLAN ---1 5, Name ----------default 40-character long string.
Rev 2.10 show vlan show vlan [id ] Displays the VLAN table. Syntax Description vlan-id Default N/A Configuration Mode Any Command Mode History 3.1.1400 Role admin Example switch (config vlan 10) # show vlan VLAN ---1 10 Related Commands 1-4094. Name ----------default my-vlan-name Ports -------------------------------------Eth1/2, Eth1/3, Eth1/4/1, Eth1/4/2 ...
Rev 2.10 switchport mode switchport mode {access | trunk | hybrid | access-dcb} no switchport mode Sets the switch port mode. The no form of the command sets the switch port mode to access. Syntax Description access Un-tagged port. 802.1q tagged traffic will be filtered. egress traffic is un-tagged. trunk 802.1q tagged port, un-tagged traffic will be filtered. hybrid Both 802.1q tagged and un-tagged traffic is allowed on the port. access-dcb Un-tagged port, egress traffic is priority tagged.
Rev 2.10 switchport access switchport access vlan no switchport access vlan Sets the port access VLAN. The no form of the command sets the port access VLAN to 1. Syntax Description vlan-id 1-4094. Default 1 Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.1400 Initial version 3.2.0500 Format change (removed hybrid and access-dcb options).
Rev 2.10 switchport {hybrid, trunk} allowed-vlan switchport {hybrid, trunk} allowed-vlan { | add | remove all | except | none} Sets the port allowed VLANs. Syntax Description vlan VLAN ID (1-4094) or VLAN range. add Add VLAN or range of VLANs. remove Remove VLANs or range of VLANs. all Add all VLANs in available in the VLAN table. New vlans that will be added to the vlan table will be added automatically. except Add all VLANs expect this VLAN or VLAN range.
Rev 2.10 show interface switchport show interface switchport Displays all interface switch port configurations. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.1400 Role admin Example switch (config) #show interfaces switchport Interface | Mode | Access vlan | Allowed vlans -----------|------------|-------------|--------------------------Eth1/2 access 1 Eth1/3 access 1 Eth1/4/1 access 1 Eth1/4/2 access 1 Eth1/5 access 1 Eth1/6 access 1 Eth1/7 hybrid 1 1, 10 ...
Rev 2.10 5.4 MAC Address Table 5.4.1 Configuring Unicast Static MAC Address You can configure static MAC addresses for unicast traffic. This feature improves security and reduces unknown unicast flooding. To configure Unicast Static MAC address: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Run the command mac-address-table static unicast vlan interface ethernet / .
Rev 2.10 5.4.2 Commands mac-address-table aging-time mac-address-table aging-time no mac-address-table aging-time Sets the maximum age of a dynamically learnt entry in the MAC address table. The no form of the command resets the aging time of the MAC address table to its default. Syntax Description age Default 300 Configuration Mode Config History 3.1.
Rev 2.10 mac-address-table static mac-address-table static vlan interface no mac-address-table static vlan interface Configures a static MAC address in the forwarding database. The no form of the command deletes a configured static MAC address from the forwarding database. Syntax Description mac address Destination MAC address. vlan VLAN ID or VLAN range. if-type Ethernet or port-channel interface type.
Rev 2.10 clear mac-address-table dynamic clear mac-address-table dynamic Clear the dynamic entries in the MAC address table. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.0600 Role admin Example switch (config) # clear mac-address-table dynamic switch (config) # Related Commands mac-address-table aging-time mac-address-table static show mac-address-table Note This command does not clear the MAC addresses learned on the mgmt0 port.
Rev 2.10 show mac-address-table show mac-address-table [address | interface ethernet | vlan [ | range ] | unicast | multicast] Displays the static and dynamic unicast and multicast MAC addresses for the switch. Various of filter options available. Syntax Description mac-address Filter the table to a specific MAC address. if-number Filter the table to a specific interface. vlan Filter the table to a specific VLAN number (1-4094).
Rev 2.10 show mac-address-table aging-time show mac-address-table aging-time Displays the MAC address table aging time. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 5.5 Spanning Tree The operation of Rapid Spanning Tree Protocol (RSTP) provides for rapid recovery of connectivity following the failure of a bridge/bridge port or a LAN. The RSTP component avoids this delay by calculating an alternate root port, and immediately switching over to the alternate port if the root port becomes unavailable. Thus, using RSTP, the switch immediately brings the alternate port to forwarding state, without the delays caused by the listening and learning states.
Rev 2.10 • Global configuration: switch (config)# spanning-tree port type {edge , normal , network} default • Interface configuration: switch (config interface etherent )# spanning-tree port type {edge , normal, network} 5.5.3 BPDU Filter Using BPDU filter prevents the CPU from sending/receiving BPDUs on specific ports. BPDU filtering is configured per interface. When configured, the port does not send any BPDUs and drops all BPDUs that it receives.
Rev 2.10 To configure loop guard use the following command: switch (config interface etherent )# spanning-tree guard root 5.5.6 MSTP Spanning Tree Protocol (STP) is a mandatory protocol to run on L2 Ethernet networks to eliminate network loops and the resulting broadcast storm caused by these loops.
Rev 2.10 5.5.7 Commands spanning-tree spanning-tree no spanning-tree Globally enables the spanning tree feature. The no form disables the spanning tree feature. Syntax Description N/A Default Spanning tree is enabled. Configuration Mode Config History 3.1.
Rev 2.10 spanning-tree (timers) spanning-tree [forward-time
Rev 2.10 spanning-tree port type (default global) spanning-tree port type default no spanning-tree port type default Configures all switch interfaces as edge/network/normal ports. These ports can be connected to any type of device. The no form of the command disables the spanning tree operation. Syntax Description port-type • • • Edge - Assumes all ports are connected to hosts/servers. Network - Assumes all ports are connected to switches and bridges.
Rev 2.10 spanning-tree priority spanning-tree priority no spanning-tree priority Sets the spanning tree bridge priority. The no form of the command sets the bridge priority to default. Syntax Description bridge-priority Sets the bridge priority for the spanning tree. Its value must be in steps of 4096, starting from 0. Only the following values are applicable: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440.
Rev 2.10 spanning-tree port-priority spanning-tree port-priority no spanning-tree port-priority Configures the spanning-tree interface priority. The no form of the command returns configuration to its default. Syntax Description priority Spanning tree interface priority. The possible values are: 0, 16, 32,48, 64, 80, 96, 112, 128,144, 160, 176, 192, 208, 224, 240. Default 128 Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 spanning-tree cost spanning-tree cost no spanning-tree cost Configures the interface cost of the spanning tree. The no form of the command returns configuration to its default. Syntax Description port cost Default The default cost is derived from the speed. 1Gbps 20000 10Gbps 2000 40Gbps 500 56Gbps 357 Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 spanning-tree port type spanning-tree port type no spanning-tree port type Configures spanning-tree port type The no form of the command returns configuration to default. Syntax Description port type Sets the spanning-tree port type. The port type parameter has four options: • • • • Default (globally defined) Edge Normal Network In case there is no change of this parameter, the configuration will be taken from the global default port type.
Rev 2.10 spanning-tree guard spanning-tree guard {loop | root} no spanning-tree guard {loop | root} Configures spanning-tree guard. The no form of the command returns configuration to default. Syntax Description loop Enables loop-guard on the interface. If the loop-guard is enabled, upon a situation where the interface fails to receive BPDUs the switch will not egress data traffic on this interface. root Enables root-guard on the interface.
Rev 2.10 spanning-tree bpdufilter spanning tree bpdufilter {disable | enable} no spanning tree bpdufilter Configures spanning-tree BPDU filter on the interface. The interface will ignore any BPDU that it receives and will not send PDBUs, The STP state on the port will move to the forwarding state. The no form of the command returns the configuration to default. Syntax Description disable Disables the BPDU filter on this port. enable Enables the BPDU filter on this port.
Rev 2.10 clear spanning-tree counters clear spanning-tree counters Clears the spanning-tree counters. Syntax Description N/A Default N/A Configuration Mode Config History 3.1.
Rev 2.10 show spanning-tree show spanning-tree [detail | interface ] Displays spanning tree information. Syntax Description detail Displays detailed spanning-tree configuration and statistics. interface Displays the running state for a specific interface. Options for “type”: ethernet or port-channel. Options for “number”: or . Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 spanning-tree mst max-hops spanning-tree mst max-hops no spanning-tree mst max-hops Specifies the max hop value inserts into BPDUs that sent out as the root bridge. The no form of the command sets the parameter to its default value. Syntax Description max-hops Max hop value. The range is 6-40. Default 20 Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mst priority spanning-tree mst priority no spanning-tree mst priority Configures the specified instance’s priority number. The no form of the command sets the parameter to its default value. Syntax Description mst-instance MST instance. Range is 1-64. priority MST instance port priority.
Rev 2.10 spanning-tree mst vlan spanning-tree mst vlan no spanning-tree mst vlan Maps a VLAN or a range of VLANs into an MSTP instance. The no form of the command unmaps a VLAN or a range of VLANs from MSTP instances. Syntax Description mst-instance MST instance. Range is 1-64. vlan A single VLAN or a a range of VLANs. The format is or -. Default N/A Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mst revision spanning-tree mst revision no spanning-tree mst revision Configures the MSTP revision number. The no form of the command sets the parameter to its default value. Syntax Description number The MST revision number. Range is 0-65535. Default 0 Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mst name spanning-tree mst name no spanning-tree mst name Configures the MSTP name. The no form of the command sets the parameter to its default value. Syntax Description name MST name: Up to 32 characters. Default N/A Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mst root spanning-tree mst root no spanning-tree mst root Changes the bridge priority for the specified MST instance to the following values: • Primary – 8192 • Secondary – 16384 The no form of the command sets the parameter to its default value. Syntax Description mst-instance MSTP instance. Possible range is 1-64. role Values: “primary” or “secondary”. Default primary Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mode spanning-tree mode {rst | mst} no spanning-tree mode Changes the spanning tree mode. The no form of the command sets the parameter to its default value. Syntax Description mst Multiple spanning tree. rst Rapid spanning tree. Default rst Configuration Mode Config History 3.3.
Rev 2.10 spanning-tree mst port-priority spanning-tree mst {mst-instance} port-priority no spanning-tree mode Changes the spanning tree mode. The no form of the command sets the parameter to its default value. Syntax Description mst-instance MST instance. Range is 1-64. priority MST instance port priority. Valid values are: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224 and 240. Default rst Configuration Mode Config Interface Port Channel History 3.3.
Rev 2.10 spanning-tree mst cost spanning-tree mst {mst-instance} cost no spanning-tree mode Configures the cost per MSTP instance. The no form of the command sets the parameter to its default value. Syntax Description mst-instance MST instance. Range is 1-64. cost-value MST instance port cost. Range is 0-200000000. Default 2000 for 10Gb/s, 500 for 40Gb/s, 20000 for 1Gb/s, 357 for 56Gb/s Configuration Mode Config Interface Port Channel History 3.3.
Rev 2.10 show spanning-tree show spanning-tree [detail | interface {ethernet / | port-channel } | mst [ interface {ethernet / | port- channel } | details | interface {ethernet / | port- channel }] | root] Displays spanning-tree information for a switch. Syntax Description detail Displays detailed spanning-tree information on a switch.
Rev 2.10 5.6 OpenFlow MLNX-OS supports OpenFlow 1.0. OpenFlow is a network protocol that facilitates direct communication between network systems via Ethernet. Software Defined Networks (SDN) allows a centralist management of network equipment. OpenFlow allows the SDN controller to manage SDN equipment. The OpenFlow protocol allows communication between the OpenFlow controller and OpenFlow agent.
Rev 2.10 Every flow entry contains one of the following parameters: 1. Header fields for matching purposes with each entry containing a specific value or a wildcard which could match all entries. 2. Matching packet counters which are useful for statistical purposes, in order to keep track of the number of packets. 3. Actions which specify the manner in which to handle the packets of a flow which can be any of the following: a. Forwarding the packet b. Dropping the packet c.
Rev 2.10 5.6.3 Commands protocol openflow protocol openflow no protocol openflow Unhides the OpenFlow commands. The no form of the command hides the OpenFlow commands. Syntax Description N/A Default no protocol openflow Configuration Mode Config History 3.3.
Rev 2.10 openflow description openflow description Sets the OpenFlow description. Syntax Description string Free string. Default N/A Configuration Mode Config History 3.3.4300 Role admin Example switch (config) # openflow description OF-switch-104 switch (config) # show openflow detail OpenFlow version: OF VERSION 1.0 Table size: 1000, 0 in use Active controller ip: 10.209.1.
Rev 2.10 openflow mode hybrid openflow mode hybrid no openflow mode Enables OpenFlow on the port. The no form of the command returns the port to its default state. Syntax Description N/A Default no openflow mode Configuration Mode Config interface ethernet History 3.3.
Rev 2.10 controller-ip controller-ip [tcp-port ] no controller-ip tcp-port Sets the OpenFlow controller’s IP & TCP port. The no form of the command sets the parameter to its default. Syntax Description ip-address The IPv4 address of the OpenFlow controller. tcp-port Sets the TCP port number of the OpenFlow controller. Default 0.0.0.0; TCP port 6633 Configuration Mode Config OpenFlow History 3.3.
Rev 2.10 datapath-id datapath-id no datapath-id Sets a specific identifier for the switch with which the controller is communicating. The no form of the command resets the parameter to its default value. Syntax Description value The most significant 16 bits of the agent data-path ID. Range is 0x0000-0xFFFF in hexa. Default 0x0000 Configuration Mode Config OpenFlow History 3.3.
Rev 2.10 forward-to-controller forward-to-controller {[ospf] [lldp] [arp-unicast] [arp-broadcast] all | none} Forwards the selected traffic types to the controller from all the ports on which OpenFlow enabled. Syntax Description ospf Forwards OSPF traffic to the controller. lldp Forwards LLDP traffic to the controller. arp-unicast Forwards ARP-unicast traffic to the controller. arp-broadcast Forwards ARP-broadcast traffic to the controller. all Forwards all traffic types to the controller.
Rev 2.10 show openflow show openflow [detail | tables | flows ] Displays general information about the OpenFlow protocol configuration. Syntax Description detail Displays detailed information about the OpenFlow protocol. tables Displays information about the OpenFlow tables (size, type, etc.). flows Displays specific flows inside the OpenFlow tables. ID may be a range (e.g. 1-10). statistics Displays OpenFlow statistics. Default None Configuration Mode Any Command Mode History 3.3.
Rev 2.10 5.7 IGMP Snooping The Internet Group Multicast Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. The host joins a multicast-group by sending a join request message towards the network router, and responds to queries sent from the network router by dispatching a join report.
Rev 2.10 Step 5. Change back to config mode. Run: switch (config interface ethernet 1/1) # exit switch (config) # Step 6. Define the MRouter port on the VLAN. Run: switch (config) # vlan 2 switch (config vlan 2) # ip igmp mrouter interface ethernet 1/1 switch (config vlan 2) # To change the Interface Switchport to Hybrid: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Enable IGMP snooping globally.
Rev 2.10 Snooping Querier must be used in conjunction with IGMP snooping as IGMP snooping listens to these IGMP reports to establish appropriate forwarding. To configure IGMP Snooping Querier Step 1. Enable the IGMP snooping on the switch. Run: switch (config) # ip igmp snooping Step 2. Enable the IGMP snooping querier on a specific VLAN. Run: switch (config) # interface vlan 10 switch (config vlan 10)# ip igmp snooping querier Step 3. Set the query interval time.
Rev 2.10 5.7.4 Commands ip igmp snooping (admin) ip igmp snooping no ip igmp snooping Enables IGMP snooping globally or per VLAN. The no form of the command disables IGMP snooping globally or per VLAN. Syntax Description N/A Default IGMP snooping is disabled, globally and per VLAN. Configuration Mode Config Config Vlan History 3.1.
Rev 2.10 ip igmp snooping (config) ip igmp snooping {last-member-query-interval <1-25> | proxy reporting mrouter-timeout <60-600> | port-purge-timeout <130-1225> | report-suppression-interval <1-25>} no ip igmp snooping {last-member-query-interval | proxy reporting | mroutertimeout | report-suppression-interval} Configures IGMP global parameters. The no form of the command resets the IGMP global parameters to default.
Rev 2.
Rev 2.10 ip igmp snooping fast-leave ip igmp snooping fast-leave no ip igmp snooping fast-leave Enables fast leave processing on a specific interface. The no form of the command disables fast leave processing on a specific interface. Syntax Description N/A Default Normal-leave is enabled. Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 ip igmp snooping static-group ip igmp snooping static-group interface no ip igmp snooping static-group interface Creates a static multicast group and attaches a port to a specified group. The no form of the command deletes the interface from the multicast group. Syntax Description Ip address Multicast IP address <224.x.x.x - 239.255.255.255> interface Attach the group to a specific interface.
Rev 2.10 ip igmp snooping mrouter ip igmp snooping mrouter interface no ip igmp snooping mrouter interface Creates a static multicast router port on a specific VLAN, on a specific interface. The no form of the command removes the static multicast router port from a specific VLAN. Syntax Description interface Attaches the group to a specific interface. type - ethernet or port-channel. Default No static mrouters are configured.
Rev 2.10 ip igmp snooping unregistered multicast ip igmp snooping unregistered multicast no ip igmp snooping unregistered multicast Sets the behavior of the snooping switch for unregistered multicast traffic. The no form of the command sets it default. Syntax Description options Default flood Configuration Mode Config History 3.2.
Rev 2.10 ip igmp snooping querier ip igmp snooping querier no ip igmp snooping querier Enables the IGMP Snooping Querier on a VLAN. The no form of the command disables the IGMP Snooping Querier on a VLAN. Syntax Description N/A Default Disable Configuration Mode Config Vlan History 3.3.
Rev 2.10 igmp snooping querier query-interval igmp snooping querier query-interval
Rev 2.10 show ip igmp snooping show ip igmp snooping Displays IGMP snooping information for all VLANs or a specific VLAN. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show ip igmp snooping groups show ip igmp snooping groups Displays per VLAN the list of multicast groups attached (static or dynamic allocated) per port. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.1400 Role admin Example switch (config) # show ip igmp snooping groups Vlan ID Group St/Dyn Ports ------------------------------1 230.0.0.
Rev 2.10 show ip igmp snooping vlan show ip igmp snooping vlan { | all} Displays IGMP configuration per VLAN or VLAN range. Syntax Description vlan/vlan range Displays IGMP VLAN configuration per specific VLAN or VLAN range. all Display IGMP VLAN configuration on all VLAN. Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show ip igmp snooping mrouter show ip igmp snooping mrouter Displays IGMP snooping multicast router information. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show ip igmp snooping interfaces show ip igmp snooping interfaces Displays IGMP snooping interface information. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.1400 Role admin Example switch (config) # show ip igmp snooping interfaces interface leave-mode ---------------------1/1 Normal 1/2 Normal 1/3 Normal 1/4 Fast ...
Rev 2.10 show ip igmp snooping statistics show ip igmp snooping statistics Displays IGMP snooping statistical counters. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show ip igmp snooping querier show ip igmp snooping querier [vlan ] Displays running IGMP snooping querier configuration on the VLANs. Syntax Description vlan Displays the IGMP snooping querier configuration running on the specified VLAN. Default N/A Configuration Mode Any Command Mode History 3.3.4200 Role admin Example switch (config) # show ip igmp snooping querier vlan 10 Vlan 1 IGMP Querier Present query-interval: 20 address: 1.1.1.
Rev 2.10 5.8 Link Layer Discovery Protocol (LLDP) The Link Layer Discovery Protocol (LLDP) is a vendor-neutral Link Layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on a IEEE 802 LAN. The protocol is formally defined in IEEE 802.1AB. 5.8.1 Configuring LLDP To configure the LLDP on the switch: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3.
Rev 2.10 compliments the DCB implementation by offering a dynamic protocol that communicates DCB attributes between peering endpoint.
Rev 2.10 5.8.3 Commands lldp lldp no lldp Enables LLDP globally. The no form of the command disables the LLDP. Syntax Description N/A Default Disabled Configuration Mode Config History 3.2.
Rev 2.10 lldp reinit lldp reinit no lldp reinit Sets the delay in seconds from enabling the LLDP on the port until re-initialization will be attempted. The no form of the command sets the parameter to default. Syntax Description seconds 1-10 Default 2 Configuration Mode Config History 3.2.
Rev 2.10 lldp timer lldp timer no lldp timer Sets the LLDP interval at which LLDP frames are transmitted. (lldpMessageTxInterval) The no form of the command sets the parameter to default. Syntax Description seconds 5-32768 Default 30 Configuration Mode Config History 3.2.
Rev 2.10 lldp tx-delay lldp tx-delay no lldp tx-delay Indicates the delay in seconds between successive LLDP frame transmissions The no form of the command sets the parameter to default. Syntax Description seconds 1-8192 Default 2 Configuration Mode Config History 3.2.0300 Role admin Example switch (config)# lldp tx-delay 10 switch (config)# Related Commands show lldp timers Note The recommended value for the tx-delay is set by the following formula: 1 <= lldp tx-delay <= (0.
Rev 2.10 lldp tx-hold-multiplier lldp tx-hold-multiplier no lldp tx-hold-multiplier The time-to-live value expressed as a multiple of the lldpMessageTxInterval object. The no form of the command sets the parameter to default. Syntax Description seconds 1-8192 Default 2 Configuration Mode Config History 3.2.
Rev 2.10 lldp {receive | transmit} lldp {receive | transmit} no lldp {receive | transmit} Enables LLDP to be received or transmitted on this port. The no form of the command disables the LLDP to be received or transmitted on this port. Syntax Description N/A Default Enabled for receive and Trasmit. Configuration Mode Config interface ethernet History 3.2.
Rev 2.10 lldp tlv-select lldp tlv-select {[dcbx] [port-description] [sys-name] [sys-description] [syscapababilities] [management-address] [none] all} Sets the LLDP basic TLVs to be transmitted on this port. Syntax Description dcbx Enables LLDP-DCBX TLVs. port-description LLDP port description TLV. sys-name LLDP system name TLV. sys-description LLDP system description TLV. sys-capabilities LLDP system capabilities TLV. management-address LLDP management address TLV. all all above TLVs.
Rev 2.10 dcb application-priority dcb application-priority Adds an application to the application priority table. Syntax Description selector Protocol field in hexa notation (e.g. ‘0x8906’ for FCoE, ‘0x8914’ for FIP). protocol Has 4 options: 1. 2. 3. 4. priority ethertype tcp-sctp udp-dccp tcp-sctp-udp-dccp Range: 0-7. Default No applications are available. The table is empty. Configuration Mode Config History 3.3.
Rev 2.10 show lldp local show lldp local Shows LLDP local information. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.2.
Rev 2.10 show lldp interface show lldp interface [ethernet ] Shows LLDP local interface table information. Syntax Description inf Interface number, for example 1/1. Default N/A Configuration Mode Any Command Mode History 3.2.0300 First release History 3.3.
Rev 2.10 show lldp interfaces ethernet remote show lldp interfaces ethernet remote Shows LLDP remote interface table information. Syntax Description inf Default N/A Configuration Mode Any Command Mode History 3.2.0300 First release. 3.3.4200 Updated output. Role Local interface number (e.g. 1/1).
Rev 2.10 Example switch (config)# show lldp interfaces ethernet Ethernet // example "Ethernet 1/1" Latest LLDPDU received on // e.g.
Rev 2.10 show lldp timers show lldp timers Shows LLDP timers configuration Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.2.
Rev 2.10 show lldp statistics global show lldp statistics global Shows LLDP global statistics Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.2.
Rev 2.10 show lldp statistics [interface ethernet ] show lldp statistics [interface ethernet ] Shows LLDP interface statistics Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.2.
Rev 2.10 show dcb application-priority show dcb application-priority Displays application priority admin table. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 5.9 Quality of Service (QoS) 5.9.1 Priority Flow Control and Link Level Flow Control Priority Flow Control (PFC) provides an enhancement to the existing pause mechanism in Ethernet. The current Ethernet pause option stops all traffic on a link. PFC creates eight separate virtual links on the physical link and allows any of these links to be paused and restarted independently, enabling the network to create a no-drop class of service for an individual virtual link.
Rev 2.10 To enable PFC per priority: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Enable PFC globally on the switch. Run: switch (config) # dcb priority-flow-control enable # dcb priority-flow-control enable This action might cause traffic loss while shutting down a port with priority-flow-control mode on Type 'yes' to confirm enable pfc globally: yes switch (config) # Step 4.
Rev 2.10 • Disable – scheduling mode is Strict Priority (SP) • Bandwidth percentage for each traffic class: By default each traffic class gets an equal share The default mapping of priority to traffic classes (per interface) is as follows: • Priority 0,1 mapped to tc 0 • Priority 2,3 mapped to tc 1 • Priority 4,5 mapped to tc 2 • Priority 6,7 mapped to tc 3 ETS is enabled by default (scheduling is WRR). To set the scheduling mode to Strict Priority: Step 1. Log in as admin. Step 2.
Rev 2.10 Traffic class priorities are <0-3>, where 0 is the lowest and 3 is the highest. The sum of all traffic class bandwidth value (in percentage) should be 100, otherwise the command fails. Step 5. Run the command show dcb ets to verify the configuration.
Rev 2.10 5.9.3 Commands 5.9.3.1 Enhanced Transmission Selection (ETS) dcb ets enable dcb ets enable no dcb ets enable Sets the switch egress scheduling mode to be weighted round robin. The no form of the command sets the switch egress scheduling mode to be strict priority. Syntax Description N/A Default ETS is enabled. Configuration Mode Config History 3.1.
Rev 2.10 dcb ets tc bandwidth dcb ets tc bandwidth no dcb ets tc bandwidth Configures the bandwidth limit of the traffic class. The no form of the command sets the bandwidths per traffic class back to its default. 0-100. Syntax Description tc-i Default 25% per traffic class. Configuration Mode Config History 3.1.
Rev 2.10 vlan map-priority vlan map priority traffic-class no vlan map priority Maps an VLAN user priority to a traffic class. The no form of the command sets the mapping back to default. Syntax Description N/A Default Priority 0,1 mapped to tc 0. Priority 2,3 mapped to tc 1. Priority 4,5 mapped to tc 2. Priority 6,7 mapped to tc 3. Configuration Mode Config interface ethernet History 3.1.
Rev 2.10 show dcb ets show dcb ets Displays ETS configuration and operational data. Syntax Description Default ETS is enabled. Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show dcb ets interface show dcb ets interface Displays ETS configuration and operational data, per interface. Syntax Description type ethernet or port-channel number interface number, i.e. 1/1 Default ETS is enabled. Configuration Mode Any Command Mode History 3.1.
Rev 2.
Rev 2.10 5.9.3.2 Priority Flow Control (PFC) dcb priority-flow-control enable dcb priority-flow-control enable no dcb priority-flow-control enable Enables PFC globally on the switch. The no form of the command globally disables PFC on the switch. Syntax Description N/A Default PFC is disabled. Configuration Mode Config History 3.1.0000 Initial revision 3.3.
Rev 2.10 dcb priority-flow-control priority dcb priority-flow-control priority enable no dcb priority-flow-control priority enable Enables PFC per priority on the switch. The no form of the command disables PFC per priority on the switch. Syntax Description prio 0-7. Default PFC is disabled for all priorities. Configuration Mode Config History 3.1.
Rev 2.10 dcb priority-flow-control mode on dcb priority-flow-control mode on [force] no dcb priority-flow-control mode Enables PFC per interface. The no form of the command disables PFC per interface. Syntax Description force Force command implementation. Default PFC is disabled for all interfaces. Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 show dcb priority-flow-control show dcb priority-flow-control [interface ] [detail] Displays DCB priority flow control configuration and status. Syntax Description type • • inf The interface number. detail Adds details information to the show output. ethernet port-channel Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 5.10 Access Control List An Access Control List (ACL) is a list of permissions attached to an object, to filter or match switches packets. When the pattern is matched at the hardware lookup engine, a specified action (e.g. permit/deny) is applied. The rule fields represent flow characteristics such as source and destination addresses, protocol and VLAN ID. ACL support currently allows actions of permit or deny rules, and supports only ingress direction.
Rev 2.10 Step 3.
Rev 2.10 5.10.3 Commands ipv4/mac access-list {ipv4 | mac} access-list no {ipv4 | mac} access-list Creates a MAC or IPv4 ACL and enter the ACL configuration mode. The no form of the command deletes the ACL. Syntax Description ipv4 | mac IPv4 or MAC – access list. acl-name User defined string for the ACL. Default No ACL available by default. Configuration Mode Config History 3.1.
Rev 2.10 ipv4/mac port access-group {ipv4 | mac} port access-list no {ipv4 | mac} port access-list Binds an ACL to the interface. The no form of the command unbinds the ACL from the interface. Syntax Description ipv4 | mac IPv4 or MAC – access list. acl-name ACL name. Default No ACL is bind by default. Configuration Mode Config interface ethernet Config Interface Port Channel History 3.1.
Rev 2.10 deny/permit (MAC ACL rule) [seq-number ] {deny|permit } {any | [mask ]} {any | [mask ]} [protocol ] [cos ] [vlan ] [action ] no Creates a rule for MAC ACL. The no form of the command deletes a rule from the MAC ACL. Syntax Description sequence-number Optional parameter to set a specific sequence number for the rule. The range is:1-500.
Rev 2.10 deny/permit (IPv4 ACL rule) [seq-number ] {permit | deny} ip { [mask ] | [any]} { [mask ] | [any]} [action ] no Creates a rule for IPv4 ACL. The no form of the command deletes a rule from the IPv4 ACL. Syntax Description sequence-number Optional parameter to set a specific sequence number for the rule. The range is:1-500. deny | permit Determines the type of the rule, deny or permit action.
Rev 2.10 deny/permit (IPv4 TCP/UDP ACL rule) [seq-number ] {permit | deny} {tcp | udp} { [mask ] | [any]} { [mask ]| [any]} [eq-source ] [eq-destination ] [action ] no Creates a rule for IPv4 UDP/TCP ACL. The no form of the command deletes a rule from the ACL. Syntax Description sequence-number Optional parameter to set a specific sequence number for the rule. The range is:1-500.
Rev 2.10 access-list action access-list action no access-list action Creates access-list action profile and entering the action profile configuration mode. The no form of the command deletes the action profile. Syntax Description action-profile-name given name for the profile. Default N/A Configuration Mode Config History 3.2.
Rev 2.10 vlan-map vlan-map no vlan-map Adds action to map a new VLAN to the packet (in the ingress port or VLAN). The no form of the command removes the action to map a new VLAN. Syntax Description vlan-id 0-4095. Default N/A Configuration Mode Config History 3.2.
Rev 2.10 show access-list action show access-list action { | summary} Displays the access-list action profiles summary. Syntax Description action-profile-name Filter the table according to the action profile name. summary Display summary of the action list. Default N/A Configuration Mode Config History 3.2.
Rev 2.10 show mac/ipv4 access-lists show [mac |ipv4 |] access-lists Displays the list of rules for the MAC/IPv4 ACL. Syntax Description ipv4 | mac IPv4 or MAC - access list. access-list-name ACL name. Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 show mac/ipv4 access-lists summary show [mac |ipv4 |] access-lists summary Displays the summary of number of rules per ACL, and the interfaces attached. Syntax Description ipv4 | mac IPv4 or MAC - Access list access-list-name ACL name Default N/A Configuration Mode Any Command Mode History 3.1.
Rev 2.10 5.11 Port Mirroring Port mirroring enables data plane monitoring functionality which allows the user to send an entire traffic stream for testing. Port mirroring sends a copy of packets of a port’s traffic stream, called “mirrored port”, into an analyzer port. Port mirroring is used for network monitoring. It can be used for intrusion detection, security breaches, latency analysis, capacity and performance matters, and protocol analysis.
Rev 2.10 A mirroring session is a monitoring configuration mode that has the following parameters: Table 43 - Mirroring Parameters Parameter Description Access Source interface(s) List of source interfaces to be mirrored. RW Destination interface A single analyzer port through which all mirrored traffic egress. RW Header format The format and encapsulation of the mirrored traffic when sent to analyzer. RW Truncation Enabling truncation segments each mirrored packet to 64 bytes.
Rev 2.10 Packets can be forwarded to any destination using the command destination interface. The analyzer port supports status and statistics as any other port. LAG The destination interface cannot be a member of LAG when the header format is local. Control Protocols The destination interface may also operate in part as a standard port, receiving and sending out non-mirrored traffic.
Rev 2.10 Figure 14: Header Format Options Source Frame DA SA Type/ Len Data Mirror Frame local Source Frame DA SA Type/ Len Data SA Type/ Len Data add‐vlan SA Type/ Len Data Type/ Len Data DA SA 0x8100 VLAN Type/ Len Data 0x8949 DA SA Type/ Len Data DA SA Mirror Frame add‐ethernet‐header Source Frame DA SA Mirror Frame Source Frame DA DA DA SA Mirror Frame add‐ethernet‐header (+vlan) DA SA 0x8100 VLAN 0x8949 Type/ Len Data 5.11.1.
Rev 2.10 Figure 15: Mirroring Session To configure a mirroring session: Step 1. Create a session. Run: switch (config) # monitor session 1 This command enters a monitor session configuration mode. Upon first implementation the command also creates the session. Step 2. Add source interface(s). Run: switch (config monitor session 1) # add source interface ethernet 1/1 direction both Step 3. Add destination interface. Run: switch (config monitor session 1) # destination interface ethernet 1/2 Step 4.
Rev 2.10 If the option pause-excessive-frame is selected, make sure that flow control is enabled on all source interfaces on the ingress direction of the monitoring session using the command flowcontrol in the interface configuration mode. Step 7. Enable the session. Run: switch (config monitor session 1) # no shutdown 5.11.
Rev 2.10 5.11.4 Commands 5.11.4.1 Config monitor session monitor session no monitor session Creates session and enters monitor session configuration mode upon using this command for the first time. The no form of the command deletes the session. Syntax Description session-id Default N/A Configuration Mode Config History 3.3.3500 Role admin Example switch (config)# monitor session 1 switch (config monitor session 1)# The monitor session ID. The range is 1-7.
Rev 2.10 5.11.4.2 Config Monitor Session destination interface destination interface [force] no destination interface Sets the egress interface number. The no form of the command deletes the destination interface. Syntax Description interface Sets the interface type and number (e.g. ethernet 1/2) force The user does not need to shutdown the port prior the operation. Default no destination interface Configuration Mode Config Monitor Session History 3.3.
Rev 2.10 shutdown shutdown no shutdown Disables the session. The no form of the command enables the session. Syntax Description N/A Default Disabled Configuration Mode Config Monitor Session History 3.3.
Rev 2.10 add source interface add source interface direction no source interface Adds a source interface to the mirrored session. The no form of the command deletes the source interface. Syntax Description interface Configures interface as “ethernet” or “port-channel”. direction Configures the direction of the mirrored traffic.
Rev 2.10 header-format header-format {local [traffic-class ] | add-vlan [priority ] [traffic-class ] | add-ethernet-header destination-mac [addvlan [priority ]] [traffic-class ]} no header-format Sets the header format of the mirrored traffic. The no form of the command resets the parameter values back to default. Syntax Description local The mirrored header of the frame is not changed.
Rev 2.10 truncate truncate no truncate Truncates the mirrored frames to 64-byte packets. The no form of the command disables truncation. Syntax Description N/A Default no truncate Configuration Mode Config Monitor Session History 3.3.3500 Role admin Example switch (config monitor session 1) # truncate switch (config monitor session 1)# Related Commands Note This command applies for all sessions on the same analyzer port.
Rev 2.10 congestion congestion [drop-excessive-frames | pause-excessive-frames] no congestion Sets the system’s behavior when congested The no form of the command disables truncation. Syntax Description drop-excessive-frames Drops excessive frames. pause-excessive-frames Pauses excessive frames. Default drop-excessive-frames Configuration Mode Config Monitor Session History 3.3.3500 3.3.4000 Added Syntax Description.
Rev 2.10 5.11.4.3 Show show monitor session show monitor session Displays monitor session configuration and status. Syntax Description session-id The monitor session ID. Range is 1-7. Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 show monitor session summary show monitor session summary Displays monitor session configuration and status summary. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.3.
Rev 2.10 Figure 16: sFlow Functionality Overview 5.12.1 Flow Samples The sFlow agent samples the data path packet based. Truncation and sampling rate are the two parameters that influence the flow samples. In case of congestion the flow samples can be truncated to a predefined size before it is being assigned to the CPU. The truncation can be set to any value between 64 to 256 bytes with the default being 128 bytes. Furthermore, the sampling rate may also be adjust as required. 5.12.
Rev 2.10 5.12.4 Sampled Interfaces sFlow must be enabled on physical or LAG interfaces that require sampling. When adding a port to a LAG, sFlow must be disabled on the port. If a port with enabled sFlow is configured to be added to a LAG, the configuration is rejected. Removing a port from a LAG disables sFlow on the port regardless of the LAG’s sFlow status. 5.12.5 Configuring sFlow To configure the sFlow agent: Step 1. Unlock the sFlow commands. Run: switch (config) # protocol sflow Step 2.
Rev 2.10 5.12.6 Verifying sFlow To verify the attributes of the sFlow agent: switch (config)# show sflow sflow protocol enabled sflow enabled sampling-rate 16000 max-sampled-size 156 counter-poll-interval 19 max-datagram-size 1500 collector-ip 10.10.10.10 collector-port 6343 agent-ip 20.20.20.
Rev 2.10 5.12.7 Commands 5.12.7.1 Config protocol sflow protocol sflow no protocol sflow Unhides the sFlow commands. The no form of the command deletes sFlow configuration and hides the sFlow commands. Syntax Description N/A Default Disabled Configuration Mode Config History 3.3.
Rev 2.10 sflow enable (global) sflow enable no sflow enable Enables sFlow in the system. The no form of the command disables sFlow without deleting the configuration. Syntax Description N/A Default Disabled Configuration Mode Config History 3.3.
Rev 2.10 sflow sflow Enters sFlow configuration mode. Syntax Description N/A Default N/A Configuration Mode Config History 3.3.
Rev 2.10 5.12.7.2 Config sFlow sampling-rate sampling-rate no sampling-rate Sets sFlow sampling ratio. The no form of the command resets this parameter to its default value. Syntax Description rate Default 16000 Configuration Mode Config sFlow History 3.3.3500 Role admin Example switch (config sflow) # sampling-rate 16111 switch (config sflow) # Sets the number of packets passed before selecting one for sampling. The range is 4000-16777215. Zero disables sampling.
Rev 2.10 max-sample-size max-sample-size no max-sample-size Sets the maximum size of sampled packets by sFlow. The no form of the command resets the parameter to its default value. Syntax Description packet-size The sampled packet size. The range is 64-256 bytes. Default 128 bytes Configuration Mode Config sFlow History 3.3.
Rev 2.10 counter-poll-interval counter-poll-interval no counter-poll-interval Sets the sFlow statistics polling interval. The no form of the command resets the parameter to its default value. Syntax Description seconds The sFlow statistics polling interval in seconds. Range is 5-3600 seconds. Zero disables the statistic polling. Default 20 seconds Configuration Mode Config sFlow History 3.3.
Rev 2.10 max-datagram-size max-datagram-size no max-datagram-size Sets the maximum sFlow packet size to be sent to the collector. The no form of the command resets the parameter to its default value. Syntax Description packet-size The packet size of the packet being sent to the collector. The range is 200-9216 bytes. Default 1400 bytes Configuration Mode Config sFlow History 3.3.
Rev 2.10 collector-ip collector-ip [udp-port ] no collector-ip [ udp-port] Sets the collector’s IP. The no form of the command resets the parameters to their default values. Syntax Description ip-address The collector IP address. udp-port Sets the collector UDP port number. Default ip-address: 0.0.0.0 udf-port-number: 6343 Configuration Mode Config sFlow History 3.3.3500 Role admin Example switch (config sflow) # collector-ip 10.10.
Rev 2.10 agent-ip agent-ip { | interface { | vlan | loopback }} no agent-ip Sets the IP address associated with this agent. The no form of the command resets the parameters to their default values. Syntax Description loopback Loopback interface. The range is 1-32. if-name Interface name (e.g. mgmt0, mgmt1). vlan Interface VLAN. Range is 1-4094 ip-address The sFlow agent’s IP address (i.e. the source IP of the packet). Default ip-address: 0.0.0.
Rev 2.10 clear counters clear counters Clears sFlow counters. Syntax Description N/A Default N/A Configuration Mode Config sFlow History 3.3.
Rev 2.10 sflow enable (interface) sflow enable no sflow enable Enables sFlow on this interface. The no form of the command disables sFlow on the interface. Syntax Description N/A Default disable no view-port-channel member Configuration Mode Config interface ethernet Config Interface Port Channel History 3.3.3500 Role admin Example switch(config interface ethernet 1/1)# sflow enable ...
Rev 2.10 5.12.7.3 Show show sflow show sflow Displays sFlow configuration and counters. Syntax Description N/A Default N/A Configuration Mode Any Command Mode History 3.3.3500 Role admin Example switch (config)# show sflow sflow protocol enabled sflow enabled sampling-rate 16000 max-sampled-size 156 counter-poll-interval 19 max-datagram-size 1500 collector-ip 10.10.10.10 collector-port 6343 agent-ip 20.20.20.
