CLI Reference Guide for
ArubaOS-CX, ArubaOS-Switch,
Comware and Cisco IOS
Published: November 2018
Rev: 4
Table of Contents
Introduction ..................................................................................................................................................................................... 3
Using This Guide ............................................................................................................................................................................ 4
Comware Differences .............................................................................................................................................................. 4
Navigation Differences Among CLIs .................................................................................................................................. 4
Configuration Differences Among CLIs ............................................................................................................................ 4
Terminology Differences ........................................................................................................................................................ 6
Disclaimer ......................................................................................................................................................................................... 6
Comparing View and Configuration Prompts .................................................................................................................... 6
Comparing Frequently Used Commands ............................................................................................................................. 7
Chapter 1 Basic Switch Management ................................................................................................................................... 8
Management Access CLI comparision .............................................................................................................................. 8
Management Access Configurable options .................................................................................................................... 8
Configuration Access CLI comparision ........................................................................................................................... 10
Configuration Access Configurable options ................................................................................................................. 10
Console and Virtual Terminal Access—Timeout CLI comparision ........................................................................ 12
Console and Virtual Terminal Access—Timeout Configurable options ............................................................. 12
Reload & Timed Reload CLI comparision ...................................................................................................................... 14
Reload & Timed Reload Configurable options ............................................................................................................ 14
USB CLI comparision .............................................................................................................................................................. 19
USB CLI comparision Configurable options .................................................................................................................. 19
System and Environment CLI comparision .................................................................................................................... 21
System and Environment Configurable options ......................................................................................................... 21
Remote Management Sessions—Viewing CLI comparision ................................................................................... 31
Remote Management Sessions—Viewing CLI Configurable options ................................................................. 31
Tech Support Information Output Listing CLI comparision .................................................................................... 33
Tech Support Information Output Listing CLI Configurable options .................................................................. 33
Motd CLI comparision ........................................................................................................................................................... 36
Motd CLI Configurable options ......................................................................................................................................... 36
Source Interface for Management Communications CLI comparision ............................................................... 37
1
Source Interface for Management Communications CLI Configurable options ............................................. 37
Chapter 2 Switch User ID and Password, and Console Access ................................................................................. 41
Local User ID and Password, and console access CLI comparision ..................................................................... 41
Local User ID and Password, and console access CLI Configurable options .................................................... 42
Recover lost password CLI comparision ....................................................................................................................... 51
Recover lost password CLI Configurable options ...................................................................................................... 51
Role based management CLI comparision .................................................................................................................... 53
Role based management CLI Configurable options .................................................................................................. 53
Chapter 3 Time Service ............................................................................................................................................................ 66
NTP CLI Comparison .............................................................................................................................................................. 66
NTP Service configurable options .................................................................................................................................... 66
Chapter 4 CLI Management Access – SSH ........................................................................................................................ 75
SSH CLI Comparison .............................................................................................................................................................. 75
SSH Service configurable options ..................................................................................................................................... 75
Chapter 5 GUI Management Access – HTTPS ................................................................................................................. 84
HTTPS CLI Comparision ........................................................................................................................................................ 84
HTTPS Service configurable options ................................................................................................................................ 85
Chapter 6 Discovery Protocols – LLDP ............................................................................................................................... 88
LLDP CLI Comparision ........................................................................................................................................................... 88
LLDP configurable options .................................................................................................................................................. 89
Chapter 7 Out-of-Band Management ................................................................................................................................ 98
Out-Of-Band CLI Comparision ........................................................................................................................................... 98
Out-Of-Band configurable options .................................................................................................................................. 99
Chapter 8 Interface or Port Information and Nomenclature .................................................................................. 115
Interface or Port Information CLI Comparision ........................................................................................................ 115
Interface or Port Information configurable options ............................................................................................... 115
Chapter 9 Link Aggregation – LACP and Trunk ........................................................................................................... 131
Link Aggregation Control Protocol (LACP) CLI comparision ............................................................................... 131
Chapter 10 MSTP ..................................................................................................................................................................... 141
MSTP CLI Comparison ........................................................................................................................................................ 141
2
MSTP CLI Configurable options ...................................................................................................................................... 142
Chapter 11 VRRP ..................................................................................................................................................................... 161
VRRP CLI Comparison ........................................................................................................................................................ 161
VRRP CLI Configurable options ...................................................................................................................................... 162
Chapter 12 ACLs ...................................................................................................................................................................... 171
ACL CLI Comparison ........................................................................................................................................................... 172
ACL CLI Configurable options ......................................................................................................................................... 172
Chapter 13 BGP ........................................................................................................................................................................ 179
BGP CLI Comparison ........................................................................................................................................................... 179
BGP CLI Configurable options ......................................................................................................................................... 180
Chapter 14 OSPF ...................................................................................................................................................................... 193
OSPF CLI Comparison ......................................................................................................................................................... 193
OSPF CLI Configurable options ...................................................................................................................................... 193
Appendix A CLI Commands in ArubaOS-Switch Software ...................................................................................... 200
Fundamental Commands .................................................................................................................................................. 200
3
CLI Reference Guide for ArubaOS-CX, ArubaOS- Switch,
Comware and Cisco IOS
Introduction
Aruba designed this CLI Reference Guide to help Hewlett Packard Enterprise partners and customers
who:
Manage multi-vendor networks that include HPE/Aruba and Cisco core and aggregation
switches
Have experience deploying Cisco switches and are now deploying HPE/Aruba switches
This CLI Reference Guide compares many of the common commands in four switch operating systems:
ArubaOS-CX, ArubaOS switch (now the Aruba OS), HPE Comware version 7, and Cisco IOS.
In this guide, we refer to 8400 as ArubaOS-CX, HPE ProVision as ArubaOS-Switch, HPE Comware as
Comware7 and Cisco IOS is referenced as Cisco.
The ArubaOS-CX operating system runs on the 8400 and 8320 switches. The ArubaOS Switch operating
system runs on Aruba 2530, Aruba 2920, Aruba 2930F, Aruba 2930M, Aruba 3810M, Aruba 5400R, HPE
2620, HPE 3500, HPE 5400 and HPE 3800 switch platforms.
The HPE Comware7 operating system runs on HPE FF 12900, HPE 12500, HPE 10500, HPE FF 7900, HPE
5930, HPE 5920, HPE 5940 HPE 5900, HPE FF 5700, and HPE 5130 switch platforms.
The commands included in this guide were tested on the following:
Aruba 8400 – 8 slot chassis with dual management modules running ArubaOS-CX 10.01.0001
Aruba 3810M-24G-PoE+ switch running ArubaOS-Switch KB.16.03.0003
HPE 5900AF-48G-4XG-2QSFP+ switch running Comware 7.1.045, Release 2416
Cisco switch running Cisco IOS Software 15.0(1)SE
Additional Aruba and Cisco switches and/or routers were used to provide systems connectivity and
operational support as necessary. Likewise, various computers and Voice over IP (VoIP) phones were
used to help test functionality and provide output for commands such as show or display.
4
Using This Guide
This CLI Reference Guide provides CLI command comparisons in two different formats:
Side-by-side comparison—Provides a table of the basic commands required to execute a given
function in each of the operating systems. In this side-by-side comparison, each platform’s
commands do not always start at the top of the column. Instead, commands that have similar
functions are aligned side by side so that you can easily “translate” the commands on one
platform with similar commands on another platform.
Detailed comparison—Beneath the side-by-side comparison, this guide provides a more in-
depth comparison, displaying the output of the command and its options.
Occasionally, the commands required to execute a function or feature in each operating system are
completely different. In these instances, each column has the commands necessary to implement the
specific function or feature, and the side-by-side comparison does not apply.
Comware Differences
If you are familiar with either the ArubaOS-Switch CLI or the Cisco IOS CLI, you will notice that the
Comware CLI is organized slightly differently. Comware was designed for Internet service providers
(ISPs). Many features and functions—such as security and Quality of Service (QoS)—are multi-tiered to
support the different needs of multiple entities accessing the same switch.
Navigation Differences Among CLIs
Basic CLI navigation on all three platforms is very similar, with one notable difference:
With ArubaOS-CX-Switch, you can use the Tab key for command completion; but you use the ?
key to find more command options. Using tab key also displays the further suboptions without
the help description.
With ArubaOS-Switch, you can use the Tab key for command completion; you can also use the
Tab key or the ? key to find more command options. In addition, typing “help” at the end of a
command may provide additional descriptive information about the command.
With Cisco, you can use the Tab key for command completion, but you use the ? key to find
more command options.
Configuration Differences Among CLIs
For interface IP addressing and interface-specific routing protocol configuration, you execute most
commands differently depending on the platform:
On ArubaOS-CX, you configure the aforementioned components in an interface (VLAN for
switch) context. An Interface context can act as layer 3 after assigning an IP address converting it
to a Switch Virtual Interface (SVI) of switch ports. There is no physical interface for the VLAN and
the SVI provides the Layer 3 processing for packets from all switch ports associated with the VLAN.
There is a one-to-one mapping between a VLAN and SVI, thus only a single SVI can be mapped to
a VLAN.
5
On ArubaOS-Switch, you configure the aforementioned components in a VLAN context. A virtual
LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at
the data link layer (OSI layer 2). VLANs can keep network applications separate despite being
connected to the same physical network, and without requiring multiple sets of cabling and
networking devices to be deployed.
On Comware or Cisco, you configure the aforementioned components in an interface (VLAN for
switch) context.
6
Terminology Differences
Among the three operating systems, there are some differences in the terms used to describe features.
The table below lists three such terms that could be confusing.
In ArubaOS-CX-Switch, Comware and Cisco, for example, the term trunk refers to an interface that you
configure to support 802.1Q VLAN tagged frames. That is, an interface that you configure to support
multiple VLANs is a trunk interface in each VLAN. In the ArubaOS-Switch operating system, an interface
that supports multiple VLANs is a tagged interface in each VLAN.
In addition, ArubaOS-CX-Switch refers to aggregated interfaces as a Link Aggregation Group (LAG).
ArubaOS-Switch refers to aggregated interfaces as a trunk. In Comware the term is bridge aggregation,
while in Cisco it is EtherChannel/Port-Channel.
Comware supports hybrid port-type, which supports 0 or more untagged VLANs + 0 or more tagged VLANs,
this is useful in access layer switches to implement Protocol-based, IP-Subnet-based, MAC-based VLANs
Interface use
ArubaOS-CX-
Switch
ArubaOS-
Switch
Comware
Cisco
Non-802.1Q interfaces (such as used for
computers or printers)
access
untagged
access
access
802.1Q interfaces (such as used for switch-
to-switch, switch-to-server, and switch-to-
VoIP phones)
trunk
tagged
trunk
(Note: some
display views will
denote tagged)
trunk
Aggregated interfaces
lag
trunk
bridge
aggregation
Etherchannel/
Port-Channel
Hybrid port
N/A
hybrid
(default)
port hybrid
N/A
Disclaimer
Although Aruba conducted extensive testing to create this guide, it is impossible to test every possible
configuration and scenario. Do not assume, therefore, that this document is complete for every
environment or each manufacturer’s complete product portfolio and software versions. For complete
and detailed information on all commands and their options, refer to each manufacturer’s
documentation accordingly.
Comparing View and Configuration Prompts
The table below compares the differences in each system’s display for view and configuration prompts.
Context Legend
ArubaOS-CX-
Switch
ArubaOS-Switch
Comware
Cisco
7
U = User Exec / User View
ArubaOS-CX-
Switch>
ArubaOS-Switch>
<Comware>
Cisco>
P = Privileged Exec
ArubaOS-CX-
Switch#
ArubaOS-Switch#
Cisco#
C = Configuration
S = System View
ArubaOS-CX-
Switch(config)#
ArubaOS-
Switch(config)#
[Comware]
Cisco(config)#
Comparing Frequently Used Commands
The table below lists frequently used commands for each operating system.
ArubaOS-CX-
Switch
ArubaOS-
Switch
Comware
Cisco
Configuration commands
C
hostname
C
hostname
S
sysname
C
hostname
C
logging
C
logging
S
info-center
C
logging
C
Not supported
C
router rip
S
rip
C
router rip
C
access-list
C
access-list
S
acl
C
access-list
User Exec / Privileged Exec Commands
U
enable
U
enable
U
system-view
U
enable
P
configure
P
configure
U
system-view
(configuration
mode is same
as being at
System View)
U
configure
terminal
U/P
Show images
U/P/C
show flash
U
dir
U/P
show flash
U/P
show version
U/P/C
show version
U/S
display
version
U/P
show version
P
show run
P/C
show run
U/S
display
current-
configuration
P
show run
U/P
show vlan
P/C
show vlan
U/S
display saved-
configuration
P
show vlan
P
show history
U/P/C
show history
U/S
display
history
U/P
show history
U/P
show events
U/P/C
show logging
U/S
display info-
center
U/P
show logging
U/P
show ip route
U/P/C
show ip route
U/S
display ip
routing-table
U/P
show ip route
U/P
show ip
interface
brief
U/P/C
show ip
U/S
display ip
interface
brief
U/P
show ip interface
brief
U/P
show interface
brief
U/P/C
show
interface
brief
U/S
display
interface
brief
U/P
show interfaces
status
P
erase startup-
config
P/C
erase
startup-
config
U
reset saved
P
erase start
U/P
show
checkpoint
<checkpoint-
name>
P/C
show config
<filename>
U
more
<filename>
P
more
flash:/<filename>
P
boot system
P/C
reload
U
reboot
P
reload
P
write memory
P/C
write memory
U/S
save
P
write memory
8
U/P
show tech
P
show tech
U/S
display
diagnostic-
information
U/P
show tech-support
U/P
show
U/P/C
show
U/S
display
U/P
show
U/P/C
no
U/P/C
no
U/S
undo
P
no
P/C
end
C
end
S
return
C
end
U/P/C
exit
U/P/C
exit
U/S
quit
U/P/C
exit
P
erase
P/C
erase
U/S
delete
P
erase
P
copy
P/C
copy
U
copy/tftp
P
copy
P
Traceroute6
P/C
Traceroute6
S
ospf
P
Traceroute6
P
traceroute
P/C
traceroute
S
ip route-
static
P
traceroute
P/C
ping / do ping
P/C
ping
P
ping
Chapter 1 Basic Switch Management
This chapter compares commands primarily used for device navigation, device information, and device
management.
Management access
Configuration and Virtual Terminal access
Console access
Reload & Timed relod
USB
System and environment
Remote management sessions (viewing and terminating)
Tech support output
Motd
Source interface for management communications
Management Access CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
ArubaOS-CX-Switch> enable
ArubaOS-Switch>
enable
<Comware> system-view
System View: return
to User View with
Ctrl+Z.
Cisco> enable
ArubaOS-CX-Switch#
ArubaOS-Switch#
[Comware]
Cisco#
Management Access Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch> enable
ArubaOS-CX-Switch#
ArubaOS-Switch
ArubaOS-Switch> enable
9
ArubaOS-Switch#
Comware 7
<Comware> system-view
System View: return to User View with Ctrl+Z.
[Comware]
Cisco
Cisco> enable
Cisco#
10
Configuration Access CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
ArubaOS-CX-Switch#
configure
ArubaOS-Switch#
configure
No specific command, see
note below
Cisco# configure
terminal
Enter configuration
commands, one per
line. End with
CNTL/Z.
ArubaOS-CX-
Switch(config)#
ArubaOS-
Switch(config)#
[Comware]
Cisco(config)#
Configuration Access Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# configure ?
terminal Optional keyword of the configure command.
<cr>
ArubaOS-CX-Switch# configure
ArubaOS-CX-Switch(config)#
ArubaOS-Switch
ArubaOS-Switch# configure ?
terminal Optional keyword of the configure command.
<cr>
ArubaOS-Switch# configure
ArubaOS-Switch(config)#
Comware
Comware does not have a specific configuration mode, when at “System View” context, configuration commands are entered
directly at that prompt.
When you are configuring interfaces, protocols, and so on, the prompt will change to indicate that sub-level.
<Comware> system-view
[Comware]
Cisco
11
Cisco# configure ?
confirm Confirm replacement of running-config with a new config
file
memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host
replace Replace the running-config with a new config file
revert Parameters for reverting the configuration
terminal Configure from the terminal
<cr>
Cisco#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#
12
Console and Virtual Terminal Access—Timeout CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware7
Cisco
Configuration commands
session-timeout 0
console inactivity-
timer
user-interface aux 0
line console 0
idle-timeout
exec-timeout
user-interface vty 0
line vty 0
idle-timeout
exec-timeout
Note: session works for ssh
sessions as well.
Note: console inactivity-timer
works for telnet and ssh
sessions as well.
Console and Virtual Terminal Access—Timeout Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# session-timeout ?
<0-43200> Idle timeout range in minutes. Value 0 disables the timeout
(30 is the default configuration setting)
ArubaOS-CX-Switch(config)# session-timeout 120
ArubaOS-CX-switch(config)#
Note: session-timeout works for ssh sessions as well.
ArubaOS-Switch
ArubaOS-Switch(config)# console inactivity-timer ?
<0-120> Enter an integer number.
(0 is the default configuration setting)
ArubaOS-Switch(config)# console inactivity-timer 120
ArubaOS-Switch(config)#
Note: console inactivity-timer works for telnet and ssh sessions as well.
Comware
[Comware]user-interface aux 0
[Comware-ui-aux0]idle-timeout ?
INTEGER<0-35791> Specify the idle timeout in minutes for login user.
(10 is the default configuration setting)
[Comware-ui-aux0]idle-timeout 20 ?
INTEGER<0-59> Specify the idle timeout in seconds for login user.
<cr>
(0 is the default configuration setting)
[Comware-ui-aux0]idle-timeout 20 10
[Comware-ui-aux0]
13
[also]
[Comware]user-interface vty 0
[Comware-ui-vty0]idle-timeout 20 10
Cisco
Cisco(config)#line console 0
Cisco(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
(10 is the default configuration setting)
Cisco(config-line)#exec-timeout 20 ?
<0-2147483> Timeout in seconds
(0 is the default configuration setting)
Cisco(config-line)#exec-timeout 20 10
Cisco(config-line)#
[also]
Cisco(config)#line vty 0
Cisco(config-line)#exec-timeout 20 10
14
Reload & Timed Reload CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
boot system
reload
reboot
reload
boot system ‘?’
Displays further sub-
options to boot the system
reload
reboot slot <>
scheduler reboot
show boot-history
show boot-history all
display scheduler
show reload
show reload
undo scheduler
reboot
Reload & Timed Reload Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# boot set-default
primary Set the default boot image to primary for future reboots
secondary Set the default boot image to secondary for future reboots
ArubaOS-CX-Switch# boot fabric-module
SLOT-ID The slot ID of the fabric module (e.g., 1/1)
ArubaOS-CX-Switch# boot line-module
SLOT-ID The slot ID of the line module (e.g., 1/1)
ArubaOS-CX-Switch# boot management-module
SLOT_ID Reboot a management module by slot number (e.g. 1/5)
active Reboot the active management module
standby Reboot the standby management module
ArubaOS-CX-Switch# boot system
primary Reboot the system to the primary image
secondary Reboot the system to the secondary image
serviceos Reboot both MMs to ServiceOS
<cr>
ArubaOS-CX-Switch# boot system primary
<cr>
ArubaOS-CX-Switch# boot system primary
Default boot image set to primary.
Do you want to save the current configuration (y/n)? y
The running configuration was saved to the startup configuration.
This will reboot the entire switch and render it unavailable
until the process is complete.
Continue (y/n)? y
The system is going down for reboot.
ArubaOS-CX-Switch# boot system
primary Reboot the system to the primary image
secondary Reboot the system to the secondary image
serviceos Reboot both MMs to ServiceOS
15
<cr>
ArubaOS-CX-Switch# boot system secondary
issu Perform an in service system upgrade to the secondary image
<cr>
ArubaOS-CX-Switch# boot system secondary
Default boot image set to secondary.
Do you want to save the current configuration (y/n)? y
The running configuration was saved to the startup configuration.
This will reboot the entire switch and render it unavailable
until the process is complete.
Continue (y/n)? y
The system is going down for reboot.
ArubaOS-Switch
ArubaOS-Switch# reload
System will be rebooted from primary image. Do you want to continue [y/n]?
[for timed reboot]
ArubaOS-Switch# reload ?
after Warm reboot in a specified amount of time.
at Warm reboot at a specified time; If the mm/dd/yy is left blank,
the current day is assumed.
<cr>
ArubaOS-Switch# reload at ?
HH:MM[:SS] Time on given date to do a warm reboot.
ArubaOS-Switch# reload at 23:00 ?
MM/DD[/[YY]YY] Date on which a warm reboot is to occur.
<cr>
ArubaOS-Switch# reload at 23:00 03/04/2015 ?
<cr>
ArubaOS-Switch# reload at 23:00 03/04/2015
Reload scheduled at 23:00:13 03/04/2015
(in 0 days, 23 hours, 12 minutes)
System will be rebooted at the scheduled time from primary image.
Do you want to continue [y/n]? y
ArubaOS-Switch#
-or-
ArubaOS-Switch# reload after
[[DD:]HH:]MM Enter a time.
ArubaOS-Switch# show reload ?
after Shows the time until a warm reboot is scheduled.
at Shows the time and date a warm reboot is scheduled.
ArubaOS-Switch# show reload after
Reload scheduled for 23:00:57 03/04/2015
(in 0 days, 23 hours, 9 minutes)
ArubaOS-Switch(config)# no reload
16
ArubaOS-Switch(config)# show reload after
reload is not scheduled
Comware 7
<Comware7>reboot ?
force Forcibly reboot without checking
slot Specify the slot number
<cr>
<Comware7>reboot
-or-
<Comware7>reboot force ?
<cr>
<Comware7>reboot force
<Comware7>reboot slot ?
<1> Slot number
<Comware7>reboot slot 1 ?
force Forcibly reboot without checking
subslot Specify the subslot number
<cr>
<Comware7>reboot slot 1
[for timed reboot]
<Comware7>scheduler reboot ?
at Specify the execution time
delay Specify the delay time
<Comware7>scheduler reboot at ?
TIME Execution time (HH:MM)
<Comware7>scheduler reboot at 23:00 ?
DATE Execution date (MM/DD/YYYY or YYYY/MM/DD)
<cr>
<Comware7>scheduler reboot at 23:00 03/09/2015 ?
<cr>
<Comware7>scheduler reboot at 23:00 03/09/2015
Reboot system at 23:00:00 03/09/2015(in 7 hours and 51 minutes). Confirm?[Y/N]:y
<Comware7>%Mar 9 15:08:34:699 2015 Comware7 SCH/5/SCH_REBOOT_SCHEDULED: aux0 set schedule
reboot parameters at 15:08:30 03/09/2015, and system will reboot at 23:00:00 03/09/2015.
<Comware7>
-or-
<Comware7>scheduler reboot delay ?
STRING<1-6> Interval (HH:MM or MM)
<Comware7>scheduler reboot delay 07:45 ?
<cr>
<Comware7>scheduler reboot delay 07:45
Reboot system at 22:56:01 03/09/2015(in 7 hours and 45 minutes). Confirm?[Y/N]:y
17
<Comware7>%Mar 9 15:11:04:975 2015 Comware7 SCH/5/SCH_REBOOT_SCHEDULED: aux0 set schedule
reboot parameters at 15:11:01 03/09/2015, and system will reboot at 22:56:01 03/09/2015.
<Comware7>display scheduler reboot
System will reboot at 23:00:00 03/09/2015(in 7 hours and 47 minutes).
<Comware7>undo schedule reboot
<Comware7>%Mar 9 15:09:23:490 2015 Comware7 SCH/5/SCH_REBOOT_CANCEL: aux0 cancelled reboot
parameters at 15:09:23 03/09/2015.
Cisco
Cisco#reload
Proceed with reload? [confirm]
[for timed reboot]
Cisco#reload ?
/noverify Don't verify file signature before reload.
/verify Verify file signature before reload.
LINE Reason for reload
at Reload at a specific time/date
cancel Cancel pending reload
in Reload after a time interval
slot Slot number card
standby-cpu Standby RP
<cr>
Cisco#reload at ?
hh:mm Time to reload (hh:mm)
Cisco#reload at 23:00 ?
<1-31> Day of the month
LINE Reason for reload
MONTH Month of the year
<cr>
Cisco#reload at 23:00 march ?
<1-31> Day of the month
Cisco#reload at 23:00 march 5 ?
LINE Reason for reload
<cr>
Cisco#reload at 23:00 march 5
System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Reload scheduled for 23:00:00 central Thu Mar 5 2015 (in 22 hours and 16 minutes) by console
Proceed with reload? [confirm]
Cisco#
Mar 5 06:43:40.282: %SYS-5-SCHEDULED_RELOAD: Reload requested for 23:00:00 central Thu Mar
5 2015 at 00:43:27 central Thu Mar 5 2015 by console.
Cisco#
-or-
Cisco#reload in ?
Delay before reload (mmm or hhh:mm)
18
Cisco#reload in 23:10 ?
LINE Reason for reload
<cr>
Cisco#show reload
Reload scheduled for 23:00:00 central Thu Mar 5 2015 (in 22 hours and 15 minutes) by console
Cisco#reload cancel
Cisco#
***
*** --- SHUTDOWN ABORTED ---
***
Mar 5 06:45:38.016: %SYS-5-SCHEDULED_RELOAD_CANCELLED: Scheduled reload cancelled at
00:45:38 central Thu Mar 5 2015
19
USB CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
User Exec / Privileged Exec Commands
dir
dir usba0:/
dir usb
usb
usb mount
copy usb:/<filename>
primary
copy usb flash
<filename> primary
copy run
usbflash0:test.cfg
show usb
show usb-port
display device usb
USB CLI comparision Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# usb
mount Make an inserted USB drive available
unmount Make an inserted USB drive unavailable to prepare for removal
ArubaOS-CX-Switch(config)#usb mount
ArubaOS-CX-Switch# sh usb
Enabled: Yes
Mounted: No
ArubaOS-Switch
ArubaOS-Switch# dir ?
PATHNAME-STR Display a list of the files and subdirectories in a directory on a
USB device.
<cr>
ArubaOS-Switch# dir
Listing Directory /ufa0:
-rwxrwxrwx 1 16719093 Nov 19 15:21 K_15_16_0005.swi
-rwxrwxrwx 1 16208437 Sep 11 19:10 K_15_15_0008.swi
-rwxrwxrwx 1 849 Mar 03 17:52 ArubaOS-Switch-config.cfg
ArubaOS-Switch# show usb-port
USB port status: enabled
USB port power status: power on (USB device detected in port)
Comware 7
<Comware7>display device usb ?
> Redirect it to a file
>> Redirect it to a file in append mode
slot Specify the slot number
verbose Display detailed information
| Matching output
<cr>
<Comware7>display device usb
slot 1:
Device Name : usba
State : Normal
<Comware7>dir usba0:/
Directory of usba0:
0 -rw- 7309312 Mar 23 2015 15:04:02 5900_5920-cmw710-boot-r2311p05.bin
20
1 -rw- 10986496 Mar 23 2015 15:08:32 5900_5920-cmw710-boot-r2416.bin
2 -rw- 54262784 Mar 23 2015 15:07:08 5900_5920-cmw710-system-r2311p05.bin
3 -rw- 66350080 Mar 23 2015 15:13:04 5900_5920-cmw710-system-r2416.bin
4 -rw- 5429 Mar 23 2015 14:43:04 test.cfg
984816 KB total (699456 KB free)
Cisco
Cisco# dir usbflash0:
Directory of usbflash0:/
1 ---- 0 Feb 4 2015 07:21:52 +00:00 System Volume Information
2 -rw- 36326184 Feb 4 2015 08:07:24 +00:00 c1841-adventerprisek9-mz.124-
15.T17.bin
1000062976 bytes total (963723264 bytes free)
Cisco#copy run usbflash0:test.cfg
Destination filename [test.cfg]?
1419 bytes copied in 1.556 secs (912 bytes/sec)
21
System and Environment CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
User Exec / Privileged Exec Commands
show system
Or abbreviations also
works like:
sh sys
show system
information
show modules
display device
manuinfo
display device
verbose
show inventory
show version
show environment fan
show system fans
display fan
show env fan
show system resource-
utilization
show system power-
supply
display power
show env power
show environment led
show system
temperature
display environment
show env temperature
show system error-
counter-monitor
show environment
power-supply
Show running-config
v3-specific
display current-
configuration
System and Environment Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# show system
error-counter-monitor Monitor error counters
resource-utilization Utilization metrics of various system resources
<cr>
ArubaOS-CX-Switch# show system
Hostname :
System Description :
System Contact :
System Location :
Vendor : Aruba
Product Name : 8400 Base Cbl Mgr X462 Bndl
Chassis Serial Nbr : SG78K2G00G
Base MAC Address : 94:f1:28:1e:65:00
ArubaOS-CX Version : XL.10.00.0002C-1-g1b84ef2
Time Zone : UTC
Up Time : up 39 minutes
CPU Util (%) : 10
Memory Usage (%) : 3
ArubaOS-CX-Switch# show system resource-utilization
System Resources:
Processes: 179
CPU usage(%): 10
Memory usage(%): 3
Open FD's: 3808
22
Process CPU Usage(%) Memory Usage(%) Open FD's
--------------------------------------------------------------------------
kworker/5:0H 0 0 0
portd 0 0 12
kworker/1:2 0 0 0
kworker/2:0H 0 0 0
hpe-powerd 0 0 13
vrfmgrd 0 0 11
kworker/5:1 0 0 0
hpe-cardd 0 0 25
hpe-buttond 0 0 11
hpe-udldd 0 0 12
hpe-dnsclient 0 0 9
hpe-mgmdd 0 0 12
hpe-logd 0 0 14
kworker/2:1H 0 0 0
crond 0 0 6
ksoftirqd/1 0 0 0
kworker/6:0 0 0 0
hpe-pspod 0 0 10
xcopy_wq 0 0 0
ops-classifierd 0 0 10
kworker/7:0 0 0 0
migration/3 0 0 0
rsyslogd 0 0 9
hpe-rdntmgmtd 0 0 17
ops-switchd 0 1 127
jbd2/sda4-8 0 0 0
kswapd0 0 0 0
kworker/5:1H 0 0 0
l2macd 0 0 10
hpe-hw_monitor 0 0 11
kdevtmpfs 0 0 0
hpe-vrrpd 0 0 11
ksoftirqd/7 0 0 0
lag1 0 0 0
ntpd 0 0 20
kworker/6:0H 0 0 0
hpe-logsyncd 0 0 12
acpi_thermal_pm 0 0 0
hpe-kfibapp 0 0 11
ksoftirqd/3 0 0 0
ops-sysd 0 0 10
kworker/4:2 0 0 0
hpe-mstpd 0 0 11
bond0 0 0 0
dune_agent_9 0 0 72
lldpd 0 0 24
hpe-tsdbd 0 0 8
jbd2/sda5-8 0 0 0
systemd-resolve 0 0 17
scsi_eh_0 0 0 0
writeback 0 0 0
lacpd 0 0 12
kworker/3:2 0 0 0
kworker/5:0 0 0 0
kworker/0:0H 0 0 0
dune_agent_8 0 0 72
ksoftirqd/2 0 0 0
hpe-entityd 0 0 10
kworker/1:0H 0 0 0
perf 0 0 0
kworker/3:0H 0 0 0
23
hpe-rdiscd 0 0 13
ksoftirqd/0 0 0 0
kworker/0:2 0 0 0
kworker/4:0H 0 0 0
hpe-relay 0 0 10
hpe-restd 0 0 10
(sd-pam) 0 0 7
systemd-udevd 0 0 14
hpe-mclagkad 0 0 13
kworker/1:1 0 0 0
nfsiod 0 0 0
crash-handler 0 0 9
rcu_bh 0 0 0
hpe-tempd 0 0 11
kworker/2:0 0 0 0
login 0 0 5
kworker/u16:0 0 0 0
hpe-isp 0 0 8
systemd-journal 0 0 10
kauditd 0 0 0
kworker/2:1 0 0 0
systemd 0 0 14
chronyd 0 0 11
scsi_tmf_2 0 0 0
kworker/4:1 0 0 0
ksoftirqd/5 0 0 0
kworker/7:1 0 0 0
kworker/0:3 0 0 0
ksoftirqd/6 0 0 0
kblockd 0 0 0
migration/7 0 0 0
hpe-policyd 0 0 8
hpe-sshd 0 0 7
deferwq 0 0 0
jbd2/sda3-8 0 0 0
scsi_tmf_5 0 0 0
intfd 0 0 11
migration/0 0 0 0
ksoftirqd/4 0 0 0
hpe-mclagd 0 0 29
migration/2 0 0 0
migration/5 0 0 0
scsi_eh_4 0 0 0
rcu_sched 0 0 0
mcelog 0 0 5
kworker/4:1H 0 0 0
kworker/7:0H 0 0 0
snmpd_wrapper 0 0 8
bioset 0 0 0
kworker/4:0 0 0 0
hpe-profiled 0 0 10
lsyncd 0 0 4
kworker/6:2 0 0 0
scsi_tmf_3 0 0 0
ipv6_addrconf 0 0 0
scsi_tmf_1 0 0 0
tmr-rd_mcp 0 0 0
scsi_eh_2 0 0 0
kworker/3:0 0 0 0
hpe-fand 0 0 12
migration/6 0 0 0
vland 0 0 10
crypto 0 0 0
24
rpciod 0 0 0
migration/4 0 0 0
migration/1 0 0 0
rcu_preempt 5 0 0
fsnotify_mark 0 0 0
hpe-mgmtd 0 0 18
hpe-mgmtmd 0 0 15
nginx 0 0 16
scsi_eh_3 0 0 0
ext4-rsv-conver 0 0 0
hpe-config 0 0 7
hpe-repld 0 0 10
hpe-pvstd 0 0 12
hpe-lpd 0 0 14
ops-ledd 0 0 12
prometheus 0 0 24
hpe-routing 5 0 43
scsi_eh_5 0 0 0
hpe-sysmond 0 0 11
smartd 0 0 3
systemd-logind 0 0 12
ovsdb-server 0 0 91
pimd 0 0 16
vtysh 0 0 14
jbd2/sda2-8 0 0 0
pmd 0 0 36
dbus-daemon 0 0 14
aaautilspamcfg 0 0 9
kworker/4:3 0 0 0
kworker/6:1H 0 0 0
hpe-cpurx-filte 0 0 10
acpid 0 0 6
scsi_eh_1 0 0 0
kworker/5:2 0 0 0
netns 0 0 0
kworker/6:1 0 0 0
kworker/0:1H 0 0 0
kworker/u16:4 0 0 0
kworker/7:2 0 0 0
kworker/2:2 0 0 0
hpe-ledarbd 0 0 10
target_completi 0 0 0
bridge_normal 0 0 0
scsi_tmf_0 0 0 0
kworker/3:1 0 0 0
arpmgrd 0 0 13
hpe-credmgr 0 0 13
kthreadd 0 0 0
vmstat 0 0 0
auditd 0 0 8
scsi_tmf_4 0 0 0
kworker/u16:5 0 0 0
hpe-mvrpd 0 0 11
kworker/1:1H 0 0 0
mtmd 0 0 12
ArubaOS-CX-Switch# show system error-counter-monitor
[IFNAME] physical interface name
<cr>
ArubaOS-CX-Switch# show system error-counter-monitor
Counter monitoring poll is disabled
25
ArubaOS-CX-Switch# show environment
fan Show system fan status information
led Show locator LED information
power-consumption Show module power consumption information
power-supply Power supply information
rear-display-module Show rear display module information
temperature Show temperature sensor information
<cr>
ArubaOS-CX-Switch# show environment fan
Fan tray information
------------------------------------------------------------------------------
Mbr/Tray Description Status Serial Number Fans
------------------------------------------------------------------------------
1/1 JL369A Aruba X731 Fan Tray ready SG78K2800R 6
1/2 JL369A Aruba X731 Fan Tray ready SG78K2806M 6
1/3 JL369A Aruba X731 Fan Tray ready SG78K2807K 6
Fan information
------------------------------------------------------------------------
Mbr/Tray/Fan Serial Number Speed Direction Status RPM
------------------------------------------------------------------------
1/1/1 SG77K290FY slow front-to-back ok 5957
1/1/2 SG77K29140 slow front-to-back ok 6003
1/1/3 SG77K290GY slow front-to-back ok 5994
1/1/4 SG77K29127 slow front-to-back ok 5975
1/1/5 SG77K29139 slow front-to-back ok 6021
1/1/6 SG77K290JK slow front-to-back ok 5985
1/2/1 SG77K290TX slow front-to-back ok 5966
1/2/2 SG77K291CG slow front-to-back ok 5975
1/2/3 SG77K290H4 slow front-to-back ok 5966
1/2/4 SG77K290TV slow front-to-back ok 5957
1/2/5 SG77K291RJ slow front-to-back ok 6003
1/2/6 SG77K290ZV slow front-to-back ok 5966
1/3/1 SG77K291T8 slow front-to-back ok 6003
1/3/2 SG77K291TB slow front-to-back ok 5994
1/3/3 SG77K290QF slow front-to-back ok 6012
1/3/4 SG77K291SY slow front-to-back ok 5966
1/3/5 SG77K2918L slow front-to-back ok 5966
1/3/6 SG77K291VN slow front-to-back ok 5966
ArubaOS-CX-Switch# show environment led
Name State Status
-----------------------------------
locator off ok
ArubaOS-CX-Switch# show environment power-consumption
Power
Name Type Description Usage
------------------------------------------------------------------------------
1/5 management-module JL368A 8400 Mgmt Mod 49
1/6 management-module JL368A 8400 Mgmt Mod 49
1/1 line-card-module JL363A 8400X 32P 10G SFP/SFP+ Msec Mod 137
1/2 line-card-module N/A N/A 0
1/3 line-card-module N/A N/A 0
1/4 line-card-module N/A N/A 0
1/7 line-card-module N/A N/A 0
1/8 line-card-module N/A N/A 0
1/9 line-card-module N/A N/A 0
1/10 line-card-module N/A N/A 0
1/1 fabric-card-module JL367A 8400X 7.2Tbps Fab Mod 94
1/2 fabric-card-module JL367A 8400X 7.2Tbps Fab Mod 96
1/3 fabric-card-module N/A N/A 0
26
Module Total Power Usage 425
Chassis Total Power Usage 516
Chassis Total Power Available 2700
Chassis Total Power Allocated (total of all max wattages) 1560
Chassis Total Power Unallocated 1140
Aruba OS-Switch
ArubaOS-Switch# show system ?
chassislocate Show information about the Locator LED.
fans Show system fan status.
information Show global configured and operational system parameters.If
stacking is enabled it shows system information of all the stack
members.
power-consumption Show switch blade power consumption information.
power-supply Show Chassis Power Supply info and settings.If stacking is
enabled, shows power supply info and settings of all the stack
members.
temperature Show current temperature sensor information.
<cr>
ArubaOS-Switch# show system information
Status and Counters - General System Information
System Name : ArubaOS-Switch
System Contact :
System Location :
MAC Age Time (sec) : 300
Time Zone : -360
Daylight Time Rule : Continental-US-and-Canada
Software revision : KA.15.16.0005 Base MAC Addr : 009c02-d53980
ROM Version : KA.15.09 Serial Number : xxxxxxxxxx
Up Time : 34 mins Memory - Total : 795,353,088
CPU Util (%) : 0 Free : 665,924,808
IP Mgmt - Pkts Rx : 199 Packet - Total : 6750
Pkts Tx : 220 Buffers Free : 4830
Lowest : 4810
Missed : 0
ArubaOS-Switch# show modules
Status and Counters - Module Information
Chassis: 3800-24G-PoE+-2SFP+ J9573A Serial Number: xxxxxxxxxx
Slot Module Description Serial Number Status
-------- ------------------------------------------ ---------------- --------
ArubaOS-Switch# show system fans
Fan Information
Num | State | Failures
27
-------+-------------+----------
Fan-1 | Fan OK | 0
Fan-2 | Fan OK | 0
Fan-3 | Fan OK | 0
Fan-4 | Fan OK | 0
0 / 4 Fans in Failure State
0 / 4 Fans have been in Failure State
ArubaOS-Switch# show system power-supply
Power Supply Status:
PS# Model State AC/DC + V Wattage Max
----- --------- --------------- ----------------- --------- ------
1 J9580A Powered AC 120V/240V 71 1000
2 Unknwn Not Present 0 0
1 / 2 supply bays delivering power.
Currently supplying 71 W / 1000 W total power.
ArubaOS-Switch# show system temperature
System Air Temperature
Temp Current Max Min
Sensor Temp Temp Temp Threshold OverTemp
------- -------- ----- ----- ---------- ---------
Chassis 28C 28C 0C 55C NO
Comware 7
<Comware>display device ?
chassis Specify the chassis number
manuinfo Manufacture information
slot Specify the slot number
verbose Display detail information
| Matching output
<cr>
<Comware>display device manuinfo ?
slot Specify the slot number
| Matching output
<cr>
<Comware>display device manuinfo
Slot 1:
DEVICE_NAME : S5500-28C-PWR-EI
DEVICE_SERIAL_NUMBER : xxxxxxxxxxxx
MAC_ADDRESS : 0023-89D5-A059
MANUFACTURING_DATE : 2010-02-16
VENDOR_NAME : H3C
<Comware>display device verbose ?
| Matching output
<cr>
<Comware>display device verbose
Slot 1
28
SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State
0 28 REV.C NULL 002 710 IVL MAIN Normal
slot 1 info:
Up Time : 0 weeks, 0 days, 1 hours, 22 minutes
Brd Type : HP A5500-24G-PoE+ EI Switch with 2 Interface Slots
Brd Status : Master
Sft Ver : Release 2221P07
Patch Ver : None
PCB Ver : REV.C
BootRom Ver : 721
CPLD Ver : 002
<Comware>display fan ?
slot Display slot ID
| Matching output
<cr>
<Comware>display fan
Slot 1
FAN 1
State : Normal
<Comware>display power ?
slot Display slot ID
| Matching output
<cr>
<Comware>display power
Slot 1
Power 1
State : Normal
Type : AC
<Comware>display environment ?
slot Specify the slot number
| Matching output
<cr>
<Comware>display environment
Slot 1
System temperature information (degree centigrade):
-------------------------------------------------------------------------------
Sensor Temperature LowerLimit WarningLimit AlarmLimit ShutdownLimit
hotspot 1 33 -5 55 NA NA
29
Cisco
Cisco#show inventory
NAME: "1", DESCR: "WS-C3750E-24TD"
PID: WS-C3750E-24TD-S , VID: V02 , SN: xxxxxxxxxxx
NAME: "Switch 1 - Power Supply 0", DESCR: "FRU Power Supply"
PID: C3K-PWR-265WAC , VID: V01Q , SN: xxxxxxxxxxx
Cisco#show version
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(1)SE, RELEASE
SOFTWARE (fc1)
...
Cisco uptime is 1 hour, 9 minutes
System returned to ROM by power-on
System restarted at 23:56:02 central Wed Mar 4 2015
System image file is "flash:c3750e-universalk9-mz.150-1.SE.bin"
...
cisco WS-C3750E-24TD (PowerPC405) processor (revision F0) with 262144K bytes of memory.
Processor board ID FDO1231V0US
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:22:91:AB:43:80
Motherboard assembly number : 73-10313-11
Motherboard serial number : xxxxxxxxxxx
Model revision number : F0
Motherboard revision number : A0
Model number : WS-C3750E-24TD-S
Daughterboard assembly number : 800-28590-01
Daughterboard serial number : xxxxxxxxxxx
System serial number : xxxxxxxxxxx
Top Assembly Part Number : 800-27546-03
Top Assembly Revision Number : A0
Version ID : V02
CLEI Code Number : xxxxxxxxxxx
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3750E-24TD 15.0(1)SE C3750E-UNIVERSALK9-M
Cisco#sh env ?
all Show all environment status
fan Show fan status
power Show power supply status
rps Show RPS status
stack Show Stack-wide all environment status
temperature Show temperature status
xps Show XPS status
Cisco#show env fan
FAN is OK
Cisco#sh env power ?
all All power supplies
30
switch Switch number
| Output modifiers
<cr>
Cisco#show env power
SW PID Serial# Status Sys Pwr PoE Pwr Watts
--- ------------------ ---------- --------------- ------- ------- -----
1 C3K-PWR-265WAC xxxxxxxxxxx OK Good N/A 265/0
Cisco#show env temperature ?
status Show Temperature status and threshold values
| Output modifiers
<cr>
Cisco#show env temperature
SYSTEM TEMPERATURE is OK
31
Remote Management Sessions—Viewing CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
User Exec / Privileged Exec Commands
show user information
show telnet
display users
show users
Remote Management Sessions—Viewing CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# show user
WORD Specify the username. Maximum length is 32 characters.
information Show information about logged in user
ArubaOS-CX-Switch# sh user information
Username : admin
Authentication type : local
User group : administrators
User privilege level : 15
ArubaOS-Switch
ArubaOS-Switch# show telnet ?
<cr>
ArubaOS-Switch# show telnet
Telnet Activity
Source IP Selection: Outgoing Interface
--------------------------------------------------------
Session : ** 1
Privilege: Manager
From : Console
To :
--------------------------------------------------------
Session : 2
Privilege: Manager
From : 10.0.100.87
To :
--------------------------------------------------------
Session : 3
Privilege: Manager
From : 10.0.100.84
To :
Cisco
Cisco#show users ?
all Include information about inactive ports
wide use wide format
| Output modifiers
<cr>
Cisco#show users
Line User Host(s) Idle Location
* 0 con 0 manager idle 00:00:00
1 vty 0 manager idle 00:08:29 10.0.100.84
2 vty 1 manager idle 00:00:44 10.0.100.87
32
Interface User Mode Idle Peer Address
Cisco#show users wide ?
| Output modifiers
<cr>
Cisco#show users wide
Line User Host(s) Idle Location
* 0 con 0 manager idle 00:00:00
1 vty 0 manager idle 00:00:09 10.0.100.84
2 vty 1 manager idle 00:05:37 10.0.100.87
3 vty 2 00:00:00
4 vty 3 00:00:00
5 vty 4 00:00:00
6 vty 5 00:00:00
7 vty 6 00:00:00
8 vty 7 00:00:00
9 vty 8 00:00:00
10 vty 9 00:00:00
11 vty 10 00:00:00
12 vty 11 00:00:00
13 vty 12 00:00:00
14 vty 13 00:00:00
15 vty 14 00:00:00
16 vty 15 00:00:00
Interface User Mode Idle Peer Address
33
Tech Support Information Output Listing CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
User Exec / Privileged Exec Commands
show tech
show tech
display diagnostic-
information
show tech-support
Tech Support Information Output Listing CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch# show tech
aaa Authentication Authorization and Accounting
acl Access Control Lists
arp Address Resolution Protocol
basic Show Tech Basic
bgp Border Gateway Protocol
copp Control Plane Policing
dhcp-relay Dynamic Host Configuration Protocol Relay
dhcpv6-relay Dynamic Host Configuration Protocol Version 6 Relay
dns-client DNS client
gre Generic Routing Encapsulation
hw-health-monitor Hardware Health Monitor
igmp IGMP
interface Interfaces
ip-statistics Show IP Errors Statistics
ipv6-ra IPv6 Router Advertisement
irdp ICMP Router Discovery Protocol
isp Show versions of programmable devices
isplog Show log of programmable device updates
l2mac L2 MAC Table
lacp Link Aggregation Control Protocol
lldp Link Layer Discovery Protocol
local-file Capture command-output into a local-file
log-rotate Log Rotation
loop-protect Loop Protect
loopback Loopback Interface
mclag Multi-Chassis Link Aggregation Group
mgmt Management interface
mirror Mirroring
mstp Multiple Spanning Tree Protocol
mvrp Multiple VLAN Registration Protocol
ntp Network Time Protocol
ospfv2 Open Shortest Path First version 2 Protocol
ospfv3 Open Shortest Path First version 3 Protocol
pim Protocol-Independent Multicast (PIM Sparse)
policy Classifier Policies
qos Quality of Service
rpvst Per VLAN Spanning Tree Protocol
sflow sFlow
snmp SNMP
source-interface-selection Source Interface Selection
ssh SSH Server
ucast-routing Unicast Routing Information
udld Unidirectional Link Detection Protocol
udpfwd UDP Broadcast Forwarder
vlan Virtual Local Area Network
vrf Virtual Rounting and Forwarding
vrrp Virtual Router Redundancy Protocol
xcvr Show Transceiver Information
<cr>
34
ArubaOS-Switch
ArubaOS-Switch# show tech ?
all Display output of a predefined command sequence used by technical
support.
buffers Display output of a predefined command sequence used by technical
support.
custom Display output of a predefined command sequence used by technical
support.
igmp Display output of a predefined command sequence used by technical
support.
instrumentation Display output of a predefined command sequence used by technical
support.
mesh Display output of a predefined command sequence used by technical
support.
mstp Display output of a predefined command sequence used by technical
support.
oobm Display output of a predefined command sequence used by technical
support.
rapid-pvst Display output of a predefined command sequence used by technical
support.
route Display output of a predefined command sequence used by technical
support.
smart-link Display output of a predefined command sequence used by technical
support.
statistics Display output of a predefined command sequence used by technical
support.
transceivers Display output of a predefined command sequence used by technical
support.
tunnel Display output of a predefined command sequence used by technical
support.
vrrp Display output of a predefined command sequence used by technical
support.
<cr>
Comware7
<Comware7>display diagnostic-information ?
STRING [drive][path][file name]
flash: Device name
hardware Hardware information for diagnosis
infrastructure Infrastructure information for diagnosis
l2 L2 information for diagnosis
l3 L3 information for diagnosis
service Service information for diagnosis
slot1#flash: Device name
slot1#usba0: Device name
usba0: Device name
<cr>
<Comware7>display diagnostic-information
Save or display diagnostic information (Y=save, N=display)? [Y/N]:
Cisco
35
Cisco#show tech-support ?
cef CEF related information
ipc IPC related information
ipmulticast IP multicast related information
ospf OSPF related information
page Page through output
password Include passwords
rsvp IP RSVP related information
| Output modifiers
<cr>
36
Motd CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
banner motd #
Enter TEXT message.
End with the
character'#'
banner motd #
Enter TEXT message.
End with the
character'#'
header motd
Please input banner
content, and quit with
the character '#'.
banner motd #
Enter TEXT message.
End with the character
'#'.
Motd CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# banner motd #
Enter TEXT message. End with the character'#'
This is a secure lab network, do not connect to any production systems.
Authorized users only!
#
ArubaOS-Switch
ArubaOS-Switch(config)# banner motd #
Enter TEXT message. End with the character'#'
This is a secure lab network, do not connect to any production systems.
Authorized users only!
#
Comware
[Comware]header motd #
Please input banner content, and quit with the character '#'.
This is a secure lab network, do not connect to any production systems.
Authorized users only!
#
Cisco
Cisco(config)#banner motd #
Enter TEXT message. End with the character '#'.
This is a secure lab network, do not connect to any production systems.
Authorized users only!
#
37
Source Interface for Management Communications CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware
Cisco
Configuration commands
ip source-interface
tftp interface
1/1/1
ip source-interface
tftp 10.0.0.1
ip source-interface
tftp client source
interface Vlan-
interface 1
ip <service> source-
interface
ip source-interface
all interface 1/1/1
ip source-interface
all 10.0.0.1
ip source-interface
all 10.0.111.21
ip source-interface
syslog vlan 1
info-center loghost
source Vlan-interface 1
logging source-
interface vlan 1
ip source-interface
radius 10.0.111.21
radius nas-ip
10.0.111.31
ip radius source-
interface vlan 1
ip source-interface
tacacs 10.0.111.21
hwtacacs nas-ip
10.0.111.31
ip tacacs source-
interface vlan 1
ftp client source
interface Vlan-
interface 1
ip ftp source-interface
vlan 1
ntp source-interface
Vlan-interface 100
telnet client source
interface Vlan-
interface 1
User Exec / Privileged Exec Commands
show ip source-
interface tftp
show ip source-
interface
show ip source-
interface
Source Interface for Management Communications CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# ip source-interface tftp interface 1/1/1
ArubaOS-CX-Switch(config)# ip source-interface
all All the defined protocols
tftp TFTP protocol
ArubaOS-CX-Switch(config)# ip source-interface tftp
A.B.C.D Specify an IP address
interface Interface information
ArubaOS-CX-Switch(config)# ip source-interface tftp interface
IFNAME Interface name (e.g. 1/1/1)
ArubaOS-CX-Switch(config)# ip source-interface tftp interface 1/1/1
ArubaOS-CX-Switch(config)# ip source-interface tftp 10.0.0.1
<cr>
ArubaOS-CX-Switch(config)# ip source-interface tftp 10.0.0.1
ArubaOS-CX-Switch(config)# ip source-interface
all All the defined protocols
tftp TFTP protocol
38
ArubaOS-CX-Switch(config)# ip source-interface all
A.B.C.D Specify an IP address
interface Interface information
ArubaOS-CX-Switch(config)# ip source-interface all interface
IFNAME Interface name (e.g. 1/1/1)
ArubaOS-CX-Switch(config)# ip source-interface all interface 1/1/1
ArubaOS-CX-Switch(config)# ip source-interface all 10.0.0.1
<cr>
ArubaOS-CX-Switch(config)# ip source-interface all 10.0.0.1
ArubaOS-CX-Switch# show ip source-interface
Source-interface Configuration Information
----------------------------------------
Protocol Source Interface
-------- ----------------
tftp 10.0.0.1
ArubaOS-Switch
ArubaOS-Switch(config)# ip source-interface ?
radius The RADIUS protocol.
sntp The SNTP protocol.
syslog The syslog protocol.
tacacs The TACACS+ protocol.
telnet The Telnet protocol.
tftp The TFTP protocol.
sflow The sFlow protocol.
all All protocols above.
ArubaOS-Switch(config)# ip source-interface all ? [note, same options for
all]
IP-ADDR Specify an IP address. [protocols as seen in above]
loopback Specify a loopback interface.
vlan Specify a VLAN interface.
ArubaOS-Switch(config)# ip source-interface all 10.0.111.21
ArubaOS-Switch(config)# ip source-interface telnet vlan 1
ArubaOS-Switch(config)# snmp-server trap-source ?
IP-ADDR IP Address for the source ip address field in the trap
pdu.
loopback For the specified loopback interface, lexicographically
minimum configured ip address will be used as the source
ip address in the trap pdu.
ArubaOS-Switch(config)# snmp-server trap-source 10.0.111.21
ArubaOS-Switch# show ip source-interface ?
detail Show detailed source IP information.
radius Specify the protocol.
sflow Specify the protocol.
sntp Specify the protocol.
status Show source IP information.
syslog Specify the protocol.
tacacs Specify the protocol.
39
telnet Specify the protocol.
tftp Specify the protocol.
<cr>
ArubaOS-Switch# show ip source-interface
Source-IP Configuration Information
Protocol | Admin Selection Policy IP Interface IP Address
-------- + ----------------------- -------------- ---------------
Tacacs | Configured IP Address vlan-1 10.0.111.21
Radius | Configured IP Address vlan-1 10.0.111.21
Syslog | Configured IP Interface vlan-1
Telnet | Configured IP Interface vlan-1
Tftp | Configured IP Interface vlan-1
Sntp | Configured IP Interface vlan-1
Sflow | Configured IP Address vlan-1 10.0.111.21
Comware7
[Comware7]ntp source Vlan-interface 1
Cisco
Cisco(config)#logging source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco(config)#logging source-interface vlan 1 ?
<cr>
Cisco(config)#logging source-interface vlan 1
(the following service commands are similar the above logging example)
Cisco(config)#ip radius source-interface vlan 1
Cisco(config)#ip tacacs source-interface vlan 1
Cisco(config)#ip ftp source-interface vlan 1
Cisco(config)#ip tftp source-interface vlan 1
40
Cisco(config)#ntp source vlan 1
Cisco(config)#ip telnet source-interface vlan 1
Cisco(config)#ip ssh source-interface vlan 1
Cisco(config)#snmp-server source-interface traps vlan 1
41
Chapter 2 Switch User ID and Password, and Console Access
This chapter focuses on:
Configuring local user ID (uid) and password (pw) options
Recovering from a lost password
Protecting the local password
Role based management
Password complexity
For network access, Cisco requires at least pw, while ArubaOS-Switch does not require either.
Network access methods for device management are covered in Chapters 8 and 9. Configuration details
for Telnet and SSH are found in Chapter 8, and HTTP and HTTPS are found in Chapter 9.
Local User ID and Password, and console access CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
[Comware7]super
password role network-
admin simple password
enable password 0
<password>
[Comware7]super password
role network-admin hash
<hashtext password>
enable secret 0 <password>
user word group
administrators
password
[Comware7]local-user
manager
[Comware7-luser-manage-
manager]password simple
password
[Comware7-luser-manage-
manager]authorization-
attribute user-role
network-admin
[Comware7-luser-manage-
manager]service-type terminal
user user-name
password
password manager
user-name <name>
plaintext
<password>
[Comware7]local-user
<name>
[Comware7-luser-manage-
operator]password
simple <password>
[Comware7-luser-manage-
operator]authorization-
attribute user-role
network-operator
[Comware7-luser-manage-
operator]service-type terminal
42
user user-name
password
password operator
user-name <name>
plaintext
<password>
[Comware7]user-
interface aux 0
[Comware7-line-
aux0]authentication-
mode password
[Comware7-line-aux0]set
authentication password
simple password
usernam <name> privilege
15 password <password>
user user-name
password
username <name>
privilege 0 password
<password>
user <username>
group operators
password
password
configuration-
control
password
configuration
history
password <password>
user <username>
authorized-key
PUBKEY
aaa common-criteria
policy policy1
password
configuration aging
username
username common-
criteria-policy policy-
name password <password>
password
configuration
alert-before-
expiry 10
config switchconfig
strong-pwd {case-
check | consecutive-
check | default-
check | username-
check | all-checks}
{enable| disable}
password
configuration
update-interval-
time 0
password
configuration
expired-user-login
30
service paasword-
encryption
Local User ID and Password, and console access CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# user
43
WORD Specify the username. Maximum length is 32 characters.
ArubaOS-CX-Switch(config)# user word
authorized-key Add SSH client's authorized-key.
group Adding user to the group
password Update user password
ArubaOS-CX-Switch(config)# user word authorized-key
PUBKEY SSH client's authorized-key.
ArubaOS-CX-Switch(config)# user word authorized-key pubkey
PUBKEY SSH client's authorized-key.
<cr>
ArubaOS-CX-Switch(config)# user word authorized-key pubkey
Failed to add client-public-key. Invalid key format.
ArubaOS-CX-Switch(config)# user word
authorized-key Add SSH client's authorized-key.
group Adding user to the group
password Update user password
ArubaOS-CX-Switch(config)# user word password
ciphertext Update ciphertext password
<cr>
ArubaOS-CX-Switch(config)# user word password
Changing password for user word
Enter password: *****
Confirm new password: *****
ArubaOS-CX-Switch(config)# user word password
ciphertext Update ciphertext password
<cr>
ArubaOS-CX-Switch(config)# user word password ciphertext
WORD User's ciphertext password
QBapX4naW+gHsHPz9lucBMuGy1+OMKXsSJhhYaLA8rqLY9FZgAAAOL2ov5BSFDUgVwU3sua4Ekk/k1t
cIvX2pJVyTfPep6SLY0MnQBfL3RggNJ6TshDrQ3HtGjpDyUioQ3JcNSHUk8FaDGTeVTEfw9IO9T4C5aKLcrnB
GR4mhTNFpTqQ8DYoMfYUvtg==
ArubaOS-Switch
ArubaOS-Switch(config)# password ?
operator Configure operator access.
manager Configure manager access.
all Configure all available types of access.
minimum-length Configure minimum password length.
ArubaOS-Switch(config)# password manager ?
plaintext Enter plaintext password.
user-name Set username for the specified user category.
<cr>
ArubaOS-Switch(config)# password manager user-name ?
OCTET-STR Enter an octet string.
ArubaOS-Switch(config)# password manager user-name manager ?
plaintext Enter plaintext password.
<cr>
ArubaOS-Switch(config)# password manager user-name manager plaintext ?
PASSWORD Specify the password.If in enhanced secure-mode, you will be
prompted for the password.
ArubaOS-Switch(config)# password manager user-name manager plaintext password ?
44
<cr>
ArubaOS-Switch(config)# password manager user-name manager plaintext password
ArubaOS-Switch(config)# password operator user-name operator plaintext password
Note: If ‘user-name’ is not configured for either the manager or operator category, then “manager” and “operator” are the
default user names respectively.
Comware7
[Comware7]super ?
authentication-mode Specify the authentication mode for user role switching
default Default target user role
password Set the password used to switch to a user role
[Comware7]super password ?
hash Specify a hashtext password
role Specify the user role
simple Specify a plaintext password
<cr>
[Comware7]super password role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
[Comware7]super password role network-admin ?
hash Specify a hashtext password
simple Specify a plaintext password
<cr>
[Comware7]super password role network-admin simple ?
STRING<1-63> Plaintext password string
[Comware7]super password role network-admin simple password ?
<cr>
[Comware7]super password role network-admin simple password
[Comware7]super password role network-admin hash ?
STRING<1-110> Hashtext password string
[Comware7]super password role network-admin hash password ?
<cr>
[Comware7]super password role network-admin hash password
45
[Comware7]local-user ?
STRING<1-55> Local user name, which cannot contain the domain name
[Comware7]local-user manager ?
<cr>
[Comware7]local-user manager
New local user added.
[Comware7-luser-manage-manager]?
Local-user protocol view commands:
access-limit Specify the maximum concurrent access number for the
local user
authorization-attribute Specify authorization attributes of local user
bind-attribute Specify binding attributes of local user
cfd Connectivity Fault Detection (CFD) module
diagnostic-logfile Diagnostic log file configuration
display Display current system information
group Specify user group of local user
logfile Log file configuration
monitor System monitor
password Specify password of local user
password-control Password control feature
ping Ping function
quit Exit from current command view
return Exit to User View
save Save current configuration
security-logfile Security log file configuration
service-type Specify a service type for the local user
state Specify state of local user
tracert Tracert function
undo Cancel current setting
[Comware7-luser-manage-manager]password ?
hash Specify a hashtext password
simple Specify a plaintext password
<cr>
[Comware7-luser-manage-manager]password simple ?
STRING<1-63> Plaintext password string
[Comware7-luser-manage-manager]password simple password ?
<cr>
[Comware7-luser-manage-manager]password simple password
[Comware7-luser-manage-manager]authorization-attribute ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
user-role Specify user role of the local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
[Comware7-luser-manage-manager]authorization-attribute user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
46
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
[Comware7-luser-manage-manager]authorization-attribute user-role network-admin ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
<cr>
[Comware7-luser-manage-manager]authorization-attribute user-role network-admin
[Comware7-luser-manage-manager]service-type ?
ftp FTP service
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
telnet Telnet service
terminal Terminal access service
[Comware7-luser-manage-manager]service-type terminal ?
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
telnet Telnet service
<cr>
[Comware7-luser-manage-manager]service-type terminal
[Comware7-luser-manage-manager]password ?
hash Specify a hashtext password
simple Specify a plaintext password
<cr>
[Comware7-luser-manage-manager]password hash ?
STRING<1-110> Hashtext password string
[Comware7-luser-manage-manager]password hash password ?
<cr>
[Comware7-luser-manage-manager]password hash password
47
[the next command sets the use of uid/pw for login via console, even though the scheme is defined for AAA, it works with
local uid/pw configuration]
[Comware7]user-interface aux 0
[Comware7-line-aux0]?
Line view commands:
activation-key Specify a character to begin a terminal session
authentication-mode Login authentication mode
auto-execute Automatic execution configuration
cfd Connectivity Fault Detection (CFD) module
command Command authorization and accounting
databits Set the databits of line
diagnostic-logfile Diagnostic log file configuration
display Display current system information
escape-key Escape key sequence configuration
flow-control Set a flow control mode
history-command History command buffer configuration
idle-timeout User connection idle timeout
logfile Log file configuration
monitor System monitor
parity Set the parity check method
ping Ping function
protocol Set the protocols to be supported by the line
quit Exit from current command view
return Exit to User View
save Save current configuration
screen-length Specify the number of lines to be displayed on a screen
security-logfile Security log file configuration
set Specify line parameters
shell Enable terminal user service
speed Line transmission speed
stopbits Specify the stop bit of line
terminal Specify terminal attribute
tracert Tracert function
undo Cancel current setting
user-role Specify user role configuration information
[Comware7-line-aux0]authentication-mode ?
none Login without authentication
password Password authentication
scheme Authentication use AAA
[Comware7-line-aux0]authentication-mode scheme ?
<cr>
[Comware7-line-aux0]authentication-mode scheme
[the next command sets the use of password only for login via console]
[Comware7]user-interface aux 0
[Comware7-line-aux0]authentication-mode password ?
<cr>
[Comware7-line-aux0]authentication-mode password
[Comware7-line-aux0]set ?
authentication Specify the authentication parameters for line
48
[Comware7-line-aux0]set authentication ?
password Specify the password of line
[Comware7-line-aux0]set authentication password ?
hash Specify a hashtext password
simple Specify a plaintext password
[Comware7-line-aux0]set authentication password simple ?
STRING<1-16> Plaintext password string
[Comware7-line-aux0]set authentication password simple password ?
<cr>
[Comware7-line-aux0]set authentication password simple password
Cisco
Cisco(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password (MAX of 25 characters)
secret Assign the privileged level secret (MAX of 25 characters)
use-tacacs Use TACACS to check enable passwords
Cisco(config)#enable password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) 'enable' password
level Set exec level password
Cisco(config)#enable password 0 ?
LINE The UNENCRYPTED (cleartext) 'enable' password
Cisco(config)#enable password 0 password ?
LINE <cr>
Cisco(config)#enable password 0 password
Cisco(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
Cisco(config)#enable secret 0 ?
LINE The UNENCRYPTED (cleartext) 'enable' secret
Cisco(config)#enable secret 0 secret ?
LINE <cr>
Cisco(config)#enable secret 0 secret
Cisco(config)#username ?
WORD User name
Cisco(config)#username manager ?
aaa AAA directive
access-class Restrict access by access-class
autocommand Automatically issue a command after the user logs in
callback-dialstring Callback dialstring
callback-line Associate a specific line with this callback
callback-rotary Associate a rotary group with this callback
dnis Do not require password when obtained via DNIS
mac This entry is for MAC Filtering where username=mac
nocallback-verify Do not require authentication after callback
49
noescape Prevent the user from using an escape character
nohangup Do not disconnect after an automatic command
nopassword No password is required for the user to log in
password Specify the password for the user
privilege Set user privilege level
secret Specify the secret for the user
user-maxlinks Limit the user's number of inbound links
view Set view name
<cr>
Cisco(config)#username manager privilege ?
<0-15> User privilege level
Cisco(config)#username manager privilege 15 ?
aaa AAA directive
access-class Restrict access by access-class
autocommand Automatically issue a command after the user logs in
callback-dialstring Callback dialstring
callback-line Associate a specific line with this callback
callback-rotary Associate a rotary group with this callback
dnis Do not require password when obtained via DNIS
mac This entry is for MAC Filtering where username=mac
nocallback-verify Do not require authentication after callback
noescape Prevent the user from using an escape character
nohangup Do not disconnect after an automatic command
nopassword No password is required for the user to log in
password Specify the password for the user
privilege Set user privilege level
secret Specify the secret for the user
user-maxlinks Limit the user's number of inbound links
view Set view name
<cr>
Cisco(config)#username manager privilege 15 password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) user password
Cisco(config)#username manager privilege 15 password password ?
LINE <cr>
Cisco(config)#username manager privilege 15 password password
Cisco(config)#username operator privilege 0 password password
[the next command sets the use of uid/pw for login via console]
Cisco(config)#line console 0
Cisco(config-line)#login ?
local Local password checking
<cr>
Cisco(config-line)#login local ?
<cr>
Cisco(config-line)#login local
[the next command sets the use of password for login via console]
Cisco(config)#line console 0
50
Cisco(config-line)#login
% Login disabled on line 0, until 'password' is set
Cisco(config-line)#password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) line password
Cisco(config-line)#password 0 password ?
LINE <cr>
Cisco(config-line)#password 0 password
51
Recover lost password CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
See details below
See details below
See details below
See details below
Each procedure requires direct access to the switch through a console cable.
Recover lost password CLI Configurable options
ArubaOS-CX-Switch
switch login: admin
Password: <forgot-password>
One Time Token for password reset (valid for 30 mins) :
AAEAAQABAAEAgI79uC8K+JJKJvxSu+U3JH7iLw8SqqaN/UdKYZeZw0WdXxKnhUQVamggmN5ZqJCLfXUnXAGvOES4eyBX5
p/FwcoYvBFF2dIJ5g5FeYOC862NTL95wmEX01e5V4VqhSVtxeMYOeuanzlmzSfkBZa0FWXVOwYHou3ptfj1JjPLjbz3
Login to MNP portal @ www.hpe.com/networking/register to generate the One-Time-Password.
Copy the OTP and input at the prompt below.
Enter the One-Time-Password:
ArubaOS-Switch
Requires direct access to the switch (option 3 requires console cable). Default front panel security settings has all three options
enabled.
Option 1) erase local usernames/passwords by depressing front panel clear button for one second. Requires physical access to
switch.
Option 2) execute a factory reset by using a combination/sequence of the “clear” button and the “reset” button (reference
product documentation for details). Requires physical access to switch.
Option 3) password recovery procedure requires direct access to the switch (with console cable) and calling HPE Networking
technical support (reference product documentation for details).
Comware 7
Requires direct access to the switch (with console cable).
If password recovery capability is enabled (which is the default setting), a console user can access the device configuration
without authentication and reconfigure the console login password and user privilege level passwords.
If password recovery capability is disabled, a console user must restore the factory-default configuration before configuring
new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.
Availability of related BootROM options varies with different versions of Comware.
Press Ctrl-B to enter Boot Menu... 1
BootRom password: Not required. Please press Enter to continue.
Password recovery capability is disabled.
BOOT MENU
52
1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter bootrom upgrade menu
7. Skip current configuration file
8. Reserved
9. Set switch startup mode
0. Reboot
Ctrl+F: Format File System
Ctrl+D: Enter Debugging Mode
Ctrl+T: Enter Board Test Environment
Enter your choice(0-9):
Select 7 in order for switch to load its default configuration file, then select 0 to Reboot the switch.
Cisco
Depending on configuration of the “password-recovery” feature (see section c, Protect Local Password), there are two methods
available; both require direct access to the switch (with console cable) and depressing the appropriate front panel button.
See the Cisco product documentation for exact procedure.
53
Role based management CLI comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware7
Cisco
Cisco(config)#aaa new-
model
ArubaOS-CX-
Switch(config)# aaa
authorization
commands default
group
ArubaOS-
Switch(config)# aaa
authorization
commands local
[Comware7]role name
network-admin2
Cisco(config)#parser
view network-admin2
Cisco(config-
view)#secret 0
password
ArubaOS-CX-
Switch(config)# aaa
authorization
commands default
group none
ArubaOS-
Switch(config)# aaa
authorization group
network-admin2 1
match-command
"command:show
interface brief"
permit log
[Comware7-role-
network-admin2]rule 1
permit command display
interface brief
Cisco(config-
view)#commands exec
include show interface
summary
ArubaOS-CX-
Switch(config)# aaa
authorization
commands default
group tacacs
ArubaOS-
Switch(config)# aaa
authorization group
network-admin2 2
match-command
"command:show ip
" permit log
[Comware7-role-
network-admin2]rule 2
permit command display
ip interface brief
Cisco(config-
view)#commands exec
include show ip
interface brief
ArubaOS-Switch#
show authorization
group network-
admin2
[Comware7]local-user
test1 class manage
[Comware7-luser-
manage-test1]password
simple password
(no specific show
commands)
[Comware7-luser-
manage-test1]service-
type telnet
[Comware7-luser-
manage-
test1]authorization-
attribute user-role
network-admin2
[Comware7]display role
name network-admin2
[Comware7]display
local-user user-name
test1 class manage
Role based management CLI Configurable options
ArubaOS-CX-Switch
Configure a tacacs server before creating a tacacs group.
ArubaOS-CX-Switch(config)# tacacs-server
auth-type Set authentication type. (Default: pap)
host Specify a TACACS+ server
key Set shared secret
timeout Set the transmission timeout interval
54
ArubaOS-CX-Switch(config)# tacacs-server host
WORD TACACS+ server IP address or hostname
ArubaOS-CX-Switch(config)# tacacs-server host 10.0.0.2
auth-type Set authentication type. (Default: global TACACS authentication type)
key Set shared secret
port Set authentication port
timeout Set the transmission timeout interval
vrf VRF Configuration
<cr>
ArubaOS-CX-Switch(config)# tacacs-server host 10.0.0.2
ArubaOS-CX-Switch(config)# aaa
authentication User authentication
authorization User authorization
group Define AAA server group
ArubaOS-CX-Switch(config)# aaa authorization
commands Command authorization
ArubaOS-CX-Switch(config)# aaa authorization commands
default Default authorization list
ArubaOS-CX-Switch(config)# aaa authorization commands default
group Server-group
none No authorization
ArubaOS-CX-Switch(config)# aaa authorization commands default
group Server-group
none No authorization
ArubaOS-CX-Switch(config)# aaa authorization commands default group
WORD Group Name or family name (Valid family names: tacacs, none)
ArubaOS-CX-Switch(config)# aaa authorization commands default group none
WORD Group Name or family name (Valid family names: tacacs, none)
<cr>
ArubaOS-CX-Switch(config)# aaa authorization commands default group none
ArubaOS-Switch
ArubaOS-Switch(config)# aaa authorization ?
commands Configure command authorization.
group Create or remove an authorization rule.
ArubaOS-Switch(config)# aaa authorization commands ?
access-level Configure command authorization level.
local Authorize commands using local groups.
radius Authorize commands using RADIUS.
none Do not require authorization for command access.
auto Authorize commands with the same protocol used for authentication.
tacacs Authorize commands using TACACS+.
ArubaOS-Switch(config)# aaa authorization commands local ?
<cr>
ArubaOS-Switch(config)# aaa authorization commands local
ArubaOS-Switch(config)# aaa authorization group ?
GROUPNAME-STR The group name.
ArubaOS-Switch(config)# aaa authorization group network-admin2 ?
55
<1-2147483647> The sequence number.
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 ?
match-command Specify the command to match.
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 match-command ?
COMMAND-STR The command to match.
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 match-command "command:show
interfaces brief" ?
permit Permit the specified action.
deny Deny the specified action.
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 match-command "command:show
interface brief" permit ?
log Generate an event log any time a match happens.
<cr>
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 match-command "command:show
interface brief" permit log ?
<cr>
ArubaOS-Switch(config)# aaa authorization group network-admin2 1 match-command "command:show
interface brief" permit log
ArubaOS-Switch(config)# aaa authorization group network-admin2 2 match-command "command:show
ip
" permit log
ArubaOS-Switch(config)# aaa authentication ?
allow-vlan Configure authenticator ports to apply VLAN changes immediately.
captive-portal Configure redirection to a captive portal server for additional
client authentication.
console Configure authentication mechanism used to control access to the
switch console.
disable-username Bypass the username during authentication while accessing the
switch to get Manager or Operator access.
local-user Create or remove a local user account.
lockout-delay The number of seconds after repeated login failures before a user
may again attempt login.
login Specify that switch respects the authentication server's privilege
level.
mac-based Configure authentication mechanism used to control mac-based port
access to the switch.
num-attempts The number of login attempts allowed.
port-access Configure authentication mechanism used to control access to the
network.
ssh Configure authentication mechanism used to control SSH access to
the switch.
telnet Configure authentication mechanism used to control Telnet access
to the switch.
web Configure authentication mechanism used to control web access to
the switch.
web-based Configure authentication mechanism used to control web-based port
access to the switch.
ArubaOS-Switch(config)# aaa authentication local-user ?
USERNAME-STR The username.
ArubaOS-Switch(config)# aaa authentication local-user test1 ?
56
aging-period Configures the password aging time for a user.
clear-history-record Clears the history of the password for a user.
group Specify the group for a username.
min-pwd-length Configures the minimum password length for a user.
ArubaOS-Switch(config)# aaa authentication local-user test1 group ?
GROUPNAME-STR The group name.
ArubaOS-Switch(config)# aaa authentication local-user test1 group network-admin2 ?
password Specify the password.
<cr>
ArubaOS-Switch(config)# aaa authentication local-user test1 group network-admin2 password ?
plaintext Use plain text password.
sha1 Use SHA-1 hash.
ArubaOS-Switch(config)# aaa authentication local-user test1 group network-admin2 password
plaint
ext ?
<cr>
ArubaOS-Switch(config)# aaa authentication local-user test1 group network-admin2 password
plaint
ext
New password for test1: ********
Please retype new password for test1: ********
ArubaOS-Switch# show authorization group ?
GROUPNAME-STR The group name.
<cr>
ArubaOS-Switch# show authorization group network-admin2
Local Management Groups - Authorization Information
Group Name : network-admin2
Group Privilege Level : 4
Users
----------------
test1
Seq. Num. | Permission Rule Expression Log
---------- + ---------- ------------------------------------------ -------
1 | Permit command:show interfaces brief Enable
2 | Permit command:show ip Enable
Comware 7
[Comware7]role ?
default-role Specify the default user role configuration
feature-group Specify a feature group
name Specify a name for the user role
[Comware7]role name ?
STRING<1-63> User role name
57
[Comware7]role name network-admin2 ?
<cr>
[Comware7]role name network-admin2
[Comware7-role-network-admin2]%Jun 25 21:48:33:154 2016 Comware7 RBAC/6/INFO: Anonymous user
created role network-admin2 successfully.
[Comware7-role-network-admin2]?
Role view commands:
cfd Connectivity Fault Detection (CFD) module
description Describe the user role
diagnostic-logfile Diagnostic log file configuration
display Display current system information
interface Specify the privilege of processing interface
ip Specify IP configuration
logfile Log file configuration
monitor System monitor
ping Ping function
quit Exit from current command view
return Exit to User View
rule Specify a privilege control rule for the user role
save Save current configuration
security-logfile Security log file configuration
tracert Tracert function
undo Cancel current setting
vlan Specify the privilege of processing VLAN
vpn-instance Specify the privilege of processing VPN instance
[Comware7-role-network-admin2]rule ?
INTEGER<1-256> Rule number
[Comware7-role-network-admin2]rule 1 ?
deny Deny access to the matched commands
permit Permit access to the matched commands
[Comware7-role-network-admin2]rule 1 permit ?
command Specify a command matching string
execute Specify the execute (X) type commands
read Specify the read (R) type commands
write Specify the write (W) type commands
[Comware7-role-network-admin2]rule 1 permit command ?
TEXT<1-128> Command matching string. It may comprise multiple segments
separated by semicolons. Each segment represents one or more
commands and can contain multiple wildcards (*). The commands of
the next segment, if any, must be subcommands of the previous
segment.
[Comware7-role-network-admin2]rule 1 permit command display interface brief ?
TEXT<1-104> Command matching string. It may comprise multiple segments
separated by semicolons. Each segment represents one or more
commands and can contain multiple wildcards (*). The commands of
the next segment, if any, must be subcommands of the previous
segment.
<cr>
[Comware7-role-network-admin2]rule 1 permit command display interface brief
[Comware7-role-network-admin2]rule 2 permit command display ip interface brief
Comware7]local-user ?
STRING<1-55> Local user name, which cannot contain the domain name
58
[Comware7]local-user test1 ?
class Specify a class for the local user
<cr>
[Comware7]local-user test1 class ?
manage Device management user
network Network access user
[Comware7]local-user test1 class manage ?
<cr>
[Comware7]local-user test1 class manage
New local user added.
[Comware7-luser-manage-test1]?
Local-user protocol view commands:
access-limit Specify the maximum concurrent access number for the
local user
authorization-attribute Specify authorization attributes of local user
bind-attribute Specify binding attributes of local user
cfd Connectivity Fault Detection (CFD) module
diagnostic-logfile Diagnostic log file configuration
display Display current system information
group Specify user group of local user
ip Specify IP configuration
logfile Log file configuration
monitor System monitor
password Specify password of local user
password-control Password control feature
ping Ping function
quit Exit from current command view
return Exit to User View
save Save current configuration
security-logfile Security log file configuration
service-type Specify a service type for the local user
state Specify state of local user
tracert Tracert function
undo Cancel current setting
[Comware7-luser-manage-test1]password ?
hash Specify a hashtext password
simple Specify a plaintext password
<cr>
[Comware7-luser-manage-test1]password simple ?
STRING<1-63> Plaintext password string
[Comware7-luser-manage-test1]password simple password ?
<cr>
[Comware7-luser-manage-test1]password simple password
[Comware7-luser-manage-test1]service-type ?
ftp FTP service
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
telnet Telnet service
terminal Terminal access service
[Comware7-luser-manage-test1]service-type telnet ?
59
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
terminal Terminal access service
<cr>
[Comware7-luser-manage-test1]service-type telnet
[Comware7-luser-manage-test1]authorization-attribute ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
user-role Specify user role of the local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
[Comware7-luser-manage-test1]authorization-attribute user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
network-admin2
[Comware7-luser-manage-test1]authorization-attribute user-role network-admin2 ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
<cr>
[Comware7-luser-manage-test1]authorization-attribute user-role network-admin2
[Comware7-luser-manage-test1]undo authorization-attribute user-role network-operator
[Comware7]display role ?
> Redirect it to a file
>> Redirect it to a file in append mode
feature Specify a feature
feature-group Specify a feature group
name Specify a name for the user role
| Matching output
60
<cr>
[Comware7]display role name ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
network-admin2
[Comware7]display role name network-admin2 ?
> Redirect it to a file
>> Redirect it to a file in append mode
| Matching output
<cr>
[Comware7]display role name network-admin2
Role: network-admin2
Description:
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit command display interface brief
2 permit command display ip interface brief
R:Read W:Write X:Execute
[Comware7]display local-user ?
> Redirect it to a file
>> Redirect it to a file in append mode
class Specify a class for the local user
idle-cut Display local users with idle cut function
service-type Display local users of specified service type
state Display local users in state of active or block
user-name Display local users using specified user name
vlan Display local users in specified VLAN
| Matching output
<cr>
[Comware7]display local-user user-name ?
STRING<1-55> User name
[Comware7]display local-user user-name test1 ?
class Specify a class for the local user
[Comware7]display local-user user-name test1 class ?
61
manage Device management user
network Network access user
[Comware7]display local-user user-name test1 class manage ?
> Redirect it to a file
>> Redirect it to a file in append mode
| Matching output
<cr>
[Comware7]display local-user user-name test1 class manage
Total 1 local users matched.
Device management user test1:
State: Active
Service type: Telnet
User group: system
Bind attributes:
Authorization attributes:
Work directory: flash:
User role list: network-admin2
Cisco
Cisco(config)#aaa new-model
Cisco(config)#parser ?
cache Configure parser cache
command Configure command serialization
config Configure config generation
maximum specify performance maximums for CLI operations
view View Commands
Cisco(config)#parser view ?
WORD View Name
Cisco(config)#parser view network-admin2 ?
superview SuperView Commands
<cr>
Cisco(config)#parser view network-admin2
Cisco(config-view)#?
View commands:
commands Configure commands for a view
default Set a command to its defaults
exit Exit from view configuration mode
no Negate a command or set its defaults
secret Set a secret for the current view
Cisco(config-view)#secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) view secret string
Cisco(config-view)#secret 0 ?
LINE The UNENCRYPTED (cleartext) view secret string
Cisco(config-view)#secret 0 password ?
LINE <cr>
Cisco(config-view)#secret 0 password
62
Cisco(config-view)#commands ?
SASL-profile SASL profile configuration mode
aaa-attr-list AAA attribute list config mode
aaa-user AAA user definition
acct_mlist AAA accounting methodlist definitions
address-family Address Family configuration mode
archive Archive the router configuration mode
arp-nacl ARP named ACL configuration mode
bgp address-family Address Family configuration mode
call-home call-home config mode
call-home-profile call-home profile config mode
cc-policy policy-map config mode
cfg-af-topo Configure non-base topology mode
cns-connect-config CNS Connect Info Mode
cns-connect-intf-config CNS Connect Intf Info Mode
cns-tmpl-connect-config CNS Template Connect Info Mode
conf-attr-map LDAP attribute map config mode
conf-ldap-server LDAP server config mode
conf-ldap-sg LDAP server group config mode
conf-rad-filter RADIUS filter config mode
conf-rad-server RADIUS server config mode
conf-tac-server Tacacs Server Definition
config-sensor-cdplist Subscriber CDP attribute list
config-sensor-dhcplist Subscriber DHCP attribute list
config-sensor-lldplist Subscriber LLDP attribute list
configure Global configuration mode
crypto-identity Crypto identity config mode
crypto-ipsec-profile IPSec policy profile mode
crypto-keyring Crypto Keyring command mode
crypto-map Crypto map config mode
crypto-map-fail-close Crypto map fail close mode
crypto-transform Crypto transform config mode
dhcp DHCP pool configuration mode
dhcp-class DHCP class configuration mode
dhcp-guard IPv6 dhcp guard configuration mode
dhcp-pool-class Per DHCP pool class configuration mode
dhcp-relay-info DHCP class relay agent info configuration mode
dhcp-subnet-secondary Per DHCP secondary subnet configuration mode
dot1x CTS dot1x configuration mode
dot1x-credential-mode dot1x credential profile configuration mode
eap-mprofile-mode eap method profile configuration mode
eap-profile-mode eap profile configuration mode
eigrp_af_classic_submode Address Family configuration mode
eigrp_af_intf_submode Address Family interfaces configuration mode
eigrp_af_submode Address Family configuration mode
eigrp_af_topo_submode Address Family Topology configuration mode
eigrp_sf_intf_submode Service Family interfaces configuration mode
eigrp_sf_submode Service Family configuration mode
eigrp_sf_topo_submode Service Family Topology configuration mode
exec Exec mode
extcomm-list IP Extended community-list configuration mode
fallback-profile-mode fallback profile configuration mode
fh_applet FH Applet Entry Configuration
fh_applet_trigger FH Applet Trigger Configuration
filterserver AAA filter server definitions
flow-cache Flow aggregation cache config mode
flow-sampler-map Flow sampler map config mode
flowexp Flow Exporter configuration mode
flowmon Flow Monitor configuration mode
flowrec Flow Record configuration mode
identity-policy-mode identity policy configuration mode
identity-profile-mode identity profile configuration mode
63
if-topo Configure interface topology parameters
interface Interface configuration mode
ip-sla IP SLAs entry configuration
ip-sla-dhcp IP SLAs dhcp configuration
ip-sla-dns IP SLAs dns configuration
ip-sla-ftp IP SLAs ftp configuration
ip-sla-http IP SLAs http configuration
ip-sla-http-rr IP SLAs HTTP raw request Configuration
ip-sla-icmpEcho IP SLAs icmpEcho configuration
ip-sla-pathEcho IP SLAs pathEcho configuration
ip-sla-pathJitter IP SLAs pathJitter configuration
ip-sla-tcp IP SLAs tcpConnect configuration
ip-sla-udpEcho IP SLAs udpEcho configuration
ip-sla-udpJitter IP SLAs udpJitter configuration
ip-sla-video IP SLAs video configuration
ipczone IPC Zone config mode
ipczone-assoc IPC Association config mode
ipenacl IP named extended access-list configuration
mode
iprbacl IP role-based access-list configuration mode
ipsnacl IP named simple access-list configuration mode
ipv6-router IPv6 router configuration mode
ipv6-snooping IPv6 snooping mode
ipv6acl IPv6 access-list configuration mode
ipv6dhcp IPv6 DHCP configuration mode
ipv6dhcpvs IPv6 DHCP Vendor-specific configuration mode
ipv6rbacl IPv6 role-based access-list configuration mode
isakmp-profile Crypto ISAKMP profile command mode
kron-occurrence Kron Occurrence SubMode
kron-policy Kron Policy SubMode
line Line configuration mode
log_config Log configuration changes made via the CLI
mac-enacl MAC named extended ACL configuration mode
mac_address_config MAC address group configuration mode
macro_auto_trigger_cfg Configuration mode for autosmartport user
triggers
manual CTS manual configuration mode
map-class Map class configuration mode
map-list Map list configuration mode
mka-policy MKA Policy config mode
mmon-fmon Flow Monitor configuration mode
mmon-fmon-if-inline Flow Monitor inline configuration mode under
inline policy
mmon-fmon-pmap-inline Flow Monitor inline configuration mode under
policy class
mstp_cfg MSTP configuration mode
mt-flowspec mt flow specifier
mt-path mt path-config
mt-prof-perf mt profile perf-monitor
mt-prof-perf-params mt profile perf-monitor parameters
mt-prof-perf-rtp-params mt profile perf-monitor rtp parameters
mt-prof-sys mt profile system
mt-prof-sys-params mt profile system parameters
mt-sesparam mt session-params
multicast-flows-classmap multicast-classmap config mode
nd-inspection IPv6 NDP inspection configuration mode
nd-raguard IPv6 RA guard configuration mode
null-interface Null interface configuration mode
parser_test Test mode for internal test purposes
policy-list IP Policy List configuration mode
preauth AAA Preauth definitions
profile-map profile-map config mode
radius-attrl Radius Attribute-List Definition
64
radius-da-locsvr Radius Application configuration
radius-locsvr-client Radius Client configuration
radius-policy-device-locsvr Radius Application configuration
radius-proxy-locsvr Radius Application configuration
radius-sesm-locsvr Radius Application configuration
rib_rwatch_test RIB_RWATCH test configuration mode
route-map Route map config mode
router Router configuration mode
router-af-topology Topology configuration mode
router_eigrp_classic EIGRP Router configuration classic mode
router_eigrp_named EIGRP Router configuration named mode
rsvp-local-if-policy RSVP local policy interface configuration mode
rsvp-local-policy RSVP local policy configuration mode
rsvp-local-subif-policy RSVP local policy sub-interface configuration
mode
saf_ec_cfg Saf external-clients configuration mode
saf_ec_client_cfg Saf external-client configuration mode
sampler Sampler configuration mode
scope scope configuration mode
scope address-family Address Family configuration mode
scope address-family topology Topology configuration mode
sep-init-config WSMA Initiator profile Mode
sep-listen-config WSMA Listener profile Mode
sf_client_reg_mode service-family exec test mode
sg-radius Radius Server-group Definition
sg-tacacs+ Tacacs+ Server-group Definition
sisf-sourceguard IPv6 sourceguarde mode
ssh-pubkey SSH public key identification mode
ssh-pubkey-server SSH public key entry mode
ssh-pubkey-user SSH public key entry mode
subscriber-policy Subscriber policy configuration mode
tcl Tcl mode
template Template configuration mode
template-peer-policy peer-policy configuration mode
template-peer-session peer-session configuration mode
top-af-base AF base topology configuration mode
top-talkers Netflow top talkers config mode
tracking-config Tracking configuration mode
transceiver Transceiver type config mode
vc-class VC class configuration mode
view View configuration mode
vrf Configure VRF parameters
vrf-af Configure IP VRF parameters
wsma-config-agent WSMA Config Agent Profile configuration mode
wsma-exec-agent WSMA Exec Agent Profile configuration mode
wsma-filesys-agent WSMA FileSys Agent Profile configuration mode
wsma-notify-agent WSMA Notify Agent Profile configuration mode
xml-app XML Application configuration mode
xml-transport XML Transport configuration mode
Cisco(config-view)#commands exec ?
exclude Exclude the command from the view
include Add command to the view
include-exclusive Include in this view but exclude from others
Cisco(config-view)#commands exec include ?
LINE Keywords of the command
all wild card support
Cisco(config-view)#commands exec include show interface summary ?
LINE <cr>
Cisco(config-view)#commands exec include show interface summary
65
Cisco(config-view)#commands exec include show ip interface brief
Cisco(config-view)#exit
Cisco(config)#username test1 privilege 15 view network-admin2 password 0 password
66
Chapter 3 Time Service
This chapter compares commands to configure and synchronize the switch time with a trusted time
source, using time protocols such as Network Time Protocol (NTP) and Simple NTP (SNTP).
Using time synchronization ensures a uniform time among interoperating devices. This helps to manage
and troubleshoot switch operation by attaching meaningful time data to event and error messages.
NTP CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware7
Cisco
Configuration commands
ntp server
10.0.100.251
ntp server
10.0.100.251
ntp unicast
ntp enable
ntp-service unicast-
server 10.0.100.251
ntp server 10.0.100.251
clock timezone
us/central
clock timezone us
central
ntp-service enable
clock timezone US-Cent -
6
clock summer-time
clock timezone US-
Central minus
06:00:00
ntp server {ip-
address} [key key-
id] [maxpoll max-
poll] [minpoll min-
poll] [prefer]
[version]
ntp vrf mgmt|default
ntp server <IP-
ADDR>
ntp server <IPV6-
ADDR>
ntp server {ip-address |
ipv6-address | dns-name}
[key key-id] [maxpoll
max-poll] [minpoll min-
poll] [prefer]
ntp server vrf <>
User Exec / Privileged Exec Commands
show ntp
associations
show ntp
association
display ntp-service
sessions
show ntp associations
show ntp status
show ntp status
show ntp status
show clock
show time
display clock
show clock
show clock detail
NTP Service configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# ntp
authentication NTP Authentication configuration
authentication-key NTP Authentication Key configuration
server NTP Association configuration
trusted-key NTP Trusted Key configuration
vrf NTP VRF to use for NTP server connections
ArubaOS-CX-Switch(config)# ntp authentication
authentication NTP Authentication configuration
authentication-key NTP Authentication Key configuration
ArubaOS-CX-Switch(config)# ntp authentication
<cr>
ArubaOS-CX-Switch(config)# ntp authentication-key
<1-65534> NTP Key Number
67
ArubaOS-CX-Switch(config)# ntp authentication-key 33
md5 MD5 Password configuration
ArubaOS-CX-Switch(config)# ntp authentication-key 33 md5
WORD NTP MD5 Password <8-16> chars
ciphertext NTP cipher-password is encoded cipher-text
ArubaOS-CX-Switch(config)# ntp authentication-key 44 md5 ciphertext222
trusted NTP Key is trusted
<cr>
ArubaOS-CX-Switch(config)# ntp authentication-key 44 md5 ciphertext222
ArubaOS-CX-Switch(config)# ntp server
WORD NTP Association server name or IP Address
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2
burst NTP Association use burst mode
iburst NTP Association use iburst mode
key-id NTP Key ID
maxpoll NTP maximum poll time to use configuration
minpoll NTP minimum poll time to use configuration
prefer NTP Association preference configuration
version NTP Association version configuration
<cr>
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2 minpoll
<4-17> NTP minimum poll time as a power of 2 (default 6)
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2 minpoll 5
burst NTP Association use burst mode
iburst NTP Association use iburst mode
key-id NTP Key ID
maxpoll NTP maximum poll time to use configuration
prefer NTP Association preference configuration
version NTP Association version configuration
<cr>
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2 minpoll 5 maxpoll
<4-17> NTP maximum poll time as a power of 2 (default 10)
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2 minpoll 5 maxpoll 10
burst NTP Association use burst mode
iburst NTP Association use iburst mode
key-id NTP Key ID
prefer NTP Association preference configuration
version NTP Association version configuration
<cr>
ArubaOS-CX-Switch(config)# ntp server 10.0.0.2 minpoll 5 maxpoll 10
ArubaOS-CX-Switch# show ntp
associations Show NTP Association summary
authentication-keys Show NTP Authentication Keys information
servers Show NTP Servers information
statistics Show NTP Statistics information
status Show NTP Status information
ArubaOS-CX-Switch# show ntp associations
detail Show NTP Association column header information
vsx-peer Displays VSX peer switch information
68
ArubaOS-CX-Switch# show ntp authentication-keys
vsx-peer Displays VSX peer switch information
<cr>
ArubaOS-CX-Switch# show ntp servers
vsx-peer Displays VSX peer switch information
<cr>
ArubaOS-CX-Switch# show ntp statistics
vsx-peer Displays VSX peer switch information
<cr>
ArubaOS-CX-Switch# show ntp status
vsx-peer Displays VSX peer switch information
<cr>
ArubaOS-Switch
ArubaOS-Switch(config)# ntp ?
authentication Configure NTP authentication.
broadcast Operate in broadcast mode.
enable Enable/disable NTP.
max-association Maximum number of Network Time Protocol (NTP) associations.
server Configure a NTP server to poll for time synchronization.
trap Enable/disable NTP traps.
unicast Operate in unicast mode.
ArubaOS-Switch(config)# ntp server ?
IP-ADDR The IPv4 address of the server
IPV6-ADDR The IPv6 address of the server
ArubaOS-Switch(config)# ntp server 10.0.100.251 ?
burst Enables burst mode.
iburst Enables initial burst (iburst) mode.
key-id Set the authentication key to use for this server.
max-poll Configures the maximum time intervals in seconds.
min-poll Configures the minimum time intervals in seconds.
oobm Use the OOBM interface to connect to the server.
<cr>
ArubaOS-Switch(config)# ntp server 10.0.100.251
ArubaOS-Switch(config)# ntp unicast ?
<cr>
ArubaOS-Switch(config)# ntp unicast
ArubaOS-Switch(config)# timesync ?
ntp Update the system clock using NTP.
sntp Update the system clock using SNTP.
timep Update the system clock using TIMEP.
timep-or-sntp Update the system clock using TIMEP or SNTP.
ArubaOS-Switch(config)# timesync ntp ?
<cr>
ArubaOS-Switch(config)# timesync ntp
ArubaOS-Switch(config)# show ntp associations
NTP Associations Entries
Remote St T When Poll Reach Delay Offset Dispersion
69
--------------- ---- ---- ------ ----- -------- -------- -------- ----------
10.0.100.251 2 u 497 6 177 0.000 0.000 8.02417
ArubaOS-Switch# show ntp status
NTP Status Information
NTP Status : Enabled NTP Mode : Unicast
Synchronization Status : Synchronized Peer Dispersion : 0.00000 sec
Stratum Number : 3 Leap Direction : 0
Reference Assoc ID : 0 Clock Offset : -490.51406 sec
Reference ID : 10.0.100.251 Root Delay : 0.09215 sec
Precision : 2**-18 Root Dispersion : 490.54954 sec
NTP Up Time : 0d 0h 20m Time Resolution : 440 nsec
Drift : 0.00000 sec/sec
System Time : Wed Apr 27 17:43:49 2016
Reference Time : Wed Apr 27 16:21:27 2016
ArubaOS-Switch(config)# clock ?
datetime Specify the time and date
set Set current time and/or date.
summer-time Enable/disable daylight-saving time changes.
timezone Set the number of hours your location is to the West(-) or East(+)
of GMT.
<cr>
ArubaOS-Switch(config)# clock timezone ?
gmt Number of hours your timezone is to the West(-) or East(+) of GMT.
us Timezone for US locations.
ArubaOS-Switch(config)# clock timezone us
alaska
aleutian
arizona
central
east_indiana
eastern
hawaii
michigan
mountain
pacific
samoa
ArubaOS-Switch(config)# clock timezone us central
<cr>
ArubaOS-Switch(config)# clock summer-time
<cr>
ArubaOS-Switch(config)# time ?
begin-date The begin date of daylight savings time
MM/DD[/[YY]YY] New date
daylight-time-rule The daylight savings time rule for your location
end-date The end date of daylight savings time
HH:MM[:SS] New time
timezone The number of minutes your location is West(-) or East(+) of GMT
<cr>
ArubaOS-Switch(config)# time daylight-time-rule ?
none
70
alaska
continental-us-and-canada
middle-europe-and-portugal
southern-hemisphere
western-europe
user-defined
ArubaOS-Switch(config)# time daylight-time-rule continental-us-and-canada ?
begin-date The begin date of daylight savings time
MM/DD[/[YY]YY] New date
end-date The end date of daylight savings time
HH:MM[:SS] New time
timezone The number of minutes your location is West(-) or East(+) of GMT
<cr>
ArubaOS-Switch(config)# time daylight-time-rule continental-us-and-canada
ArubaOS-Switch# show time
Wed Apr 27 17:45:52 2016
Comware 7
[Comware7]ntp-service ?
authentication Configure NTP authentication
authentication-keyid Specify an authentication key ID
dscp Set the Differentiated Services Codepoint (DSCP) value
enable Enable NTP service
ipv6 IPv6 protocol
max-dynamic-sessions Specify the maximum number of dynamic NTP sessions
peer Permit full access
query Permit control query
refclock-master Configure the local clock as a master clock
reliable Specify a trusted key
server Permit server access and query
source Specify a source interface
synchronization Permit server access only
unicast-peer Specify a NTP peer
unicast-server Specify a NTP server
[Comware7]ntp-service unicast-server ?
STRING<1-253> Host name of the NTP server
X.X.X.X IP address of the NTP server
[Comware7]ntp-service unicast-server 10.0.100.251 ?
authentication-keyid Specify an authentication key ID
priority Specify the NTP peer as the first choice under the same
condition
source Specify a source interface
version Specify NTP version
vpn-instance Specify a VPN instance
<cr>
[Comware7]ntp-service unicast-server 10.0.100.251
[Comware7]ntp-service enable ?
<cr>
[Comware7]ntp-service enable
[Comware7]display ntp-service ?
sessions NTP connection
71
status NTP status and configuration information
trace Trace the time synchronization information
[Comware7]display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]10.0.100.251 216.218.192.202 2 255 64 18 3.1524 2.6092 4.0741
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Total sessions: 1
[Comware7]display ntp-service status
Clock status: synchronized
Clock stratum: 3
System peer: 10.0.100.251
Local mode: client
Reference clock ID: 10.0.100.251
Leap indicator: 00
Clock jitter: 0.000153 s
Stability: 0.000 pps
Clock precision: 2^-17
Root delay: 94.17725 ms
Root dispersion: 11.99341 ms
Reference time: d8be1d3e.190e4251 Thu, Mar 26 2015 0:53:02.097
[Comware7]clock ?
protocol Specify a time protocol
summer-time Configure daylight saving time
timezone Configure time zone
[Comware7]clock timezone ?
STRING<1-32> Name of time zone
[Comware7]clock timezone US-Central ?
add Add time zone offset
minus Minus time zone offset
[Comware7]clock timezone US-Central minus ?
TIME Time zone offset (hh:mm:ss)
[Comware7]clock timezone US-Central minus 06:00:00 ?
<cr>
[Comware7]clock timezone US-Central minus 06:00:00
[Comware7]clock summer-time ?
STRING<1-32> Name of the daylight saving time
[Comware7]clock summer-time US-Central ?
TIME Time to start (HH:MM:SS)
[Comware7]clock summer-time US-Central 02:00:00 ?
STRING<1-32> Date to start (MM/DD)
January Start from January
February Start from February
March Start from March
April Start from April
May Start from May
June Start from June
July Start from July
August Start from August
September Start from September
October Start from October
72
November Start from November
December Start from December
[Comware7]clock summer-time US-Central 02:00:00 03/08 ?
TIME Time to end (hh:mm:ss)
[Comware7]clock summer-time US-Central 02:00:00 03/08 02:00:00 ?
STRING<1-32> Date to end (MM/DD)
[Comware7]clock summer-time US-Central 02:00:00 03/08 02:00:00 11/01 ?
TIME Time offset (hh:mm:ss)
[Comware7]clock summer-time US-Central 02:00:00 03/08 02:00:00 11/01 01:00:00 ?
<cr>
[Comware7]clock summer-time US-Central 02:00:00 03/08 02:00:00 11/01 01:00:00
[Comware7]clock protocol ?
none Manually set the system time at the CLI
ntp Use the Network Time Protocol (NTP)
ptp Use the Precision Time Protocol (PTP)
[Comware7]clock protocol ntp ?
<cr>
[Comware7]clock protocol ntp
[Comware7]display clock
01:08:21 US-Central Thu 03/26/2015
Time Zone : US-Central minus 06:00:00
Summer Time : US-Central 02:00:00 03/08 02:00:00 11/01 01:00:00
Cisco
Cisco(config)#ntp ?
access-group Control NTP access
allow Allow processing of packets
authenticate Authenticate time sources
authentication-key Authentication key for trusted time sources
broadcastdelay Estimated round-trip delay
clock-period Length of hardware clock tick
logging Enable NTP message logging
master Act as NTP master clock
max-associations Set maximum number of associations
maxdistance Maximum Distance for synchronization
passive NTP passive mode
peer Configure NTP peer
server Configure NTP server
source Configure interface for source address
trusted-key Key numbers for trusted time sources
Cisco(config)#ntp server ?
A.B.C.D IP address of peer
WORD Hostname of peer
X:X:X:X::X IPv6 address of peer
ip Use IP for DNS resolution
ipv6 Use IPv6 for DNS resolution
Cisco(config)#ntp server 10.0.100.251 ?
burst Send a burst when peer is reachable
iburst Send a burst when peer is unreachable
key Configure peer authentication key
maxpoll Maximum poll interval
73
minpoll Minimum poll interval
prefer Prefer this peer when possible
source Interface for source address
version Configure NTP version
<cr>
Cisco(config)#ntp server 10.0.100.251
Cisco#show ntp ?
associations NTP associations
status NTP status
Cisco#show ntp associations
address ref clock st when poll reach delay offset disp
*~10.0.100.251 216.218.192.20 2 25 64 177 2.322 2.130 64.390
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
Cisco#show ntp status
Clock is synchronized, stratum 3, reference is 10.0.100.251
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
reference time is D8A9E976.CDEA704C (22:06:46.804 UTC Tue Mar 10 2015)
clock offset is 2.1303 msec, root delay is 102.49 msec
root dispersion is 447.09 msec, peer dispersion is 64.39 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000007 s/s
system poll interval is 64, last update was 178 sec ago.
Cisco(config)#clock ?
initialize Initialize system clock on restart
save backup of clock with NVRAM
summer-time Configure summer (daylight savings) time
timezone Configure time zone
Cisco(config)#clock timezone ?
WORD name of time zone
Cisco(config)#clock timezone US-Central ?
<-23 - 23> Hours offset from UTC
Cisco(config)#clock timezone US-Central -6 ?
<0-59> Minutes offset from UTC
<cr>
Cisco(config)#clock timezone US-Central -6
%Time zone name is limited to 7 characters
Cisco(config)#clock timezone US-Cent -6
Cisco(config)#clock summer-time ?
WORD name of time zone in summer
Cisco(config)#clock summer-time US-Cent ?
date Configure absolute summer time
recurring Configure recurring summer time
Cisco(config)#clock summer-time US-Cent date ?
<1-31> Date to start
MONTH Month to start
Cisco(config)#clock summer-time US-Cent date mar ?
<1-31> Date to start
Cisco(config)#clock summer-time US-Cent date mar 8 ?
<1993-2035> Year to start
74
Cisco(config)#clock summer-time US-Cent date mar 8 2015 ?
hh:mm Time to start (hh:mm)
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 ?
<1-31> Date to end
MONTH Month to end
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov ?
<1-31> Date to end
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov 1 ?
<1993-2035> Year to end
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov 1 2015 ?
hh:mm Time to end (hh:mm)
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov 1 2015 02:00 ?
<1-1440> Offset to add in minutes
<cr>
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov 1 2015 02:00 60 ?
<cr>
Cisco(config)#clock summer-time US-Cent date mar 8 2015 02:00 nov 1 2015 02:00 60
Cisco#show clock
17:16:15.928 US-Cent Tue Mar 10 2015
Cisco#show clock detail
17:16:45.950 US-Cent Tue Mar 10 2015
Time source is NTP
Summer time starts 02:00:00 US-Cent Sun Mar 8 2015
Summer time ends 02:00:00 US-Cent Sun Nov 1 2015
75
Chapter 4 CLI Management Access – SSH
This chapter compares the commands to enable and configure Secure Shell (SSH) services for device
management via unencrypted and encrypted network access.
Note: ssh on Cisco does not support ‘local’ (password only) on vty interfaces and must be configured
for ‘login local’.
You can find configuration details for User ID’s and Password’s in Chapter 2.
SSH CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware7
Cisco
Configuration
commands
hostname ArubaOS-CX-
Switch
public-key local
create rsa
hostname Cisco
ip dns domain-name
HPE-Aruba
ssh server enable
ip domain-name test
ssh host-key ed25519
crypto key generate
ssh
user-interface vty 0
63
authentication-mode
scheme
protocol inbound ssh
crypto key generate
ssh known-host
remove all
local-user <name>
password simple
password
service-type ssh
authorization-
attribute user-role
network-admin
username <name>
privilege 15 password
<password>
ssh server vrf mgmt
Show/display
commands
show ssh server all-
vrfs
show ssh
authentication-
method
show ip ssh
display public-key
local rsa public
show ip ssh
show ssh <0-97>
show ssh host-key
show crypto host-
public-key
show crypto key
mypubkey rsa
SSH Service configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# ssh
host-key SSH server host-keys.
known-host Client trusted servers list.
password-authentication Password authentication method enabled by default.
76
public-key-authentication Publickey authentication method enabled by default.
server Configure SSH server.
ArubaOS-CX-Switch(config)# ssh known-host
remove Delete client trusted servers list.
ArubaOS-CX-Switch(config)# ssh known-host remove
A.B.C.D Specify the host IPv4 address of the remote system.
WORD Specify the hostname of the remote system.
X:X::X:X Specify the host IPv6 address of the remote system.
all Delete client all trusted servers list.
ArubaOS-CX-Switch(config)# ssh known-host remove all
<cr>
ArubaOS-CX-Switch(config)# ssh known-host remove all
ArubaOS-CX-Switch(config)# ssh server
vrf Configure SSH server for VRF.
ArubaOS-CX-Switch(config)# ssh server vrf
VRF-NAME Enter the VRF instance. 'default' or 'mgmt' or a configured VRF instance.
ArubaOS-CX-Switch(config)# ssh server vrf mgmt.
ArubaOS-CX-Switch(config)# do show ssh
authentication-method Show authentication method.
host-key Show SSH server host-keys.
server Show SSH server details.
ArubaOS-CX-Switch(config)# do show ssh host-key
ecdsa Show SSH server ECDSA host-key.
ed25519 Show SSH server ED25519 host-key.
rsa Show SSH server RSA host-key.
<cr>
ArubaOS-CX-Switch(config)# do show ssh host-key
Key Type : ECDSA Curve : ecdsa-sha2-nistp256
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLwI/ekxuJQxGvPviDCWsK2fp1c
fqJwdkzKFspuVOML85LI6zFBlJtOfJLG3K6nAY0h4OSVFm2iuBrPlqa8+KFY=
Key Type : ED25519
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvOajmFM4bL/0mydg+a82EnpreKuho1Dj5Qj7fw/oZY
Key Type : RSA Key Size : 2048
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC4TfLYwYz4t8C8UV4mk7lUbyzQs15mxhJnlpXdgv5T6fPkSr5pJtfFXZ1iSk8/4AbjJ
928KXmfBRVCOJLCYn98fqGF1A7OWhRk6u15MewA4I63Doc1VxL/nGzkje5nT/26r96wLwI9l/A3FLjVJio9cSs4aIGZh6EV7c
llWYXvvkGQAIMDUmKyLhzLsX09Sr6lCZm1tRsES1KLjYk9bwdY7BgvzS0rv4Gj6s/FEZ03HOW6S+M5bAmb3IqV1nTKz+hn8nK
3DwyZBM42tJyr+txRMgU9G2LDt66+lp/1sPaprQkYf7NU9bIyAOkrOwDKES+Tqw5aOHgTX00od1FSTsWv
ArubaOS-Switch
ArubaOS-Switch(config)# crypto ?
key Install/remove RSA key file for ssh.
pki Public Key Infrastructure management
ArubaOS-Switch(config)# crypto key ?
generate Generate a new key.
77
zeroize Delete existing key.
ArubaOS-Switch(config)# crypto key generate ?
autorun-key Install RSA key file for autorun
ssh Install host key file for ssh server.
ArubaOS-Switch(config)# crypto key generate ssh ?
dsa Install DSA host key.
rsa Install RSA host key.
<cr>
ArubaOS-Switch(config)# crypto key generate ssh
Installing new key pair. If the key/entropy cache is
depleted, this could take up to a minute.
ArubaOS-Switch(config)# ip ssh ?
cipher Specify a cipher to enable/disable.
filetransfer Enable/disable secure file transfer capability.
listen Specify in which mode daemon should listen in.
mac Specify a mac to enable/disable.
port Specify the TCP port on which the daemon should listen for SSH
connections.
public-key Configure a client public-key.
timeout Specify the maximum length of time (seconds) permitted for
protocol negotiation and authentication.
<cr>
ArubaOS-Switch(config)# ip ssh
ArubaOS-Switch(config)# no telnet-server
ArubaOS-Switch# show ip ssh
SSH Enabled : Yes Secure Copy Enabled : No
TCP Port Number : 22 Timeout (sec) : 120
Host Key Type : RSA Host Key Size : 2048
Ciphers : aes256-ctr,aes256-cbc,[email protected],aes192-ctr,
aes192-cbc,aes128-ctr,aes128-cbc,3des-cbc
MACs : hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96
Ses Type | Source IP Port
--- -------- + ---------------------------------------------- -----
1 console |
2 telnet |
3 ssh | 10.0.100.80 59987
4 inactive |
5 inactive |
6 inactive |
7 inactive |
ArubaOS-Switch# show crypto host-public-key
SSH host public key:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2tfJ6jJIdewRSD8D5YV8/wqWPLa0leK5VDBDBZeqmAIJ
GL7JQmO+N+WgPVvbIm8V20QCqR1WHVsVNUAE6O6ErFybfk098Y089HuA7v6ej8lTF9r0U0BMQuNLp5C4
++92wCh/mWJmwTUBIqY2w2tfq4rtNxap123456789054/6o5wIHHC8fNjUf5pwil+nxYOk/migsklDAG
CyH6OdUWWO2Rb2J/nouBOyz/VKLLuT4kO8LF728rxPBQfk7m/a3cKBKkSAM9O+cuTDzT1u3hOnc3zKGh
78
Q38nMfTPvCCQZLTljhGGywHl0uGxzHbSFShRyIRyIrMpvQtX85GcLcZLhw==
-or-
ArubaOS-Switch# show ip host-public-key
SSH host public key:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2tfJ6jJIdewRSD8D5YV8/wqWPLa0leK5VDBDBZeqmAIJ
GL7JQmO+N+WgPVvbIm8V20QCqR1WHVs123456789054Fybfk098Y0HuA7v6ej8lTF9r0U0BMQuNLp5C4
++92wCh/mWJmwTUBIqY2w2tfq4rtNxapHN+NTQAiPQIc/6o5wIHHC8fNjUf5pwil+nxYOk/migsklDAG
CyH6OdUWWO2Rb2J/nouBOyz/VKLLuT4kO8LF728rxPBQfk7m/a3cKBKkSAM9O+cuTDzT1u3hOnc3zKGh
Q38nMfTPvCCQZLTljhGGywHl0uGxzHbSFShRyIRyIrMpvQtX85GcLcZLhw==
Comware7
[Comware7]public-key ?
local Local key pairs
peer Configure peer's public key
[Comware7]public-key local ?
create Create a local key pair
destroy Destroy local key pairs
export Print or export the public key
[Comware7]public-key local create ?
dsa DSA key pair
ecdsa ECDSA key pair
rsa RSA key pairs
[Comware7]public-key local create rsa ?
name Specify the name of the key pair
<cr>
[Comware7]public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
[Comware7]user-interface vty 0 63
[Comware7-line-vty0-63]authentication-mode ?
none Login without authentication
password Password authentication
scheme Authentication use AAA
[Comware7-line-vty0-63]authentication-mode scheme ?
<cr>
[Comware7-line-vty0-63]authentication-mode scheme
[Comware7-line-vty0-63]protocol ?
inbound Incoming protocols
[Comware7-line-vty0-63]protocol inbound ?
all All protocols
ssh SSH protocol
telnet Telnet protocol
[Comware7-line-vty0-63]protocol inbound ssh ?
79
<cr>
[Comware7-line-vty0-63]protocol inbound ssh
[Comware7]local-user <name>
[Comware7-luser-manage-ssh-manager]password simple password
[Comware7-luser-manage-ssh-manager]service-type ?
ftp FTP service
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
telnet Telnet service
terminal Terminal access service
[Comware7-luser-manage-ssh-manager]service-type ssh ?
http HTTP service type
https HTTPS service type
pad X.25 PAD service
telnet Telnet service
terminal Terminal access service
<cr>
[Comware7-luser-manage-ssh-manager]service-type ssh
NOTE: by configuring ‘protocol inbound ssh’ on the vty interfaces, if telnet access was previously enabled, it is now functionally
disabled, however still remove the ‘telnet server enable’ command, as done later in a few steps.
[Comware7-luser-manage-ssh-manager]authorization-attribute ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
user-role Specify user role of the local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
[Comware7-luser-manage-ssh-manager]authorization-attribute user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
80
[Comware7-luser-manage-ssh-manager]authorization-attribute user-role network-admin ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
user-profile Specify user profile of local user
vlan Specify VLAN ID of local user
work-directory Specify work directory of local user
<cr>
[Comware7-luser-manage-ssh-manager]authorization-attribute user-role network-admin
[Comware7]undo telnet server enable
[Comware7]ssh ?
client SSH client configuration
server Specify the server attribute
user SSH user
[Comware7]ssh server ?
acl Specify an ACL used to control the SSH clients' access
authentication-retries Specify authentication retry times
authentication-timeout Specify authentication timeout
compatible-ssh1x Enable compatible ssh1x
dscp Set the Differentiated Services Codepoint (DSCP) value
enable Enable Stelnet Server
ipv6 IPv6 information
rekey-interval Specify the SSH server key rekey-interval
[Comware7]ssh server enable ?
<cr>
[Comware7]ssh server enable
[Comware7]display ssh server ?
session Server session
status Server state
[Comware7]display ssh server status
Stelnet server: Enable
SSH version : 1.99
SSH authentication-timeout : 60 second(s)
SSH server key generating interval : 0 hour(s)
SSH authentication retries : 3 time(s)
SFTP server: Disable
SFTP Server Idle-Timeout: 10 minute(s)
NETCONF server: Disable
SCP server: Disable
[Comware7]display ssh server session
UserPid SessID Ver Encrypt State Retries Serv Username
583 0 2.0 aes256-cbc Established 0 Stelnet ssh-manager
[Comware7]display public-key local rsa public
=============================================
Key name: hostkey(default)
Key type: RSA
Time when key pair created: 17:51:54 2015/03/26
Key code:
81
30819F300D06092A864886F70D010101050003818D0030818902818100BF00CF5B0FC7B9DA
6AB174B8F791617F737BD82DE62BA6E08F93067AEAC21AC025307DAF5C2C2934B95AD686C6
9D6281E76387E938743A29033123456789054FEFC0BE17FDCBA9E470BE1DCB1FF6D8E5B10E
A3BC17337C52A34297C849B3EF15D08FE49A239A3574516F5EF2C97234B588071A0E89CC7F
786818BBD277CA84FF0203010001
=============================================
Key name: serverkey(default)
Key type: RSA
Time when key pair created: 17:51:54 2015/03/26
Key code:
307C300D06092A864886F70D0101010500036B003068026100C9A1E046BBEF0B7CAE47A07C
DF278BA5B7C0BADC12462EEB1234567890541FFD2935C27F8220AA7AE0DBB1600091E104CA
F8577E0EAE794EC8BB8E094CEBA16277583A06EF175EC91FE6E0045EFC806B551402940EC9
4074F97B9588FF45FDFF0203010001
Cisco
Note: must configure the hostname and default domain before the ‘crypto key generate’ process.
Cisco(config)#hostname Cisco
Cisco(config)#ip domain-name test
Cisco(config)#crypto ?
ca Certification authority
key Long term key operations
pki Public Key components
Cisco(config)#crypto key ?
decrypt Decrypt a keypair.
encrypt Encrypt a keypair.
export Export keys
generate Generate new keys
import Import keys
move Move keys
pubkey-chain Peer public key chain management
storage default storage location for keypairs
zeroize Remove keys
Cisco(config)#crypto key generate ?
rsa Generate RSA keys
<cr>
Cisco(config)#crypto key generate
The name for the keys will be: Cisco.test
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
Cisco(config)#ip ssh ?
authentication-retries Specify number of authentication retries
82
break-string break-string
dh Diffie-Hellman
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
maxstartups Maximum concurrent sessions allowed
port Starting (or only) Port number to listen on
precedence IP Precedence value for SSH traffic
pubkey-chain pubkey-chain
rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH
connections
stricthostkeycheck Enable SSH Server Authentication
time-out Specify SSH time-out interval
version Specify protocol version to be supported
Cisco(config)#ip ssh version ?
<1-2> Protocol version
Cisco(config)#ip ssh version 2
Cisco(config)#line vty 0 15
Cisco(config-line)#login ?
local Local password checking
<cr>
Cisco(config-line)#login local ?
<cr>
Cisco(config-line)#login local
Cisco(config-line)#transport ?
input Define which protocols to use when connecting to the terminal
server
output Define which protocols to use for outgoing connections
preferred Specify the preferred protocol to use
Cisco(config-line)#transport input ?
all All protocols
none No protocols
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
Cisco(config-line)#transport input ssh ?
telnet TCP/IP Telnet protocol
<cr>
Cisco(config-line)#transport input ssh
Cisco(config)#username <name> privilege 15 password <password>
Cisco#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
83
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDEbwH5h57hZcqQbC07QmgIUC7icCexxBtx52vejCnp
ZAsaZzXMXahBSiGYs+GTZePb12345678905Zrk1BwpoZICOO5S8Fk7Gu0e9ilfRdETAstz01YmboasSJ
5rUp3sIasRHGMp3CZHQt520Dv22bDHoCBGEQ8+JF5IJ0kgYkhw==
Cisco#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-cbc hmac-sha1 Session started manager
0 2.0 OUT aes256-cbc hmac-sha1 Session started manager
%No SSHv1 server connections running.
Cisco#show crypto key mypubkey rsa
% Key pair was generated at: 18:03:26 US-Cent Feb 28 1993
Key name: TP-self-signed-2443920256
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00C46F01
F9879EE1 65CA906C 2D3B4268 08502EE2 7027B1C4 1B71E76B DE8C29E9 640B1A67
35CC5DA8 414A2198 B3E19365 E312384E 9A386D0D D80699AE 4D41C29A 1920238E
E52F0593 B1AED1EF 6295F45D 11302CB7 3D356266 E86A4569 E6B529DE C21AB111
C6329DC2 64742DE7 6D03BF6D 9B0C7A02 046110F3 E245E482 74920624 87020301 0001
% Key pair was generated at: 01:34:01 US-Cent Mar 27 2015
Key name: TP-self-signed-2443920256.server
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B51791 797FFD80
F0484B82 1F944989 BF12382B 035B1DC4 92B6C4D9 F9FF1AE8 B8D6CDFF B6AF6BDF
A9764C7B CB1B9E58 C711892E 1C2B11F5 D1A38AA2 1C456427 2D3F2A49 5757F8D4
8F9D0DA4 FBD0AD43 CC513CA3 91F790F1 0B57EBC6 2164D46E 85020301 0001
% Key pair was generated at: 02:28:42 US-Cent Mar 27 2015
Key name: Cisco.test
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AB1487 78C90D6E
3332E08F AD4B26DB 541233F8 1D56986A 5F89DB27 074456AD 07022442 F6DB3765
4CF3E3FE 7C55A9A7 F958A17C 2CDFCD8B 1E7F86C6 B41894EB 6B020301 0001
84
Chapter 5 GUI Management Access – HTTPS
This chapter compares the commands used to enable and configure browser-based applications to
manage the switch via unencrypted and encrypted network acess methods.
Enable standard TCP port 80 access for unencrypted management access to the switch.
For encrypted management accesss to the switch use TCP port 443, and must configure Secure Sockets
Layer (SSL).
You can find configuration details for User ID’s and Password’s in Chapter 2.
HTTPS CLI Comparision
ArubaOS-CX-
Switch
ArubaOS-Switch
Comware 7
Cisco
HTTP access is
disabled by default
and is available as
soon as it is enabled
manually using CLI
To control HTTPS
access with UID/PW
or PW (only), see Ch2
for configuring
UID/PW or PW only.
HTTP access is
enabled by default
and is available as
soon as an IP addr is
assigned to a VLAN,
without UID/PW
access control.
To control HTTPS
access with UID/PW
or PW (only), see Ch2
for configuring
UID/PW or PW only.
For Comware7,
HTTP is not
enabled by
default, requires:
configure local
uid/pw with
‘service-type web’
and enable http
support
HTTP server is enabled
by default, but must
configure http
authentication type.
Must have all the
device web files for full
functionality.
Configuration commands
user admin
password
username <name>
privilege 15
password
<password>
https-server
vrf
<mgmt/default>
web-management
plaintext
ip http server
https-server
rest access-
mode read-only
ip http
authentication
local
https-server
rest access-
mode read-write
Show/display commands
show https-
server
show ip http
server connection
85
HTTPS Service configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# https-server
rest REST API configuration
vrf Configure HTTPS Server for VRF
ArubaOS-CX-Switch(config)# https-server rest
access-mode REST API access-mode configuration
ArubaOS-CX-Switch(config)# https-server rest access-mode
read-only Allow reads only (default)
read-write Allow reads and writes
ArubaOS-CX-Switch(config)# https-server rest access-mode read-only
<cr>
ArubaOS-CX-Switch(config)# https-server rest access-mode read-only
ArubaOS-CX-Switch(config)# https-server rest access-mode read-write
ArubaOS-CX-Switch(config)# do sh https-server
<cr>
ArubaOS-CX-Switch(config)# do sh https-server
HTTPS Server Configuration
----------------------------
VRF : <none>
REST Access Mode : read-write
ArubaOS-Switch
HTTP access is enabled by default and is available as soon as an IP addr is assigned to a VLAN, without UID/PW access
control. If passwords are assigned to the operator and/or manager users, then those will be used during HTTP access.
ArubaOS-Switch(config)# web-management
idle-timeout Set the idle timeout for web management sessions.
listen Specify in which mode HTTP Server should listen in
management-url Specify URL for web interface [?] button.
plaintext Enable/disable the http server (insecure).
ssl Enable/disable the https server (secure).
support-url Specify URL for web interface Support page.
<cr>
ArubaOS-Switch(config)# web-management plaintext
<cr>
ArubaOS-Switch(config)# web-management plaintext
Note, even though the above command can be entered to enable HTTP access, it is the default state and will not appear in
the configuration.
Comware7
HTTP is not enabled by default.
[Comware7]local-user manager
[Comware7-luser-manage-manager]password simple password
86
[Comware7-luser-manage-manager]authorization-attribute user-role network-admin
[Comware7-luser-manage-manager]service-type http
[Comware7]ip ?
as-path Specify an AS path
community-list Specify a community list entry
extcommunity-list Specify an extended community-list entry
fast-forwarding IP fast-forwarding information
host Add a static host name-to-IPv4 address mapping
http Hypertext Transfer Protocol (HTTP) module
https Hypertext Transfer Protocol Secure (HTTPS) module
icmp Specify ICMP configuration information
load-sharing IP forwarding load-sharing
local Apply a policy to locally generated packets
prefix-list Specify an IPv4 prefix list
redirects Send ICMP Redirect packets
route-static Establish a static route
rpf-route-static Specify static multicast route
source Source binding function
ttl-expires Send ICMP Time Exceeded packets
unreachables Send ICMP Destination Unreachable packets
urpf Unicast reverse path forward function
vpn-instance Specify a VPN instance
[Comware7]ip http ?
acl Specify a basic IPv4 ACL to filter hosts that use HTTP service
enable Enable HTTP server
port Specify an HTTP server port number
[Comware7]ip http enable ?
<cr>
[Comware7]display web ?
menu Web menu information
users Web users
[Comware7]display web users ?
> Redirect it to a file
>> Redirect it to a file in append mode
| Matching output
<cr>
[Comware7]display web users
UserID Name Type Language JobCount LoginTime LastOperation
900b01302b0010f manager HTTP English 0 15:39:39 15:49:02
Cisco
HTTP server is enabled by default, but must configure http authentication type.
Note: must have all the device web files (these are in addition to IOS) on the switch for full functionality.
87
Cisco(config)#username manager privilege 15 password password
Cisco(config)#ip http ?
access-class Restrict http server access by access-class
active-session-modules Set up active http server session modules
authentication Set http server authentication method
client Set http client parameters
help-path HTML help root URL
max-connections Set maximum number of concurrent http server
connections
path Set base path for HTML
port Set http server port
secure-active-session-modules Set up active http secure server session
modules
secure-ciphersuite Set http secure server ciphersuite
secure-client-auth Set http secure server with client
authentication
secure-port Set http secure server port number for
listening
secure-server Enable HTTP secure server
secure-trustpoint Set http secure server certificate trustpoint
server Enable http server
session-module-list Set up a http(s) server session module list
timeout-policy Set http server time-out policy parameters
Cisco(config)#ip http authentication ?
aaa Use AAA access control methods
enable Use enable passwords
local Use local username and passwords
Cisco(config)#ip http authentication local ?
<cr>
Cisco(config)#ip http authentication local
Cisco(config)#ip http server ?
<cr>
Cisco(config)#ip http server
Cisco#show ip http server connection
HTTP server current connections:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes
10.0.111.41:80 10.1.1.108:55648 1612 70843
88
Chapter 6 Discovery Protocols – LLDP
Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) , both are link layer protocols
which helps to discover directly connected LLDP and CDP-capable neighbors
Link Layer Discovery Protocol (LLDP), an industry standard protocol for device discovery
Cisco Discovery Protocol (CDP), a Cisco-specific protocol for device discovery.
This chapter covers the commands required to configure LLDP.
ArubaOS-Switch provide limited support for CDP.
In a heterogeneous network, a standard configuration exchange platform ensures that different types of
network devices from different vendors can discover one another and exchange configuration for the
sake of interoperability and management.
LLDP CLI Comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
(Enabled by default, both
globally and per port)
(Enabled by default, both
globally and per port)
(Generally enabled by default,
both globally and per port.
See notes for additional
information)
(Not enabled by default)
Configuration commands
lldp
lldp reinit 10
lldp run
lldp global enable
lldp run
lldp < holdtime-
multiplier |
management-ipv4-
address |
management-ipv6-
address | reinit |
select-tlv | timer
| txdelay >
lldp admin-status oobm
[txonly | rxonly |
tx_rx | disable]
[Comware7]lldp global
enable
[Comware7]interface
g1/0/1
[Comware7-
GigabitEthernet1/0/1]l
ldp enable
lldp < holdtime |
reinit | run | timer
| tlv-select >
lldp tlv-select < 4-
wire-power-management
|mac-phy-cfg
|management-address
|port-description
|port-vlan
|power-management
|system-capabilities
|system-description
|system-name
>
User Exec / Privileged Exec Commands
show lldp
neighbor-info
show lldp
neighbor-info
1/1/1
show lldp info remote-
device
show lldp info remote-
device 1
[Comware7]display lldp
neighbor-information
list
show lldp neighbor-
information interface
GE1/0/1
[Comware7]display lldp
neighbor-information
interface g1/0/1
verbose
show lldp neighbors
show lldp neighbors
g1/0/1 detail
89
show lldp
statistics
show lldp stats
show lldp statistics
show lldp traffic
show lldp errors
show lldp tlv
Show lldp tlv-config
show lldp
configuration
show lldp config
Show lldp status
show lldp local-
device
show lldp info local-
device oobm
show lldp stats oobm
show lldp entry *
LLDP configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# lldp
holdtime-multiplier The multiplier to apply for the total hold period for a neighbor.
management-ipv4-address LLDP management IPv4 address to be sent in TLV
management-ipv6-address LLDP management IPv6 address to be sent in TLV
reinit Time delay to initialize LLDP on an interface in seconds.
select-tlv Specifies the TLVs to send and receive in LLDP packets.
timer Time interval for transmitting LLDP status updates in seconds.
txdelay Time delay to send a LLDP advertisement upon an update in
seconds.
<cr>
ArubaOS-CX-Switch(config)# lldp reinit
<1-10> Set the Reinitialization timer. Default is 2 seconds.
ArubaOS-CX-Switch(config)# lldp reinit 10
<cr>
ArubaOS-CX-Switch(config)# lldp reinit 10
ArubaOS-CX-Switch(config)# lldp timer
<5-32768> Set lldp timer. Default is 30 seconds.
ArubaOS-CX-Switch(config)# lldp timer 222
<cr>
ArubaOS-CX-Switch(config)# lldp timer 222
ArubaOS-CX-Switch(config)# lldp holdtime-multiplier
<2-10> Set the Hold-Time multiplier. Default is 4.
ArubaOS-CX-Switch(config)# lldp holdtime-multiplier 4
<cr>
ArubaOS-CX-Switch(config)# lldp holdtime-multiplier 4
ArubaOS-CX-Switch(config)# lldp
holdtime-multiplier The multiplier to apply for the total hold period for a neighbor.
management-ipv4-address LLDP management IPv4 address to be sent in TLV
management-ipv6-address LLDP management IPv6 address to be sent in TLV
reinit Time delay to initialize LLDP on an interface in seconds.
select-tlv Specifies the TLVs to send and receive in LLDP packets.
timer Time interval for transmitting LLDP status updates in seconds.
90
txdelay Time delay to send a LLDP advertisement upon an update in
seconds.
<cr>
ArubaOS-CX-Switch(config)# lldp management-ipv
management-ipv4-address LLDP management IPv4 address to be sent in TLV
management-ipv6-address LLDP management IPv6 address to be sent in TLV
ArubaOS-CX-Switch(config)# lldp management-ipv4-address
A.B.C.D LLDP management IPv4 address
ArubaOS-CX-Switch(config)# lldp management-ipv4-address 10.0.0.1
<cr>
ArubaOS-CX-Switch(config)# lldp management-ipv4-address 10.0.0.1
ArubaOS-CX-Switch(config)# lldp txdelay
<1-8192> Set the TxDelay timer. Default is 2 seconds.
ArubaOS-CX-Switch(config)# lldp txdelay 33
<cr>
ArubaOS-CX-Switch(config)# lldp txdelay 33
ArubaOS-CX-Switch(config)# do show lldp
configuration Show LLDP configuration
local-device Show LLDP local device information
neighbor-info Show global LLDP neighbor information
statistics Show LLDP statistics
tlv Show TLVs advertised by LLDP
ArubaOS-CX-Switch(config)# do show lldp local-device
<cr>
ArubaOS-CX-Switch(config)# do show lldp local-device
Global Data
===========
Chassis-ID : f4:03:43:7f:ad:00
System Name : switch
System Description : Aruba JL375A XL.10.00.0002
Management Address : 10.0.0.1
Capabilities Available : Bridge, Router
Capabilities Enabled : Bridge, Router
TTL : 888
ArubaOS-CX-Switch(config)# do show lldp neighbor-info
LLDP Neighbor Information
=========================
Total Neighbor Entries : 0
Total Neighbor Entries Deleted : 0
Total Neighbor Entries Dropped : 0
Total Neighbor Entries Aged-Out : 0
LOCAL-PORT CHASSIS-ID PORT-ID PORT-DESC TTL SYS-NAME
--------------------------------------------------------------------------------
ArubaOS-CX-Switch(config)# do show lldp local-device
Global Data
===========
91
Chassis-ID : f4:03:43:7f:ad:00
System Name : switch
System Description : Aruba JL375A XL.10.00.0002
Management Address : 10.0.0.1
Capabilities Available : Bridge, Router
Capabilities Enabled : Bridge, Router
TTL : 888
ArubaOS-CX-Switch(config)# do show lldp statistics
LLDP Global Statistics
======================
Total Packets Transmitted : 0
Total Packets Received : 0
Total Packets Received And Discarded : 0
Total TLVs Unrecognized : 0
LLDP Port Statistics
====================
PORT-ID TX-PACKETS RX-PACKETS RX-DISCARDED TLVS-UNKNOWN
--------------------------------------------------------------------------
1/1/1 0 0 0 0
1/1/2 0 0 0 0
1/1/3 0 0 0 0
1/1/4 0 0 0 0
1/1/5 0 0 0 0
1/1/6 0 0 0 0
1/1/7 0 0 0 0
1/1/8 0 0 0 0
1/1/9 0 0 0 0
1/1/10 0 0 0 0
1/1/11 0 0 0 0
1/1/12 0 0 0 0
1/1/13 0 0 0 0
1/1/14 0 0 0 0
1/1/15 0 0 0 0
1/1/16 0 0 0 0
1/1/17 0 0 0 0
1/1/18 0 0 0 0
1/1/19 0 0 0 0
1/1/20 0 0 0 0
1/1/21 0 0 0 0
1/1/22 0 0 0 0
1/1/23 0 0 0 0
1/1/24 0 0 0 0
1/1/25 0 0 0 0
1/1/26 0 0 0 0
1/1/27 0 0 0 0
1/1/28 0 0 0 0
1/1/29 0 0 0 0
1/1/30 0 0 0 0
1/1/31 0 0 0 0
1/1/32 0 0 0 0
ArubaOS-CX-Switch(config)# do show lldp tlv
TLVs Advertised
===============
Management Address
92
Port Description
Port VLAN-ID
System Capabilities
System Description
System Name
ArubaOS-CX-Switch(config)# do show lldp configuration
LLDP Global Configuration
=========================
LLDP Enabled : Yes
LLDP Transmit Interval : 222
LLDP Hold Time Multiplier : 4
LLDP Transmit Delay Interval : 33
LLDP Reinit Time Interval : 10
TLVs Advertised
===============
Management Address
Port Description
Port VLAN-ID
System Capabilities
System Description
System Name
LLDP Port Configuration
=======================
PORT TX-ENABLED RX-ENABLED
-----------------------------------------------
1/1/1 Yes Yes
1/1/2 Yes Yes
1/1/3 Yes Yes
1/1/4 Yes Yes
1/1/5 Yes Yes
1/1/6 Yes Yes
1/1/7 Yes Yes
1/1/8 Yes Yes
1/1/9 Yes Yes
1/1/10 Yes Yes
1/1/11 Yes Yes
1/1/12 Yes Yes
1/1/13 Yes Yes
1/1/14 Yes Yes
1/1/15 Yes Yes
1/1/16 Yes Yes
1/1/17 Yes Yes
1/1/18 Yes Yes
1/1/19 Yes Yes
1/1/20 Yes Yes
1/1/21 Yes Yes
1/1/22 Yes Yes
1/1/23 Yes Yes
1/1/24 Yes Yes
1/1/25 Yes Yes
1/1/26 Yes Yes
1/1/27 Yes Yes
1/1/28 Yes Yes
1/1/29 Yes Yes
1/1/30 Yes Yes
1/1/31 Yes Yes
1/1/32 Yes Yes
93
ArubaOS-Switch
(Enabled by default, both globally and per port)
(if needed)
ArubaOS-Switch(config)# lldp
admin-status Set the port operational mode.
auto-ArubaOS-Switch Configure various parameters related to lldp automatic
ArubaOS-Switching.
config Set theTLV parameters to advertise on port.
enable-notification Enable or disable notification on port.
fast-start-count Set the MED fast-start count in seconds.
holdtime-multiplier Set the holdtime multipler.
refresh-interval Set refresh interval/transmit interval in seconds.
run Start or stop LLDP on the device.
top-change-notify Enable or disable LLDP MED topology change notification.
ArubaOS-Switch(config)# lldp run ?
<cr>
ArubaOS-Switch(config)# lldp run
ArubaOS-Switch# show lldp ?
auto-ArubaOS-Switch Show LLDP auto-ArubaOS-Switch related info for radio-ports.
config Show LLDP configuration information.
info Show LLDP information about the local or remote device.
stats Show LLDP statistics.
ArubaOS-Switch# show lldp info ?
local-device Show LLDP local device information.
remote-device Show LLDP remote device information.
ArubaOS-Switch# show lldp info remote-device ?
[ethernet] PORT-LIST Show local or remote device information for the specified ports.
<cr>
ArubaOS-Switch# show lldp info remote-device
LLDP Remote Devices Information
LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------------- ------ --------- ----------------------
1 | c0 91 34 83 8d 80 3 3 2520G-1
ArubaOS-Switch# show lldp info remote-device 1
LLDP Remote Device Information Detail
Local Port : 1
ChassisType : mac-address
ChassisId : c0 91 34 83 8d 80
PortType : local
PortId : 3
SysName : 2520G-1
System Descr : ProCurve J9299A Switch 2520G-24-PoE, revision J.14.54, RO...
PortDescr : 3
Pvid :
System Capabilities Supported : bridge
94
System Capabilities Enabled : bridge
Remote Management Address
Type : ipv4
Address : 10.0.111.2
Comware7
By default:
• If the switch starts up with empty configuration, LLDP is disabled globally (initial setting).
• If the switch starts up with the default configuration file (also included via the .ipe file), LLDP is enabled globally (factory
default).
(Based on above information, generally enabled by default, both globally and per port)
(if needed)
[Comware7]lldp ?
compliance Enable compliance with another link layer discovery protocol
fast-count The fast-start times of transmitting frames
global Specify global
hold-multiplier Hold multiplicator for TTL
max-credit Specify LLDP maximum transmit credit
mode Specify LLDP bridge mode
timer Timer of LLDP
[Comware7]lldp global ?
enable Enable capability
[Comware7]lldp global enable ?
<cr>
[Comware7]lldp global enable
[Comware7]interface g1/0/1
[Comware7-GigabitEthernet1/0/1]lldp enable
[Comware7]display lldp ?
local-information Display local information
neighbor-information Display neighbor information
statistics Display statistics information
status Display LLDP status and configuration
tlv-config Display TLV configuration
[Comware7]display lldp neighbor-information ?
> Redirect it to a file
>> Redirect it to a file in append mode
agent Specify LLDP agent
interface Specify interface
list Neighbor list
verbose Verbose message
| Matching output
<cr>
[Comware7]display lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
# -- -- Nearest customer bridge neighbor
Default -- -- Nearest bridge neighbor
System Name Local Interface Chassis ID Port ID
95
2520G-1 GE1/0/1 c091-3483-8d80 13
[Comware7]display lldp neighbor-information interface g1/0/1 ?
> Redirect it to a file
>> Redirect it to a file in append mode
agent Specify LLDP agent
verbose Verbose message
| Matching output
<cr>
[Comware7]display lldp neighbor-information interface g1/0/1
LLDP neighbor-information of port 1[GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
ChassisID/subtype : c091-3483-8d80/MAC address
PortID/subtype : 13/Locally assigned
Capabilities : Bridge
[Comware7]display lldp neighbor-information interface g1/0/1 verbose
LLDP neighbor-information of port 1[GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
Update time : 0 days, 0 hours, 1 minutes, 57 seconds
Chassis type : MAC address
Chassis ID : c091-3483-8d80
Port ID type : Locally assigned
Port ID : 13
Time to live : 120
Port description : 13
System name : 2520G-1
System description : ProCurve J9299A Switch 2520G-24-PoE, revision J.14.54, RO
M J.14.05 (/sw/code/build/walle(J_t4b))
System capabilities supported : Bridge
System capabilities enabled : Bridge
Management address type : IPv4
Management address : 10.0.111.2
Management address interface type : IfIndex
Management address interface ID : Unknown
Management address OID : 0
Auto-negotiation supported : Yes
Auto-negotiation enabled : Yes
OperMau : Speed(1000)/Duplex(Full)
Cisco
(Not enabled by default)
Cisco(config)#lldp run
Cisco#show lldp ?
entry Information for specific neighbor entry
errors LLDP computational errors and overflows
interface LLDP interface status and configuration
neighbors LLDP neighbor entries
traffic LLDP statistics
| Output modifiers
<cr>
Cisco#show lldp neighbors ?
96
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
TenGigabitEthernet Ten Gigabit Ethernet
detail Show detailed information
| Output modifiers
<cr>
Cisco#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
2520G-1 Gi1/0/1 120 B 15
Total entries displayed: 1
Cisco#show lldp neighbors g1/0/1 ?
detail Show detailed information
| Output modifiers
<cr>
Cisco#show lldp neighbors g1/0/1
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
2520G-1 Gi1/0/1 120 B 15
Total entries displayed: 1
Cisco#show lldp neighbors g1/0/1 detail
------------------------------------------------
Chassis id: c091.3483.8d80
Port id: 15
Port Description: 15
System Name: 2520G-1
System Description:
ProCurve J9299A Switch 2520G-24-PoE, revision J.14.54, ROM J.14.05
(/sw/code/build/walle(J_t4b))
Time remaining: 99 seconds
System Capabilities: B
Enabled Capabilities: B
Management Addresses:
IP: 10.0.111.2
Auto Negotiation - supported, enabled
Physical media capabilities:
1000baseT(FD)
100base-TX(FD)
100base-TX(HD)
97
10base-T(FD)
10base-T(HD)
Media Attachment Unit type: 30
Vlan ID: - not advertised
Total entries displayed: 1
98
Chapter 7 Out-of-Band Management
One of the first key questions about securing a network switch is “Is my management traffic in-band or
out-of-band?” The differences can be described as follows:
• In-band – switch management traffic travels with the network data traffic on the data plane
and can be impacted when communication problems arise on the data plane
• Out-of-band – switch management traffic travels on a different plane than the network data
traffic and is not impacted when communication problems arise on the data plane.
In documentation, it is common to describe “out-of-band” connections as being associated with the
Management Plane and “in-band” connections as being associated with the Data Plane.
Management Plane
Serial Console: For the out-of-band, switches supports a serial console allowing a computer or
console server to connect. This connection is speed limited and limited to the Command Line
Interface. In addition, the serial interface doesn’t support other types of management traffic –
like RADIUS, SNMP, or Syslog – where the switch is acting like a client.
Out-of-band Management (OOBM) and Management ports generally refer to an Ethernet port
that is dedicated to management. A variety of protocols can be supported over the
management port based on available features by product/operating system.
Data Plane
A management Virtual Local Area Network (VLAN) is a VLAN with severe network configuration
restrictions focused only on switch management.
A loopback interface can be protected using Access Control Lists, and when combined with
other security settings, can offer a high degree of security confidence when a management
VLAN is too restrictive.
A Data Plane configuration for switch management may be necessary if you need to manage the
switch via a Fiber connection since OOBM ports are RJ-45 or if there is no OOBM ports on the
switch. In addition, using the Loopback interface method, you can have and control access from
multiple VLANs in the network. Of course the downside is that such connections are in the Data
Plane and subject to interruption by Data Plane troubles.
Out-Of-Band CLI Comparision
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
99
interface mgmt.
ip static 10.0.0.1/24
Oobm
ip address
10.199.111.21/24
interface M-
GigabitEthernet
0/0/0
ip address
10.199.111.51
255.255.255.0
interface
fastEthernet 0
ip address
10.199.111.41
255.255.255.0
ssh server vrf mgmt
ip ssh listen oobm
telnet client
source interface
<>
ip ssh source-
interface <>
https-server vrf mgmt
web-management
listen oobm
ssh client source
interface <>
ntp source <>
Show/display commands
ping <target-ip> vrf mgmt
ping <taget-ip>
source oobm
Ping -i
<source-ip>
<target-ip>
Ping –a <source-ip>
<target-ip>
copy
tftp://10.120.0.9/halon/<
file>.swi primary vrf
mgmt
copy tftp flash
10.199.111.200
KA_16_01_0006.swi
primary oobm
copy
tftp://10.199.111.200
/c3750e-universalk9-
mz.150-2.SE7.bin
flash:/boot/c3750e-
universalk9-mz.150-
2.SE7.bin
Out-Of-Band configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# interface mgmt
<cr>
ArubaOS-CX-Switch(config)# interface mgmt.
ArubaOS-CX-Switch(config-if-mgmt)# ip
dhcp Set the mode as dhcp
static Set the mode as static
ArubaOS-CX-Switch(config-if-mgmt)# ip static
A.B.C.D/M Enter the IPv4 address
X:X::X:X/M Enter the IPv6 address
ArubaOS-CX-Switch(config-if-mgmt)# ip static 10.0.0.1/24
<cr>
ArubaOS-CX-Switch(config-if-mgmt)# ip static 10.0.0.1/24
ArubaOS-CX-Switch(config-if-mgmt)# exit
ArubaOS-CX-Switch(config)# ssh
host-key SSH server host-keys.
known-host Client trusted servers list.
password-authentication Password authentication method enabled by default.
public-key-authentication Publickey authentication method enabled by default.
server Configure SSH server.
ArubaOS-CX-Switch(config)# ssh server vrf
100
VRF-NAME Enter the VRF instance. 'default' or 'mgmt' or a configured VRF instance.
ArubaOS-CX-Switch(config)# ssh server vrf mgmt
<cr>
ArubaOS-CX-Switch(config)# ssh server vrf mgmt.
ArubaOS-CX-Switch(config)# https-server
rest REST API configuration
vrf Configure HTTPS Server for VRF
ArubaOS-CX-Switch(config)# https-server vrf
NAME Specify VRF name
ArubaOS-CX-Switch(config)# https-server vrf mgmt
<cr>
ArubaOS-CX-Switch(config)# https-server vrf mgmt
Failed to enable https-server on VRF mgmt. 'admin' password is not set.
ArubaOS-CX-Switch(config)# user admin password
Changing password for user admin
Enter password: *****
Confirm new password: *****
ArubaOS-CX-Switch(config)# https-server vrf mgmt.
ArubaOS-CX-Switch(config)# do show interface mgmt
Management interface is disabled
ArubaOS-CX-Switch(config)# interface mgmt.
ArubaOS-CX-Switch(config-if-mgmt)# no shut
ArubaOS-CX-Switch(config-if-mgmt)# exit
ArubaOS-CX-Switch(config)# do show interface mgmt
Address Mode : static
Admin State : up
Mac Address : f4:03:43:7f:ad:01
IPv4 address/subnet-mask : 10.0.0.1/24
Default gateway IPv4 :
IPv6 address/prefix :
IPv6 link local address/prefix:
Default gateway IPv6 :
Primary Nameserver :
Secondary Nameserver :
ArubaOS-Switch
ArubaOS-Switch(config)# oobm
disable Disable OOBM.
enable Enable OOBM.
interface Configure various interface parameters for OOBM.
ip Configure various IP parameters for the OOBM.
ipv6 Configure various IPv6 parameters for the OOBM.
ntp Enable/configure NTP operation on the VLAN/OOBM.
<cr>
ArubaOS-Switch(oobm)# ip ?
address Set IP parameters for communication within an IP network.
default-gateway Configure the IPv4 default gateway address, which will be used
when routing is not enabled on the switch.
101
ArubaOS-Switch(oobm)# ip address ?
dhcp-bootp Configure the interface to use DHCP/Bootp server to acquire
parameters.
IP-ADDR/MASK-LENGTH Interface IP address/mask.
ArubaOS-Switch(oobm)# ip address 10.199.111.21/24 ?
<cr>
ArubaOS-Switch(oobm)# ip address 10.199.111.21/24
ArubaOS-Switch(oobm)# ip default-gateway ?
IP-ADDR IPv4 address of the default gateway.
ArubaOS-Switch(oobm)# ip default-gateway 10.199.111.1 ?
<cr>
ArubaOS-Switch(oobm)# ip default-gateway 10.199.111.1
ArubaOS-Switch(config)# telnet-server listen ?
oobm Enable Telnet Server on OOBM Interface only.
data Enable Telnet Server on Data Plane only.
both Enable Telnet Server on both OOBM and Data planes.
ArubaOS-Switch(config)# telnet-server listen oobm
ArubaOS-Switch(config)# ip ssh listen ?
oobm Enable SSH on OOBM Interface only.
data Enable SSH on Data Plane only.
both Enable SSH on both OOBM and Data planes.
ArubaOS-Switch(config)# ip ssh listen oobm
ArubaOS-Switch(config)# web-management listen ?
oobm Enable HTTP Server on OOBM Interface only.
data Enable HTTP Server on Data Plane only.
both Enable HTTP Server on both OOBM and Data planes.
ArubaOS-Switch(config)# web-management listen oobm
ArubaOS-Switch(config)# ntp server 10.199.111.251 ?
burst Enables burst mode.
iburst Enables initial burst (iburst) mode.
key-id Set the authentication key to use for this server.
max-poll Configures the maximum time intervals in seconds.
min-poll Configures the minimum time intervals in seconds.
oobm Use the OOBM interface to connect to the server.
<cr>
ArubaOS-Switch(config)# ntp server 10.199.111.251 oobm ?
burst Enables burst mode.
iburst Enables initial burst (iburst) mode.
key-id Set the authentication key to use for this server.
max-poll Configures the maximum time intervals in seconds.
min-poll Configures the minimum time intervals in seconds.
<cr>
ArubaOS-Switch(config)# ntp server 10.199.111.251 oobm
ArubaOS-Switch# ping 10.199.111.51 ?
ip-option Specify the IP options to use.
102
tos Specify the Type of Service value to send.
data-fill Specify the data pattern to send.
data-size Specify the ping data size.
interval Specify the interval between pings in seconds.
repetitions Ping the device multiple times.
source Specify the ping source.
timeout Specify the ping timeout in seconds.
<cr>
ArubaOS-Switch# ping 10.199.111.51 source ?
IP-ADDR The source IPv4 address.
loopback Specify the source loopback interface.
oobm Use the OOBM interface.
VLAN-ID The source VLAN.
ArubaOS-Switch# ping 10.199.111.51 source oobm ?
data-fill Specify the data pattern to send.
data-size Specify the ping data size.
interval Specify the interval between pings in seconds.
repetitions Ping the device multiple times.
timeout Specify the ping timeout in seconds.
<cr>
ArubaOS-Switch# ping 10.199.111.51 source oobm
10.199.111.51 is alive, time = 1 ms
ArubaOS-Switch# copy tftp flash 10.199.111.200 KA_16_01_0006.swi primary ?
oobm Use the OOBM interface to reach TFTP server.
<cr>
ArubaOS-Switch# copy tftp flash 10.199.111.200 KA_16_01_0006.swi primary oobm ?
<cr>
ArubaOS-Switch# copy tftp flash 10.199.111.200 KA_16_01_0006.swi primary oobm
ArubaOS-Switch# show lldp info remote-device ?
oobm Show local or remote device information for the OOBM port.
[ethernet] PORT-LIST Show local or remote device information for the specified ports.
<cr>
ArubaOS-Switch# show lldp info remote-device oobm ?
<cr>
ArubaOS-Switch# show lldp info remote-device oobm
LLDP Remote Device Information Detail
Local Port : OOBM
ChassisType : mac-address
ChassisId : 00 25 61 d7 c5 60
PortType : local
PortId : 1
SysName : 2520-8-OOBM
System Descr : ProCurve J9137A Switch 2520-8-PoE, revision S.14.03, ROM ...
PortDescr : 1
Pvid :
System Capabilities Supported : bridge
System Capabilities Enabled : bridge
Remote Management Address
103
Type : ipv4
Address : 10.199.111.2
Comware7
[Comware7]interface M-GigabitEthernet 0/0/0
[Comware7-M-GigabitEthernet0/0/0]?
M-gigabitethernet interface view commands:
arp ARP module
bandwidth Specify the expected bandwidth
bfd BFD module
cfd Connectivity Fault Detection (CFD) module
ddns Dynamic Domain Name System (DDNS) module
default Restore the default settings
description Describe the interface
dhcp Dynamic Host Configuration Protocol (DHCP) commands
diagnostic-logfile Diagnostic log file configuration
display Display current system information
duplex Status of duplex
ip Specify IP configuration
ipsec IP Security (IPsec) module
ipv6 Specify IPv6 configuration
isis Configure interface parameters for IS-IS
link-delay Set the physical state change suppression
lldp Link Layer Discovery Protocol(802.1ab)
logfile Log file configuration
mad Multi-active detection
monitor System monitor
mtu Specify Maximum Transmission Unit(MTU) of the interface
ospf OSPF interface commands
ospfv3 OSPFv3 interface commands
packet-filter Packet filter settings
ping Ping function
quit Exit from current command view
return Exit to User View
rip Configure interface parameters for RIP
ripng Configure interface parameters for RIPng
save Save current configuration
security-logfile Security log file configuration
shutdown Shut down the interface
speed Specify speed of current port
tracert Tracert function
undo Cancel current setting
[Comware7-M-GigabitEthernet0/0/0]ip ?
address Set the IP address of an interface
binding Bind the interface with a VPN instance
forwarding-table IP forwarding table
irdp Enable the ICMP Router Discovery Protocol
[Comware7-M-GigabitEthernet0/0/0]ip address ?
X.X.X.X IP address
bootp-alloc Obtain an IP address through BOOTP
dhcp-alloc Obtain an IP address through DHCP
[Comware7-M-GigabitEthernet0/0/0]ip address 10.199.111.51 255.255.255.0 ?
104
irf-member Specify an IP address for an IRF member device
sub Indicate a subordinate address
<cr>
[Comware7-M-GigabitEthernet0/0/0]ip address 10.199.111.51 255.255.255.0
[Comware7]telnet ?
client Specify telnet client attribute
server Telnet server configuration
[Comware7]telnet client ?
source Specify a source
[Comware7]telnet client source ?
interface Specify a source interface
ip Specify a source IP address
[Comware7]telnet client source interface ?
M-GigabitEthernet MGE interface
Vlan-interface VLAN interface
[Comware7]telnet client source interface M-GigabitEthernet 0/0/0 ?
<cr>
[Comware7]telnet client source interface M-GigabitEthernet 0/0/0
[Comware7]ssh ?
client SSH client configuration
server Specify the server attribute
user SSH user
[Comware7]ssh client ?
ipv6 Specify IPv6 protocol
source Specify a source address or interface for the SSH client
[Comware7]ssh client source ?
interface Specify a source interface
ip Specify a source IPv4 address
[Comware7]ssh client source interface ?
M-GigabitEthernet MGE interface
Vlan-interface VLAN interface
[Comware7]ssh client source interface m
[Comware7]ssh client source interface M-GigabitEthernet 0/0/0 ?
<cr>
[Comware7]ssh client source interface M-GigabitEthernet 0/0/0
[Comware7]ntp ?
authentication Configure NTP authentication
authentication-keyid Specify an authentication key ID
dscp Set the Differentiated Services Codepoint (DSCP) value
enable Enable NTP service
ipv6 IPv6 protocol
max-dynamic-sessions Specify the maximum number of dynamic NTP sessions
peer Permit full access
query Permit control query
refclock-master Configure the local clock as a master clock
reliable Specify a trusted key
105
server Permit server access and query
source Specify a source interface
synchronization Permit server access only
unicast-peer Specify a NTP peer
unicast-server Specify a NTP server
[Comware7]ntp source ?
M-GigabitEthernet MGE interface
Vlan-interface VLAN interface
[Comware7]ntp source M-GigabitEthernet 0/0/0 ?
<cr>
[Comware7]ntp source M-GigabitEthernet 0/0/0
[Comware7]ping ?
-a Specify the source IP address
-c Specify the number of echo requests
-f Specify packets not to be fragmented
-h Specify the TTL value
-i Specify an outgoing interface
-m Specify the interval for sending echo requests
-n Numeric output only. No attempt will be made to lookup host
addresses for symbolic names
-p No more than 8 "pad" hexadecimal characters to fill out the
sent packet. For example, -p f2 will fill the sent packet with
000000f2 repeatedly
-q Display only summary
-r Record route. Include the RECORD_ROUTE option in the
ECHO_REQUEST packets and display the route
-s Specify the payload length
-t Specify the wait time for each reply
-tos Specify the TOS value
-v Display the received ICMP packets other than ECHO-RESPONSE
packets
-vpn-instance Specify a VPN instance
STRING<1-253> IP address or hostname of remote system
ip IP information
ipv6 IPv6 information
mpls MPLS ping
trill TRansparent Interconnection of Lots of Links (TRILL) module
[Comware7]ping -i ?
M-GigabitEthernet MGE interface
Vlan-interface VLAN interface
[Comware7]ping -i M-GigabitEthernet 0/0/0 ?
-a Specify the source IP address
-c Specify the number of echo requests
-f Specify packets not to be fragmented
-h Specify the TTL value
-m Specify the interval for sending echo requests
-n Numeric output only. No attempt will be made to lookup host
addresses for symbolic names
-p No more than 8 "pad" hexadecimal characters to fill out the
sent packet. For example, -p f2 will fill the sent packet with
000000f2 repeatedly
-q Display only summary
-r Record route. Include the RECORD_ROUTE option in the
ECHO_REQUEST packets and display the route
-s Specify the payload length
-t Specify the wait time for each reply
106
-tos Specify the TOS value
-v Display the received ICMP packets other than ECHO-RESPONSE
packets
-vpn-instance Specify a VPN instance
STRING<1-253> IP address or hostname of remote system
[Comware7]ping -i M-GigabitEthernet 0/0/0 10.199.111.41 ?
<cr>
[Comware7]ping -i M-GigabitEthernet 0/0/0 10.199.111.41
Ping 10.199.111.41 (10.199.111.41): 56 data bytes, press CTRL_C to break
56 bytes from 10.199.111.41: icmp_seq=0 ttl=255 time=3.488 ms
56 bytes from 10.199.111.41: icmp_seq=1 ttl=255 time=3.065 ms
56 bytes from 10.199.111.41: icmp_seq=2 ttl=255 time=1.773 ms
56 bytes from 10.199.111.41: icmp_seq=3 ttl=255 time=90.936 ms
56 bytes from 10.199.111.41: icmp_seq=4 ttl=255 time=21.390 ms
--- Ping statistics for 10.199.111.41 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.773/24.130/90.936/34.177 ms
[Comware7]%Jun 10 14:42:08:954 2016 Comware7 PING/6/PING_STATIS_INFO: Ping statistics for
10.199.111.41: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip
min/avg/max/std-dev = 1.773/24.130/90.936/34.177 ms.
<Comware7>tftp ?
STRING<1-253> IP address or hostname of the TFTP Server
ipv6 IPv6 TFTP Client
<Comware7>tftp 10.199.111.200 ?
get Download a file from the TFTP server
put Upload a local file to the TFTP server
sget Download a file from the TFTP server securely
<Comware7>tftp 10.199.111.200 get ?
STRING<1-255> Source filename
<Comware7>tftp 10.199.111.200 get 5900_5920-CMW710-R2422P01.ipe ?
STRING<1-255> Destination filename
dscp Set the Differentiated Services Codepoint (DSCP) value
source Specify the source address for outgoing TFTP packets
vpn-instance Specify a VPN instance
<cr>
<Comware7>tftp 10.199.111.200 get 5900_5920-CMW710-R2422P01.ipe source ?
interface Use the primary address of an interface
ip Use a local IP address
<Comware7>tftp 10.199.111.200 get 5900_5920-CMW710-R2422P01.ipe source interface ?
M-GigabitEthernet MGE interface
Vlan-interface VLAN interface
<Comware7>tftp 10.199.111.200 get 5900_5920-CMW710-R2422P01.ipe source interface
M-GigabitEthernet 0/0/0 ?
dscp Set the Differentiated Services Codepoint (DSCP) value
<cr>
<Comware7>tftp 10.199.111.200 get 5900_5920-CMW710-R2422P01.ipe source interface
M-GigabitEthernet 0/0/0
<Comware7>display lldp ?
local-information Display local information
107
neighbor-information Display neighbor information
statistics Display statistics information
status Display LLDP status and configuration
tlv-config Display TLV configuration
<Comware7>display lldp neighbor-information ?
> Redirect it to a file
>> Redirect it to a file in append mode
agent Specify LLDP agent
interface Specify interface
list Neighbor list
verbose Verbose message
| Matching output
<cr>
<Comware7>display lldp neighbor-information interface ?
FortyGigE FortyGigE interface
GigabitEthernet GigabitEthernet interface
M-GigabitEthernet MGE interface
Ten-GigabitEthernet Ten-GigabitEthernet interface
<Comware7>display lldp neighbor-information interface M-GigabitEthernet 0/0/0 ?
> Redirect it to a file
>> Redirect it to a file in append mode
agent Specify LLDP agent
verbose Verbose message
| Matching output
<cr>
<Comware7>display lldp neighbor-information interface M-GigabitEthernet 0/0/0
LLDP neighbor-information of port 26446[M-GigabitEthernet0/0/0]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
ChassisID/subtype : 0025-61d7-c560/MAC address
PortID/subtype : 6/Locally assigned
Capabilities : Bridge
Cisco
Cisco(config)#interface fastEthernet 0
Cisco(config-if)#?
Interface configuration commands:
aaa Authentication, Authorization and Accounting.
access-expression Build a bridge boolean access expression
arp Set arp type (arpa, probe, snap) or timeout or log
options
bandwidth Set bandwidth informational parameter
bgp-policy Apply policy propagated by bgp community string
carrier-delay Specify delay for interface transitions
cdp CDP interface subcommands
clns CLNS interface subcommands
crypto Encryption/Decryption commands
cts Configure Cisco Trusted Security
dampening Enable event dampening
datalink Interface Datalink commands
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
duplex Configure duplex operation.
eou EAPoUDP Interface Configuration Commands
exit Exit from interface configuration mode
108
flow-sampler Attach flow sampler to the interface
flowcontrol Configure flow operation.
glbp Gateway Load Balancing Protocol interface commands
help Description of the interactive help system
history Interface history histograms - 60 second, 60 minute
and 72 hour
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
ipv6 IPv6 interface subcommands
isis IS-IS commands
iso-igrp ISO-IGRP interface subcommands
keepalive Enable keepalive
link Configure Link
lldp LLDP interface subcommands
load-interval Specify interval for load calculation for an
interface
location Interface location information
logging Configure logging for interface
loopback Configure internal loopback on an interface
macro Command macro
max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface
mka MACsec Key Agreement (MKA) interface configuration
neighbor interface neighbor configuration mode commands
network-policy Network Policy
nmsp NMSP interface configuration
no Negate a command or set its defaults
ntp Configure NTP
pagp PAgP interface subcommands
power Power configuration
rate-limit Rate Limit
routing Per-interface routing configuration
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
small-frame Set rate limit parameters for small frame
snmp Modify SNMP interface parameters
source Get config from another source
spanning-tree Spanning Tree Subsystem
speed Configure speed operation.
standby HSRP interface configuration commands
timeout Define timeout values for this interface
topology Configure routing topology on the interface
traffic-shape Enable Traffic Shaping on an Interface or
Sub-Interface
transmit-interface Assign a transmit interface to a receive-only
interface
tx-ring-limit Configure PA level transmit ring limit
vrf VPN Routing/Forwarding parameters on the interface
vrrp VRRP Interface configuration commands
vtp Enable VTP on this interface
Cisco(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
accounting Enable IP accounting on this interface
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authenticaton proxy
authentication authentication subcommands
bandwidth-percent Set EIGRP bandwidth limit
bgp BGP interface commands
broadcast-address Set the broadcast address of an interface
cef Cisco Express Forwarding interface commands
cgmp Enable/disable CGMP
109
dampening-change Percent interface metric must change to cause update
dampening-interval Time in seconds to check interface metrics
dhcp Configure DHCP parameters for this interface
directed-broadcast Enable forwarding of directed broadcasts
flow NetFlow related commands
header-compression IPHC options
hello-interval Configures EIGRP-IPv4 hello interval
helper-address Specify a destination address for UDP broadcasts
hold-time Configures EIGRP-IPv4 hold time
igmp IGMP interface commands
information-reply Enable sending ICMP Information Reply messages
irdp ICMP Router Discovery Protocol
load-sharing Style of load sharing
local-proxy-arp Enable local-proxy ARP
mask-reply Enable sending ICMP Mask Reply messages
mrm Configure IP Multicast Routing Monitor tester
mroute-cache Enable switching cache for incoming multicast packets
mtu Set IP Maximum Transmission Unit
multicast IP multicast interface commands
next-hop-self Configures EIGRP-IPv4 next-hop-self
ospf OSPF interface commands
pim PIM interface commands
policy Enable policy routing
probe Enable HP Probe support
proxy-arp Enable proxy ARP
rarp-server Enable RARP server for static arp entries
redirects Enable sending ICMP Redirect messages
rgmp Enable/disable RGMP
rip Router Information Protocol
route-cache Enable fast-switching cache for outgoing packets
router IP router interface commands
rsvp RSVP Interface Commands
rtp RTP parameters
sap Session Advertisement Protocol interface commands
security DDN IP Security Option
split-horizon Perform split horizon
sticky-arp Allow the creation of sticky ARP entries
summary-address Perform address summarization
tcp TCP interface commands
unnumbered Enable IP processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
urd Configure URL Rendezvousing
verify Enable per packet validation
vrf VPN Routing/Forwarding parameters on the interface
wccp WCCP interface commands
Cisco(config-if)#ip address ?
A.B.C.D IP address
dhcp IP Address negotiated via DHCP
pool IP Address autoconfigured from a local DHCP pool
Cisco(config-if)#ip address 10.199.111.41 255.255.255.0 ?
secondary Make this IP address a secondary address
<cr>
Cisco(config-if)#ip address 10.199.111.41 255.255.255.0
Cisco(config)#ip telnet ?
comport Specify RFC 2217 options
110
hidden Don't display telnet addresses or hostnames
quiet Don't display non-error telnet messages
source-interface Specify source interface
tos Specify type of service
Cisco(config)#ip telnet source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco(config)#ip telnet source-interface fastEthernet 0 ?
<cr>
Cisco(config)#ip telnet source-interface fastEthernet 0
Cisco(config)#ip ssh ?
authentication-retries Specify number of authentication retries
break-string break-string
dh Diffie-Hellman
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
maxstartups Maximum concurrent sessions allowed
port Starting (or only) Port number to listen on
precedence IP Precedence value for SSH traffic
pubkey-chain pubkey-chain
rekey Configure rekey values
rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH
connections
stricthostkeycheck Enable SSH Server Authentication
time-out Specify SSH time-out interval
version Specify protocol version to be supported
Cisco(config)#ip ssh source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
111
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco(config)#ip ssh source-interface fastEthernet 0 ?
<cr>
Cisco(config)#ip ssh source-interface fastEthernet 0
Cisco(config)#ntp source ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco(config)#ntp source fastEthernet 0 ?
<cr>
Cisco(config)#ntp source fastEthernet 0
Cisco(config)#ip tftp source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
112
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco(config)#ip tftp source-interface fastEthernet 0 ?
<cr>
Cisco(config)#ip tftp source-interface fastEthernet 0
Cisco#ping ?
WORD Ping destination address or hostname
clns CLNS echo
ip IP echo
ipv6 IPv6 echo
tag Tag encapsulated IP echo
<cr>
Cisco#ping 10.199.111.21 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data
<cr>
Cisco#ping 10.199.111.21 source ?
A.B.C.D Source address
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
113
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
Cisco#ping 10.199.111.21 source fastEthernet 0 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
timeout specify timeout interval
validate validate reply data
<cr>
Cisco#ping 10.199.111.21 source fastEthernet 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.199.111.21, timeout is 2 seconds:
Packet sent with a source address of 10.199.111.41
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Cisco#copy tftp:?
tftp: A URL beginning with this prefix
Cisco#copy tftp://10.199.111.200/c3750e-universalk9-mz.150-2.SE7.bin ?
flash1: Copy to flash1: file system
flash: Copy to flash: file system
null: Copy to null: file system
nvram: Copy to nvram: file system
running-config Update (merge with) current system configuration
startup-config Copy to startup configuration
syslog: Copy to syslog: file system
system: Copy to system: file system
tmpsys: Copy to tmpsys: file system
Cisco#copy tftp://10.199.111.200/c3750e-universalk9-mz.150-2.SE7.bin flash:/boot/c3750e-
universalk9-mz.150-2.SE7.bin
Destination filename [/boot/c3750e-universalk9-mz.150-2.SE7.bin]?
Accessing tftp://10.199.111.200/c3750e-universalk9-mz.150-2.SE7.bin...
Loading c3750e-universalk9-mz.150-2.SE7.bin from 10.199.111.200 (via FastEthernet0):
Cisco#show lldp neighbors ?
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
TenGigabitEthernet Ten Gigabit Ethernet
detail Show detailed information
| Output modifiers
114
<cr>
Cisco#show lldp neighbors fastEthernet 0 ?
detail Show detailed information
| Output modifiers
<cr>
Cisco#show lldp neighbors fastEthernet 0
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
2520-8-OOBM Fa0 98 B 7
Total entries displayed: 1
115
Chapter 8 Interface or Port Information and Nomenclature
This chapter compares the commands used to collect information about interfaces; configure interface
names, speeds, and/or duplex settings; and disable/enable interfaces. It also compares differences
between interface and VLAN context.
These commands helps on how each operating system references ports. ArubaOS-Switch ASIC chassis-
based (modular) switches and stackable switches that have a module slot designate ports using the
format “slot/port.” For example, on the HP 8212 zl switch, port 24 on the module in slot A is referred to
as interface A24. Stackable switches simply use the port number.
Cisco switches (both chassis-based and stackable) designate ports using the format “interface_type
slot/sub-slot/port” or “interface_type slot/port.”
Interface or Port Information CLI Comparision
ArubaOS-CX-
Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
interface 1/1/1
Interface 1/1
interface g1/0/1
interface g1/0/1
interface
loopback <number>
interface loopback
<number>
[configuring a
SVI interface:]
interface vlan 1
duplex auto
interface vlan
<number>
For creating a L2
VLAN:
vlan 5
vlan 5
vlan 5
description link-
to-core
name link-to-
core
description link-to-core
description link-to-
core
shutdown
no shutdown
disable
enable
shutdown
undo shutdown
shutdown
no shutdown
ip address
10.93.20.10/24
ip address
10.93.20.10
255.255.255.0
speed auto
speed auto
Show/display commands
show interfaces
brief
show interfaces
brief
display interface brief
show interfaces
status
show interfaces
1/1/1
show interfaces
brief 1/1
display interface g1/0/1
brief
show interfaces
g1/0/1 status
show interface
1/1/1
show interfaces
1/1
display interface g1/0/1
show interfaces
g1/0/1
Interface or Port Information configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config-if)# do show interface
IFNAME Interface name (e.g. 1/1/1)
brief Show brief info for interfaces
116
dom Show transceiver diagnostics info for interfaces
loopback Show details of a loopback interface
mgmt Management interface details
queues Show tx queue info for interfaces
transceiver Show transceiver info for interfaces
tunnel Show details of a tunnel interface
<cr>
ArubaOS-CX-Switch(config)#interface
IFNAME Interface's name
IFNAME PORT identifier range.
lag Configure link-aggregation parameters
loopback Configure loopback interface
mgmt Configure management interface
tunnel Tunnel Configuration
vlan VLAN configuration
ArubaOS-CX-Switch(config)# interface vlan
vlan VLAN configuration
ArubaOS-CX-Switch(config)# interface vlan
<1-4094> Vlan id within <1-4094> and should not be an internal vlan
ArubaOS-CX-Switch(config)# interface vlan 2
<cr>
ArubaOS-CX-Switch(config)# interface vlan 2
ArubaOS-CX-Switch(config-if-vlan)#
active-gateway Configure active-gateway for the SVI
arp Configure ARP commands
description Add a description
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
ip IP information
ipv6 IPv6 information
list Print command list
no Negate a command or set its defaults
shutdown Enable/disable an interface
track Track information
vrf VRF Configuration
vrrp VRRP information
ArubaOS-CX-Switch(config)# do show interface brief
<cr>
ArubaOS-CX-Switch(config)# do show interface brief
----------------------------------------------------------------------------------
Port Native Mode Type Enabled Status Reason Speed
VLAN (Mb/s)
----------------------------------------------------------------------------------
1/1/1 -- routed -- no down No XCVR installed --
1/1/2 -- routed -- no down No XCVR installed --
1/1/3 -- routed -- no down No XCVR installed --
1/1/4 -- routed -- no down No XCVR installed --
1/1/5 -- routed -- no down No XCVR installed --
1/1/6 -- routed -- no down No XCVR installed --
1/1/7 -- routed -- no down No XCVR installed --
1/1/8 -- routed SFP+LR no down Administratively down --
1/1/9 -- routed SFP+LR no down Administratively down --
1/1/10 -- routed SFP+LR no down Administratively down --
1/1/11 -- routed -- no down No XCVR installed --
1/1/12 -- routed -- no down No XCVR installed --
117
1/1/13 -- routed -- no down No XCVR installed --
1/1/14 -- routed -- no down No XCVR installed --
1/1/15 -- routed -- no down No XCVR installed --
1/1/16 -- routed -- no down No XCVR installed --
1/1/17 -- routed -- no down No XCVR installed --
1/1/18 -- routed -- no down No XCVR installed --
1/1/19 -- routed -- no down No XCVR installed --
1/1/20 -- routed -- no down No XCVR installed --
1/1/21 -- routed -- no down No XCVR installed --
1/1/22 -- routed -- no down No XCVR installed --
1/1/23 -- routed SFP+LR no down Administratively down --
1/1/24 -- routed SFP+LR no down Administratively down --
1/1/25 -- routed SFP+LR no down Administratively down --
1/1/26 -- routed -- no down No XCVR installed --
1/1/27 -- routed -- no down No XCVR installed --
1/1/28 -- routed -- no down No XCVR installed --
1/1/29 -- routed -- no down No XCVR installed --
1/1/30 -- routed -- no down No XCVR installed --
1/1/31 -- routed -- no down No XCVR installed --
1/1/32 -- routed -- no down No XCVR installed --
ArubaOS-CX-Switch(config)# do show interface 1/1/1
Interface 1/1/1 is down (Administratively down)
Admin state is down
State information: No XCVR installed
Description:
Hardware: Ethernet, MAC Address: f4:03:43:7f:ad:00
MTU 1500
Type --
qos trust none
Speed 0 Mb/s
Auto-Negotiation is off
Input flow-control is off, output flow-control is off
Rx
0 input packets 0 bytes
0 input error 0 dropped
0 CRC/FCS
Tx
0 output packets 0 bytes
0 input error 0 dropped
0 collision
ArubaOS-CX-Switch(config)# interface 1/1/1
ArubaOS-CX-Switch(config)# vlan {vlan-id | vlan-range}
SW-BA-01(config)# vlan 5
“This command creates a VLAN or a range or VLANs. If you enter a number that is already
assigned to a VLAN, the device puts you into the VLAN configuration submode for that VLAN.
If you enter a number that is assigned to an internally allocated VLAN, the system returns
an error message. However, if you enter a range of VLANs and one or more of the specified
VLANs is outside the range of internally allocated VLANs, the command takes effect on only
those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and
cannot be created or deleted. You cannot create or delete those VLANs that are reserved for
internal use.”
ArubaOS-CX-Switch(config-if)# description
LINE 1-64 printable ASCII characters
ArubaOS-CX-Switch(config-if)# description link-to-core
ArubaOS-CX-Switch(config-if)# shut
118
ArubaOS-CX-Switch(config-if)# no shutdown
ArubaOS-Switch
ArubaOS-Switch# show interfaces ?
brief Show port operational parameters.
config Show port configuration information.
custom Show port parameters in a customized table.
display Show summary of network traffic handled by the ports.
[ethernet] PORT-LIST Show summary of network traffic handled by the ports.
port-utilization Show port bandwidth utilization.
status Show interfaces tagged or untagged VLAN information.
transceiver Show the transceiver information.
tunnel Show tunnel configuration and status information.
<cr>
ArubaOS-Switch# show interfaces brief ?
[ethernet] PORT-LIST Show summary of network traffic handled by the ports.
<cr>
ArubaOS-Switch# show interfaces brief
Status and Counters - Port Status
| Intrusion MDI Flow Bcast
Port Type | Alert Enabled Status Mode Mode Ctrl Limit
------------ --------- + --------- ------- ------ ---------- ---- ---- -----
1 100/1000T | No Yes Up 1000FDx MDIX off 0
2 100/1000T | No Yes Down 1000FDx Auto off 0
3 100/1000T | No Yes Down 1000FDx Auto off 0
4 100/1000T | No Yes Down 1000FDx Auto off 0
5 100/1000T | No Yes Down 1000FDx Auto off 0
6 100/1000T | No Yes Down 1000FDx Auto off 0
7 100/1000T | No Yes Down 1000FDx Auto off 0
8 100/1000T | No Yes Down 1000FDx Auto off 0
9 100/1000T | No Yes Down 1000FDx Auto off 0
10 100/1000T | No Yes Down 1000FDx Auto off 0
11 100/1000T | No Yes Down 1000FDx Auto off 0
12 100/1000T | No Yes Down 1000FDx Auto off 0
13 100/1000T | No Yes Down 1000FDx Auto off 0
14 100/1000T | No Yes Down 1000FDx Auto off 0
15 100/1000T | No Yes Down 1000FDx Auto off 0
16 100/1000T | No Yes Down 1000FDx Auto off 0
17 100/1000T | No Yes Down 1000FDx Auto off 0
18 100/1000T | No Yes Down 1000FDx Auto off 0
19 100/1000T | No Yes Down 1000FDx Auto off 0
20 100/1000T | No Yes Down 1000FDx Auto off 0
21 100/1000T | No Yes Down 1000FDx Auto off 0
22 100/1000T | No Yes Down 1000FDx Auto off 0
23 100/1000T | No Yes Down 1000FDx Auto off 0
24 100/1000T | No Yes Down 1000FDx Auto off 0
25 | No Yes Down . off 0
26 | No Yes Down . off 0
ArubaOS-Switch# show interfaces brief 1
Status and Counters - Port Status
| Intrusion MDI Flow Bcast
Port Type | Alert Enabled Status Mode Mode Ctrl Limit
------------ --------- + --------- ------- ------ ---------- ---- ---- -----
1 100/1000T | No Yes Up 1000FDx MDIX off 0
119
ArubaOS-Switch# show interfaces 1 ?
hc Show summary of network traffic handled by the ports.
<cr>
ArubaOS-Switch# show interfaces 1
Status and Counters - Port Counters for port 1
Name :
MAC Address : 009c02-d539bf
Link Status : Up
Totals (Since boot or last clear) :
Bytes Rx : 2,069,285,321 Bytes Tx : 214,736,598
Unicast Rx : 1,922,572 Unicast Tx : 1,283,973
Bcast/Mcast Rx : 588,985 Bcast/Mcast Tx : 326,260
Errors (Since boot or last clear) :
FCS Rx : 0 Drops Tx : 0
Alignment Rx : 0 Collisions Tx : 0
Runts Rx : 0 Late Colln Tx : 0
Giants Rx : 0 Excessive Colln : 0
Total Rx Errors : 0 Deferred Tx : 0
Others (Since boot or last clear) :
Discard Rx : 0 Out Queue Len : 0
Unknown Protos : 0
Rates (5 minute weighted average) :
Total Rx (bps) : 510824 Total Tx (bps) : 517072
Unicast Rx (Pkts/sec) : 18 Unicast Tx (Pkts/sec) : 20
B/Mcast Rx (Pkts/sec) : 0 B/Mcast Tx (Pkts/sec) : 0
Utilization Rx : 00.51 % Utilization Tx : 00.51 %
ArubaOS-Switch(config)# interface ?
loopback Enter the loopback Configuration Level.
[ethernet] PORT-LIST Enter the Interface Configuration Level, or execute one command
for that level.
tunnel Enter a tunnel context.
ArubaOS-Switch(config)# interface 1
ArubaOS-Switch(eth-1)#?
arp-protect Configure the port as trusted or untrusted.
bandwidth-min Enable/disable and configure guaranteed minimum bandwidth
settings for outgoing traffic on the port(s).
broadcast-limit Limit network bandwidth used by broadcast traffic.
dhcp-snooping Configure port-specific DHCP snooping parameters.
dhcpv6-snooping Configure DHCPv6 snooping settings on a port.
disable Disable interface.
enable Enable interface.
energy-efficient-e... Enables or disables EEE on each port in the port list.
flow-control Enable/disable flow control negotiation on the port(s) during
link establishment.
forbid Prevent ports from becoming a member of specified VLANs.
gvrp Set the GVRP timers for the port.
ignore-untagged-mac Prevent MAC address learning for certain untagged control
traffic.
ip Apply an access control list to inbound packets on port.
ipv6 Configure various IPv6 parameters for the VLAN.
lacp Define whether LACP is enabled on the port, and whether it is in
active or passive mode when enabled.
link-keepalive Configure UniDirectional Link Detection (UDLD) on the port.
mac-count-notify Send a trap when the number of MAC addresses learned on the
specified ports exceeds the threshold.
120
mac-notify Configures SNMP traps for changes in the MAC address table.
mdix-mode Set port MDI/MDIX mode (default: auto).
monitor Monitor traffic on the port.
name Change the interface name.
poe-allocate-by Configure the power allocation method.
poe-lldp-detect Enabling this feature causes the port to allocate power based on
the link-partner's capabilities via LLDP.
poe-value Set the maximum power allocation for the port.
power-over-ethernet Enable per-port power distribution.
qos Configure port-based traffic prioritization.
rate-limit Enable rate limiting for various types of traffic.
service-policy Apply the QoS/Mirror policy on the interface.
smart-link Configure the control VLANs for receiving flush packets.
speed-duplex Define mode of operation for the port(s).
tagged Assign ports to specified VLANs as tagged.
unknown-vlans Configure the GVRP mode.
untagged Assign ports to specified VLAN as untagged.
<cr>
ArubaOS-Switch(eth-1)# name ?
PORT-NAME-STR Specify a port name up to 64 characters length.
ArubaOS-Switch(eth-1)# name link-to-core
ArubaOS-Switch(eth-1)# speed-duplex ?
10-half 10 Mbps, half duplex.
100-half 100 Mbps, half duplex.
10-full 10 Mbps, full duplex.
100-full 100 Mbps, full duplex.
1000-full 1000 Mbps, full duplex.
auto Use Auto Negotiation for speed and duplex mode.
auto-10 10 Mbps, use Auto Negotiation for duplex mode.
auto-100 100 Mbps, use Auto Negotiation for duplex mode.
auto-1000 1000 Mbps, use Auto Negotiation for duplex mode.
auto-10-100 10 or 100 Mbps, use Auto Negotiation for duplex mode.
auto-10g 10 Gbps, use Auto Negotiation for duplex mode.
ArubaOS-Switch(eth-1)# speed-duplex auto
ArubaOS-Switch(eth-1)# disable
ArubaOS-Switch(eth-1)# enable
Comware7
<Comware7>display interface ?
> Redirect it to a file
>> Redirect it to a file in append mode
FortyGigE FortyGigE interface
GigabitEthernet GigabitEthernet interface
InLoopBack InLoopBack interface
M-GigabitEthernet MGE interface
NULL NULL interface
Register-Tunnel Register Tunnel interface
Ten-GigabitEthernet Ten-GigabitEthernet interface
Vlan-interface VLAN interface
brief Brief information of status and configuration for
interface(s)
range Display range information
| Matching output
<cr>
121
<Comware7>display interface brief ?
> Redirect it to a file
>> Redirect it to a file in append mode
description Display the complete description information
down Display all down ports brief information
| Matching output
<cr>
<Comware7>display interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
InLoop0 UP UP(s) --
M-GE0/0/0 DOWN DOWN --
NULL0 UP UP(s) --
REG0 UP -- --
Vlan1 UP UP 10.0.111.51
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
FGE1/0/53 DOWN auto A A 1
FGE1/0/54 DOWN auto A A 1
GE1/0/1 UP 1G(a) F(a) A 1
GE1/0/2 DOWN auto A A 1
GE1/0/3 DOWN auto A A 1
GE1/0/4 DOWN auto A A 1
GE1/0/5 DOWN auto A A 1
GE1/0/6 DOWN auto A A 1
GE1/0/7 DOWN auto A A 1
GE1/0/8 DOWN auto A A 1
GE1/0/9 DOWN auto A A 1
GE1/0/10 DOWN auto A A 1
GE1/0/11 DOWN auto A A 1
GE1/0/12 DOWN auto A A 1
GE1/0/13 DOWN auto A A 1
GE1/0/14 DOWN auto A A 1
GE1/0/15 DOWN auto A A 1
GE1/0/16 DOWN auto A A 1
GE1/0/17 DOWN auto A A 1
GE1/0/18 DOWN auto A A 1
GE1/0/19 DOWN auto A A 1
GE1/0/20 DOWN auto A A 1
GE1/0/21 DOWN auto A A 1
GE1/0/22 DOWN auto A A 1
GE1/0/23 DOWN auto A A 1
GE1/0/24 DOWN auto A A 1
GE1/0/25 DOWN auto A A 1
GE1/0/26 DOWN auto A A 1
GE1/0/27 DOWN auto A A 1
GE1/0/28 DOWN auto A A 1
GE1/0/29 DOWN auto A A 1
GE1/0/30 DOWN auto A A 1
GE1/0/31 DOWN auto A A 1
GE1/0/32 DOWN auto A A 1
GE1/0/33 DOWN auto A A 1
GE1/0/34 DOWN auto A A 1
GE1/0/35 DOWN auto A A 1
122
GE1/0/36 DOWN auto A A 1
GE1/0/37 DOWN auto A A 1
GE1/0/38 DOWN auto A A 1
GE1/0/39 DOWN auto A A 1
GE1/0/40 DOWN auto A A 1
GE1/0/41 DOWN auto A A 1
GE1/0/42 DOWN auto A A 1
GE1/0/43 DOWN auto A A 1
GE1/0/44 DOWN auto A A 1
GE1/0/45 DOWN auto A A 1
GE1/0/46 DOWN auto A A 1
GE1/0/47 DOWN auto A A 1
GE1/0/48 DOWN auto A A 1
XGE1/0/49 ADM auto A A 1
XGE1/0/50 ADM auto A A 1
XGE1/0/51 DOWN auto A A 1
XGE1/0/52 DOWN auto A A 1
<Comware7>display interface g1/0/1 ?
> Redirect it to a file
>> Redirect it to a file in append mode
brief Brief information of status and configuration for interface(s)
| Matching output
<cr>
<Comware7>display interface g1/0/1 brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
GE1/0/1 UP 1G(a) F(a) A 1
<Comware7>display interface g1/0/1
GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
IP packet frame type: Ethernet II, hardware address: cc3e-5f73-baf4
Description: GigabitEthernet1/0/1 Interface
Bandwidth: 1000000 kbps
Loopback is not set
Media type is twisted pair
Port hardware type is 1000_BASE_T
1000Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 10000
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
PVID: 1
MDI type: automdix
Port link-type: Access
Tagged VLANs: None
Untagged VLANs: 1
Port priority: 0
Last clearing of counters: Never
Peak input rate: 90 bytes/sec, at 2015-04-07 00:31:58
Peak output rate: 33 bytes/sec, at 2015-04-07 00:22:05
123
Last 300 second input: 0 packets/sec 83 bytes/sec 0%
Last 300 second output: 0 packets/sec 19 bytes/sec 0%
Input (total): 1728 packets, 215498 bytes
146 unicasts, 37 broadcasts, 1545 multicasts, 0 pauses
Input (normal): 1728 packets, - bytes
146 unicasts, 37 broadcasts, 1545 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 253 packets, 50800 bytes
152 unicasts, 10 broadcasts, 91 multicasts, 0 pauses
Output (normal): 253 packets, - bytes
152 unicasts, 10 broadcasts, 91 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrierr
[Comware7]interface ?
Bridge-Aggregation Bridge-Aggregation interface
FortyGigE FortyGigE interface
GigabitEthernet GigabitEthernet interface
LoopBack LoopBack interface
M-GigabitEthernet MGE interface
NULL NULL interface
Route-Aggregation Route-Aggregation interface
Ten-GigabitEthernet Ten-GigabitEthernet interface
Tunnel Tunnel interface
Vlan-interface VLAN interface
range Configure an interface range
[Comware7]interface g1/0/1
[Comware7-GigabitEthernet1/0/1]?
Gigabitethernet_l2 interface view commands:
apply Apply a PoE profile
arp ARP module
bandwidth Specify the expected bandwidth
bpdu-drop Specify BPDU drop function
broadcast-suppression Broadcast storm suppression function
cdp Non standard IEEE discovery protocol
cfd Connectivity Fault Detection (CFD) module
dcbx Data Center Bridge Capability Exchange Protocol
default Restore the default settings
description Describe the interface
dhcp DHCP module
diagnostic-logfile Diagnostic log file configuration
display Display current system information
dldp DLDP module
dot1x 802.1X module
duplex Status of duplex
eee Energy efficient ethernet
enable Enable functions
evb Edge Virtual Bridging (EVB) module
flex10 Configure Flex10
flow-control Enable flow control function
flow-interval Set the interface statistics interval
igmp-snooping IGMP snooping module
ip Specify IP configuration
ipv6 Specify IPv6 configuration
jumboframe Specify jumbo frame forwarding
l2vpn Layer 2 Virtual Private Network (L2VPN) module
lacp Configure LACP protocol
124
link-aggregation Specify link aggregation group configuration
information
link-delay Set the physical state change suppression
lldp Link Layer Discovery Protocol(802.1ab)
logfile Log file configuration
loopback Specify loopback of current port
loopback-detection Loopback detection module
mac-address Configure MAC address
mac-authentication MAC authentication module
mac-forced-forwarding Specify MAC-forced forwarding configuration information
mac-vlan MAC VLAN configuration
mdix-mode Specify mdix type
mirroring-group Specify mirroring group
mld-snooping MLD snooping module
monitor System monitor
mrp Multiple registration protocol
multicast-suppression Multicast storm suppression function
mvrp Multiple VLAN registration protocol
oam OAM module
packet-filter Packet filter settings
pbb Provider Backbone Bridge (PBB) module
ping Ping function
poe Power over Ethernet
port Set port attributes
port-isolate Port isolation configuration
port-security Port security module
priority-flow-control Priority-based flow control (PFC) configuration
ptp Precision Time Protocol (PTP) module
qcn Quantized Congestion Notification (QCN) module
qinq 802.1QinQ function
qos Quality of Service (QoS) module
quit Exit from current command view
return Exit to User View
rmon RMON module
save Save current configuration
security-logfile Security log file configuration
service-instance Configure a service instance
sflow sFlow function
shutdown Shut down the interface
smart-link Smart Link module
spbm SPBM configuration
speed Specify speed of current port
storm-constrain Port storm control
stp Spanning Tree Protocol (STP) module
tracert Tracert function
trill TRansparent Interconnection of Lots of Links (TRILL)
module
undo Cancel current setting
unicast-suppression Unicast storm suppression function
virtual-cable-test Test cable connection for an interface
vlan Set VLAN precedence
voice-vlan Voice VLAN configuration
[Comware7-GigabitEthernet1/0/1]description ?
TEXT Interface description, 1 to 255 characters
[Comware-GigabitEthernet1/0/1]description link-to-core
[Comware7-GigabitEthernet1/0/1]duplex ?
auto Enable port's duplex negotiation automatically
full Full-duplex
half Half-duplex
125
[Comware7-GigabitEthernet1/0/1]duplex auto
[Comware7-GigabitEthernet1/0/1]speed ?
10 Specify speed as 10 Mbps
100 Specify speed as 100 Mbps
1000 Specify speed as 1000 Mbps
auto Enable port's speed negotiation automatically
[Comware7-GigabitEthernet1/0/1]speed auto
[Comware7-GigabitEthernet1/0/1]shutdown
[Comware7-GigabitEthernet1/0/1]undo shutdown
Cisco
Cisco#show interfaces ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
accounting Show interface accounting
capabilities Show interface capabilities information
counters Show interface counters
crb Show interface routing/bridging info
dampening Show interface dampening info
debounce Show interface debounce time info
description Show interface description
etherchannel Show interface etherchannel information
fair-queue Show interface Weighted Fair Queueing (WFQ) info
fcpa Fiber Channel
flowcontrol Show interface flowcontrol information
history Show interface history
irb Show interface routing/bridging info
mac-accounting Show interface MAC accounting info
mpls-exp Show interface MPLS experimental accounting info
mtu Show interface mtu
precedence Show interface precedence accounting info
private-vlan Show interface private vlan information
pruning Show interface trunk VTP pruning information
random-detect Show interface Weighted Random Early Detection (WRED)
info
rate-limit Show interface rate-limit info
126
stats Show interface packets & octets, in & out, by switching
path
status Show interface line status
summary Show interface summary
switchport Show interface switchport information
transceiver Show interface transceiver
trunk Show interface trunk information
| Output modifiers
<cr>
Cisco#show interfaces status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 1 a-full a-1000 10/100/1000BaseTX
Gi1/0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/3 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/11 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/14 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/15 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/17 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/18 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/20 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/22 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/24 notconnect 1 auto auto 10/100/1000BaseTX
Te1/0/1 notconnect 1 full 10G Not Present
Te1/0/2 notconnect 1 full 10G Not Present
Fa0 disabled routed auto auto 10/100BaseTX
Cisco#show interfaces g1/0/1 ?
accounting Show interface accounting
capabilities Show interface capabilities information
controller Show interface status, configuration and controller status
counters Show interface counters
crb Show interface routing/bridging info
dampening Show interface dampening info
debounce Show interface debounce time info
description Show interface description
etherchannel Show interface etherchannel information
fair-queue Show interface Weighted Fair Queueing (WFQ) info
flowcontrol Show interface flowcontrol information
history Show interface history
irb Show interface routing/bridging info
mac-accounting Show interface MAC accounting info
mpls-exp Show interface MPLS experimental accounting info
mtu Show interface mtu
precedence Show interface precedence accounting info
private-vlan Show interface private vlan information
pruning Show interface trunk VTP pruning information
random-detect Show interface Weighted Random Early Detection (WRED) info
127
rate-limit Show interface rate-limit info
stats Show interface packets & octets, in & out, by switching path
status Show interface line status
summary Show interface summary
switchport Show interface switchport information
transceiver Show interface transceiver
trunk Show interface trunk information
users Show interface users
vlan Show interface vlan information
| Output modifiers
<cr>
Cisco#show interfaces g1/0/1 status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 1 a-full a-1000 10/100/1000BaseTX
Cisco#show interfaces g1/0/1 status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 1 a-full a-1000 10/100/1000BaseTX
Cisco#show interfaces g1/0/1
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0022.91ab.4381 (bia 0022.91ab.4381)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1902 packets input, 149768 bytes, 0 no buffer
Received 1806 broadcasts (1764 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1764 multicast, 0 pause input
0 input packets with dribble condition detected
482 packets output, 102102 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Cisco(config)#interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
128
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
Group-Async Async Group interface
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
range interface range command
Cisco(config)#interface g1/0/1
Cisco(config-if)#?
Interface configuration commands:
aaa Authentication, Authorization and Accounting.
arp Set arp type (arpa, probe, snap) or timeout or log
options
auto Configure Automation
bandwidth Set bandwidth informational parameter
bgp-policy Apply policy propagated by bgp community string
carrier-delay Specify delay for interface transitions
cdp CDP interface subcommands
channel-group Etherchannel/port bundling configuration
channel-protocol Select the channel protocol (LACP, PAgP)
cts Configure Cisco Trusted Security
dampening Enable event dampening
datalink Interface Datalink commands
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
down-when-looped Force looped interface down
duplex Configure duplex operation.
eou EAPoUDP Interface Configuration Commands
exit Exit from interface configuration mode
flow-sampler Attach flow sampler to the interface
flowcontrol Configure flow operation.
help Description of the interactive help system
history Interface history histograms - 60 second, 60 minute
and 72 hour
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
keepalive Enable keepalive
l2protocol-tunnel Tunnel Layer2 protocols
lacp LACP interface subcommands
link Configure Link
lldp LLDP interface subcommands
load-interval Specify interval for load calculation for an
interface
location Interface location information
logging Configure logging for interface
mac MAC interface commands
macro Command macro
129
max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface
mdix Set Media Dependent Interface with Crossover
mka MACsec Key Agreement (MKA) interface configuration
mls mls interface commands
mvr MVR per port configuration
neighbor interface neighbor configuration mode commands
network-policy Network Policy
nmsp NMSP interface configuration
no Negate a command or set its defaults
pagp PAgP interface subcommands
priority-queue Priority Queue
queue-set Choose a queue set for this queue
rmon Configure Remote Monitoring on an interface
routing Per-interface routing configuration
rsu rollsing stack upgrade
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
small-frame Set rate limit parameters for small frame
snmp Modify SNMP interface parameters
source Get config from another source
spanning-tree Spanning Tree Subsystem
speed Configure speed operation.
srr-queue Configure shaped round-robin transmit queues
storm-control storm configuration
switchport Set switching mode characteristics
timeout Define timeout values for this interface
topology Configure routing topology on the interface
transmit-interface Assign a transmit interface to a receive-only
interface
tx-ring-limit Configure PA level transmit ring limit
udld Configure UDLD enabled or disabled and ignore global
UDLD setting
vtp Enable VTP on this interface
Cisco(config-if)#description ?
LINE Up to 200 characters describing this interface
Cisco(config-if)#description link-to-core
Cisco(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
Cisco(config-if)#duplex auto
Cisco(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
1000 Force 1000 Mbps operation
auto Enable AUTO speed configuration
Cisco(config-if)#speed auto
130
Cisco(config-if)#shutdown
Cisco(config-if)#no shutdown
131
Chapter 9 Link Aggregation – LACP and Trunk
This chapter compares the commands to configure aggregation interfaces.
The IEEE 802.3ad Link Aggregation Control Protocol (LACP) enables dynamic aggregation of physical
links. It uses Link Aggregation Control Protocol Data Units (LACPDUs) to exchange aggregation
information between LACP-enabled devices.
There are some terminology differences among the operating systems for the terms used to define port
aggregation. In ArubaOS-Switch, aggregated links are called trunks. In Cisco , the term is EtherChannel.
In addition, Cisco Etherchannel has two modes: PAgP (Cisco specific) or LACP. LACP mode is shown in
the Cisco configuration examples.
In Cisco, trunk refers to an interface that is configured to support multiple VLANs via 802.1Q.
This chapter covers the configuration of LACP port aggregation—sometimes referred to as protocol
trunks, which are dynamic in their operation—and non-LACP port aggregation, sometimes referred to
as non-protocol trunks, which are basically “on,” because no protocol is used to negotiate the
aggregated links.
Generally, execute the configuration steps first then connect the links -or- disable/shutdown the
interfaces, execute the configuration steps, then enable/undo or no shutdown the interfaces. Otherwise
network loops could accidently be created and cause other issues/outages.
Link Aggregation Control Protocol (LACP) CLI comparision
ArubaOS-CX-
Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration
commands
interface lag 1
Trunk 1/20,1/24 trk1
lacp
interface Bridge-
Aggregation 1
description LACP-link-
to-ArubaOS-Switch
link-aggregation mode
dynamic
interface port-channel 1
switchport mode trunk
encapsulation dot1q
switchport mode access
interface lag 1
vlan trunk
allowed all
vlan 220 tagged trk1
interface Bridge-
Aggregation 1
port link-type trunk
port trunk permit vlan
220
interface <>
switchport mode trunk
switchport trunk
allowed vlan <>
interface lag 1
vlan access 1
interface <>
switchport mode access
switchport access vlan
<>
?
Interface g1/0/23
port link-aggregation
group 1
Interface gi1/0/1
channel-group 1 mode
active
132
Show/display
commands
show lacp
configuration
show trunks
show lacp
display link-aggregation
summary
show lacp 1 internal
show lacp peer
display link-aggregation
verbose
show lacp
interfaces
show lacp peer
show lacp counters
display link-aggregation
member-port
show interfaces
etherchannel
show lacp
aggregates
show vlans 220
show vlans ports
trk1 detail
display vlan 220
show vlan name test
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# interface
IFNAME Interface's name
IFNAME PORT identifier range.
lag Configure link-aggregation parameters
loopback Configure loopback interface
mgmt Configure management interface
tunnel Tunnel Configuration
vlan VLAN configuration
ArubaOS-CX-Switch(config)# interface lag
<1-128> LAG number ranges from 1 to 128
ArubaOS-CX-Switch(config)# interface lag 1
multi-chassis Configure LAG as Multi-chassis
<cr>
ArubaOS-CX-Switch(config)# interface lag 1
ArubaOS-CX-Switch(config-lag-if)#
apply Apply a configuration record
arp Configure ARP commands
description Add a description
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
ip IP information
ipv6 IPv6 information
l3-counters Enable both Rx and Tx L3 counters
lacp Configure LACP parameters
list Print command list
loop-protect Configure loop protection
mclag Configure mclag parameters
mvrp Enable the Multiple VLAN Registration Protocol (MVRP)
no Negate a command or set its defaults
qos Quality of Service configuration
rate-limit Apply a rate-limit to a specific traffic type for this port
routing Configure interface as L3
sflow Enable sFlow
shutdown Enable/disable a LAG
spanning-tree Spanning-tree configuration
133
track Track information
vlan VLAN configuration
vrf VRF Configuration
vrrp VRRP information
ArubaOS-CX-Switch(config-lag-if)# vlan
access Access configuration
trunk Trunk configuration
ArubaOS-CX-Switch(config-lag-if)# vlan trunk
allowed Allowed VLANs on the trunk port
native Native VLAN on the trunk port
ArubaOS-CX-Switch(config-lag-if)# vlan trunk allowed
<1-4094> VLAN identifier range. [2, 2-10 or 2,3,4 or 2,3-10]
all All configured VLANs
ArubaOS-CX-Switch(config-lag-if)# vlan trunk allowed all
<cr>
ArubaOS-CX-Switch(config-lag-if)# vlan trunk allowed all
Operation not allowed on an interface with routing enabled.
ArubaOS-CX-Switch(config-lag-if)# no routing
ArubaOS-CX-Switch(config-lag-if)# vlan trunk allowed all
ArubaOS-CX-Switch(config-lag-if)# vlan access
<1-4094> VLAN identifier
ArubaOS-CX-Switch(config-lag-if)# vlan access 1
<cr>
ArubaOS-CX-Switch(config-lag-if)# vlan access 1
ArubaOS-CX-Switch(config-lag-if)# end
ArubaOS-CX-Switch# sh lacp
aggregates Show LACP aggregates
configuration Show LACP system-wide configuration
interfaces Show LACP interfaces
ArubaOS-CX-Switch# sh lacp configuration
<cr>
ArubaOS-CX-Switch# sh lacp configuration
System-id : f4:03:43:7f:ad:00
System-priority : 65534
Hash : l3-src-dst
ArubaOS-CX-Switch# sh lacp interfaces
IFNAME Interface's name
multi-chassis Show MCLAG interfaces
<cr>
ArubaOS-CX-Switch# sh lacp interfaces
134
State abbreviations :
A - Active P - Passive F - Aggregable I - Individual
S - Short-timeout L - Long-timeout N - InSync O - OutofSync
C - Collecting D - Distributing
X - State m/c expired E - Default neighbor state
Actor details of all interfaces:
------------------------------------------------------------------------------
Intf Aggr Port Port State System-id System Aggr Forwarding
Name Id Pri Pri Key State
------------------------------------------------------------------------------
Partner details of all interfaces:
------------------------------------------------------------------------------
Intf Aggr Port Port State System-id System Aggr
Name Id Pri Pri Key
ArubaOS-CX-Switch# sh lacp aggregates
WORD Link-aggregate name
<cr>
ArubaOS-CX-Switch# sh lacp aggregates
Aggregate-name : lag1
Aggregated-interfaces :
Heartbeat rate : N/A
Aggregate mode : off
ArubaOS-Switch
ArubaOS-Switch(config)# trunk 19-20 trk1 lacp
ArubaOS-Switch(config)# vlan 220 tagged trk1
ArubaOS-Switch# show trunks
Load Balancing Method: L3-based (default)
Port | Name Type | Group Type
------ + -------------------------------- --------- + ------ --------
19 | trk1-link-to-Comware5-1 100/1000T | Trk1 LACP
20 | trk1-link-to-Comware5-1 100/1000T | Trk1 LACP
21 | trk2-link-to-Comware7-1 100/1000T | Trk2 LACP
22 | trk2-link-to-Comware7-1 100/1000T | Trk2 LACP
23 | trk3-link-to-Cisco1 100/1000T | Trk3 LACP
24 | trk3-link-to-Cisco1 100/1000T | Trk3 LACP
ArubaOS-Switch# show lacp
LACP
LACP Trunk Port LACP Admin Oper
Port Enabled Group Status Partner Status Key Key
135
----- ------- ------- ------- ------- ------- ------ ------
19 Active Trk1 Up Yes Success 0 562
20 Active Trk1 Up Yes Success 0 562
21 Active Trk2 Up Yes Success 0 563
22 Active Trk2 Up Yes Success 0 563
23 Active Trk3 Up Yes Success 0 564
24 Active Trk3 Up Yes Success 0 564
ArubaOS-Switch# show lacp peer
LACP Peer Information.
System ID: 009c02-d53980
Local Local Port Oper LACP Tx
Port Trunk System ID Port Priority Key Mode Timer
------ ------ -------------- ----- --------- ------- -------- -----
19 Trk1 002389-d5a059 23 32768 1 Active Slow
20 Trk1 002389-d5a059 24 32768 1 Active Slow
21 Trk2 cc3e5f-73bacb 23 32768 1 Active Slow
22 Trk2 cc3e5f-73bacb 24 32768 1 Active Slow
23 Trk3 002291-ab4380 280 32768 1 Active Slow
24 Trk3 002291-ab4380 281 32768 1 Active Slow
ArubaOS-Switch# show lacp counters
LACP Port Counters.
LACP LACP Marker Marker Marker Marker
Port Trunk PDUs Tx PDUs Rx Req. Tx Req. Rx Resp. Tx Resp. Rx Error
---- ------ --------- --------- -------- -------- -------- -------- --------
19 Trk1 19 18 0 0 0 0 0
20 Trk1 18 17 0 0 0 0 0
21 Trk2 41 40 0 0 0 0 0
22 Trk2 40 39 0 0 0 0 0
23 Trk3 8 8 0 0 0 0 0
24 Trk3 8 8 0 0 0 0 0
ArubaOS-Switch# show vlans 220
Status and Counters - VLAN Information - VLAN 220
VLAN ID : 220
Name : test
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
4 Untagged Learn Down
5 Untagged Learn Down
6 Tagged Learn Down
7 Tagged Learn Down
8 Tagged Learn Down
Trk1 Tagged Learn Up
Trk2 Tagged Learn Up
136
Trk3 Tagged Learn Up
ArubaOS-Switch# show vlans ports trk1 detail
Status and Counters - VLAN Information - for ports Trk1
VLAN ID Name | Status Voice Jumbo Mode
------- -------------------- + ---------- ----- ----- --------
1 DEFAULT_VLAN | Port-based No No Untagged
220 test | Port-based No No Tagged
Comware 7
[Comware]interface Bridge-Aggregation 1
[Comware-Bridge-Aggregation1]description LACP-link-to-ArubaOS-Switch
[Comware-Bridge-Aggregation1]link-aggregation mode dynamic
[Comware]interface g1/0/23
[Comware-GigabitEthernet1/0/23]port link-aggregation group 1
[Comware-GigabitEthernet1/0/23]interface g1/0/24
[Comware-GigabitEthernet1/0/24]port link-aggregation group 1
[Comware]interface Bridge-Aggregation 1
[Comware-Bridge-Aggregation1]port link-type trunk
[Comware-Bridge-Aggregation1]port trunk permit vlan 220
[Comware]display link-aggregation summary
Aggregation Interface Type:
BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 0023-89d5-a059
AGG AGG Partner ID Select Unselect Share
Interface Mode Ports Ports Type
-------------------------------------------------------------------------------
BAGG1 D 0x3980, 009c-02d5-3980 2 0 Shar
[Comware]display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregation Interface: Bridge-Aggregation1
137
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 0023-89d5-a059
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/23 S 32768 1 {ACDEF}
GE1/0/24 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/23 19 0 562 0x3980, 009c-02d5-3980 {ACDEF}
GE1/0/24 20 0 562 0x3980, 009c-02d5-3980 {ACDEF}
[Comware]display link-aggregation member-port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
GigabitEthernet1/0/23:
Aggregation Interface: Bridge-Aggregation1
Local:
Port Number: 23
Port Priority: 32768
Oper-Key: 1
Flag: {ACDEF}
Remote:
System ID: 0x3980, 009c-02d5-3980
Port Number: 19
Port Priority: 0
Oper-Key: 562
Flag: {ACDEF}
Received LACP Packets: 12 packet(s)
Illegal: 0 packet(s)
Sent LACP Packets: 12 packet(s)
GigabitEthernet1/0/24:
Aggregation Interface: Bridge-Aggregation1
Local:
Port Number: 24
Port Priority: 32768
Oper-Key: 1
Flag: {ACDEF}
Remote:
System ID: 0x3980, 009c-02d5-3980
Port Number: 20
Port Priority: 0
Oper-Key: 562
Flag: {ACDEF}
Received LACP Packets: 11 packet(s)
Illegal: 0 packet(s)
Sent LACP Packets: 11 packet(s)
138
[Comware]display vlan 220
VLAN ID: 220
VLAN Type: static
Route Interface: configured
IPv4 address: 10.1.220.3
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0220
Name: test
Tagged Ports:
Bridge-Aggregation1
GigabitEthernet1/0/6 GigabitEthernet1/0/23 GigabitEthernet1/0/24
Untagged Ports:
GigabitEthernet1/0/4 GigabitEthernet1/0/5
Cisco
Cisco(config)#interface port-channel 1
Cisco(config-if)#switchport trunk encapsulation dot1q
Cisco(config-if)#switchport trunk allowed vlan 220
Cisco(config-if)#switchport mode access
Cisco(config-if)#switchport nonegotiate
Cisco(config)#interface range g1/0/24 - 24
Cisco(config-if-range)#switchport trunk encapsulation dot1q
Cisco(config-if-range)#switchport trunk allowed vlan 220
Cisco(config-if-range)#switchport mode access
Cisco(config-if-range)#switchport nonegotiate
Cisco(config-if-range)#channel-group 1 mode active
Cisco#show lacp 1 internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa1/0/22 SA bndl 32768 0x1 0x1 0x18 0x3D
Fa1/0/23 SA bndl 32768 0x1 0x1 0x19 0x3D
Cisco#show interfaces etherchannel
----
GigabitEthernet1/0/23:
Port state = Up Mstr Assoc In-Bndl
Channel group = 1 Mode = Active Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = LACP
139
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/23 SA bndl 32768 0x1 0x1 0x118 0x3D
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Gi1/0/23 SA 0 009c.02d5.3980 19s 0x0 0x234 0x17 0x3D
Age of the port in the current state: 0d:00h:03m:16s
----
GigabitEthernet1/0/24:
Port state = Up Mstr Assoc In-Bndl
Channel group = 1 Mode = Active Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/24 SA bndl 32768 0x1 0x1 0x119 0x3D
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Gi1/0/24 SA 0 009c.02d5.3980 13s 0x0 0x234 0x18 0x3D
Age of the port in the current state: 0d:00h:03m:09s
----
Port-channel1:Port-channel1 (Primary aggregator)
Age of the Port-channel = 0d:00h:06m:29s
Logical slot/port = 10/1 Number of ports = 2
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/23 Active 0
0 00 Gi1/0/24 Active 0
Time since last port bundled: 0d:00h:03m:09s Gi1/0/24
140
Cisco#show vlan name test
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
220 test active Gi1/0/4, Gi1/0/5
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
220 enet 100220 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
141
Chapter 10 MSTP
Developed based on the IEEE 802.1s standard, Multiple Spanning Tree Protocol (MSTP) overcomes the
limitations of STP and RSTP. In addition to support for rapid network convergence, it allows data flows
of different VLANs to be forwarded along separate paths, providing a better load-sharing mechanism
for redundant links.
MSTP uses multiple spanning tree instances with separate forwarding topologies. Each instance is
composed of one or more VLANs, which significantly improves network link utilization and the speed of
reconvergence after a failure in the network’s physical topology. However, MSTP requires more
configuration overhead and is more susceptible to dropped traffic due to misconfiguration.
This chapter compares the commands to configure Multiple Spanning Tree Protocol (MSTP). The four
operating systems implement MSTP differently:
ArubaOS-Switch uses MSTP as the default STP version. MSTP is not enabled by default. When
MSTP is enabled, all ports are auto-edge-ports.
Cisco uses Per-VLAN Spanning Tree Plus (PVST+) as the default STP version and it is enabled by
default. If you enable MSTP, all ports are non-edge ports.
MSTP CLI Comparison
ArubaOS-CX-
Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration
commands
spanning-tree
spanning-tree
stp region-
configuration
spanning-tree mode mst
region-name ArubaOS-
Switch-Comware-Cisco
spanning-tree mst
configuration
spanning-tree
mode mstp
spanning-tree config-
name ArubaOS-Switch-
Comware-Cisco
revision-level 1
name ArubaOS-Switch-
Comware-Cisco
spanning-tree
config-name
MST0
spanning-tree
config-revision
40
spanning-tree config-
revision 1
instance 1 vlan 220
revision 1
spanning-tree
instance 1 vlan
1
spanning-tree
instance 1 vlan 220
instance 2 vlan 100
instance 1 vlan 220
spanning-tree
instance 2 vlan
100
spanning-tree
instance 2 vlan 100
instance 3 vlan 240
instance 2 vlan 100
spanning-tree
instance 3 vlan
240
spanning-tree
instance 3 vlan 240
active region-
configuration
instance 3 vlan 240
142
spanning-tree
priority 1
spanning-tree
priority 2
stp priority 16384
spanning-tree mst 0
priority 20480
spanning-tree
instance 2
priority 2
spanning-tree
instance 1 priority 3
spanning-tree mst 1
priority 16384
spanning-tree
instance 2
priority 4
spanning-tree
instance 2 priority 4
spanning-tree mst 2
priority 12288
spanning-tree
instance 3
priority 5
spanning-tree
instance 3 priority 5
spanning-tree mst 3
priority 8192
interface g1/0/9
stp edged-port
stp cost 10000
stp port priority
160
stp instance 1
cost 10000
stp instance 1
port priority 160
Interface gi1/0/1
spanning-tree < cost |
guard | link-type | mst |
port-prority | port-fast >
Show/display
commands
show spanning-
tree
show spanning-tree
display stp
show spanning-tree
display stp brief
show spanning-tree mst
show spanning-
tree mst-config
show spanning-
tree mst <0-64>
detail
show spanning-tree
mst-config
show spanning-tree mst
configuration
show spanning-tree
instance ist
show spanning-tree mst 0
show spanning-
tree detail
show spanning-tree
instance detail
show spanning-tree mst 1
MSTP CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# spanning-tree
config-name Set the MST region configuration name
config-revision Set the MST region configuration revision number
extend-system-id Enables the extended system-id functionality.
forward-delay Set the forward delay for the Multiple spanning tree
hello-time Set the hello interval for the Multiple spanning tree
ignore-pvid-inconsistency Ignore PVID inconsistencies and allow, RPVST to run on
mismatched links.
instance Create, delete or configure an MST instance
143
max-age Set the max age interval for the Multiple spanning tree
max-hops Set the max hops value for the Multiple spanning tree
mode Specify the spanning-tree mode
pathcost-type Specify the path cost type.
priority Set the device priority multiplier. This value will be
multiplied by 4096
transmit-hold-count Sets the transmit hold count performance parameter in pps
trap Enable STP/MSTP traps
vlan VLAN configuration
<cr>
ArubaOS-CX-Switch(config)# spanning-tree
ArubaOS-CX-Switch(config)# spanning-tree mode
mstp Multiple spanning tree mode
rpvst Rapid PVST mode
ArubaOS-CX-Switch(config)# spanning-tree mode mstp
<cr>
ArubaOS-CX-Switch(config)# spanning-tree priority
<0-15> Enter an integer number (Default: 8)
ArubaOS-CX-Switch(config)# spanning-tree priority 1
<cr>
ArubaOS-CX-Switch(config)# spanning-tree priority 1
ArubaOS-CX-Switch(config)# spanning-tree instance
<1-64> Enter an integer number
ArubaOS-CX-Switch(config)# spanning-tree instance 2
priority Set the device priority for MST instance. This value will be multiplied by 4096
vlan VLAN configuration
ArubaOS-CX-Switch(config)# spanning-tree instance 2 priority
<0-15> Enter an integer number (Default: 8)
ArubaOS-CX-Switch(config)# spanning-tree instance 2 priority 2
<cr>
ArubaOS-CX-Switch(config)# spanning-tree instance 2 priority 2
ArubaOS-CX-Switch(config)# int 1/1/1
ArubaOS-CX-Switch(config-if)# spanning-tree
ArubaOS-CX-Switch(config)# spanning-tree
config-name Set the MST region configuration name
config-revision Set the MST region configuration revision number
extend-system-id Enables the extended system-id functionality.
forward-delay Set the forward delay for the Multiple spanning tree
hello-time Set the hello interval for the Multiple spanning tree
ignore-pvid-inconsistency Ignore PVID inconsistencies and allow, RPVST to run on
mismatched links.
instance Create, delete or configure an MST instance
max-age Set the max age interval for the Multiple spanning tree
max-hops Set the max hops value for the Multiple spanning tree
mode Specify the spanning-tree mode
pathcost-type Specify the path cost type.
priority Set the device priority multiplier. This value will be
multiplied by 4096
transmit-hold-count Sets the transmit hold count performance parameter in pps
trap Enable STP/MSTP traps
144
vlan VLAN configuration
<cr>
ArubaOS-CX-Switch(config)# do show spanning-tree
detail Show detailed spanning tree information.
mst Show multiple spanning trees information.
mst-config Show multiple spanning tree region configuration.
summary Summary of RPVST information
vlan VLAN configuration
<cr>
ArubaOS-CX-Switch(config)# do show spanning-tree
Spanning tree status : Enabled Protocol: MSTP
MST0
Root ID Priority : 4096
MAC-Address: f4:03:43:7f:ad:00
This bridge is the root
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Bridge ID Priority : 4096
MAC-Address: f4:03:43:7f:ad:00
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type
------------ -------------- ------------ ------- ---------- ----------
lag1 Disabled Blocking 20000 64 point_to_point
ArubaOS-CX-Switch(config)# do show spanning-tree mst-config
MST configuration information
MST config ID : f4:03:43:7f:ad:00
MST config revision : 0
MST config digest : AC36177F50283CD4B83821D8AB26DE62
Number of instances : 0
Instance ID Member VLANs
--------------- ----------------------------------
0 1-4094
ArubaOS-CX-Switch(config)# do show spanning-tree detail
Spanning tree status : Enabled Protocol: MSTP
MST0
Root ID Priority : 4096
MAC-Address: f4:03:43:7f:ad:00
This bridge is the root
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Bridge ID Priority : 4096
MAC-Address: f4:03:43:7f:ad:00
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type
------------ -------------- ------------ ------- ---------- ----------
lag1 Disabled Blocking 20000 64 point_to_point
Topology change flag : False
Number of topology changes : 0
Last topology change occurred : 2958 seconds ago
145
Timers: Hello expiry 0 , Forward delay expiry 0
Port lag1
Designated root has priority :4096 Address: f4:03:43:7f:ad:00
Designated bridge has priority :4096 Address: f4:03:43:7f:ad:00
Designated port :321
Number of transitions to forwarding state : 0
Bpdus sent 0, received 0
ArubaOS-CX-Switch(config)# spanning-tree forward-delay 6
ArubaOS-CX-Switch(config)# spanning-tree hello-time 6
ArubaOS-CX-Switch(config)# spanning-tree transmit-hold-count 5
ArubaOS-Switch
ArubaOS-Switch(config)# spanning-tree ?
bpdu-protection-ti... Set the time for protected ports to be in down state after
receiving unauthorized BPDUs.
bpdu-throttle Configure BPDU throttling on the device.
clear-debug-counters Clear spanning tree debug counters.
config-name Set the MST region configuration name (default is switch's MAC
address).
config-revision Set the MST region configuration revision number (default is 0).
enable Enable spanning-tree.
disable Disable spanning-tree.
extend Enable the extended system ID feature.
force-version Set Spanning Tree protocol compatibility mode.
forward-delay Set time the switch waits between transitioning from listening to
learning and from learning to forwarding states. Not applicable in
RPVST mode.
hello-time Set time between messages transmission when the switch is root.
Not applicable in RPVST mode.
ignore-pvid-incons... Ignore PVID inconsistencies, allowing Rapid PVST to run on
mismatched links.
instance Create, delete or configure an MST instance.
legacy-mode Set spanning-tree protocol to operate either in 802.1D legacy mode
or in 802.1s native mode.
legacy-path-cost [Deprecated] Set 802.1D (legacy) or 802.1t (current) default
pathcost values.
log Enable event logging for port state transition information.
max-hops Set the max number of hops in a region before the MST BPDU is
discarded and the information held for a port is aged (default is
20).
maximum-age Set maximum age of received STP information before it is
discarded. Not applicable in RPVST mode.
mode Specify spanning-tree mode.
pathcost Specify a standard to use when calculating the default pathcost.
pending Manipulate pending MSTP configuration.
port Configure port specific RPVST parameters for the specified VLANs.
[ethernet] PORT-LIST Configure the port-specific parameters of the spanning tree
protocol for individual ports.
priority Set the device STP priority (the value is in range of 0-61440
divided into steps of 4096 that are numbered from 0 to 15, default
is step 8). Not applicable in RPVST mode.
root Configure root for STP.
trap Enable/disable STP/MSTP/RPVST traps.
vlan Specify RPVST VLAN specific parameters.
<cr>
ArubaOS-Switch(config)# spanning-tree
ArubaOS-Switch(config)# spanning-tree config-name ArubaOS-Switch-Comware-Cisco
146
ArubaOS-Switch(config)# spanning-tree config-revision 1
ArubaOS-Switch(config)# spanning-tree instance 1 vlan 220
ArubaOS-Switch(config)# spanning-tree instance 2 vlan 100
ArubaOS-Switch(config)# spanning-tree instance 3 vlan 240
ArubaOS-Switch(config)# spanning-tree priority 2
(note - multiplier is 4096, default setting is 8)
ArubaOS-Switch(config)# spanning-tree instance 1 priority 3
(note - multiplier is 4096, default setting is 8)
ArubaOS-Switch(config)# spanning-tree instance 2 priority 4
(note - multiplier is 4096, default setting is 8)
ArubaOS-Switch(config)# spanning-tree instance 3 priority 5
(note - multiplier is 4096, default setting is 8)
ArubaOS-Switch(config)# spanning-tree 9 ?
admin-edge-port Set the administrative edge port status.
auto-edge-port Set the automatic edge port detection.
bpdu-filter Stop a specific port or ports from transmitting BPDUs, receiving
BPDUs, and assume a continuous fowarding state.
bpdu-protection Disable the specific port or ports if the port(s) receives STP
BPDUs.
hello-time Set message transmission interval (in sec.) on the port. Not
applicable in RPVST mode.
loop-guard Set port to guard against the loop and consequently to prevent it
from becoming Forwarding Port.
mcheck Force the port to transmit RST BPDUs. Not applicable in RPVST
mode.
path-cost Set port's path cost value. Not applicable in RPVST mode.
point-to-point-mac Set the administrative point-to-point status.
priority Set port priority (the value is in range of 0-240 divided into
steps of 16 that are numbered from 0 to 15, default is step 8).
Not applicable in RPVST mode.
pvst-filter Stop a specific port or ports from receiving and retransmitting
PVST BPDUs. Not applicable in RPVST mode.
pvst-protection Disable the specific port or ports if the port(s) receives PVST
BPDUs. Not applicable in RPVST mode.
root-guard Set port to ignore superior BPDUs to prevent it from becoming Root
Port.
tcn-guard Set port to stop propagating received topology changes
notifications and topology changes to other ports.
ArubaOS-Switch(config)# spanning-tree 9 admin-edge-port
ArubaOS-Switch(config)# spanning-tree 9 path-cost 10000
ArubaOS-Switch(config)# spanning-tree 9 priority 10
(note - multiplier is 16, default setting is 8)
ArubaOS-Switch(config)# spanning-tree instance 1 9 path-cost 10000
ArubaOS-Switch(config)# spanning-tree instance 1 9 priority 10
(note - multiplier is 16, default setting is 8)
ArubaOS-Switch# show spanning-tree ?
147
bpdu-protection Show spanning tree BPDU protection status information.
bpdu-throttle Displays the configured throttle value.
config Show spanning tree configuration information.
debug-counters Show spanning tree debug counters information.
detail Show spanning tree extended details Port, Bridge, Rx, and Tx
report.
inconsistent-ports Show information about inconsistent ports blocked by spanning tree
protection functions.
instance Show the spanning tree instance information.
mst-config Show multiple spanning tree region configuration.
pending Show spanning tree pending configuration.
[ethernet] PORT-LIST Limit the port information printed to the set of the specified
ports.
port-role-change-h... Show the last 10 role change entries on a port in a VLAN/instance.
pvst-filter Show spanning tree PVST filter status information.
pvst-protection Show spanning tree PVST protection status information.
root-history Show spanning tree Root changes history information.
system-limits Show system limits for spanning-tree
topo-change-history Show spanning tree topology changes history information.
traps Show spanning tree trap information.
vlan Show VLAN information for RPVST.
<cr>
ArubaOS-Switch# show spanning-tree
Multiple Spanning Tree (MST) Information
STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-99,101-219,221-239,241-4094
Switch MAC Address : 009c02-d53980
Switch Priority : 8192
Max Age : 20
Max Hops : 20
Forward Delay : 15
Topology Change Count : 69
Time Since Last Change : 6 mins
CST Root MAC Address : 009c02-d53980
CST Root Priority : 8192
CST Root Path Cost : 0
CST Root Port : This switch is root
IST Regional Root MAC Address : 009c02-d53980
IST Regional Root Priority : 8192
IST Regional Root Path Cost : 0
IST Remaining Hops : 20
Root Guard Ports :
Loop Guard Ports :
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :
Root Inconsistent Ports :
Loop Inconsistent Ports :
| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
------ --------- + --------- ---- ------------ + ------------- ---- --- ----
148
1 100/1000T | 20000 128 Forwarding | 009c02-d53980 2 Yes No
2 100/1000T | Auto 128 Disabled | 2 Yes No
3 100/1000T | Auto 128 Disabled | 2 Yes No
4 100/1000T | 10000 96 Disabled | 2 Yes Yes
5 100/1000T | 20000 128 Forwarding | 009c02-d53980 2 Yes Yes
6 100/1000T | Auto 128 Disabled | 2 Yes No
7 100/1000T | Auto 128 Disabled | 2 Yes No
8 100/1000T | Auto 128 Disabled | 2 Yes No
9 100/1000T | 10000 160 Forwarding | 009c02-d53980 2 Yes Yes
10 100/1000T | Auto 128 Disabled | 2 Yes No
11 100/1000T | 20000 128 Forwarding | 009c02-d53980 2 Yes No
12 100/1000T | Auto 128 Disabled | 2 Yes No
13 100/1000T | 20000 128 Forwarding | 009c02-d53980 2 Yes No
14 100/1000T | Auto 128 Disabled | 2 Yes No
15 100/1000T | 20000 128 Forwarding | 009c02-d53980 2 Yes No
16 100/1000T | Auto 128 Disabled | 2 Yes No
17 100/1000T | Auto 128 Disabled | 2 Yes No
18 100/1000T | Auto 128 Disabled | 2 Yes No
25 | Auto 128 Disabled | 2 Yes No
26 | Auto 128 Disabled | 2 Yes No
Trk1 | Auto 64 Disabled | 2 Yes No
Trk2 | Auto 64 Disabled | 2 Yes No
Trk3 | Auto 64 Disabled | 2 Yes No
ArubaOS-Switch# show spanning-tree mst-config
MST Configuration Identifier Information
MST Configuration Name : ArubaOS-Switch-Comware-Cisco
MST Configuration Revision : 1
MST Configuration Digest : 0xCEE7F8D6E076E3201F92550CB1D2CB92
IST Mapped VLANs : 1-99,101-219,221-239,241-4094
Instance ID Mapped VLANs
----------- ---------------------------------------------------------
1 220
2 100
3 240
ArubaOS-Switch# show spanning-tree instance ist
IST Instance Information
Instance ID : 0
Mapped VLANs : 1-99,101-219,221-239,241-4094
Switch Priority : 8192
Topology Change Count : 0
Time Since Last Change : 9 mins
Regional Root MAC Address : 009c02-d53980
Regional Root Priority : 8192
Regional Root Path Cost : 0
Regional Root Port : This switch is root
Remaining Hops : 20
Root Inconsistent Ports :
Loop Inconsistent Ports :
Designated
149
Port Type Cost Priority Role State Bridge
----- --------- --------- -------- ---------- ------------ --------------
1 100/1000T 20000 128 Designated Forwarding 009c02-d53980
2 100/1000T Auto 128 Disabled Disabled
3 100/1000T Auto 128 Disabled Disabled
4 100/1000T Auto 96 Disabled Disabled
5 100/1000T 20000 128 Designated Forwarding 009c02-d53980
6 100/1000T Auto 128 Disabled Disabled
7 100/1000T Auto 128 Disabled Disabled
8 100/1000T Auto 128 Disabled Disabled
9 100/1000T 20000 160 Designated Forwarding 009c02-d53980
10 100/1000T Auto 128 Disabled Disabled
11 100/1000T 20000 128 Designated Forwarding 009c02-d53980
12 100/1000T Auto 128 Disabled Disabled
13 100/1000T 20000 128 Designated Forwarding 009c02-d53980
14 100/1000T Auto 128 Disabled Disabled
15 100/1000T 20000 128 Designated Forwarding 009c02-d53980
16 100/1000T Auto 128 Disabled Disabled
17 100/1000T Auto 128 Disabled Disabled
18 100/1000T Auto 128 Disabled Disabled
25 Auto 128 Disabled Disabled
26 Auto 128 Disabled Disabled
Trk1 Auto 64 Disabled Disabled
Trk2 Auto 64 Disabled Disabled
Trk3 Auto 64 Disabled Disabled
ArubaOS-Switch# show spanning-tree instance 1
MST Instance Information
Instance ID : 1
Mapped VLANs : 220
Switch Priority : 12288
Topology Change Count : 62
Time Since Last Change : 9 mins
Regional Root MAC Address : 002389-d5a059
Regional Root Priority : 8192
Regional Root Path Cost : 20000
Regional Root Port : 11
Remaining Hops : 19
Root Inconsistent Ports :
Loop Inconsistent Ports :
Designated
Port Type Cost Priority Role State Bridge
----- --------- --------- -------- ---------- ------------ --------------
1 100/1000T 20000 128 Designated Forwarding 009c02-d53980
2 100/1000T Auto 128 Disabled Disabled
3 100/1000T Auto 128 Disabled Disabled
4 100/1000T Auto 128 Disabled Disabled
5 100/1000T 20000 128 Designated Forwarding 009c02-d53980
6 100/1000T Auto 128 Disabled Disabled
7 100/1000T Auto 128 Disabled Disabled
8 100/1000T Auto 128 Disabled Disabled
9 100/1000T 20000 160 Designated Forwarding 009c02-d53980
10 100/1000T Auto 128 Disabled Disabled
11 100/1000T 20000 128 Root Forwarding 002389-d5a059
12 100/1000T Auto 128 Disabled Disabled
13 100/1000T 20000 128 Designated Forwarding 009c02-d53980
150
14 100/1000T Auto 128 Disabled Disabled
15 100/1000T 20000 128 Designated Forwarding 009c02-d53980
16 100/1000T Auto 128 Disabled Disabled
17 100/1000T Auto 128 Disabled Disabled
18 100/1000T Auto 128 Disabled Disabled
25 Auto 128 Disabled Disabled
26 Auto 128 Disabled Disabled
Trk1 Auto 64 Disabled Disabled
Trk2 Auto 64 Disabled Disabled
Trk3 Auto 64 Disabled Disabled
Comware7
[Comware7]stp ?
bpdu-protection Specify BPDU protection function
bridge-diameter Specify bridge diameter
global Specify global parameter
instance Specify the spanning tree instance list
max-hops Specify max hops
mode Specify state machine mode
pathcost-standard Specify port path cost standard
port-log Specify port status logging
priority Specify bridge priority
region-configuration Enter MSTP region view
root Specify root switch
tc-protection Specify TC protection function
tc-snooping Specify TC snooping
timer Specify timer configuration
timer-factor Specify aged out time factor
vlan Specify the VLAN list
[Comware7]stp region-configuration
[Comware7-mst-region]?
Mst-region view commands:
active Active region configuration
cfd Connectivity Fault Detection (CFD) module
check Check the reg-configuration under-construction
diagnostic-logfile Diagnostic log file configuration
display Display current system information
instance Specify the spanning tree instance list
logfile Log file configuration
monitor System monitor
ping Ping function
quit Exit from current command view
region-name Specify region name
return Exit to User View
revision-level Specify revision level
save Save current configuration
security-logfile Security log file configuration
tracert Tracert function
undo Cancel current setting
vlan-mapping VLAN mapping
[Comware7-mst-region]region-name ArubaOS-Switch-Comware-Cisco
[Comware7-mst-region]revision-level 1
[Comware7-mst-region]instance 1 vlan 220
[Comware7-mst-region]instance 2 vlan 100
[Comware7-mst-region]instance 3 vlan 240
151
[Comware7-mst-region]active region-configuration
[Comware7]stp priority 16384
(note - increments of 4096, default setting is 32768)
[Comware7]stp instance 1 priority 20480
(note – in steps of 4096, default setting is 32768)
[Comware7]stp instance 2 priority 8192
(note – in steps of 4096, default setting is 32768)
[Comware7]stp instance 3 priority 12288
(note – in steps of 4096, default setting is 32768)
[Comware7]interface g1/0/9
[Comware7-GigabitEthernet1/0/9]stp ?
compliance Specify MST BPDU Format
config-digest-snooping Specify configuration digest snooping
cost Specify port path cost
edged-port Specify edge port
enable Enable STP
instance Specify the spanning tree instance list
loop-protection Specify loop protection
mcheck Specify mcheck
no-agreement-check Specify port ignore agreement information
point-to-point Specify point to point link
port Specify port parameter
role-restriction Forbid the port to be a root port
root-protection Specify root protection
tc-restriction Restrict propagation of TC message
transmit-limit Specify transmission limit count
vlan Specify the VLAN list
[Comware7-GigabitEthernet1/0/9]stp edged-port
[Comware7-GigabitEthernet1/0/9]stp cost 10000
[Comware7-GigabitEthernet1/0/9]stp port priority 160
(note – in steps of 16, default setting is 128)
[Comware7-GigabitEthernet1/0/9]stp instance 1 cost 10000
[Comware7-GigabitEthernet1/0/9]stp instance 1 port priority 160
(note – in steps of 16, default setting is 128)
[Comware7]display stp ?
> Redirect it to a file
>> Redirect it to a file in append mode
abnormal-port Display abnormal ports
bpdu-statistics BPDU statistics
brief Brief information
down-port Port information of protocol down
history History of port roles
instance Specify the spanning tree instance list
interface Specify interface
region-configuration Region configuration
root Display status and configuration of the root bridge
slot Specify the slot number
tc Port TC count
vlan Specify the VLAN list
| Matching output
152
<cr>
[Comware7]display stp
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 16384.cc3e-5f73-bacb
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 8192.009c-02d5-3980, 0
RegRoot ID/IRPC : 8192.009c-02d5-3980, 20
RootPort ID : 128.6
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Disabled
TC or TCN received : 68
Time since last TC : 0 days 0h:29m:41s
...
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Root Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 8192.009c-02d5-3980, 128.13
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Disabled
Rapid transition : True
Num of VLANs mapped : 1
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 2745
TCN: 0, Config: 0, RST: 3, MST: 2742
BPDU received : 5273
TCN: 0, Config: 0, RST: 1426, MST: 3847
...
----[Port9(GigabitEthernet1/0/9)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 160.9
Port cost(Legacy) : Config=10000, Active=10000
Desg.bridge/port : 16384.cc3e-5f73-bacb, 160.9
Port edged : Config=enabled, Active=enabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Disabled
Rapid transition : True
Num of VLANs mapped : 0
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 19
BPDU sent : 5604
TCN: 0, Config: 0, RST: 876, MST: 4728
BPDU received : 0
TCN: 0, Config: 0, RST: 0, MST: 0
...
-------[MSTI 1 Global Info]-------
Bridge ID : 20480.cc3e-5f73-bacb
153
RegRoot ID/IRPC : 8192.0023-89d5-a059, 20020
RootPort ID : 128.6
Master bridge : 8192.009c-02d5-3980
Cost to master : 20
TC received : 0
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Root Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 12288.009c-02d5-3980, 128.13
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 19
-------[MSTI 2 Global Info]-------
Bridge ID : 8192.cc3e-5f73-bacb
RegRoot ID/IRPC : 8192.cc3e-5f73-bacb, 0
RootPort ID : 0.0
Master bridge : 8192.009c-02d5-3980
Cost to master : 20
TC received : 0
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 8192.cc3e-5f73-bacb, 128.6
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 20
----[Port9(GigabitEthernet1/0/9)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 128.9
Port cost(Legacy) : Config=auto, Active=200
Desg.bridge/port : 8192.cc3e-5f73-bacb, 128.9
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 20
-------[MSTI 3 Global Info]-------
Bridge ID : 12288.cc3e-5f73-bacb
RegRoot ID/IRPC : 8192.0022-91ab-4380, 20020
RootPort ID : 128.6
Master bridge : 8192.009c-02d5-3980
Cost to master : 20
TC received : 0
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Root Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 20480.009c-02d5-3980, 128.13
Protection type : Config=none, Active=none
Rapid transition : True
154
Num of VLANs mapped : 1
Port times : RemHops 19
[Comware7]display stp brief
MST ID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/6 ROOT FORWARDING NONE
0 GigabitEthernet1/0/9 DESI FORWARDING NONE
1 GigabitEthernet1/0/6 ROOT FORWARDING NONE
2 GigabitEthernet1/0/6 DESI FORWARDING NONE
2 GigabitEthernet1/0/9 DESI FORWARDING NONE
3 GigabitEthernet1/0/6 ROOT FORWARDING NONE
[Comware7]display stp region-configuration
Oper Configuration
Format selector : 0
Region name : ArubaOS-Switch-Comware-Cisco
Revision level : 1
Configuration digest : 0xcee7f8d6e076e3201f92550cb1d2cb92
Instance VLANs Mapped
0 1 to 99, 101 to 219, 221 to 239, 241 to 4094
1 220
2 100
3 240
[Comware7]display stp instance 0
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 16384.cc3e-5f73-bacb
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 8192.009c-02d5-3980, 0
RegRoot ID/IRPC : 8192.009c-02d5-3980, 20
RootPort ID : 128.6
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Disabled
TC or TCN received : 68
Time since last TC : 0 days 0h:34m:59s
...
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Root Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 8192.009c-02d5-3980, 128.13
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Disabled
Rapid transition : True
Num of VLANs mapped : 1
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 2904
TCN: 0, Config: 0, RST: 3, MST: 2901
BPDU received : 5431
155
TCN: 0, Config: 0, RST: 1426, MST: 4005
...
----[Port9(GigabitEthernet1/0/9)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 160.9
Port cost(Legacy) : Config=10000, Active=10000
Desg.bridge/port : 16384.cc3e-5f73-bacb, 160.9
Port edged : Config=enabled, Active=enabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Disabled
Rapid transition : True
Num of VLANs mapped : 0
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 19
BPDU sent : 5763
TCN: 0, Config: 0, RST: 876, MST: 4887
BPDU received : 0
TCN: 0, Config: 0, RST: 0, MST: 0
...
[Comware7]display stp instance 1
-------[MSTI 1 Global Info]-------
Bridge ID : 20480.cc3e-5f73-bacb
RegRoot ID/IRPC : 8192.0023-89d5-a059, 20020
RootPort ID : 128.6
Master bridge : 8192.009c-02d5-3980
Cost to master : 20
TC received : 0
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Root Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 12288.009c-02d5-3980, 128.13
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 19
[Comware7]display stp instance 2
-------[MSTI 2 Global Info]-------
Bridge ID : 8192.cc3e-5f73-bacb
RegRoot ID/IRPC : 8192.cc3e-5f73-bacb, 0
RootPort ID : 0.0
Master bridge : 8192.009c-02d5-3980
Cost to master : 20
TC received : 0
----[Port6(GigabitEthernet1/0/6)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 128.6
Port cost(Legacy) : Config=auto, Active=20
Desg.bridge/port : 8192.cc3e-5f73-bacb, 128.6
156
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 20
----[Port9(GigabitEthernet1/0/9)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 128.9
Port cost(Legacy) : Config=auto, Active=200
Desg.bridge/port : 8192.cc3e-5f73-bacb, 128.9
Protection type : Config=none, Active=none
Rapid transition : True
Num of VLANs mapped : 1
Port times : RemHops 20
Cisco
Cisco(config)#spanning-tree ?
backbonefast Enable BackboneFast Feature
etherchannel Spanning tree etherchannel specific configuration
extend Spanning Tree 802.1t extensions
logging Enable Spanning tree logging
loopguard Spanning tree loopguard options
mode Spanning tree operating mode
mst Multiple spanning tree configuration
pathcost Spanning tree pathcost options
portfast Spanning tree portfast options
transmit STP transmit parameters
uplinkfast Enable UplinkFast Feature
vlan VLAN Switch Spanning Tree
Cisco(config)#spanning-tree mode ?
mst Multiple spanning tree mode
pvst Per-Vlan spanning tree mode
rapid-pvst Per-Vlan rapid spanning tree mode
Cisco(config)#spanning-tree mode mst
Cisco(config)#spanning-tree mst configuration
Cisco(config-mst)#?
abort Exit region configuration mode, aborting changes
exit Exit region configuration mode, applying changes
instance Map vlans to an MST instance
name Set configuration name
no Negate a command or set its defaults
private-vlan Set private-vlan synchronization
revision Set configuration revision number
show Display region configurations
Cisco(config-mst)#name ArubaOS-Switch-Comware-Cisco
Cisco(config-mst)#revision 1
Cisco(config-mst)# instance 1 vlan 220
Cisco(config-mst)# instance 2 vlan 100
Cisco(config-mst)# instance 3 vlan 240
Cisco(config)#spanning-tree mst 0 priority 20480
(note - increments of 4096, default setting is 32768)
157
Cisco(config)#spanning-tree mst 1 priority 16384
(note - increments of 4096, default setting is 32768)
Cisco(config)#spanning-tree mst 2 priority 12288
(note - increments of 4096, default setting is 32768)
Cisco(config)#spanning-tree mst 3 priority 8192
(note - increments of 4096, default setting is 32768)
Cisco(config)#interface g1/0/9
Cisco(config-if)#spanning-tree ?
bpdufilter Don't send or receive BPDUs on this interface
bpduguard Don't accept BPDUs on this interface
cost Change an interface's spanning tree port path cost
guard Change an interface's spanning tree guard mode
link-type Specify a link type for spanning tree protocol use
mst Multiple spanning tree
port-priority Change an interface's spanning tree port priority
portfast Enable an interface to move directly to forwarding on link up
stack-port Enable stack port
vlan VLAN Switch Spanning Tree
Cisco(config-if)#spanning-tree portfast
Cisco(config-if)#spanning-tree cost 10000
Cisco(config-if)#spanning-tree port-priority 160
(note - increments of 16, default setting is 128)
Cisco(config-if)#spanning-tree mst 1 cost 10000
Cisco(config-if)#spanning-tree mst 1 port-priority 160
(note - increments of 16, default setting is 128)
Cisco#show spanning-tree ?
active Report on active interfaces only
backbonefast Show spanning tree backbonefast status
blockedports Show blocked ports
bridge Status and configuration of this bridge
detail Detailed information
inconsistentports Show inconsistent ports
interface Spanning Tree interface status and configuration
mst Multiple spanning trees
pathcost Show Spanning pathcost options
root Status and configuration of the root bridge
summary Summary of port states
uplinkfast Show spanning tree uplinkfast status
vlan VLAN Switch Spanning Trees
| Output modifiers
<cr>
Cisco#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 8192
Address 009c.02d5.3980
Cost 0
Port 6 (GigabitEthernet1/0/6)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
158
Bridge ID Priority 20480 (priority 20480 sys-id-ext 0)
Address 0022.91ab.4380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 20000 128.1 P2p
Gi1/0/6 Root FWD 20000 128.6 P2p
Gi1/0/9 Desg FWD 10000 160.9 P2p Edge
MST1
Spanning tree enabled protocol mstp
Root ID Priority 8193
Address 0023.89d5.a059
Cost 40000
Port 6 (GigabitEthernet1/0/6)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 16385 (priority 16384 sys-id-ext 1)
Address 0022.91ab.4380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Root FWD 20000 128.6 P2p
MST2
Spanning tree enabled protocol mstp
Root ID Priority 8194
Address cc3e.5f73.bacb
Cost 40000
Port 6 (GigabitEthernet1/0/6)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 12290 (priority 12288 sys-id-ext 2)
Address 0022.91ab.4380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Root FWD 20000 128.6 P2p
Gi1/0/9 Desg FWD 10000 160.9 P2p Edge
MST3
Spanning tree enabled protocol mstp
Root ID Priority 8195
Address 0022.91ab.4380
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8195 (priority 8192 sys-id-ext 3)
Address 0022.91ab.4380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
159
Gi1/0/6 Desg FWD 20000 128.6 P2p
Cisco#show spanning-tree mst
##### MST0 vlans mapped: 1-99,101-219,221-239,241-4094
Bridge address 0022.91ab.4380 priority 20480 (20480 sysid 0)
Root address 009c.02d5.3980 priority 8192 (8192 sysid 0)
port Gi1/0/6 path cost 0
Regional Root address 009c.02d5.3980 priority 8192 (8192 sysid 0)
internal cost 20000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 20000 128.1 P2p
Gi1/0/6 Root FWD 20000 128.6 P2p
Gi1/0/9 Desg FWD 10000 160.9 P2p Edge
##### MST1 vlans mapped: 220
Bridge address 0022.91ab.4380 priority 16385 (16384 sysid 1)
Root address 0023.89d5.a059 priority 8193 (8192 sysid 1)
port Gi1/0/6 cost 40000 rem hops 18
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Root FWD 20000 128.6 P2p
##### MST2 vlans mapped: 100
Bridge address 0022.91ab.4380 priority 12290 (12288 sysid 2)
Root address cc3e.5f73.bacb priority 8194 (8192 sysid 2)
port Gi1/0/6 cost 40000 rem hops 18
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Root FWD 20000 128.6 P2p
Gi1/0/9 Desg FWD 10000 160.9 P2p Edge
##### MST3 vlans mapped: 240
Bridge address 0022.91ab.4380 priority 8195 (8192 sysid 3)
Root this switch for MST3
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Desg FWD 20000 128.6 P2p
Cisco#show spanning-tree mst configuration
Name [ArubaOS-Switch-Comware-Cisco]
Revision 1 Instances configured 4
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-99,101-219,221-239,241-4094
1 220
2 100
3 240
-------------------------------------------------------------------------------
Cisco#show spanning-tree mst 0
160
##### MST0 vlans mapped: 1-99,101-219,221-239,241-4094
Bridge address 0022.91ab.4380 priority 20480 (20480 sysid 0)
Root address 009c.02d5.3980 priority 8192 (8192 sysid 0)
port Gi1/0/6 path cost 0
Regional Root address 009c.02d5.3980 priority 8192 (8192 sysid 0)
internal cost 20000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 20000 128.1 P2p
Gi1/0/6 Root FWD 20000 128.6 P2p
Gi1/0/9 Desg FWD 10000 160.9 P2p Edge
Cisco#show spanning-tree mst 1
##### MST1 vlans mapped: 220
Bridge address 0022.91ab.4380 priority 16385 (16384 sysid 1)
Root address 0023.89d5.a059 priority 8193 (8192 sysid 1)
port Gi1/0/6 cost 40000 rem hops 18
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Root FWD 20000 128.6 P2p
Cisco#show spanning-tree mst 3
##### MST3 vlans mapped: 240
Bridge address 0022.91ab.4380 priority 8195 (8192 sysid 3)
Root this switch for MST3
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/6 Desg FWD 20000 128.6 P2p
161
Chapter 11 VRRP
This chapter compares the commands used to configure Virtual Router Redundancy Protocol (VRRP).
Cisco supports VRRP and Hot Standby Router Protocol (HSRP), HSRP is not compatible with VRRP.
In many networks, edge devices are often configured to send packets to a statically configured default
router. If this router becomes unavailable, the devices that use it as their first-hop router become
isolated from the network. VRRP, which is based on RFC 5798, uses dynamic failover to ensure the
availability of an end node’s default router. This is done by assigning the IP address used as the default
route to a “virtual router,” or VR.
On a given VLAN, a VR includes two or more member routers that you configure with a virtual IP
address that is the default gateway’s IP address. The VR includes an owner router assigned to forward
traffic designated for the virtual router (If the owner is forwarding traffic for the VR, it is the master
router for that VR) and one or more prioritized backup routers (If a backup is forwarding traffic for the
VR, it has replaced the owner as the master router for that VR.)
VRRP CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
router vrrp
disable
router vrrp enable
router vrrp
ipv4 enable
interface Vlan-
interface 100
interface vlan 2
vlan 220
vrrp vrid 100
virtual-ip 10.1.100.1
interface vlan 100
vlan 2
interface vlan 2
vrrp 2 address-
family ipv4
address 10.1.100.1
vrrp vrid 220
virtual-ip-address
10.1.220.1
vrrp vrid 100
priority 254
vrrp 100 ip 10.1.
100.1
priority 2
priority 254
vrrp version 2
vrrp 100 priority 100
vrrp 2 address-
family ipv4
no shutdown
enable
Show/display commands
do show vrrp
detail
show vrrp
display vrrp verbose
show vrrp
display vrrp
show vrrp brief
do show vrrp
statistics
show vrrp vlan 220
display vrrp
interface vlan 100
verbose
show vrrp interface
vlan 100
162
VRRP CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# router
bgp BGP specific commands
graceful-restart Configure graceful restart for routing process
ospf Configure OSPF or enter the OSPF configuration context
ospfv3 Configure OSPFv3 or enter the OSPFv3 configuration context.
pim Configure PIM, or enter PIM configuration context
vrrp VRRP information
ArubaOS-CX-Switch(config)# router vrrp
disable Disable VRRP
enable Enable VRRP
ArubaOS-CX-Switch(config)# router vrrp disable
<cr>
ArubaOS-CX-Switch(config)# router vrrp disable
ArubaOS-CX-Switch(config)# router vrrp enable
<cr>
ArubaOS-CX-Switch(config)# router vrrp enable
ArubaOS-CX-Switch(config)# vlan 1-4094
ArubaOS-CX-Switch(config)# vlan 2
ArubaOS-CX-Switch(config-vlan-2)#
end End current mode and change to enable mode.
exit Exit current mode and change to previous mode
ip IP information
list Print command list
name VLAN ASCII String
no Negate a command or set its defaults
shutdown Disable the VLAN
ArubaOS-CX-Switch(config-vlan-2)# exit
ArubaOS-CX-Switch(config)# interface vlan 2
<cr>
ArubaOS-CX-Switch(config)# interface vlan 2
ArubaOS-CX-Switch(config-if-vlan)# vrrp
<1-255> VRRP virtual router ID between 1-255
ArubaOS-CX-Switch(config-if-vlan)# vrrp 2
address-family IP address family
ArubaOS-CX-Switch(config-if-vlan)# vrrp 2 address-family
ipv4 Address family IPv4
ipv6 Address family IPv6
ArubaOS-CX-Switch(config-if-vlan)# vrrp 2 address-family ipv
ipv4 Address family IPv4
ipv6 Address family IPv6
ArubaOS-CX-Switch(config-if-vlan)# vrrp 2 address-family ipv4
<cr>
163
ArubaOS-CX-Switch(config-if-vlan)# vrrp 2 address-family ipv4
ArubaOS-CX-Switch(config-if-vrrp)#
address VRRP virtual router address
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
list Print command list
no Negate a command or set its defaults
preempt VRRP virtual router preempt mode (default is enabled)
priority VRRP virtual router priority
shutdown Disable VRRP virtual router
timers VRRP timers
track Track information (supported for non-owner virtual router)
version VRRP virtual router version (default 2 for IPv4)
ArubaOS-CX-Switch(config-if-vrrp)# address
A.B.C.D IP information
A:B::C:D IPv6 information
ArubaOS-CX-Switch(config-if-vrrp)# address 10.0.02
primary Primary address
secondary Secondary address
ArubaOS-CX-Switch(config-if-vrrp)# address 10.0.0.2
primary Primary address
secondary Secondary address
ArubaOS-CX-Switch(config-if-vrrp)# address 10.0.0.2 primary
<cr>
ArubaOS-CX-Switch(config-if-vrrp)# address 10.0.0.2 primary
Specified address or subnet not found on the interface.
ArubaOS-CX-Switch(config-if-vrrp)# priority
<1-254> Specify VRRP virtual router priority
ArubaOS-CX-Switch(config-if-vrrp)# priority 2
<cr>
ArubaOS-CX-Switch(config-if-vrrp)# priority 2
ArubaOS-CX-Switch(config-if-vrrp)# no shutdown
Primary IP address is not configured on this interface vlan2
ArubaOS-CX-Switch(config-if-vrrp)# do show vrrp
<1-255> VRRP virtual router ID between 1-255
brief Brief information
detail Detail information
interface Interface information
ipv4 Address family IPv4
ipv6 Address family IPv6
statistics Statistics information
<cr>
ArubaOS-CX-Switch(config-if-vrrp)# do show vrrp detail
VRRP is enabled
Interface vlan2 - VRRPv2 Statistics
Invalid group ID packet received : 0
Invalid version packet received : 0
Invalid checksum packet received : 0
Interface vlan2 - VRRPv3 Statistics
164
Invalid group ID packet received : 0
Invalid version packet received : 0
Invalid checksum packet received : 0
Interface vlan2 - Group 2 - Address-Family IPv4
State is None
State duration
Virtual IP address is no address
Advertisement interval is 1000 msec
Version is 2
Preemption is enabled
min delay is 0 sec
Priority is 2
Master Router is unknown
Master Advertisement interval is 1000 msec
Master Down interval is 3992 msec
VRRPv3 Advertisements: sent 0(error 0) - rcvd 0
VRRPv2 Advertisements: sent 0(error 0) - rcvd 0
Group Discarded Packets: 0
IP address owner conflicts: 0
IP address configuration mismatch: 0
Advert interval errors: 0
Adverts received in Init state: 0
Invalid group other reason:0
Group State transition:
Init to master:0
Init to backup:0
Backup to master:0
Master to backup:0
Master to init:0
Backup to init:0
ArubaOS-CX-Switch(config-if-vrrp)# do show vrrp
<1-255> VRRP virtual router ID between 1-255
brief Brief information
detail Detail information
interface Interface information
ipv4 Address family IPv4
ipv6 Address family IPv6
statistics Statistics information
<cr>
ArubaOS-CX-Switch(config-if-vrrp)# do show vrrp statistics
VRRP is enabled
Interface vlan2 - VRRPv2 Statistics
Invalid group ID packet received : 0
Invalid version packet received : 0
Invalid checksum packet received : 0
Interface vlan2 - VRRPv3 Statistics
Invalid group ID packet received : 0
Invalid version packet received : 0
Invalid checksum packet received : 0
VRRP Statistics for interface vlan2 - Group 2 - Address-Family IPv4
State is INIT (Interface Down)
State duration
VRRPv3 Advertisements: sent 0(error 0) - rcvd 0
VRRPv2 Advertisements: sent 0(error 0) - rcvd 0
Group Discarded Packets: 0
IP address owner conflicts: 0
165
IP address configuration mismatch: 0
Advert interval errors: 0
Adverts received in Init state: 0
Invalid group other reason:0
Group State transition:
Init to master:0
Init to backup:0
Backup to master:0
Master to backup:0
Master to init:0
Backup to init:0
ArubaOS-CX-Switch(config)# track 1
ArubaOS-CX-Switch(config)# track by 1
ArubaOS-CX-Switch(config)# interface 1/1/1
ArubaOS-CX-Switch(config-if)# track by 1
ArubaOS-CX-Switch(config-if-vrrp)# version
version VRRP virtual router version (default 2 for IPv4)
ArubaOS-CX-Switch(config-if-vrrp)# version
<2-3> Specify VRRP virtual router version
ArubaOS-CX-Switch(config-if-vrrp)# version 3
ArubaOS-CX-Switch(config-if-vrrp)# timers advertise
<100-40950> Specify timer value in milliseconds
ArubaOS-CX-Switch(config-if-vrrp)# timers advertise 2000
<cr>
ArubaOS-Switch
ArubaOS-Switch(config)# router vrrp
ArubaOS-Switch(vrrp)# ?
ipv4 Configure VRRP for IPv4 virtual routers.
ipv6 Configure VRRP for IPv6 virtual routers.
traps Enable/disable sending SNMP traps for the following situations: o
'New Master' - Sent when the switch transitions to the 'Master'
state.
virtual-ip-ping If disabled, globally prevents a response to ping requests to the
virtual router IP addresses configured on all backup routers.
ArubaOS-Switch(vrrp)# ipv4 ?
disable Disable VRRP globally.
enable Enable VRRP globally.
ArubaOS-Switch(vrrp)# ipv4 enable
ArubaOS-Switch(vrrp)# vlan 220
ArubaOS-Switch(vlan-220)# vrrp vrid 220
ArubaOS-Switch(vlan-220-vrid-220)# virtual-ip-address 10.1.220.1
ArubaOS-Switch(vlan-220-vrid-220)# priority 254
166
ArubaOS-Switch(vlan-220-vrid-220)# enable
ArubaOS-Switch# show vrrp
VRRP Global Statistics Information
VRRP Enabled : Yes
Invalid VRID Pkts Rx : 0
Checksum Error Pkts Rx : 0
Bad Version Pkts Rx : 0
Virtual Routers Respond To Ping Requests : No
VRRP Virtual Router Statistics Information
Vlan ID : 220
Virtual Router ID : 220
Protocol Version : 2
State : Master
Up Time : 10 mins
Virtual MAC Address : 00005e-0001dc
Master's IP Address : 10.1.220.10
Associated IP Addr Count : 1 Near Failovers : 0
Advertise Pkts Rx : 13 Become Master : 2
Zero Priority Rx : 0 Zero Priority Tx : 0
Bad Length Pkts : 0 Bad Type Pkts : 0
Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : 0
Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts : 0
ArubaOS-Switch# show vrrp vlan 220
VRRP Virtual Router Statistics Information
Vlan ID : 220
Virtual Router ID : 220
Protocol Version : 2
State : Master
Up Time : 12 mins
Virtual MAC Address : 00005e-0001dc
Master's IP Address : 10.1.220.10
Associated IP Addr Count : 1 Near Failovers : 0
Advertise Pkts Rx : 13 Become Master : 2
Zero Priority Rx : 0 Zero Priority Tx : 0
Bad Length Pkts : 0 Bad Type Pkts : 0
Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : 0
Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts : 0
Comware7
[Comware7]interface Vlan-interface 100
[Comware7-Vlan-interface100]vrrp ?
check-ttl Enable TTL check on VRRP packets
dot1q Specify a VRRP control VLAN
ipv6 Specify IPv6 Virtual Router
version Specify version of VRRP
vrid Specify the virtual router by its identifier
[Comware7-Vlan-interface100]vrrp vrid ?
INTEGER<1-255> Virtual router identifier
[Comware7-Vlan-interface100]vrrp vrid 100 ?
167
authentication-mode Configure authentication mode and authentication key
preempt-mode Enable preemption on the router
priority Configure the priority of the router
shutdown Shut down the virtual router
source-interface Specify the source interface for the VRRP group
timer Configure the value of the timer
track Associate a track entry with the VRRP group to control
master switchover in the VRRP group according to the
state change of the track entry
virtual-ip Assign an virtual IP address to the virtual router
[Comware7-Vlan-interface100]vrrp vrid 100 virtual-ip 10.1.100.1 ?
<cr>
[Comware7-Vlan-interface100]vrrp vrid 100 virtual-ip 10.1.100.1
[Comware7-Vlan-interface100]vrrp vrid 100 priority ?
INTEGER<1-254> Priority value
[Comware7-Vlan-interface100]vrrp vrid 100 priority 254
[Comware7-Vlan-interface100]vrrp ?
check-ttl Enable TTL check on VRRP packets
dot1q Specify a VRRP control VLAN
ipv6 Specify IPv6 Virtual Router
version Specify version of VRRP
vrid Specify the virtual router by its identifier
[Comware7-Vlan-interface100]vrrp version ?
INTEGER<2-3> Version of VRRP
[Comware7-Vlan-interface100]vrrp version 2
[Comware7]display vrrp ?
> Redirect it to a file
>> Redirect it to a file in append mode
interface Specify the interface
ipv6 Specify IPv6 Virtual Router
statistics VRRP statistics
verbose Verbose information
| Matching output
<cr>
[Comware7]display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface100
VRID : 100 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 254 Running Pri : 254
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.100.1
Virtual MAC : 0000-5e00-0164
Master IP : 10.1.100.5
[Comware7]display vrrp
IPv4 Virtual Router Information:
168
Running mode : Standard
Total number of virtual routers : 1
Interface VRID State Running Adver Auth Virtual
Pri Timer Type IP
---------------------------------------------------------------------
Vlan100 100 Master 254 100 None 10.1.100.1
[Comware7]display vrrp interface Vlan-interface 100 verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers on interface Vlan-interface100 : 1
Interface Vlan-interface100
VRID : 100 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 254 Running Pri : 254
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.100.1
Virtual MAC : 0000-5e00-0164
Master IP : 10.1.100.5
Cisco
Cisco(config)#interface vlan 100
Cisco(config-if)#?
Interface configuration commands:
aaa Authentication, Authorization and Accounting.
arp Set arp type (arpa, probe, snap) or timeout or log
options
bandwidth Set bandwidth informational parameter
bgp-policy Apply policy propagated by bgp community string
carrier-delay Specify delay for interface transitions
cdp CDP interface subcommands
cts Configure Cisco Trusted Security
dampening Enable event dampening
datalink Interface Datalink commands
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
eou EAPoUDP Interface Configuration Commands
exit Exit from interface configuration mode
flow-sampler Attach flow sampler to the interface
help Description of the interactive help system
history Interface history histograms - 60 second, 60 minute
and 72 hour
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
link Configure Link
load-interval Specify interval for load calculation for an
interface
logging Configure logging for interface
loopback Configure internal loopback on an interface
macro Command macro
max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface
mka MACsec Key Agreement (MKA) interface configuration
neighbor interface neighbor configuration mode commands
network-policy Network Policy
nmsp NMSP interface configuration
no Negate a command or set its defaults
ntp Configure NTP
private-vlan Configure private VLAN SVI interface settings
rate-limit Rate Limit
169
routing Per-interface routing configuration
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
snmp Modify SNMP interface parameters
source Get config from another source
spanning-tree Spanning Tree Subsystem
standby HSRP interface configuration commands
timeout Define timeout values for this interface
topology Configure routing topology on the interface
traffic-shape Enable Traffic Shaping on an Interface or
Sub-Interface
vrrp VRRP Interface configuration commands
vtp Enable VTP on this interface
Cisco(config-if)#vrrp ?
<1-255> Group number
Cisco(config-if)#vrrp 100 ?
authentication Authentication string
description Group specific description
ip Enable Virtual Router Redundancy Protocol (VRRP) for IP
preempt Enable preemption of lower priority Master
priority Priority of this VRRP group
timers Set the VRRP timers
track Event Tracking
Cisco(config-if)#vrrp 100 ip ?
A.B.C.D VRRP group IP address
Cisco(config-if)#vrrp 100 ip 10.1.100.1 ?
secondary Specify an additional VRRP address for this group
<cr>
Cisco(config-if)#vrrp 100 ip 10.1.100.1
Cisco(config-if)#vrrp 100 priority ?
<1-254> Priority level
Cisco(config-if)#vrrp 100 priority 100 ?
<cr>
Cisco(config-if)#vrrp 100 priority 100
Cisco#show vrrp ?
all Include groups in disabled state
brief Brief output
interface VRRP interface status and configuration
| Output modifiers
<cr>
Cisco#show vrrp
Vlan100 - Group 100
State is Backup
Virtual IP address is 10.1.100.1
Virtual MAC address is 0000.5e00.0164
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 101
Master Router is 10.1.100.5, priority is 254
Master Advertisement interval is 1.000 sec
170
Master Down interval is 3.605 sec (expires in 3.043 sec)
Cisco#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl100 100 101 3605 Y Backup 10.1.100.5 10.1.100.1
Cisco#show vrrp interface vlan 100
Vlan100 - Group 100
State is Backup
Virtual IP address is 10.1.100.1
Virtual MAC address is 0000.5e00.0164
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 101
Master Router is 10.1.100.5, priority is 254
Master Advertisement interval is 1.000 sec
Master Down interval is 3.605 sec (expires in 2.909 sec)
171
Chapter 12 ACLs
This chapter compares the commands for configuring access control lists (ACLs).
An ACL is a list of one or more access control entries (ACEs) specifying the criteria the switch uses to
either permit (forward) or deny (drop) the IP packets traversing the switch’s interfaces.
This chapter covers ACL basics, creating ACLs, applying ACLs for routing/Layer 3 operations, applying
ACLs for VLAN/Layer 2 operations, and applying ACLs for port/interface controls.
When using these commands, keep in mind:
On ArubaOS-Switch and Cisco, ACLs include an Implicit Deny as the last ACE. If traffic does
not match an ACL rule, it is denied (or dropped).
Access Control Lists ('ACLs') allow a network administrator to define sets of rules based on network
traffic addressing or other header content, and to use these rules to restrict, alter or log the passage of
traffic through the switch. Choosing the rule criteria is called Classification, and one such rule set, or
list, is called an Access Control List.
There are 3 classes of ACL - MAC, IPv4 and IPv6 - which are each focused on relevant frame/packet
characteristics. ACLs can be configured to match on almost any frame or packet header field and then
take an appropriate action.
Network traffic passing through a switch can be blocked, permitted, counted, or reprioritized based on
many different frame/packet characteristics including, but not limited to:
- Frame ingress VLAN ID
- Source and/or destination Ethernet MAC, IPv4 or IPv6 address
- Layer 2 (EtherType) and Layer 3 (IP) protocol
- Layer 4 application port(s)
Different ACLs of the same type can be used in opposite directions. If an ACL of a particular type is
applied in a direction that is already in use, the current ACL will be replaced by the new ACL. An ACL
contains one or more 'Access Control Entries' ('ACE') which are listed according to priority by sequence
number. A single ACE matches on one or more characteristics of the particular traffic type and has a
configured action to either discard or allow the packet to continue through the switch. This occurs by,
beginning with the ACE with the lowest sequence number, comparing the incoming or outgoing frame
to its particular match characteristics and if there is a match, the ACE's action - either permit or deny - is
taken. If there is no match, the match characteristics of the next ACE in sequence is compared to the
relevant frame/packet details and if there's a match the specified action is taken.
172
ACL CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
access-list ip
My_ip_ACL
10 permit udp any
172.16.1.0/24
20 permit tcp
172.16.2.0/16 gt 1023
any
30 permit tcp
172.26.1.0/24 any syn
ack dscp 10
25 permit icmp
172.16.2.0/16 any
40 deny any any any
count
20 comment Permit all
TCP ephemeral ports
access-list ip
My_ip_ACL resequence
1 1
20 comment Permit all
TCP ephemeral ports
25 permit icmp
10.0.0.1/24 10.0.0.2
25 permit icmp
10.0.0.1/24 10.0.0.2 dscp
AF32 vla 2
ip access-list standard
<1-99>
permit 10.0.100.111/32
!
ip access-list standard
<std_acl>
permit 10.0.100.111/32
deny 10.1.100.0/24
!
ArubaOS-Sw(eth-1)#
ip access-group 100 in
ArubaOS-Sw(eth-1)# ip
access-group 100 out
ArubaOS-Sw(eth-1)# ipv6
access-group test in
ArubaOS-Sw(eth-1)# ipv6
access-group test out
access-list number
2000
rule 1 permit source
10.0.100.111 0.0.0.0
rule 2 permit source
10.0.200.222 0
interface Vlan-
interface 220
packet-filter 2000
inbound
!
interface Vlan-
interface 100
packet-filter 2001
inbound
ip access-list standard
1
permit 10.0.100.111
0.0.0.0
!
ip access-list extended
std_acl
permit 10.0.100.111
0.0.0.0
deny ip 10.1.100.0
0.0.0.255 10.0.100.111
0.0.0.0
permit ip any any
object-group network
object-group-name
host {host-address |
host-name}
interface <L3Interface>
ip access-group <ACL>
in
interface <L3Interface>
ip access-group <ACL>
out
Show/display commands
show access-list
show access-list
display acl all
show ip access-lists
ACL CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# access-list ip my_list
ArubaOS-CX-Switch(config-acl-ip)# 10
comment Set a text comment for a new or existing ACL entry
deny Deny packets matching this ACE
permit Permit packets matching this ACE
ArubaOS-CX-Switch(config-acl-ip)# 10 permit
<0-255> Specify numeric protocol value
ah Authenticated header
any Any internet protocol number
esp Encapsulation security payload
gre Generic routing encapsulation
icmp Internet control message protocol
igmp Internet group management protocol
ospf Open Shortest Path First (version 2)
pim Protocol independent multicast
173
sctp Stream control transmission protocol
tcp Transmission control protocol
udp User datagram protocol
ArubaOS-CX-Switch(config-acl-ip)# 10 permit udp
A.B.C.D Specify source IP host address
A.B.C.D/M Specify source IP network address with prefix length
A.B.C.D/W.X.Y.Z Specify source IP network address with network mask
any Any source IP address
ArubaOS-CX-Switch(config-acl-ip)# 10 permit udp any
A.B.C.D Specify destination IP host address
A.B.C.D/M Specify destination IP network address with prefix length
A.B.C.D/W.X.Y.Z Specify destination IP network address with network mask
any Any destination IP address
eq Layer 4 source port equal to
gt Layer 4 source port greater than
lt Layer 4 source port less than
range Layer 4 source port range
ArubaOS-CX-Switch(config-acl-ip)# 10 permit udp any 172.16.1.0/24
count Count packets matching this entry
dscp Specify a Differentiated Services Code Point value.
ecn Specify an Explicit Congestion Notification value.
eq Layer 4 destination port equal to
fragment Specify a fragment packet.
gt Layer 4 destination port greater than
ip-precedence Specify an IP Precedence value.
log Log packets matching this entry (will also enable 'count')
lt Layer 4 destination port less than
range Layer 4 destination port range
tos Specify a Type of Service value.
ttl Specify a time-to-live value.
vlan Specify VLAN tag to match on.
<cr>
ArubaOS-CX-Switch(config-acl-ip)# 10 permit udp any 172.16.1.0/24
ArubaOS-CX-Switch(config-acl-ip)# do show access-list
commands Format output as CLI commands
configuration Display user-specified configuration
hitcounts Hit counts (statistics)
interface Specify interface
ip Internet Protocol v4 (IPv4)
ipv6 Internet Protocol v6 (IPv6)
log-timer Display ACL log timer length (frequency)
mac Ethernet MAC Protocol
<cr>
ArubaOS-CX-Switch(config-acl-ip)# do show access-list
Type Name
Sequence Comment
Action L3 Protocol
Source IP Address Source L4 Port(s)
Destination IP Address Destination L4 Port(s)
Additional Parameters
-------------------------------------------------------------------------------
IPv4 my_list
10 permit udp
any
172.16.1.0/255.255.255.0
174
ArubaOS-CX-Switch(config-acl-ip)# 20 comment
TEXT Comment text
ArubaOS-CX-Switch(config-acl-ip)# 20 comment Permit all TCP ephemeral ports
ArubaOS-CX-Switch(config-acl-ip)# 25 permit
<0-255> Specify numeric protocol value
ah Authenticated header
any Any internet protocol number
esp Encapsulation security payload
gre Generic routing encapsulation
icmp Internet control message protocol
igmp Internet group management protocol
ospf Open Shortest Path First (version 2)
pim Protocol independent multicast
sctp Stream control transmission protocol
tcp Transmission control protocol
udp User datagram protocol
ArubaOS-CX-Switch(config-acl-ip)# 25
comment Set a text comment for a new or existing ACL entry
deny Deny packets matching this ACE
permit Permit packets matching this ACE
ArubaOS-CX-Switch(config-acl-ip)# 25 permit
<0-255> Specify numeric protocol value
ah Authenticated header
any Any internet protocol number
esp Encapsulation security payload
gre Generic routing encapsulation
icmp Internet control message protocol
igmp Internet group management protocol
ospf Open Shortest Path First (version 2)
pim Protocol independent multicast
sctp Stream control transmission protocol
tcp Transmission control protocol
udp User datagram protocol
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp
A.B.C.D Specify source IP host address
A.B.C.D/M Specify source IP network address with prefix length
A.B.C.D/W.X.Y.Z Specify source IP network address with network mask
any Any source IP address
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24
A.B.C.D Specify destination IP host address
A.B.C.D/M Specify destination IP network address with prefix length
A.B.C.D/W.X.Y.Z Specify destination IP network address with network mask
any Any destination IP address
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2
count Count packets matching this entry
dscp Specify a Differentiated Services Code Point value.
ecn Specify an Explicit Congestion Notification value.
fragment Specify a fragment packet.
ip-precedence Specify an IP Precedence value.
log Log packets matching this entry (will also enable 'count')
tos Specify a Type of Service value.
ttl Specify a time-to-live value.
vlan Specify VLAN tag to match on.
<cr>
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2
175
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp
<0-63> A valid DSCP codepoint.
AF11 DSCP 10 (Assured Forwarding class 1, low drop probability)
AF12 DSCP 12 (Assured Forwarding class 1, medium drop probability)
AF13 DSCP 14 (Assured Forwarding class 1, high drop probability)
AF21 DSCP 18 (Assured Forwarding class 2, low drop probability)
AF22 DSCP 20 (Assured Forwarding class 2, medium drop probability)
AF23 DSCP 22 (Assured Forwarding class 2, high drop probability)
AF31 DSCP 26 (Assured Forwarding class 3, low drop probability)
AF32 DSCP 28 (Assured Forwarding class 3, medium drop probability)
AF33 DSCP 30 (Assured Forwarding class 3, high drop probability)
AF41 DSCP 34 (Assured Forwarding class 4, low drop probability)
AF42 DSCP 36 (Assured Forwarding class 4, medium drop probability)
AF43 DSCP 38 (Assured Forwarding class 4, high drop probability)
CS0 DSCP 0 (Class Selector 0: Default)
CS1 DSCP 8 (Class Selector 1: Scavenger)
CS2 DSCP 16 (Class Selector 2: OAM)
CS3 DSCP 24 (Class Selector 3: Signaling)
CS4 DSCP 32 (Class Selector 4: Realtime)
CS5 DSCP 40 (Class Selector 5: Broadcast video)
CS6 DSCP 48 (Class Selector 6: Network control)
CS7 DSCP 56 (Class Selector 7)
EF DSCP 46 (Expedited Forwarding)
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp AF32
count Count packets matching this entry
ecn Specify an Explicit Congestion Notification value.
fragment Specify a fragment packet.
ip-precedence Specify an IP Precedence value.
log Log packets matching this entry (will also enable 'count')
tos Specify a Type of Service value.
ttl Specify a time-to-live value.
vlan Specify VLAN tag to match on.
<cr>
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp AF32
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp AF32 vlan
VLAN-ID 802.1q VLAN ID.
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp AF32 vlan 2
count Count packets matching this entry
ecn Specify an Explicit Congestion Notification value.
fragment Specify a fragment packet.
ip-precedence Specify an IP Precedence value.
log Log packets matching this entry (will also enable 'count')
tos Specify a Type of Service value.
ttl Specify a time-to-live value.
<cr>
ArubaOS-CX-Switch(config-acl-ip)# 25 permit icmp 10.0.0.1/24 10.0.0.2 dscp AF32 vlan 2
ArubaOS-Switch
Standard ACL
ArubaOS-Switch(config)# ip access-list standard 1
ArubaOS-Switch(config-std-nacl)# permit 10.0.100.111 0.0.0.0
ArubaOS-Switch(config)# ip access-list standard std_acl
176
ArubaOS-Switch(config-std-nacl)# permit 10.0.100.111/32
ArubaOS-Switch(config-std-nacl)# vlan 220
ArubaOS-Switch(vlan-220)# ip access-group ?
ASCII-STR Enter an ASCII string for the 'access-group'
command/parameter.
ArubaOS-Switch(vlan-220)# ip access-group 1 ?
in Match inbound packets
out Match outbound packets
connection-rate-filter Manage packet rates
vlan VLAN acl
ArubaOS-Switch(vlan-220)# ip access-group 1 in
ArubaOS-Switch(config)# vlan 100
ArubaOS-Switch(vlan-100)# ip access-group std_acl in
Extended ACL
ArubaOS-Switch(config)# ip access-list extended 100
ArubaOS-Switch(config-ext-nacl)# deny ip 10.1.220.0 0.0.0.255 10.0.100.111 0.0.0.0
ArubaOS-Switch(config-ext-nacl)# permit ip any any
ArubaOS-Switch(config)# ip access-list extended ext_acl
ArubaOS-Switch(config-ext-nacl)# deny ip 10.1.100.0/24 10.0.100.111/32
ArubaOS-Switch(config-ext-nacl)# permit ip any any
ArubaOS-Switch(config)# vlan 220
ArubaOS-Switch(vlan-220)# ip access-group 100 in
ArubaOS-Switch(vlan-220)# vlan 100
ArubaOS-Switch(vlan-100)# ip access-group ext_acl in
Comware7
Basic ACL
[Comware7]acl number 2000
[Comware7-acl-basic-2000]rule permit source 10.0.100.111 0.0.0.0
[Comware7]acl number 2001 name ext_acl
[Comware7-acl-basic-2001-ext_acl]rule permit source 10.0.100.111 0
177
[Comware7]interface Vlan-interface 220
[Comware7-Vlan-interface220]packet-filter ?
INTEGER<2000-2999> Specify a basic ACL
INTEGER<3000-3999> Specify an advanced ACL
INTEGER<4000-4999> Specify an ethernet frame header ACL
INTEGER<5000-5999> Specify an ACL about user-defined frame or packet head
filter Specify the packet filter mode
ipv6 IPv6 ACL
name Specify a named ACL
[Comware7-Vlan-interface220]packet-filter 2000 ?
inbound Filter incoming packets
outbound Filter outgoing packets
[Comware7-Vlan-interface220]packet-filter 2000 inbound ?
hardware-count Count rule matches performed by hardware
<cr>
[Comware7-Vlan-interface220]packet-filter 2000 inbound
[Comware7]interface Vlan-interface 100
[Comware7-Vlan-interface100]packet-filter 2001 inbound
Advanced ACL
[Comware7]acl number 3000
[Comware7-acl-adv-3000]rule deny ip source 10.1.220.0 0.0.0.255 destination 10.1.100.111 0
[Comware7]acl number 3001 name ext_acl
[Comware7-acl-adv-3001-ext_acl]rule deny ip source 10.1.100.0 0.0.0.255 destination
10.0.100.111 0
[Comware7-acl-adv-3001-ext_acl]quit
[Comware7]interface Vlan-interface 220
[Comware7-Vlan-interface220]packet-filter 3000 inbound
[Comware7]interface Vlan-interface 100
[Comware7-Vlan-interface100]packet-filter 3001 inbound
Cisco
Standard ACL
Cisco(config)#ip access-list standard 1
178
Cisco(config-std-nacl)#permit 10.0.100.111 0.0.0.0
Cisco(config)#ip access-list standard std_acl
Cisco(config-std-nacl)#permit 10.0.100.111 0.0.0.0
Cisco(config)#interface vlan 220
Cisco(config-if)#ip access-group ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
WORD Access-list name
Cisco(config-if)#ip access-group 1 ?
in inbound packets
out outbound packets
Cisco(config-if)#ip access-group 1 in
Cisco(config)#interface vl 100
Cisco(config-if)#ip access-group std_acl in
Extended ACL
Cisco(config)#ip access-list extended 100
Cisco(config-ext-nacl)#deny ip 10.1.220.0 0.0.0.255 10.0.100.111 0.0.0.0
Cisco(config-ext-nacl)#permit ip any any
Cisco(config)#ip access-list extended ext_acl
Cisco(config-ext-nacl)#deny ip 10.1.100.0 255.255.255.0 10.0.100.111 255.255.255.255
Cisco(config-ext-nacl)#permit ip any any
Cisco(config-ext-nacl)#interface vlan 220
Cisco(config-if)#ip access-group 100 in
Cisco(config-if)#interface vlan 100
Cisco(config-if)#ip access-group ext_acl in
179
Chapter 13 BGP
This chapter compares the commands used to enable and configure Border Gateway Protocol.
BGP, based on RFC 4271, is a routing protocol that enables BGP-speaking devices to exchange
reachability information about independent networks called Autonomous Systems (ASs). These
networks present themselves to other ASs as independent entities that have a single, coherent routing
plan. BGP is the most commonly used protocol between Internet service providers (ISPs).
The characteristics of BGP are as follows:
BGP focuses on the control of route propagation and the selection of optimal routes, rather than on route
discovery and calculation, which makes BGP an exterior gateway protocol, different from interior gateway
protocols such as Open Shortest Path First (OSPF) and Routing Information Protocol (RIP).
BGP uses TCP to enhance reliability.
BGP supports Classless Inter-Domain Routing (CIDR).
BGP reduces bandwidth consumption by advertising only incremental updates, and is therefore used to
advertise a large amount of routing information on the Internet.
BGP eliminates routing loops completely by adding AS path information to BGP routes.
BGP provides abundant policies to implement flexible route filtering and selection.
BGP is scalable.
A router advertising BGP messages is called a BGP speaker. It establishes peer relationships with other
BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route
better than the current one from another AS, it will advertise the route to all the other BGP peers in the
local AS.
BGP can be configured to run on a router in the following two modes:
iBGP (internal BGP)
eBGP (external BGP)
When a BGP speaker peers with another BGP speaker that resides in the same AS, the session is referred
to as an iBGP session; and, when a BGP speaker peers with a BGP speaker that resides in another AS, the
session is referred to as an eBGP session.
BGP CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration
commands
router bgp 64502
router bgp 64502
bgp 64505
router bgp 64504
bgp router-id
10.0.0.2
bgp router-id
10.0.0.2
router-id 10.0.0.5
bgp router-id 10.0.0.4
180
neighbor
10.0.101.31
remote-as 64503
neighbor 10.0.101.31
remote-as 64503
peer 10.0.101.21 as-
number 64502
neighbor 10.0.101.21
remote-as 64502
neighbor
10.0.101.41
remote-as 64504
neighbor 10.0.101.41
remote-as 64504
address-family ipv4
unicast
neighbor
10.0.101.51
remote-as 64505
neighbor 10.0.101.51
remote-as 64505
peer 10.0.101.21
enable
redistribute
connected
redistribute
connected
import-route direct
redistribute connected
redistribute
static
redistribute static
network 10.0.251.0 24
enable
enable
network
10.0.221.0/24
network 10.0.221.0/24
network 10.0.241.0
mask 255.255.255.0
Show/display
commands
show bgp ipv4
unicast summary
Show ip bgp summary
display bgp peer ipv4
show ip bgp summary
BGP CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# router
bgp BGP specific commands
graceful-restart Configure graceful restart for routing process
ospf Configure OSPF or enter the OSPF configuration context
ospfv3 Configure OSPFv3 or enter the OSPFv3 configuration context.
pim Configure PIM, or enter PIM configuration context
vrrp VRRP information
ArubaOS-CX-Switch(config)# router bgp
<1-65535> The autonomous system (AS) number of the BGP process.
ArubaOS-CX-Switch(config)# router bgp 65534
vrf VRF Instance
<cr>
ArubaOS-CX-Switch(config)# router bgp 65534
ArubaOS-CX-Switch(config-router)#
aggregate-address To create an aggregate entry
bgp BGP specific commands
disable Disable BGP instance
distance Configure the administrative distances for BGP routes
enable Enable the BGP instance on the VRF
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
list Print command list
maximum-paths Forward packets over multiple paths
neighbor Specify neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
timers Adjust routing timers
181
ArubaOS-CX-Switch(config-router)# bgp
always-compare-med Compare MED attribute for BGP best-path selection across neighbors
in different AS
bestpath Change the default best-path selection
cluster-id Configure Route-Reflector Cluster-id
default Configure BGP defaults
deterministic-med Pick the best-MED path among paths advertised from the neighboring
AS
graceful-restart Configure graceful-restart capability parameters
log-neighbor-changes Log BGP neighbors session state changes
maxas-limit Maximum AS numbers allowed in routes learned from peers
router-id Override configured router identifier
ArubaOS-CX-Switch(config-router)# bgp router-id
A.B.C.D Configure the BGP router identifier for the VRF
ArubaOS-CX-Switch(config-router)# bgp router-id 10.0.0.1
<cr>
ArubaOS-CX-Switch(config-router)# bgp router-id 10.0.0.1
ArubaOS-CX-Switch(config-router)# neighbor
A.B.C.D Neighbor address
WORD Peer Group name
ArubaOS-CX-Switch(config-router)# neighbor 10.0.0.20
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
default-originate Originate default route to this neighbor
description Neighbor specific description
ebgp-multihop Allow EBGP neighbors not on directly connected networks
local-as Configure the local AS number for the EBGP neighbor
maximum-prefix Number of routes allowed to be learnt from the specified neighbor.
next-hop-self Configure own IP as nexthop for all routes advertised to the
neighbor
passive Do not initiate BGP session for this neighbor
password Set a password
peer-group Member of the peer-group
port Neighbor's BGP port
remote-as Configure the AS of the neighbor
remove-private-AS Remove private AS number from outbound updates
route-map Route-map filter to apply for the neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
soft-reconfiguration Per neighbor soft reconfiguration
timers BGP per neighbor timers
update-source Source of routing updates
weight Set default weight for routes from this neighbor
ArubaOS-CX-Switch(config-router)# neighbor 10.0.0.20 remo
remote-as Configure the AS of the neighbor
remove-private-AS Remove private AS number from outbound updates
ArubaOS-CX-Switch(config-router)# neighbor 10.0.0.20 remote-as
<1-65535> AS number
ArubaOS-CX-Switch(config-router)# neighbor 10.0.0.20 remote-as 6543
<cr>
ArubaOS-CX-Switch(config-router)# neighbor 10.0.0.20 remote-as 6543
ArubaOS-CX-Switch(config-router)# redistribute
connected Redistribute directly attached networks
182
ospf Redistribute OSPFv2 routes
static Redistribute static routes
ArubaOS-CX-Switch(config-router)# redistribute connected
route-map Apply route-map policy for redistribution
<cr>
ArubaOS-CX-Switch(config-router)# redistribute connected
ArubaOS-CX-Switch(config-router)# redistribute static
ArubaOS-CX-Switch(config-router)# enable
ArubaOS-CX-Switch(config-router)# network
A.B.C.D/M Configure the IP network to import into BGP
ArubaOS-CX-Switch(config-router)# network 10.0.0.4/24
route-map A route-map policy to apply on the network
<cr>
ArubaOS-CX-Switch(config-router)# network 10.0.221.0/24
route-map A route-map policy to apply on the network
<cr>
ArubaOS-CX-Switch(config-router)# network 10.0.221.0/24
ArubaOS-CX-Switch(config-router)# do show ip bgp
A.B.C.D/M IP prefix <network>/<length>, e.g., 35.0.0.0/8
all-vrfs All VRFs
community Display routes that belong to specified BGP communities
neighbor Detailed information on TCP and specific BGP neighbor connection
neighbors Detailed information on TCP and all BGP neighbor connections
paths Path information
peer-group Peer group information
summary Summary of BGP neighbor status
vrf VRF Instance
<cr>
ArubaOS-CX-Switch(config-router)# do show ip bgp
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
VRF : default
Local router-id 10.0.0.1
Network Nexthop Metric LocPrf Weight Path
Total number of entries 0
ArubaOS-CX-Switch(config-router)# do show ip bgp neighbor
A.B.C.D Neighbor to display information about
ArubaOS-CX-Switch(config-router)# do show ip bgp summary
VRF : default
BGP Summary
Local AS : 65534 BGP router identifier : 10.0.0.1
Peers : 1 Log Neighbor Changes : No
Hold Time : 180 Keep Alive : 60
Neighbor Remote-AS MsgRcvd MsgSent Up/Down Time State AdminStatus
10.0.0.20 6543 0 0 00h:00m:00s Idle Up
ArubaOS-CX-Switch(config-router)# do show ip bgp community
183
AA:NN Community number in aa:nn format
internet Advertise the prefix to all BGP neighbors.
local-as Do not advertise the prefix outside of the sub-AS
no-advertise Do not advertise the prefix to any BGP neighbors.
no-export Do not advertise the prefix to any eBGP neighbors.
vrf VRF Instance
<cr>
ArubaOS-CX-Switch(config-router)# do show ip bgp community
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed
VRF : default
Local router-id 10.0.0.1
Network Next Hop Community
Total number of entries 0
ArubaOS-Switch
ArubaOS-Switch(config)# router bgp ?
<1-65535> The autonomous system number for the BGP routing process on this
router
ArubaOS-Switch(config)# router bgp 64502 ?
bgp Configure various BGP parameters.
disable Disable BGP on the router.
distance Configure the administrative distances for BGP routes.
enable Enable BGP on the router.
neighbor Add/Modify/delete entries of the BGP peer table.
network Advertise a network to the BGP neighbors if the network exists in
the routing table.
redistribute Advertises routes from the specified protocol to the BGP
neighbors.
timers Configure global keepalive and hold-time values for BGP.
<cr>
ArubaOS-Switch(config)# router bgp 64502
ArubaOS-Switch(bgp)# bgp
allowas-in Specify the number of times the local AS may appear in an AS-path.
always-compare-med Compare MEDs for routes from neighbors in different ASs.
bestpath Configure various BGP best-path options.
client-to-client-r... Enable or Disable client-to-client route reflection.
cluster-id Specify the cluster ID to be used when the BGP router is used as a
route-reflector.
default-metric Specify a BGP MED to be set on routes when they are advertised to
peers.
graceful-restart Configure BGP graceful restart timers.
log-neighbor-changes Enable or disable BGP event logging.
maximum-prefix Specify the maximum number of routes that BGP will add to its
routing table.
open-on-accept Configure BGP to send an Open message immediately when the TCP
connection has been established for configured peers.
router-id Configure a BGP router-id to be used during neighbor session
establishment and in BGP best-path selection.
ArubaOS-Switch(bgp)# bgp router-id ?
IP-ADDR A 32-bit integer in ipv4-address format to be used as the BGP
router-id
ArubaOS-Switch(bgp)# bgp router-id 10.0.0.2
184
ArubaOS-Switch(bgp)# ?
bgp Configure various BGP parameters.
disable Disable BGP on the router.
distance Configure the administrative distances for BGP routes.
enable Enable BGP on the router.
neighbor Add/Modify/delete entries of the BGP peer table.
network Advertise a network to the BGP neighbors if the network exists in
the routing table.
redistribute Advertises routes from the specified protocol to the BGP
neighbors.
timers Configure global keepalive and hold-time values for BGP.
ArubaOS-Switch(bgp)# neighbor 10.0.101.31 ?
allowas-in Specify the number of times the local AS # may appear in an
AS-path.
as-override Replace all occurrences of the peer AS number with the router's
own AS number before advertising the route.
description Configure description for this BGP peer or peer-group.
dynamic Enable or disable advertisement of dynamic capability to the peer.
ebgp-multihop Enable or disable multi-hop peering with the specified EBGP peer,
and optionally indicate the maximum number of hops (TTL).
graceful-restart Enable or Disable the advertisement of graceful-restart
capability.
ignore-leading-as Allow any received routes that do not have their own AS appended
to the as-path.
local-as Configure the local AS # used for peering with this peer .
maximum-prefix Specify the maximum number of routes BGP will accept from the
specified peer.
next-hop-self Force BGP to use the router's outbound interface address as the
next hop for the route updates to the peer.
out-delay Specify the delay-time before advertising the route updates to the
peer.
passive If enabled, do not initiate a peering connection to the peer.
password Use MD5 authentication for the peer and set the password to be
used. If in enhanced secure-mode, you will be prompted for the
password.
remote-as Add an entry to the neighbor table, specifying the AS # of the BGP
peer.
remove-private-as Specify whether the private AS # should be removed from the
as-path attribute of updates to the EBGP peer.
route-map Specify a route-map to be applied for filtering routes received
from or sent to the peer.
route-reflector-cl... Act as a route reflector for the peer.
route-refresh Enable or disable the advertisement of route-refresh capability in
the Open message sent to the peer.
send-community Enable or disable sending the community attribute in route updates
to the peer.
shutdown Shutdown the BGP peering session without removing the associated
peer configuration.
timers Configure the keepalive and hold-time values for the peer.
ttl-security Configure the TTL security for this peer.
update-source Specify the source address to accept TCP connections from the
peer.
use-med Enable or disable the comparison of MED attribute for the same
route received from two different autonomous systems.
weight Specify the weight for all routes received from the specified
peer.
ArubaOS-Switch(bgp)# neighbor 10.0.101.31 remote-as 64503 ?
<cr>
ArubaOS-Switch(bgp)# neighbor 10.0.101.31 remote-as 64503
185
ArubaOS-Switch(bgp)# neighbor 10.0.101.41 remote-as 64504
ArubaOS-Switch(bgp)# neighbor 10.0.101.51 remote-as 64505
ArubaOS-Switch(bgp)# redistribute connected
ArubaOS-Switch(bgp)# redistribute static
ArubaOS-Switch(bgp)# enable
ArubaOS-Switch(bgp)# network 10.0.221.0/24
ArubaOS-Switch# show ip bgp ?
as-path Shows list of unique as-paths learnt by this router.
community Show routes belonging to the specified communities.
general Show a global configuration details.
IP-ADDR/MASK-LENGTH Show routes matching this network ipv4 address.
neighbor Show information about the state of BGP peering session<ip-addr> -
Show information only for this peer.
redistribute Show protocols being redistributed into BGP.
regexp Show BGP routes whose as-path information matches the supplied
regular expression.
route Displays as-path or community information of the BGP routes.
summary Show a summary of BGP peer state information.
<cr>
ArubaOS-Switch# show ip bgp summary
Peer Information
Remote Address Remote-AS Local-AS State Admin Status
--------------- --------- -------- ------------- ------------
10.0.101.31 64503 64502 Established Start
10.0.101.41 64504 64502 Established Start
10.0.101.51 64505 64502 Established Start
Comware7
[Comware7]bgp ?
INTEGER<1-4294967295> Autonomous system number
[Comware7]bgp 64503 ?
<cr>
[Comware7]bgp 64503
[Comware7-bgp]?
Bgp protocol view commands:
address-family Specify an address family
advertise-rib-active Advertise the best route in IP routing table
bgp BGP specific commands
cfd Connectivity Fault Detection (CFD) module
confederation Configure AS confederation parameters
diagnostic-logfile Diagnostic log file configuration
display Display current system information
186
ebgp-interface-sensitive Immediately reset session if a link connected peer
goes down
graceful-restart Configure Graceful Restart (GR) capability
group Create a peer group
ignore-first-as Ignore the first AS number of eBGP route updates
ip Specify Internet Protocol (IP) configuration
information
log-peer-change Log any session status and event change information
logfile Log file configuration
monitor System monitor
non-stop-routing Enable NSR
peer Specify BGP peers
ping Ping function
primary-path-detect Enable primary path detect function
quit Exit from current command view
return Exit to User View
router-id Configure router ID
save Save current configuration
security-logfile Security log file configuration
timer Configure timers for BGP
tracert Tracert function
undo Cancel current setting
vpn Set forwarding mode of MPLS L3VPN on egress PE
[Comware7-bgp]router-id 10.0.0.5
[Comware7-bgp]peer ?
STRING<1-47> Specify a peer group by its name
X.X.X.X IPv4 address
X:X::X:X IPv6 address
[Comware7-bgp]peer 10.0.101.21 ?
INTEGER<0-32> Specify a Mask length of IPv4 address
as-number AS number
bfd Enable BFD for the peers
capability-advertise Advertise capability
connect-interface Set interface name to be used as session's output
interface
description Configure description information about the peers
ebgp-max-hop EBGP Multihop
fake-as Configure a fake AS number for the peers
group Specify a peer-group
ignore Disable session establishment with the peers
ignore-originatorid Ignore the originator ID attribute in received BGP
routes
low-memory-exempt Exempt the EBGP peers from low-memory shutdown
password Specify a password
route-update-interval Specify the interval for sending the same update to the
peers
substitute-as Replace the AS number in the AS_PATH attribute with the
local
timer Configure timers for the peers
ttl-security Configure the Generalized TTL Security Mechanism (GTSM)
[Comware7-bgp]peer 10.0.101.21 as-number 64502 ?
<cr>
[Comware7-bgp]peer 10.0.101.21 as-number 64502
[Comware7-bgp]address-family ?
187
ipv4 Specify the IPv4 address family
ipv6 Specify the IPv6 address family
l2vpn Specify the L2VPN address family
vpnv4 Specify the VPNv4 address family
vpnv6 Specify the VPNv6 address family
[Comware7-bgp]address-family ipv4 ?
unicast Specify the unicast address family
<cr>
[Comware7-bgp]address-family ipv4 unicast ?
<cr>
[Comware7-bgp]address-family ipv4 unicast
[Comware7-bgp-ipv4]?
Bgp-ipv4 protocol view commands:
aggregate Create a summary route
balance Configure BGP load balancing
bestroute Change the default best route selection
cfd Connectivity Fault Detection (CFD) module
compare-different-as-med Compare the MEDs of routes from different ASs
dampening Enable route-flap dampening
default Set default value for BGP
default-route Default route operation
diagnostic-logfile Diagnostic log file configuration
display Display current system information
fast-reroute Configure fast reroute
filter-policy Filter networks in route updates
import-route Import routes from another routing protocol
logfile Log file configuration
monitor System monitor
network Specify a network to advertise via BGP
peer Specify BGP peers
pic Enable Prefix Independent Convergence (PIC)
ping Ping function
preference Configure the preference of BGP routes
quit Exit from current command view
reflect Configure route reflection
reflector Configure the route reflector
return Exit to User View
save Save current configuration
security-logfile Security log file configuration
summary Summarize subnet routes to classful network routes
tracert Tracert function
undo Cancel current setting
[Comware7-bgp-ipv4]peer 10.0.101.21 ?
INTEGER<0-32> Specify a Mask length of IPv4 address
advertise-community Send community attribute to the peers
advertise-ext-community Advertise extended community
allow-as-loop Configure permit of as-path loop
as-path-acl Specify an AS path ACL
default-route-advertise Advertise default route to the peers
enable Enable the specified peers
filter-policy Filter networks in route updates
keep-all-routes Save original routing information from the peers
label-route-capability Send labeled route to the peers
next-hop-local Specify local address as the next hop of routes
advertised to the peers
preferred-value Assign a preferred value to routes received from the
peers
prefix-list Specify BGP route filtering policy based on a prefix
188
list
public-as-only Do not keep private AS numbers in BGP updates
reflect-client Configure the peers as route reflectors
route-limit Configure the maximum number of routes that can be
received from the peers
route-policy Specify a routing policy
[Comware7-bgp-ipv4]peer 10.0.101.21 enable ?
<cr>
[Comware7-bgp-ipv4]peer 10.0.101.21 enable
[Comware7-bgp-ipv4]import-route direct
[Comware7-bgp-ipv4]network 10.0.251.0 24
[Comware7]display bgp ?
dampening BGP dampening information
group Display peer group information
l2vpn Specify the L2VPN address family
network Routing information advertised with the network command or
short-cut route information
non-stop-routing Display BGP NSR information
paths Path attribute information
peer Display peer information
routing-table Display BGP routes
update-group Display update group information
[Comware7]display bgp peer ?
ipv4 Specify the IPv4 address family
ipv6 Specify the IPv6 address family
l2vpn Specify the L2VPN address family
vpnv4 Specify the VPNv4 address family
vpnv6 Specify the VPNv6 address family
[Comware7]display bgp peer ipv4 ?
> Redirect it to a file
>> Redirect it to a file in append mode
X.X.X.X IPv4 address
group-name Specify a peer group by its name
standby Display information on the standby process
unicast Specify the unicast address family
verbose Detailed information
vpn-instance Specify a VPN instance
| Matching output
<cr>
[Comware7]display bgp peer ipv4
BGP local router ID: 10.0.0.5
Local AS number: 64505
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.0.101.21 64502 78 80 0 3 01:10:44 Established
Cisco
Cisco(config)#router bgp ?
189
<1-4294967295> Autonomous system number
<1.0-XX.YY> Autonomous system number
Cisco(config)#router bgp 64504 ?
<cr>
Cisco(config)#router bgp 64504
Cisco(config-router)#bgp ?
aggregate-timer Configure Aggregation Timer
always-compare-med Allow comparing MED from different neighbors
asnotation Change the default asplain notation
bestpath Change the default bestpath selection
client-to-client Configure client to client route reflection
cluster-id Configure Route-Reflector Cluster-id (peers may
reset)
confederation AS confederation parameters
dampening Enable route-flap dampening
default Configure BGP defaults
deterministic-med Pick the best-MED path among paths advertised from
the neighboring AS
dmzlink-bw Use DMZ Link Bandwidth as weight for BGP multipaths
enforce-first-as Enforce the first AS for EBGP routes(default)
fast-external-fallover Immediately reset session if a link to a directly
connected external peer goes down
graceful-restart Graceful restart capability parameters
inject-map Routemap which specifies prefixes to inject
log-neighbor-changes Log neighbor up/down and reset reason
maxas-limit Allow AS-PATH attribute from any neighbor imposing a
limit on number of ASes
nexthop Nexthop tracking commands
nopeerup-delay Set how long BGP will wait for the first peer to come
up before beginning the update delay or graceful
restart timers (in seconds)
redistribute-internal Allow redistribution of iBGP into IGPs (dangerous)
regexp Select regular expression engine
route-map route-map control commands
router-id Override configured router identifier (peers will
reset)
scan-time Configure background scanner interval
slow-peer Configure slow-peer
soft-reconfig-backup Use soft-reconfiguration inbound only when
route-refresh is not negotiated
suppress-inactive Suppress routes that are not in the routing table
transport global enable/disable transport session parameters
update-delay Set the max initial delay for sending update
upgrade-cli Upgrade to hierarchical AFI mode
Cisco(config-router)#bgp router-id ?
A.B.C.D Manually configured router identifier
vrf vrf-specific router id configuration
Cisco(config-router)#bgp router-id 10.0.0.4 ?
<cr>
Cisco(config-router)#bgp router-id 10.0.0.4
Cisco(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
aggregate-address Configure BGP aggregate entries
190
auto-summary Enable automatic network number summarization
bgp BGP specific commands
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
help Description of the interactive help system
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
scope Enter scope command mode
synchronization Perform IGP synchronization
table-map Map external entry attributes into routing table
template Enter template command mode
timers Adjust routing timers
Cisco(config-router)#neighbor ?
A.B.C.D Neighbor address
WORD Neighbor tag
X:X:X:X::X Neighbor IPv6 address
Cisco(config-router)#neighbor 10.0.101.21 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
191
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
Cisco(config-router)#neighbor 10.0.101.21 remote-as ?
<1-4294967295> AS of remote neighbor
<1.0-XX.YY> AS of remote neighbor
Cisco(config-router)#neighbor 10.0.101.21 remote-as 64502 ?
shutdown Administratively shut down this neighbor
<cr>
Cisco(config-router)#neighbor 10.0.101.21 remote-as 64502
Cisco(config-router)#redistribute connected
Cisco(config-router)#network 10.0.241.0 ?
backdoor Specify a BGP backdoor route
mask Network mask
nlri Specify nlri type for network
route-map Route-map to modify the attributes
<cr>
Cisco(config-router)#network 10.0.241.0 mask ?
A.B.C.D Network mask
Cisco(config-router)#network 10.0.241.0 mask 255.255.255.0
Cisco#show ip bgp ?
A.B.C.D Network in the BGP routing table to display
A.B.C.D/nn IP prefix <network>/<length>, e.g., 35.0.0.0/8
all All address families
cidr-only Display only routes with non-natural netmasks
community Display routes matching the communities
community-list Display routes matching the community-list
dampening Display detailed information about dampening
extcommunity-list Display routes matching the extcommunity-list
filter-list Display routes conforming to the filter-list
import Display route topology import / export activity
inconsistent-as Display only routes with inconsistent origin ASs
injected-paths Display all injected paths
ipv4 Address family
ipv6 Address family
l2vpn Address family
labels Display Labels for IPv4 NLRI specific information
neighbors Detailed information on TCP and BGP neighbor connections
nexthops Nexthop address table
nsap Address family
oer-paths Display all oer controlled paths
paths Path information
peer-group Display information on peer-groups
pending-prefixes Display prefixes pending deletion
prefix-list Display routes matching the prefix-list
quote-regexp Display routes matching the AS path "regular expression"
regexp Display routes matching the AS path regular expression
replication Display replication status of update-group(s)
192
rib-failure Display bgp routes that failed to install in the routing
table (RIB)
route-map Display routes matching the route-map
summary Summary of BGP neighbor status
template Display peer-policy/peer-session templates
topology Routing topology instance
update-group Display information on update-groups
update-sources Update source interface table
version Display prefixes with matching version numbers
vpnv4 Address family
vpnv6 Address family
| Output modifiers
Cisco#show ip bgp summary
BGP router identifier 10.0.0.4, local AS number 64504
BGP table version is 5, main routing table version 5
4 network entries using 544 bytes of memory
4 path entries using 208 bytes of memory
4/4 BGP path/bestpath attribute entries using 496 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1320 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.101.21 4 64502 8 8 5 0 0 00:03:23 3
193
Chapter 14 OSPF
This chapter compares the commands you use to enable and configure Open Shortest Path First (OSPF).
OSPF is a link-state routing protocol you can apply to routers grouped into OSPF areas identified by the
routing configuration on each router. The protocol uses Link-State Advertisements (LSAs) transmitted
by each router to update neighboring routers regarding that router’s interfaces and the routes available
through those interfaces.
Each router in an area also maintains a link-state database (LSDB) that describes the area topology. The
routers used to connect areas to each other flood summary link LSAs and external link LSAs to
neighboring OSPF areas to update them regarding available routes. In this way, each OSPF router
determines the shortest path between itself and a desired destination router in the same OSPF domain
(AS [Autonomous System]).
The OSPFv2 configurations in this chapter start with single area, then configuring multiple areas,
afterwhich adding stub and totally stubby components, and then the show/display OSPF commands.
Each section builds upon the next adding additional OSPF capabilities.
OSPF CLI Comparison
ArubaOS-CX-Switch
ArubaOS-Switch
Comware 7
Cisco
Configuration commands
router ospf 2
enable
router ospf
enable
ospf 1 router-id
10.0.0.31
router ospf 1
router-id 10.0.0.41
router-id 10.0.0.41
area 0
area 0
area 0
area 10.1.220.0
vlan 220
ip ospf area 0
Network 10.1.220.0
0.0.0.255
network 10.1.220.0
0.0.0.255 area 0
router ospf 2
redistribute
connected
router ospf
redistribute
connected
import-route direct
router ospf 1
redistribute
connected
Show/display commands
show ip ospf
Show ip ospf
Show ip route ospf
Show ip route
display ip route
Show ip route ospf
Show ip ospf
neighbour
dis ospf peer
Show ip ospf
neighbour
OSPF CLI Configurable options
ArubaOS-CX-Switch
ArubaOS-CX-Switch(config)# router
bgp BGP specific commands
graceful-restart Configure graceful restart for routing process
ospf Configure OSPF or enter the OSPF configuration context
ospfv3 Configure OSPFv3 or enter the OSPFv3 configuration context.
pim Configure PIM, or enter PIM configuration context
vrrp VRRP information
ArubaOS-CX-Switch(config)# router ospf
194
ospf Configure OSPF or enter the OSPF configuration context
ospfv3 Configure OSPFv3 or enter the OSPFv3 configuration context.
ArubaOS-CX-Switch(config)# router ospf
<1-63> Specify the OSPF Process ID
ArubaOS-CX-Switch(config)# router ospf 2
vrf VRF Instance.
<cr>
ArubaOS-CX-Switch(config)# router ospf 2
ArubaOS-CX-Switch(config-ospf-2)#
area Configure OSPF area parameters
default-metric Configure metric of redistributed routes.
disable Disable OSPF process
distance Configure OSPF administrative distance
enable Enable OSPF process
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
graceful-restart Configure graceful-restart for OSPF
list Print command list
max-metric Configure stub router advertisement
maximum-paths Configure maximum number of ECMP routes that OSPF can support
no Negate a command or set its defaults
passive-interface Configure the interfaces to suppress OSPF routing updates
redistribute Redistribute routes from another routing protocol
rfc1583-compatibility Compatible with RFC 1583. Turned off by default.
router-id Configure OSPF router identifier
trap-enable Enable OSPF SNMP Traps. Default is disabled.
ArubaOS-CX-Switch(config-ospf-2)# enable
ArubaOS-CX-Switch(config-ospf-2)# area
<0-4294967295> Set area id in decimal format
A.B.C.D Set area id in IPv4 address notation
ArubaOS-CX-Switch(config-ospf-2)# area 0
default-metric Configure cost for the default route used for a stub or NSSA area
nssa Configure OSPF area as NSSA
range Summarize routes matching address/mask on border routers only
stub Configure OSPF area as stub
virtual-link Configure a virtual link
<cr>
ArubaOS-CX-Switch(config-ospf-2)# area 0
ArubaOS-CX-Switch(config-ospf-2)# router-id
A.B.C.D Set router identifier
ArubaOS-CX-Switch(config-ospf-2)# router-id 10.0.0.1
<cr>
ArubaOS-CX-Switch(config-ospf-2)# router-id 10.0.0.1
ArubaOS-CX-Switch(config-ospf-2)# redistribute
bgp Border Gateway Protocol (BGP)
connected Connected routes (directly attached subnet or host)
static Statically configured routes
ArubaOS-CX-Switch(config-ospf-2)# redistribute connected
<cr>
195
ArubaOS-CX-Switch(config-ospf-2)# redistribute connected
ArubaOS-CX-Switch(config-ospf-2)# area
<0-4294967295> Set area id in decimal format
A.B.C.D Set area id in IPv4 address notation
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3
default-metric Configure cost for the default route used for a stub or NSSA area
nssa Configure OSPF area as NSSA
range Summarize routes matching address/mask on border routers only
stub Configure OSPF area as stub
virtual-link Configure a virtual link
<cr>
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3 range
A.B.C.D/M Area range prefix/mask
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3 range 10.0.0.5/24
type LSDB type that this address aggregate applies to
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3 range 10.0.0.5/24 type
inter-area Specify LSDB type as inter-area
nssa Specify LSDB type as NSSA external
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3 range 10.0.0.5/24 type nssa
no-advertise Specify the address range status as DoNotAdvertise
<cr>
ArubaOS-CX-Switch(config-ospf-2)# area 10.0.0.3 range 10.0.0.5/24 type nssa
OSPF Area is not enabled.
ArubaOS-CX-Switch(config-ospf-2)# do show ip
aspath-list List AS path lists
bgp BGP specific commands
community-list List community-list
dns Display DNS client configuration
ecmp ECMP Configuration
errors Errors
forward-protocol Forward-protocol
helper-address Show the helper-address for DHCP relay configuration
igmp Display IGMP configurations and status
interface Interface information
irdp Configure ICMP Router Discovery Protocol
mroute Show Mroute information
ospf OSPF information
pim pim configurations
prefix-list Build a prefix list
route Routing Table
source-interface Specify source-interface utility
ArubaOS-CX-Switch(config-ospf-2)# do show ip ospf
[<1-63>] Specify the OSPF Process ID
all-vrfs All VRFs.
border-routers Display OSPF border router information
interface Display OSPF interface information
lsdb Display OSPF link state database information
neighbors Display OSPF neighbor information
routes Display OSPF routing table
statistics Display OSPF statistics
virtual-links Display OSPF virtual links information
vrf VRF Instance.
<cr>
196
ArubaOS-CX-Switch(config-ospf-2)# do show ip ospf
Routing Process 2 with ID : 10.0.0.1 VRF default
-------------------------------------------------
Graceful-restart is configured
Restart Interval: 120, State: inactive
Last Graceful Restart Exit Status: none
Maximum Paths to Destination: 4
Number of external LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 NSSA
Number of active areas is 0, 0 normal, 0 stub, 0 NSSA
Area (0.0.0.0) (Inactive)
Interfaces in this Area: 0 Active Interfaces: 0
Passive Interfaces: 0 Loopback Interfaces: 0
SPF calculation has run 2 times
Area ranges:
Number of LSAs: 1, checksum sum 39090
ArubaOS-CX-Switch(config-ospf-2)# do show ip ospf all-vrfs
Routing Process 2 with ID : 10.0.0.1 VRF default
-------------------------------------------------
Graceful-restart is configured
Restart Interval: 120, State: inactive
Last Graceful Restart Exit Status: none
Maximum Paths to Destination: 4
Number of external LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 NSSA
Number of active areas is 0, 0 normal, 0 stub, 0 NSSA
Area (0.0.0.0) (Inactive)
Interfaces in this Area: 0 Active Interfaces: 0
Passive Interfaces: 0 Loopback Interfaces: 0
SPF calculation has run 2 times
Area ranges:
Number of LSAs: 1, checksum sum 39090
ArubaOS-CX-Switch(config-ospf-2)# do show ip ospf statistics
OSPF Process ID 2 VRF default, Statistics (cleared 0h6m40s ago)
----------------------------------------------------------------
Unknown Interface Drops : 0
Unknown Virtual Interface Drops : 0
Bad Instance ID Drops : 0
Bad IP Header Length Drops : 0
Wrong OSPF Version Drops : 0
Bad Source IP Drops : 0
Resource Failure Drops : 0
Bad Header Length Drops : 0
Total Drops : 0
ArubaOS-Switch
ArubaOS-Switch(config)# ip router-id 10.0.0.21
ArubaOS-Switch(config)# router ospf
ArubaOS-Switch(ospf)# enable
ArubaOS-Switch(ospf)# area backbone
-or-
ArubaOS-Switch(ospf)# area 0.0.0.0
197
-or-
ArubaOS-Switch(ospf)# area 0
ArubaOS-Switch(ospf)# vlan 220
ArubaOS-Switch(vlan-220)# ip ospf area backbone
-or-
ArubaOS-Switch(vlan-220)# ip ospf area 0.0.0.0
-or-
ArubaOS-Switch(vlan-220)# ip ospf area 0
ArubaOS-Switch(vlan-220)# router ospf
(also as compound statements)
ArubaOS-Switch(config)# vlan 220 ip ospf area backbone
-or-
ArubaOS-Switch(config)# vlan 220 ip ospf area 0
-or-
ArubaOS-Switch(config)# vlan 220 ip ospf area 0.0.0.0
ArubaOS-Switch(ospf)# redistribute ?
connected
static
rip
bgp
ArubaOS-Switch(ospf)# redistribute connected
198
Comware 7
[Comware]ospf 1 router-id 10.0.0.31
[Comware-ospf-1]area 0
-or-
[Comware-ospf-1]area 0.0.0.0
[Comware-ospf-1-area-0.0.0.0]network 10.1.220.0 0.0.0.255
[Comware-ospf-1]import-route ?
bgp Border Gateway Protocol (BGP) routes
direct Direct routes
isis Intermediate System to Intermediate System (IS-IS) routes
ospf Open Shortest Path First (OSPF) routes
rip Routing Information Protocol (RIP) routes
static Static routes
[Comware-ospf-1]import-route direct
Comware]ospf 1
[Comware-ospf-1]area 1
-or-
[Comware-ospf-1]area 0.0.0.1
[Comware-ospf-1-area-0.0.0.1]network 10.1.100.0 0.0.0.255
[Comware-ospf-1-area-0.0.0.1]area 2
-or-
[Comware-ospf-1-area-0.0.0.1]area 0.0.0.2
[Comware-ospf-1-area-0.0.0.2]network 10.1.230.0 0.0.0.255
[Comware-ospf-1]area 2
[Comware-ospf-1-area-0.0.0.2]stub no-summary
[Comware]interface Vlan-interface 230
[Comware-Vlan-interface230]ospf cost 10
Cisco
Cisco(config)#router ospf 1
Cisco(config-router)#router-id 10.0.0.41
Cisco(config-router)#network 10.1.220.0 0.0.0.255 area 0
-or-
Cisco(config-router)#network 10.1.220.0 0.0.0.255 area 0.0.0.0
199
Cisco(config-router)#redistribute ?
bgp Border Gateway Protocol (BGP)
connected Connected
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
maximum-prefix Maximum number of prefixes redistributed to protocol
metric Metric for redistributed routes
metric-type OSPF/IS-IS exterior metric type for redistributed routes
mobile Mobile routes
nssa-only Limit redistributed routes to NSSA areas
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
route-map Route map reference
static Static routes
subnets Consider subnets for redistribution into OSPF
tag Set tag for routes redistributed into OSPF\
<cr>
Cisco(config-router)#redistribute connected
200
Appendix A CLI Commands in ArubaOS-Switch Software
This appendix shows display commands added to ArubaOS-Switch software.
Included are related ArubaOS-CX-Switchsoftware commands. Refer to the latest release notes for your
switch product to determine which commands are supported.
HPE Networking has added CLI commands into the ArubaOS-CXSwitch software in a phased manner
over several releases to help network management staff learn to use the ArubaOS-Switch software CLI
with a minimum of effort.
ArubaOS-CX-Switchwas used for this section.
Fundamental Commands
ArubaOS-Switch commands
Comware commands in ArubaOS-Switch
Software
copy startup-config tftp <ip-address>
<file name>
backup startup-configuration to <ip-
address> <file name>
clock set <HH:MM:SS> <MM/DD/YYYY>
clock datetime <HH:MM:SS> <MM/DD/YYYY>
clock summer-time
clock summer-time
clock timezone
clock timezone
aaa accounting commands
command accounting
aaa authorization commands radius
command authorization
No equivalent ArubaOS-Switch software command
command-alias enable
No equivalent ArubaOS-Switch software command
command-alias mapping
copy
copy
erase startup-config
delete <startup-config>
flow-control
flow-control
console inactivity-timer
idle-timeout
exit
quit
boot
reboot
erase startup
reset saved-configuration
copy tftp startup-config
restore startup-configuration
end
return
write memory
save
reload at
schedule reboot at
reload after
schedule reboot delay
terminal length
screen-length
set authentication password
set authentication password
console baud-rate
speed
startup-default config <config file name>
startup saved-configuration <config file
name>
hostname
sysname
configure
system-view
telnet
telnet
telnet-server
telnet server enable
console terminal
terminal type
no
undo
[Below commands has no equivalent Comware command, as some of these features are
specific to ArubaOS]
Sys-debug ip fib blackhole
Sys-debug ipv6 fib blackhole
201
Sys-debug destination logging
Sys-debug destination buffer
Ipv6 route <network/subnetmask> blackhole
logging
Ip route <network/subnetmask> blackhole
logging
Access-list logtimer <5-300>
Sys-debug acl
Sys-debug destination buffer
Sys-debug destination logging
vsf sequence-reboot {primary | secondary}
vsf domain 20
vsf lldp-mad ipv4 10.1.1.1 v2c public
vsf member 4 link 1 name NAME-STR
vsf member 4 link 1 all start-disabled
vsf member 4 link 1 all
vsf member 4 link 1
vsf member 4 priority 255
vsf member 4 remove reboot
vsf member 4 remove
vsf member 4 shutdown
vsf member 4 type <jnum> mac-address
<mac-ad>
vsf member 4 type <jnum>
vsf port-speed 1g
vsf port-speed 10g
vsf vlan-mad 707
202
Display Commands
ArubaOS-CX-Switch commands
show vrrp (ipv4 | ipv6 | brief | detail)(<1-255>)
show vrrp
show vrrp (ipv4 | ipv6 | brief | detail)
show vrrp (<1-255>)
show vrrp (brief | detail)(ipv4 | ipv6)(<1-255>)
show vrrp (brief | detail)(ipv4 | ipv6)
show vrrp interface IFNAME
show vrrp interface IFNAME(<1-255>)
show vrrp statistics
show vrrp statistics interface IFNAME
show vrrp statistics interface IFNAME(<1-255>)
show track
show running-config vrrp
show vlan summary
show vlan
show vlan <1-4094>
show vlan port IFNAME
show dhcp-relay
show ip helper-address {interface (IFNAME | A.B )}
show dhcp-relay bootp-gateway {interface (IFNAME | A.B )}
show ip forward-protocol udp {interface (IFNAME | A.B)}
clear udld statistics {interface IFNAME}
show udld
show udld interface IFNAME
show running-config interface tunnel
show interface tunnel {brief}
show environment temperature
203
show environment temperature detail
top cpu
top memory
show system resource-utilization
show system resource-utilization daemon WORD
show system resource-utilization module SLOT-NUMBER
show system
show environment
show clock
show tech
show tech local-file
show ipv6 ospfv3 neighbors A.B.C.D interface IFNAME detail all-vrfs
show ipv6 ospfv3 neighbors A.B.C.D interface IFNAME detail {vrf WORD}
show ipv6 ospfv3 [<1-63>] neighbors A.B.C.D all-vrfs
show ipv6 ospfv3 [<1-63>] neighbors A.B.C.D {vrf WORD}
show ipv6 ospfv3 [<1-63>] neighbors A.B.C.D detail all-vrfs
