The Command Line Reference guide is better understood if you know the basics of operating the programmable command line interface (PCLI). Commands and actions such as clear, edit, delete, restore, and show, for example, are described here. If you have not used the PCLI before, please refer to About the PCLI for an explanation of how it works.
adopt
Assign the current router to a Mist organization.
Usage
adopt [{org-id <org-id> | registration-code <registration-code>}] [force] [router-name <router-name>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. |
| org-id | The ID of the Mist organization where the router is assigned. |
| registration-code | The registration code used to assign this router to an organization. |
| router-name | Assign a name to the router. |
See Also
| command | description |
|---|
show mist | Display information about the link between the SSR and the Mist Cloud |
Description
If you know the ID of the organization in Mist, or the registration code for the router, you can use the optional org-id or registration-code arguments. Otherwise, use the interactive dialog to walk through entering Mist credentials and assigning the router to an organization.
| Release | Modification |
|---|
| 6.0.0 | This feature was introduced |
clear app-id cache
Clear app-id entries from cache
Usage
clear app-id cache [force] [stale-entries] [node <node>] {router <router> | resource-group <resource-group>} [<cache>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to clear app-id cache entries |
| resource-group | The name of the resource group |
| router | The router on which to clear app-idcache entries |
| stale-entries | Only clear the stale (expired) entries |
Positional Arguments
| name | description |
|---|
| cache | Clear app-id entries from address cache, domain cache, url cache, or all (default: all) |
See Also
clear app-id cache-entry address
Clear specific app-id entry from cache by address key
Usage
clear app-id cache-entry address [force] [node <node>] {router <router> | resource-group <resource-group>} <ip> <port> <protocol>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to clear app-id cache entry |
| resource-group | The name of the resource group |
| router | The router on which to clear app-id cache entry |
Positional Arguments
| name | description |
|---|
| ip | IP address of the address key [type: IP address] |
| port | Port of the address key [type: port] |
| protocol | Protocol of the address key [type: string or uint8] |
See Also
clear app-id cache-entry domain
Clear specific app-id entry from cache by domain name key
Usage
clear app-id cache-entry domain [force] [node <node>] {router <router> | resource-group <resource-group>} <domain>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to clear app-id cache entry |
| resource-group | The name of the resource group |
| router | The router on which to clear app-id cache entry |
Positional Arguments
| name | description |
|---|
| domain | Domain name |
See Also
clear app-id cache-entry url
Clear specific app-id entry from cache by url key
Usage
clear app-id cache-entry url [force] [node <node>] {router <router> | resource-group <resource-group>} <url>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to clear app-id cache entry |
| resource-group | The name of the resource group |
| router | The router on which to clear app-id cache entry |
Positional Arguments
See Also
clear app-id stats
Clear inactive app-id stats
Usage
clear app-id stats [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to clear inactive app-id stats |
| resource-group | The name of the resource group |
| router | The router on which to clear inactive app-id stats |
See Also
clear arp
Refresh the entire ARP cache or a subset if arguments are provided.
Usage
clear arp [{vlan <vlan> | ip <ip>}] [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | The device interface on which to refresh the ARP cache (default: all). |
| force | Skip confirmation prompt. Only required when targeting all routers. |
| ip | The IP address for which to clear an ARP entry (must be specified after 'device-interface'). [type: IP address] |
| node | The name of the node. |
| resource-group | The name of the resource group. |
| router | The name of the router. |
| vlan | The VLAN on which to clear the ARP cache (must be specified after 'device-interface'). [type: int] |
See Also
| command | description |
|---|
show arp | Shows the contents of the ARP table on the specified node. |
Description
The clear arp command is typically used during troubleshooting to force a refresh of ARP (Address Resolution Protocol) entries from an SSR or node's ARP cache. The command has multiple filters, allowing administrators to specify which entry to refresh. The PCLI auto-completes typed entries for improved accuracy.
ARP entries are not removed or deleted; instead the command forces a refresh of the cache outside of the scheduled ARP timeout.
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
clear bgp
Clear routes associated with one or all BGP neighbors.
Usage
clear bgp [{in | out | soft}] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} <neighbor>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| in | Soft reset received BGP updates |
| out | Soft reset transmitted BGP updates |
| resource-group | The name of the resource group |
| router | The name of the router for which to clear BGP neighbors |
| soft | Soft reset received and transmitted BGP updates |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| neighbor | neighbor ip-address [type: IP address or 'all'] |
See Also
| command | description |
|---|
show bgp | Displays information about the state of the BGP process on the SSR. |
clear history
Clear the PCLI's command history for this user.
Usage
See Also
| command | description |
|---|
show history | Show PCLI command history for the current user. |
clear pim mroute
Clears all multicast routes.
Usage
clear pim mroute [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to clear multicast routes |
| vrf | VRF name |
clone
Clone the configuration of one router to create a new router with a new name and identical contents.
Usage
router [force] <name> <new-name>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| name | An identifier for the router |
| new-name | The new value for the router name |
Example
admin@conductor-east-1.RTR_EAST_CONDUCTOR# configure authority clone router Boston NewYork
Description
The clone command duplicates the configuration data from the existing Boston router into a new router with the name NewYork, and stages it to the candidate configuration.
Version History
| Release | Modification |
|---|
| 5.0.0 | This feature was introduced |
commit
Commit the candidate config as the new running config.
Usage
commit [force] [validate-router-all]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| validate-router-all | Distribute config to each managed router for validation and wait for results before committing |
Description
The commit command causes the SSR to validate the candidate configuration, and then replace the running configuration with the candidate configuration (assuming it passes the validation step). It is used once a series of configuration changes have been made, and an administrator wishes to "activate" those configuration changes.
When run from an SSR conductor, the conductor only validates the configuration itself locally before committing the configuration and then distributing it to all managed routers. If the user wishes, the conductor has the ability to distribute the configuration to all managed routers for each of them to validate it and report the results of their validation before the commit takes place (assuming a successful validation). This operation is much slower than local validation because the conductor must wait for all routers to report their results and some may be unreachable or timeout. The user may request a distributed validation by using the validate-router-all keyword.
The commit command will prompt a user for confirmation, as this is a (potentially) service affecting command. By supplying the optional force keyword, the confirmation step is skipped:
*admin@labsystem1.fiedler# commit
Are you sure you want to commit the candidate config? [y/N]: y
Configuration committed
*admin@labsystem1.fiedler# commit force
Configuration committed
admin@labsystem1.fiedler#
If the validation step fails, the administrator will be notified, the commit step is not executed, and the existing running configuration will remain in place. The validator will get a list of all errors that must be addressed before the commit can be completed. There may also be warnings displayed in the event that the candidate configuration contains elements that are deprecated.
Example
*admin@burl-corp-primary.burl-corp# commit
✖ Validating, then committing...
% Error: Failed to commit:
1. Service name "bar" does not exist
config
authority
router burl-corp
service-route foo
service-name
2. A service route must have at least one next-hop, peer,
nat-target, use-learned-routes, routing-stack or host configured. It cannot have both
the peer and nat-target configured.
config
authority
router burl-corp
service-route foo
3. Service-route foo for service '' is not allowed on router burl-corp. Please check the applies-to config
on the service.
config
authority
router burl-corp
service-route foo
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 3.0.0 | force feature was added |
compare config
Display the differences between two configurations.
Usage
compare config [<old>] [<new>]
Positional Arguments
| name | description |
|---|
| old | The original configuration against which differences should be computed (default: running). Can be candidate, running, factory-defaults, or the name of a previously exported configuration. |
| new | The updated configuration for which differences should be computed. Can be candidate, running, factory-defaults, or the name of a previously exported configuration. |
Description
The compare config command presents a list of differences between the two configurations specified as arguments on the command line. The one listed first influences the output in a very important way: the SSR will return a list of configuration commands that will cause the configuration to be listed first to be brought to parity with the one listed second. (Note: since the only editable configuration is the "candidate" configuration, the changes outlined by the compare config command cannot be directly applied to the "running" configuration.)
The ability to specify a previously exported configuration file to compare against the running or candidate config allows you to compare configurations without having to import the exported config into the candidate config for comparison.
In the example below, the candidate and running configurations are identical save for a single service-route that has been added to the candidate configuration.
*admin@labsystem1.fiedler# compare config running candidate
config
authority
router Fabric128
name Fabric128
service-route myRoute
name myRoute
service-name myService
destination 10.10.10.10
exit
exit
exit
exit
This shows that the running configuration is missing the candidate's service-route. By reversing the order of the arguments, the output changes:
*admin@labsystem1.fiedler# compare config candidate running
config
authority
router Fabric128
name Fabric128
delete service-route force myRoute
exit
exit
exit
Note here that the output shows that the running configuration has deleted the candidate configuration's service-route via the delete service-route force myRoute statement. Cutting and pasting this configuration into the PCLI will affect the candidate configuration – and make it match the running configuration.
When two configurations are identical, comparing them will return that there are no changes to display:
admin@labsystem1.fiedler# compare config candidate running
# No differences
admin@labsystem1.fiedler#
See Also
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
| 5.1.0 | Added the ability to compare between the running or candidate config and an exported config, or between two exported configurations. |
Usage
configure [authority [ ... ] ]
Description
The configure command places administrators into the configuration tree (hierarchy), where they will be making changes to the candidate configuration. When entered as a standalone command (i.e., configure by itself), the administrator is placed at the top of the configuration tree.
admin@labsystem1.fiedler# configure
admin@labsystem.beacon (config)#
Alternatively, administrators may execute the configure command with optional arguments to enter into configuration mode "deeper" in the configuration tree. For example:
admin@labsystem1.fiedler# configure authority router Fabric128
admin@labsystem1.fiedler (router[name=Fabric128])#
By supplying optional arguments to the configure command as in the above example, the administrator has entered into the configuration tree at the "router" tier, within the router element named "Fabric128". Not only can administrators enter into the configuration tree at any point through this technique, but new configuration can also applied directly in this same way.
admin@labsystem1.fiedler# configure auth router Fabric128 description "sample description"
admin@labsystem1.fiedler# show config candidate
config
authority
name Authority128
router Fabric128
name Fabric128
location usa
description "sample description"
...
Required Fields
Some arguments and subcommands contain required fields for configuration. The configure help text now identifies required fields. For example:
...
usage: inter-node-security [<security-ref>]
The name of the security policy used for inter node communication between router interfaces
positional arguments:
security-ref The value to set for this field
security-ref (leafref) (required): This type is used by other entities that need to reference configured security policies.
Options: internal, aes1, or test
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 2.0.0 | Command was renamed to configure from config |
connect
Connect to a Managed Router. For more information, read Connecting to SSRs from Conductor.
Usage
connect [username <username>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| node | The node to connect to |
| router | The router to connect to |
| username | Username to use for login to the Managed Router (default: <current user>) |
create capture-filter
Creates a capture-filter using BPF syntax (as used in wireshark) on the target interface.
Usage
create capture-filter device-interface <device-interface> router <router> node <node> <capture-filter>
Keyword Arguments
| name | description |
|---|
| device-interface | The device interface on which to create the capture filter |
| node | The node on which to create the capture filter |
| router | The router on which to create the capture filter |
Positional Arguments
| name | description |
|---|
| capture-filter | The capture-filter to create (Uses BPF syntax) |
See Also
Example
admin@tp-colo-primary.tp-colo# create capture-filter device-interface blended-5 "host 172.18.5.4"
Successfully created capture-filter
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
create certificate request webserver
Create a certificate signing request.
Usage
create certificate request webserver
See Also
Description
The create certificate request webserver generates a certificate-request, which is then sent to a Certificate Authority. The SSR will, through a series of interactive prompts, request information from the administrator to generate either the request or certificate, as appropriate.
The certificate created by the create certificate command stores its output file at /etc/128technology/pki/.
create certificate self-signed webserver
Create a self-signed certificate.
Usage
create certificate self-signed webserver
See Also
Description
The create certificate self-signed webserver generates a self-signed certificate which is used for the local webserver. The SSR will, through a series of interactive prompts, request information from the administrator to generate either the request or certificate, as appropriate.
Example
admin@labsystem1.fiedler# create certificate self-signed webserver
Certificate common name: test.128technology.com
Country name (2 char): US
State name: MA
Organization name: 128Technology
RSA key size (2048/4096) [4096]: 4096
Certificate validity in days (1 - 7300) [365]: 365
Self-signed certificate successfully
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31228 (0x79fc)
...
create config autogenerated
Run configuration generation.
Usage
create config autogenerated
Description
Forces re-generation of all automatically generated configuration items, and stages the configuration changes into the current candidate configuration. Configuration generation is done automatically as part of a commit. This command serves only to aid in debugging, and allows you to validate, inspect, and make edits, without committing the changes.
See Also
Version History
| Release | Modification |
|---|
| 5.1.0 | This feature was introduced |
create session-capture
Creates a session capture at the specified node and service.
Usage
create session-capture [source-ip <source-ip>] [source-port <source-port>] [destination-ip <destination-ip>] [destination-port <destination-port>] [protocol <protocol>] [session-count <session-count>] [packet-count <packet-count>] [local-only] [tag <tag>] service <service> router <router> node <node>
Keyword Arguments
| name | description |
|---|
| destination-ip | The destination IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0) |
| destination-port | The destination port to match (can be a range) [type: port or port-range] (default: 0-65535) |
| local-only | Session capture is local to the node |
| node | The ingress node on which to create the session capture |
| packet-count | The number of packets to capture per session, in each direction [type: 'unlimited' or positive int] (default: 100) |
| protocol | The protocol to match (in decimal or by name, eg 'tcp') [type: string or uint8] (default: all) |
| router | The router on which to create the session capture |
| service | The service on which to create the session capture |
| session-count | The number of sessions to capture [type: 'unlimited' or positive int] (default: 100) |
| source-ip | The source IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0) |
| source-port | The source port to match (can be a range) [type: port or port-range] (default: 0-65535) |
| tag | An optional custom name for the session capture pcap files |
See Also
Description
When destination or source IPs are not specified, any IP will be matched.
When destination or source port is not provided, port range of 0-65535 is used.
When protocol is not provided, all protocols will be matched.
When session-count is not specified, default will be unlimited.
When packet-count is not specified, default is 100 packets in each direction for each session matched.
create user
Create a new user account interactively.
Usage
Positional Arguments
| name | description |
|---|
| username | the name of the account to create |
See Also
Description
The create user command allows administrators to create user accounts for user and/or administrative access to the SSR's management port. Issuing the create user <username> launches an interactive session that prompts for the new user's full name, password, whether they are an administrative or basic user, and the enabled/disabled state of that user account.
Password policies have been updated with the release of version 5.6. Please see Password Policies for additional information.
Example
admin@labsystem1.fiedler# create user jdeveloper
Creating account "jdeveloper"...
Full Name: Joe Developer
Password: <not echoed to screen>
Confirm: <not echoed to screen>
Role (user | admin) [user]: admin
Enabled: true
Account "jdeveloper" successfully created
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
delete capture-filter
Deletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.)
Usage
delete capture-filter device-interface <device-interface> router <router> node <node> <capture-filter>
Keyword Arguments
| name | description |
|---|
| device-interface | The device interface on which to delete the capture filter |
| node | The node on which to remove the capture filter |
| router | The router on which to remove the capture filter |
Positional Arguments
| name | description |
|---|
| capture-filter | The capture-filter to remove (Uses BPF syntax) |
See Also
Example
admin@tp-colo-primary.tp-colo# delete capture-filter device-interface blended-5 "host 172.18.5.4"
Successfully deleted capture-filter
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
delete (in config)
Usage
delete { <configuration> } [ force ]
Description
The delete command, when issued within the configuration hierarchy, lets administrators delete portions of the candidate configuration. This can be used to delete specific fields within a configuration element, or entire elements.
The command will prompt you for confirmation before deleting the configuration, unless the optional keyword force is included.
Example
admin@labsystem1.fiedler# config authority router burlington
admin@labsystem1.fiedler (router[name=burlington])# delete node combo1
Are you sure you want to delete item "[name=combo1]" [y/N]: N
Operation canceled
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
delete certificate webserver
Delete the webserver certificate.
Usage
delete certificate webserver [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
See Also
Description
The delete certificate webserver command allows administrators to delete certificates that are stored on the SSR. Note that the SSR will always prompt the administrator to confirm deletion (the "force" keyword is not allowed).
Example
admin@labsystem1.fiedler# delete certificate webserver
Are you sure you want to delete certificate 'webserver'? [y/N]: y
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
delete config exported
Delete an exported configuration from disk.
Usage
delete config exported [force] <name>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| name | Name of the exported configuration to delete |
See Also
Description
The delete config command allows administrators to delete configurations from the SSR's filesystem that had previously been exported with the export config command. The force flag will skip the confirmation check without prompting the user.
Example
admin@cnd1.conductor# delete config exported 20180115_export.gz
Are you sure that you want to delete exported config '20180115_export.gz'? [y/N]: y
Successfully deleted exported configuration: '20180115_export.gz'
admin@cnd1.conductor#
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
delete flows
Clears all active flow data from this node.
Usage
delete flows [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node from which to delete flow entries |
| resource-group | The name of the resource group |
| router | The router from which to delete flow entries |
Description
The delete flows command clears all active flow data from this node. Administrators can specify which node to clear flow data from by adding the node name as an optional argument to the command.
This command has been maintained for backward compatibility to older versions of software. The delete sessions command is preferred in versions newer than 3.2.0.
This may be a service impacting operation.
Example
admin@labsystem1.fiedler# delete flows linecard-test
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
delete session-capture
Deletes session capture from selected service.
Usage
delete session-capture [source-ip <source-ip>] [source-port <source-port>] [destination-ip <destination-ip>] [destination-port <destination-port>] [protocol <protocol>] [session-count <session-count>] [packet-count <packet-count>] [local-only] [tag <tag>] service <service> router <router> node <node>
Keyword Arguments
| name | description |
|---|
| destination-ip | The destination IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0) |
| destination-port | The destination port to match (can be a range) [type: port or port-range] (default: 0-65535) |
| local-only | Session capture is local to the node |
| node | The node on which to remove the session-capture filter |
| packet-count | The number of packets to capture per session, in each direction [type: 'unlimited' or positive int] (default: 100) |
| protocol | The protocol to match (in decimal or by name, eg 'tcp') [type: string or uint8] (default: all) |
| router | The router on which to remove the session-capture filter |
| service | The service on which to create the session capture |
| session-count | The number of sessions to capture [type: 'unlimited' or positive int] (default: 100) |
| source-ip | The source IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0) |
| source-port | The source port to match (can be a range) [type: port or port-range] (default: 0-65535) |
| tag | An optional custom name for the session capture pcap files |
Subcommands
| command | description |
|---|
by-id | Deletes session-capture by capture-id from selected service. |
See Also
delete session-capture by-id
Deletes session-capture by capture-id from selected service.
Usage
delete session-capture by-id service <service> router <router> node <node> <capture-id>
Keyword Arguments
| name | description |
|---|
| node | The node on which to remove the session-capture filter |
| router | The router on which to remove the session-capture filter |
| service | The service on which to create the session capture |
Positional Arguments
| name | description |
|---|
| capture-id | The session-capture to remove. |
See Also
delete sessions
Delete all current sessions or a subset if arguments are provided.
Usage
delete sessions [{session-id <session-id> | service-name <service-name>}] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node from which to delete sessions |
| resource-group | The name of the resource group |
| router | The router from which to delete sessions |
| service-name | The name of the service for which to delete all sessions |
| session-id | The identifier of the session to be deleted |
Description
The delete sessions command removes all current sessions or a subset if arguments are provided.
This may be a service impacting operation.
delete system software
Remove or cancel a previously started download.
Usage
delete system software version <version>
Keyword Arguments
| name | description |
|---|
| version | The version to cancel or remove. |
See Also
delete user
Delete a user account
Usage
delete user [force] <username>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| username | the name of the account to delete |
Subcommands
| command | description |
|---|
tokens | Revoke API access tokens for a user. |
See Also
Example
admin@labsystem1.fiedler# delete user jdeveloper
Delete account 'jdeveloper'? [y/N]: y
Account 'jdeveloper' successfully deleted
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
delete user tokens
Revoke API access tokens for a user.
Usage
delete user tokens [force] <username>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| username | the name of the account to revoke API tokens for |
See Also
edit prompt
Allows the user to specify a custom format for the PCLI prompt.
Usage
Positional Arguments
| name | description |
|---|
| format | Format string for the prompt display |
See Also
Description
The edit prompt command lets administrators change the display of the PCLI prompt, and includes a flexible array of options for customizability. In addition to various variables, the prompt string can include conditional statements, to affect the display of the prompt under different operating modes. All of this is accomplished by supplying a format string, which contains the syntax of the desired PCLI prompt.
State Variables
===============
{user} - Name of the currently logged in user
{address} - Address (node.router) of the current system
{node} - Name of the connected node
{router} - Name of the connected router
{context} - Currently set context if one is set; empty otherwise
{path} - Full path to the current PCLI menu, separated by '/'
{location} - Name of current PCLI menu
{privilege} - "#" if the current user has administrator privileges, else ">"
Conditional Variables
=====================
{top-level} - Evaluates true if the PCLI is at the top menu
{uncomitted} - Evaluates true if the candidate configuration differs from the running configuration
Conditionals
============
A conditional statement allows the prompt to be customized with conditional or state variables
The format of a conditional statement is:
[condition?value_if_true:value_if_false]
The condition is true if a state variable is not an empty string or if a conditional variable is true
For example:
'This prompt is [top-level?definitely:not] top level'
Yields one of the following:
'This prompt is definitely top level' (if top-level is true or has a value)
'This prompt is not top level' (if top-level is false or has no value)
Timestamps
==========
Custom timestamps are created with the use of standard strftime format codes
For example:
'(%x %H:%M) {user}@{address}$ '
Yields:
'(03/08/17 11:46) admin@node.router$ '
See <https://docs.python.org/3/library/datetime.html#strftime-strptime-behavior> for all format codes
Any '?'s that appear in a timestamp must be escaped with a '\'
Special characters*
==================
\n - Newline
\t - Tab
\[ - Literal '['
\] - Literal ']'
{{ - Literal '{'
}} - Literal '}'
%% - Literal '%'
* Use \\ if not using a quoted string to specify the prompt
Version History
| Release | Modification |
|---|
| 3.1.0 | This feature was introduced |
edit user
Modify an existing user account
Usage
Positional Arguments
| name | description |
|---|
| username | The name of the account to modify (default: <current user>) |
Subcommands
| command | description |
|---|
mode | Edit the current user's configuration mode. |
See Also
Description
The password must be at least eight characters long, with at least one uppercase letter, one lowercase letter, one digit, and cannot contain any characters that repeat more than three times.
The edit user command enters a configuration subtree specific to administering user accounts. From within this subtree, administrators can change any of the attributes associated with a user account (full name, password, role, and enabled state). This is done in a "configuration-like" way, where commands are issued as attribute value.
As with standard configuration, using the "?" command will list the options available for editing.
Example
admin@labsystem1.fiedler# edit user jdeveloper
admin@labsystem1.fiedler (user[name=jdeveloper])# ?
User Attributes
---------------
enabled Enable or disable this user.
full-name The user's full name, for display purposes only.
password No help available
role A list of roles assigned to the user.
General Commands
----------------
delete Delete an attribute from a user account
do Execute a top-level command
exit Exit this menu (You can also press Ctrl+D)
quit Quit the PCLI
top Return to the root menu
up Exit this menu and navigate up the hierarchy the given number of levels
where Display the current location in the CLI hierarchy
admin@labsystem1.fiedler (user[name=jdeveloper])#
Modifying these attributes is done as follows:
admin@labsystem1.fiedler (user[name=jdeveloper])# full-name "Joseph Developer"
Account 'jdeveloper' updated successfully
admin@labsystem1.fiedler (user[name=jdeveloper])# top
admin@labsystem1.fiedler# show user jdeveloper
=============================
Information for jdeveloper:
=============================
Enabled: true
Full Name: Joseph Developer
Role: admin
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
edit user mode
Edit the current user's configuration mode.
Usage
Positional Arguments
| name | description |
|---|
| value | basic | advanced |
See Also
Description
Advanced mode exposes additional configuration elements for editing and viewing.
exit (in config)
The exit command moves your focus to the PCLI home.
Usage
Example
admin@labsystem1.fiedler# config authority router beacon
admin@labsystem1.fiedler (router[name=beacon])# where
configure authority router beacon
admin@labsystem1.fiedler (router[name=beacon])# exit
admin@labsystem1.fiedler# where
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
export config
Export a copy of the current running or candidate config.
Usage
export config <datastore> <export-name>
Positional Arguments
| name | description |
|---|
| datastore | running | candidate |
| export-name | A name consisting of alphanumeric characters or any of the following: . - _ |
See Also
Description
The export command takes a configuration from a previously created backup (via create config backup), from the candidate configuration, or from the SSR's running configuration, and stores it as a file on the local filesystem. It can then be taken off, moved onto other systems, archived, etc.
Exported files are stored in /etc/128technology/config-exports/ and are stored as GZIP compressed files.
The export command's complement, import is used to reverse the process, taking a configuration archive and restoring it onto a system.
The delete config exported command removes unneeded exported configurations.
Example
admin@labsystem1.fiedler# export config candidate myCandidate
Successfully exported configuration: /etc/128technology/config-exports/myCandidate.gz
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
| 3.1.0 | The location of the exported configuration changed |
import certificate webserver
Import a certificate to be used by the webserver.
Usage
import certificate webserver
See Also
Description
This command allows administrators to load certificates into their SSR by pasting them into their active PCLI session. By issuing the import certificate command, the PCLI prompts the user for the name of the certificate they plan to import, then asks whether it is a CA (certificate authority) certificate or not. Once these questions are answered, administrators can paste the certificate, and is reminded to press CTRL-D once the pasting is complete. Pressing CTRL-D causes the SSR to validate the configuration to ensure it is a valid X.509 certificate before loading it into persistent storage. If the X.509 validation fails, the user is informed as follows:
Example
admin@labsystem1.fiedler# import certificate webserver
Enter the CA certificate in PEM format (Press CTRL-D to finish):
Certificate is not in valid X509 format
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
import config
Import a configuration as the candidate config.
Usage
import config [force] <name>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| name | Name of the configuration file to import |
See Also
Description
This command takes a backup configuration (one that has been stored with the export command) and overwrites the current candidate configuration with its contents. Inclusion of the optional "force" keyword will skip the prompt for confirmation.
Example
admin@labsystem1.fiedler# import config myCandidate.gz
Replace the existing candidate configuration with the contents of backup _myCandidate.gz_? [y/N]: y
Backup configuration _myCandidate.gz_ successfully written to the candidate config
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
import iso
Import SSR ISO to the local repository
Usage
import iso [force] [verbose] {hunt | filepath <filepath>}
Keyword Arguments
| name | description |
|---|
| filepath | The absolute filepath to the ISO |
| force | Skip confirmation prompt |
| hunt | Find and import all ISOs from the filesystem |
| verbose | Increase log level verbosity |
Example
admin@conductor.Conductor# import iso hunt
This command is resource intensive and can take a while. Are you sure? [y/N]: y
Current Installer version: 2.5.0-0.20200326163206.snapshot
Installer will run in non-interactive mode
Refreshing DNF cache (this may take a few minutes)
Cleaning DNF data: expire-cache
Making the DNF cache
Cleaning legacy local repos (this may take a few minutes)
Installer will hunt for ISOs to import
Importing packages for 128T-4.4.0-0.202004021313.release.el7.x86_64.rpm
Installer complete
Import success
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
lookup application by-address
Look up application identification by address key
Usage
lookup application by-address router <router> node <node> <ip> <port> <protocol>
Keyword Arguments
| name | description |
|---|
| node | The node on which to look up application identification |
| router | The router on which to look up application identification |
Positional Arguments
| name | description |
|---|
| ip | IP address of the address key [type: IP address] |
| port | Port of the address key [type: port] |
| protocol | Protocol of the address key [type: string or uint8] |
See Also
lookup application by-domain
Look up application identification by domain name or url key
Usage
lookup application by-domain router <router> node <node> <domain-url>
Keyword Arguments
| name | description |
|---|
| node | The node on which to look up application identification |
| router | The router on which to look up application identification |
Positional Arguments
| name | description |
|---|
| domain-url | Domain name or URL |
See Also
manage plugin install
Install a plugin on conductor.
Usage
manage plugin install [node <node>] <name> [<version>]
Keyword Arguments
| name | description |
|---|
| node | Node to install on (default: all) |
Positional Arguments
| name | description |
|---|
| name | Name of plugin to install |
| version | Version of plugin to install (default: latest) |
See Also
manage plugin remove
Remove an installed plugin.
Usage
manage plugin remove [node <node>] <name>
Keyword Arguments
| name | description |
|---|
| node | Node to remove on (default: all) |
Positional Arguments
| name | description |
|---|
| name | Name of plugin to be removed |
See Also
migrate
Migrate an SSR to a new conductor. For more details on the SSR router migration refer to How to: Conductor Migration.
Usage
migrate [skip-validation] [force] conductor <address> [<address>] router <router>
Keyword Arguments
| name | description |
|---|
| conductor | The address(es) of the conductor node(s) to migrate to |
| force | Skip confirmation prompt |
| router | The router to migrate |
| skip-validation | Attempt to migrate the router without checking if migration is possible |
See Also
ping
Send an ICMP request through a network interface.
Usage
ping [count <count>] [size <size>] [timeout <timeout>] [set-df-bit] [egress-interface <egress-interface>] [gateway-ip <gateway-ip>] router <router> node <node> <destination-ip>
Keyword Arguments
| name | description |
|---|
| count | Number of ping requests to send [type: int] (default: 4) |
| egress-interface | Network interface from which to ping |
| gateway-ip | Gateway IP address from which to ping [type: IP address] |
| node | The node from which to send the ping request |
| router | The router from which to send the ping request |
| set-df-bit | Set the IPv4 'Don't Fragment' bit on the request packet |
| size | Number of data bytes to send [type: int] (default: 56) |
| timeout | Time to wait for a response, in seconds [max: 10 seconds][type: int] (default: 1) |
Positional Arguments
| name | description |
|---|
| destination-ip | Destination IP of the ping request [type: IP address] |
Description
This issues ICMP requests to the specified destination-ip merely as a connectivity test, and bypasses the typical packet processing logic that would potentially restrict access to various tenants and destined for service addresses. The count modifier will affect the number of pings that are issued. The interface modifier lets administrators specify the egress interface for issuing the pings. The timeout modifier will set the waiting period for a reply before declaring the ping as a failure. The set-df-bit and record-route options enable the respective flags in the outgoing ICMP request.
Example
admin@gouda.novigrad# ping egress-interface wan-interface 8.8.8.8
PING 8.8.8.8 56 bytes of data.
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=0 ttl=57 time=12.97ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=1 ttl=57 time=10.597ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=2 ttl=57 time=10.643ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=3 ttl=57 time=10.444ms
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced. The previous behavior of the ping command is now realized as service-ping |
quit
Quit the PCLI.
Usage
Description
This command logs the user out, and quits the PCLI.
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
refresh dns resolutions
Refreshes all DNS resolutions configured on the platform.
Usage
refresh dns resolutions [{router <router> | resource-group <resource-group>}] [hostname <hostname>] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| hostname | The DNS hostname belonging to a node |
| resource-group | The name of the resource group |
| router | The name of the router (default: <current router>) |
See Also
release dhcp lease
Releases an active DHCP lease.
Usage
release dhcp lease [force] [node <node>] {router <router> | resource-group <resource-group>} network-interface <network-interface>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| network-interface | The network interface on which to release the current DHCP lease |
| node | The name of the node (default: all) |
| resource-group | The name of the resource group |
| router | The name of the router |
See Also
repeat
Repeat any command multiple times.
Usage
repeat [beep] [exit-on-failure] [interval <interval>] <command> [<command> ...]
Keyword Arguments
| name | description |
|---|
| beep | Beep if the command fails to execute |
| exit-on-failure | Exit if the command fails to execute |
| interval | Seconds to wait between updates [type: int] (default: 2) |
Positional Arguments
| name | description |
|---|
| command | Command to repeat |
Description
This command can be used to "watch" statistics over a specified period. In order to stop the repeat command, the user must issue a CTRL-C.
Example
admin@gouda.novigrad# repeat show stats device-interface
Running "show stats device-interface" every 2 seconds
Wed 2020-04-22 17:42:04 UTC
Retrieving statistics...
Device Interface Management Stats
---------------------------------
================= ======= =======
Metric Node Value
================= ======= =======
message-failure gouda 0
message-success gouda 2
Completed in 1.66 seconds
replace config
Search for and replace configuration data that matches a specified pattern.
Usage
replace config <find> <replace>
Keyword Arguments
| name | description |
|---|
| force | Replace all matching data without prompts |
Positional Arguments
| name | description |
|---|
| find | The text to find in the candidate configuration |
| replace | The new value to replace 'find' with |
Description
The replace command is a powerful tool for making sweeping configuration changes, similar to a "find and replace" operation in a word processor.
The replace command has several optional arguments that affect how the replacement occurs; case-sensitive will only match elements within the configuration that match the case supplied with the query string. The regex argument treats the query string as a regular expression. The whole-word argument requires that the match be an entire word, rather than just a substring or partial match.
The user-supplied query string and replacement string are the matching text, and the replacement text, respectively.
Example
admin@labsystem1.fiedler# replace config all internal newInternal
Replacing 'config authority router RTR_EAST_CONDUCTOR inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_EAST_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_WEST_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_CENTRAL_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority security internal name internal' with 'newInternal'...
Replace completed successfully
admin@labsystem1.fiedler#
Version History
| Release | Modification |
|---|
| 3.1.0 | This feature was introduced |
request idp restart
Restart IDP Command
Usage
request idp restart [force] [rebuild] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node for which to restart IDP |
| rebuild | Delete and rebuild IDP |
| router | The router for which to restart IDP |
See Also
Description
Initiate a restart of the underlying IDP engine.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced |
| 6.1.0 | show idp application details added |
request idp signature-query
Request IDP signature database connectivity.
Usage
request idp signature-query [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to refresh security signature data |
| resource-group | The name of the resource group |
| router | The router for which to refresh security signature data |
Description
Query and display the IDP signature database connectivity details.
See Also
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced |
request system software download
Download a new version of the SSR.
Usage
request system software download version <version>
Keyword Arguments
| name | description |
|---|
| version | The version to download. |
See Also
request system software upgrade
Upgrade to a new version of the SSR.
Usage
request system software upgrade version <version>
Keyword Arguments
| name | description |
|---|
| version | The version to upgrade to. |
See Also
Description
This may be a service impacting operation.
restore config factory-default
Restore the candidate config to the factory defaults.
Usage
restore config factory-default [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
See Also
Description
This command removes all administrator-added configuration, and restores the basic configuration to all of the SSR's factory default settings. The PCLI will prompt for confirmation before resetting the configuration, unless the optional force modifier is added.
Example
admin@labsystem1.fiedler# restore config factory-default
Are you sure you want to restore the candidate config to factory defaults? [y/N]: n
Operation canceled
Version History
| Release | Modification |
|---|
| 1.1.0 | This feature was introduced. Replaces the deprecated reset-factory-default-config |
restore config running
Discard uncommitted changes from the candidate config.
Usage
restore config running [force] [<username>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| username | Name of the account to discard candidate changes from (default: <current user>) |
See Also
Description
This command removes all administrator-added configuration since the last commit, effectively bringing the running configuration and the candidate configuration back to parity. The PCLI will prompt for confirmation before resetting the configuration, unless the optional force modifier is added.
Example
*admin@node1.bernstein# restore config running
Are you sure you want to discard uncommitted changes from the candidate config? [y/N]: y
Candidate configuration changes successfully discarded
*admin@node1.bernstein#
Version History
| Release | Modification |
|---|
| 1.1.0 | This feature was introduced |
| 2.0.0 | Previously named restore config candidate |
restore prompt
Restore the PCLI prompt to the factory default.
Usage
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
See Also
Description
The restore prompt command returns the PCLI's prompt to its factory default, in the event that an administrator has modified it.
Example
(04/10/2020 19:56) admin@gouda.novigrad$restore prompt
Restore the default prompt? [y/N]: y
PCLI prompt successfully updated
admin@gouda.novigrad#
Version History
| Release | Modification |
|---|
| 3.1.0 | This feature was introduced |
restore system factory-default
Restore the system to factory defaults.
Usage
restore system factory-default [force] [router <router>] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The name of the node |
| router | The name of the router (default: <current router>) |
Description
Once initiated, the system will begin to stop all running processes and restore the system to the factory default configuration. Once the process has been completed, the system will reboot.
restore users factory-default
Restore the user configuration to factory defaults.
Usage
restore users factory-default [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
See Also
Description
The restore users factory-default command deletes all administratively created user accounts (i.e., all but the ones that are installed with the SSR routing software natively) and leaves the system with just the admin and user accounts.
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
rotate log
Rotate log files.
Usage
rotate log [force] [router <router>] [node <node>] [<process-name>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to rotate logfiles |
| router | The router for which to rotate logfiles (default: <current router>) |
Positional Arguments
| name | description |
|---|
| process-name | The process for which to rotate logfiles (default: all) |
See Also
Description
This command is used to rotate log files (i.e., close the current log file and open a new one) generated by the various processes that comprise the SSR to rotate. The SSR's log files, stored in /var/log/128technology, keep 25 prior logs for each process, space permitting. Files are rotated such that, for instance, pcli.log becomes pcli.1.log while pcli.1.log becomes pcli.2.log, and so on. The oldest log file for each process is removed.
The rotate log command is useful prior to engaging in troubleshooting exercises, to help narrow down which files may contain items of interest. It is particularly useful when used in conjunction with the write command, described elsewhere in this document.
Without any arguments, the rotate log command will rotate all log files on all nodes.
For more information about SSR logging read Understanding Logs on the SSR
Example
admin@labsystem1.fiedler# rotate log
Logs successfully rotated
admin@labsystem1.fiedler#
The optional arguments process-name and node-name let administrators specify which processes should rotate their logs, and on which nodes.
admin@labsystem1.fiedler# shell ls -ltr /var/log/128technology/ | grep highwayManager
-rw-r--r-- 1 root root 14964 Oct 8 05:34 highwayManager.4.log
-rw-r--r-- 1 root root 35908 Oct 8 05:42 highwayManager.3.log
-rw-r--r-- 1 root root 10653 Oct 11 11:12 highwayManager.2.log
-rw-r--r-- 1 root root 146057 Oct 11 11:42 highwayManager.1.log
-rw-r--r-- 1 root root 117673 Oct 11 14:48 highwayManager.log
admin@labsystem1.fiedler# rotate log highwayManager labsystem1
Logs successfully rotated
admin@labsystem1.fiedler# shell ls -ltr /var/log/128technology/ | grep highwayManager
-rw-r--r-- 1 root root 14964 Oct 8 05:34 highwayManager.5.log
-rw-r--r-- 1 root root 35908 Oct 8 05:42 highwayManager.4.log
-rw-r--r-- 1 root root 10653 Oct 11 11:12 highwayManager.3.log
-rw-r--r-- 1 root root 146057 Oct 11 11:42 highwayManager.2.log
-rw-r--r-- 1 root root 117673 Oct 11 14:48 highwayManager.1.log
-rw-r--r-- 1 root root 0 Oct 12 09:45 highwayManager.log
In this example you can see that what was previously named highwayManager.4.log has been rotated to highwayManager.5.log; likewise, all other logs were incremented. What was highwayManager.log is now highwayManager.1.log, and a new highwayManager.log file has been created, and is empty.
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
save packet-buffer-snapshot
Gathers packet buffer pool information and stores it in a logfile.
Usage
save packet-buffer-snapshot [filename <filename>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| filename | Filename to save the buffer pool snapshot (default: packetBuffers.log) |
| node | The name of the node |
| router | The name of the router |
Description
This command saves a snapshot of the packet buffer pool information in a logfile at /var/log/128technology.
save runtime-stats
Gathers runtime process stats and stores it in a logfile.
Usage
save runtime-stats [{router <router> | resource-group <resource-group>}] [force] [node <node>] <filename> [<process-name>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | Target node from which to gather runtime stats |
| resource-group | The name of the resource group |
| router | Target router from which to gather runtime stats (default: <current router>) |
Positional Arguments
| name | description |
|---|
| filename | Custom filename to store system information |
| process-name | Target process from which to gather runtime stats (default: all) |
Example
admin@gouda.novigrad# save runtime-stats stats.txt
Retrieving Runtime Stats...
Runtime stats saved to /var/log/128technology/stats.txt
save tech-support-info
Gather system information for technical support.
Usage
save tech-support-info [force] [manifest <manifest>] [router <router>] [node <node>] [<prefix>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| manifest | The manifest describing the commands and logs to collect (default: summary) |
| node | The name of the node |
| router | The name of the router (default: <current router>) |
Positional Arguments
| name | description |
|---|
| prefix | Custom file prefix to add the archive file |
Description
This command packages statistics, logs and other diagnostic data, to exchange with Juniper's support team. The tech-support-info command echoes the location where it stores the file when complete (/var/log/128technology/tech-support-info.tar.gz).
New manifest files can be created and placed into /etc/128technology/tech-support-manifests. Each manifest contains a list of PCLI commands, shell commands, files, and systemd journal's to collect.
This command collect a lot of data, and may take some time to complete.
Example
admin@labsystem1.fiedler# save tech-support-info
Retrieving Tech Support Info...
/var/log/128technology/tech-support-info.tar.gz
search
Search for any PCLI command or configuration data from the current location in the command tree.
Usage
search [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| limit | limit the maximum number of results [type: int] |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
Subcommands
Description
The search command and its various subcommands let users search through the SSR's PCLI command tree, the configuration tree, and user-supplied configuration data to locate the information specified by the supplied find string.
When omitting the optional filter, the search command will return results for all of the types of information it can locate: commands, configuration attributes, and configuration data.
Example
admin@labsystem1.fiedler# search ntp
Commands:
- show ntp
- show config candidate authority router system ntp
- show config candidate authority router system ntp server
- show config candidate authority router system ntp server ip-address
- show config candidate authority router system services ntp
- show config running authority router system ntp
- show config running authority router system ntp server
- show config running authority router system ntp server ip-address
- show config running authority router system services ntp
Configuration Attributes:
- configure authority router system ntp
- configure authority router system services ntp
search commands
Search PCLI commands.
Usage
search commands [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| limit | limit the maximum number of results [type: int] |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
search config
Search both config datastores for specific data.
Usage
search config [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| limit | limit the maximum number of results [type: int] |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
Subcommands
| command | description |
|---|
candidate | Search candidate configuration data |
running | Search running configuration data |
Description
The output of search can be filtered by explicitly specifying commands configuration.
Example
admin@gouda.novigrad# search commands reset
Commands:
- show stats highway firewall-detector tcp-reset-received
- show stats packet-processing action success tcp-proxy sessions-reset
- show stats redundancy session-reads tcp-reset-sent
- show stats service-area sent tcp-reset-for-adaptive-encryption-failure
admin@labsystem1.fiedler# search config Newton
Candidate and Running Configuration:
- config authority router Fabric128 node ptcricket location Newton, MA
admin@labsystem1.fiedler#
search config candidate
Search candidate configuration data
Usage
search config candidate [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| limit | limit the maximum number of results [type: int] |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
Example
admin@labsystem1.fiedler# search config candidate myRoute
Candidate Configuration:
- config authority router Fabric128 service-route myRoute name myRoute
admin@labsystem1.fiedler#
search config running
Search running configuration data
Usage
search config running [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| case-sensitive | Interpret the search query as case-sensitive |
| limit | limit the maximum number of results [type: int] |
| regex | Process the query as a regular expression |
| whole-word | Don't allow partial matches of words |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
Example
admin@labsystem1.fiedler# search config running Newton
Running Configuration:
- config authority router Fabric128 node ptcricket location Newton, MA
admin@labsystem1.fiedler#
search config-attributes
Search configuration attributes.
Usage
search config-attributes [limit <limit>] <find>
Keyword Arguments
| name | description |
|---|
| limit | limit the maximum number of results [type: int] |
Positional Arguments
| name | description |
|---|
| find | Find all the matching text |
Description
The output of search can be filtered by explicitly specifying config-attributes configuration.
Example
admin@gouda.novigrad# search config-attributes name
Configuration Attributes:
- configure authority dscp-map name
- configure authority dynamic-hostname
- configure authority ipfix-collector name
- configure authority ldap-server name
- configure authority name
- configure authority router name
- configure authority router nat-pool address-pool tenant-name
- configure authority router nat-pool name
- configure authority router node device-interface name
- configure authority router node device-interface network-interface hostname
- configure authority router node device-interface network-interface management-vector name
- configure authority router node device-interface network-interface name
- configure authority router node device-interface network-interface neighborhood name
- configure authority router node name
- configure authority router peer authority-name
- configure authority router peer name
- configure authority router peer router-name
- configure authority router redundancy-group name
- configure authority router routing interface name
- configure authority router service-route host node-name
- configure authority router service-route name
- configure authority router service-route next-hop node-name
- configure authority router service-route service-name
- configure authority router service-route-policy name
- configure authority router system log-category name
- configure authority router system services snmp-server access-control name
- configure authority router system services webserver server node-name
- configure authority routing filter name
- configure authority routing filter rule name
- configure authority routing policy name
- configure authority routing policy statement name
- configure authority security name
- configure authority service application-name
- configure authority service name
- configure authority service-class name
- configure authority service-policy name
- configure authority service-policy vector name
- configure authority session-type name
- configure authority tenant name
- configure authority traffic-profile name
send command download
Download SSR software on a router
Usage
send command download [dry-run] [force] {router <router> | resource-group <resource-group>} [<version>]
Keyword Arguments
| name | description |
|---|
| dry-run | View version changes without command execution |
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router on which to download software |
Positional Arguments
| name | description |
|---|
| version | The version of SSR as semantic version and optionally a release identifier (e.g. "3.0.0" or "3.0.1-snapshot1"); if not provided, the latest is assumed |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command reconnect
Attempt to reconnect an asset
Usage
send command reconnect [router <router>] [node <node>]
Keyword Arguments
| name | description |
|---|
| node | The name of the node |
| router | The name of the router (default: <current router>) |
Subcommands
| command | description |
|---|
disconnected | Attempt to reconnect all disconnected assets. |
See Also
send command reconnect disconnected
Attempt to reconnect all disconnected assets.
Usage
send command reconnect disconnected [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
See Also
send command restart
Restart an SSR node
Usage
send command restart [force] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node to restart |
| router | The router to restart |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command rollback
Rollback an SSR to the previously installed version
Usage
send command rollback [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to rollback |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command start
Start an SSR node
Usage
send command start [force] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node to start |
| router | The router to start |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command stop
Stop an SSR node
Usage
send command stop [force] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node to stop |
| router | The router to stop |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command sync
Transition an asset back to connected and perform a sync.
Usage
send command sync [{router <router> | resource-group <resource-group>}] [force] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | A single force forces the synchronization by disabling the smart sync skip mechanism. A second force skips the confirmation prompt. This argument can be repeated up to 2 times. |
| node | The node to sync |
| resource-group | The name of the resource group |
| router | The router to sync (default: <current router>) |
See Also
Description
Transition an asset back to connected and perform a sync. The sync operation ensures the asset is provisioned correctly and all plugin changes are applied.
Version History
| Release | Modification |
|---|
| 5.6.7 | This feature was introduced |
send command upgrade
Upgrade an SSR node
Usage
send command upgrade [dry-run] [force] {router <router> | resource-group <resource-group>} <version>
Keyword Arguments
| name | description |
|---|
| dry-run | View version changes without command execution |
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to upgrade |
Positional Arguments
| name | description |
|---|
| version | The version of SSR as semantic version and optionally a release identifier (e.g. "3.0.0" or "3.0.1-snapshot1"); if not provided, the latest is assumed |
See Also
Description
send command is only available within the PCLI of an SSR Conductor.
send command yum-cache-refresh
Refresh the yum cache as well as the SSR software versions available for download and upgrade.
Usage
send command yum-cache-refresh [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to refresh |
See Also
service-ping
Send an ICMP request using a service or tenant
Usage
service-ping [count <count>] [size <size>] [timeout <timeout>] [set-df-bit] [service-name <service-name>] [tenant <tenant>] [source-ip <source-ip>] router <router> node <node> <destination-ip>
Keyword Arguments
| name | description |
|---|
| count | Number of ping requests to send [type: int] (default: 4) |
| node | The node from which to send the ping request |
| router | The router from which to send the ping request |
| service-name | Name of service which includes the destination trying to be reached; only required if service is ambiguous |
| set-df-bit | Set the IPv4 'Don't Fragment' bit on the request packet |
| size | Number of data bytes to send [type: int] (default: 56) |
| source-ip | IP from which to test whether traffic is allowed [type: IP address] |
| tenant | Name of source tenant for ICMP request (default is the global tenant) |
| timeout | Time to wait for a response, in seconds [max: 10 seconds][type: int] (default: 1) |
Positional Arguments
| name | description |
|---|
| destination-ip | Destination IP of the ping request [type: IP address] |
Description
This issues ICMP requests to the specified destination-ip, and offers the administrators a variety of ways to formulate the request. The tenant and service-name modifiers specify which "source tenant" to use for the request, and the name of the service for which the destination-ip applies. The count modifier will affect the number of pings that are issued. The interface modifier lets administrators specify the egress interface for issuing the pings. The timeout modifier will set the waiting period for a reply before declaring the ping as a failure. The set-df-bit and record-route options enable the respective flags in the outgoing ICMP request.
Example
admin@gouda.novigrad# service-ping service-name Internet tenant lanSubnet source-ip 192.168.0.5 8.8.8.8
PING 8.8.8.8 56 bytes of data.
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=0 ttl=57 time=22.296ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=1 ttl=57 time=11.303ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=2 ttl=57 time=10.516ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=3 ttl=57 time=10.428ms
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
| 3.0.0 | Included tenant, service, and node information |
| 3.2.0 | Previously named ping |
set config encryption
Sets the encryption key for the SSR configuration
Usage
set config encryption [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to disable config encryption (default: all) |
| resource-group | The name of the resource group |
| router | The router on which to set config encryption (default: <current router>) |
Subcommands
| command | description |
|---|
disabled | Disables the encryption for the SSR configuration |
See Also
Example
admin@node1.t128# set config encryption
Are you sure you would like to enable configuration encryption? [y/N]: y
✔ Encrypting configuration... 1/1 targets complete.
Configuration was successfully encrypted.
Version History
| Release | Modification |
|---|
| 4.5.0 | This feature was introduced |
set config encryption disabled
Disables the encryption for the SSR configuration
Usage
set config encryption disabled [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
| node | The node on which to disable config encryption (default: all) |
| resource-group | The name of the resource group |
| router | The router on which to disable config encryption (default: <current router>) |
Example
admin@node1.t128# set config encryption disabled
Are you sure you would like to disable configuration encryption? [y/N]: y
✔ Disabling configuration encryption... 1/1 targets complete.
Configuration encryption was successfully disabled.
Version History
| Release | Modification |
|---|
| 4.5.0 | This feature was introduced |
set dns resolution
Sets a hostname resolution temporarily until the next time the node processes config
Usage
set dns resolution [router <router>] <hostname> <ip-address>
Keyword Arguments
| name | description |
|---|
| router | The router on which to set the hostname resolution (default: <current router>) |
Positional Arguments
| name | description |
|---|
| hostname | The hostname to set the resolution for |
| ip-address | The ip-address the hostname should resolve to [type: IP address] |
See Also
Example
admin@node1.t128# set dns resolution my.router 1.2.3.4
Successfully set hostname resolution on node node1
Version History
| Release | Modification |
|---|
| 4.5.0 | This feature was introduced |
set log level
Set the log level of a process.
Usage
set log level [category <category>] [force] [router <router>] [node <node>] <level> [<process-name>]
Keyword Arguments
| name | description |
|---|
| category | The log category for which to set the level (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node on which to set the corresponding process log level |
| router | The router on which to set the corresponding process log level (default: <current router>) |
Positional Arguments
| name | description |
|---|
| level | The log level |
| process-name | The process for which to set the log level (the log level will change for all processes when no process is specified) (default: all) |
Subcommands
| command | description |
|---|
configured | Reset the process log level to the configured system log level. |
See Also
Description
The set log level command adjusts the degree to which the SSR writes information into its log files. This is used to selectively turn up and down log verbosity for troubleshooting purposes.
The optional <process-name> and <node-name> arguments, can selectively change only a specific SSR's software process on a given node.
The level must be one of: fatal, error, warning, info, debug, and trace. These are listed in order of increasing verbosity. Juniper generally recommends that systems be set to info level by default under normal operating circumstances.
As of software version 3.1, a new subcommand set log level category, allows administrators to collectively adjust groups of related functionality for specific troubleshooting exercises – instead of blindly adjusting the entire system's log level and potentially impacting performance.
The category can be any of the following:
| Category Name | Long Name | Description |
|---|
| ATCS | Analytics | Components related to the SSR Analytics Engine. |
| CFGD | Config Director | Components related to the 128T Configuration Engine. |
| DATA | Metadata Database | Components related to the configuration and state databases. |
| DISC | Discovery | Discovery-based components (except BFD). Today this is DHCP and ARP. |
| USER | User | User-created log messages, generated via the 'write' command. |
| FLC | FastLane Control | Control system for packet forwarding. |
| FLPP | First Packet Processing | System for processing the initial packet of each new session. |
| HWMC | HighwayManager Control | Control system for packet processing. |
| IPC | Interprocess Communications | The subsystem responsible for messaging between components within the SSR product. |
| LINK | Internode Link Detection | The subsystem for inter-node communication (today, BFD). |
| PLAT | Platform | Components related to the underlying platform management. |
| PLUG | Plugin Components | Components related to plugin management. |
| RDB | Redundancy Database | The subsystem responsible for synchronizing data between nodes. |
| RTG | Routing | Components related to the routing engine. |
| SNMP | Simple Network Management Protocol. | Components related to the SNMP engine. |
| SATF | Session Processing Thread Failures | Failures related to multi-threaded session setup. |
| SESS | Session Startup | Components related to session setup. |
| STEP | STEP | Components related to STEP. |
| TEST | Test | Components related to testing. |
| UTIL | Utility | Components related to utility libraries. |
| DPDK | DPDK | Components related to DPDK. |
| DNS | Domain Name System | Components related to DNS. |
| HTTP | HTTP | Components related to HTTP request/response processing. |
| PCLI | PCLI | All the PCLI's log messages. |
| BONS | Configuration Database | Components related to the configuration database. |
| LDAP | LDAP | All the System Security Services Daemon logs. |
| RIB | RIB | Components related to routing changes. |
| IDP | IDP | Components related to IDP. |
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
| 3.1.0 | Log categories introduced |
| 6.0.0 | LDAP category added |
Reset the process log level to the configured system log level.
Usage
set log level configured [category <category>] [force] [router <router>] [node <node>] [<process-name>]
Keyword Arguments
| name | description |
|---|
| category | The log category for which to reset the level. (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node on which to set the corresponding process log level |
| router | The router on which to set the corresponding process log level (default: <current router>) |
Positional Arguments
| name | description |
|---|
| process-name | The process for which to set the log level (the log level will change for all processes when no process is specified) (default: all) |
Description
Will return the SSR's logging behavior to the verbosity specified within the configuration, located at: authority > router > system > log-level. Alternatively, administrators can specify a log level to dynamically change all system processes to use.
set password
Change your password.
Usage
See Also
Description
The set password command allows a PCLI user to change their password. As is typical with most password changing routines, as a security precaution the user must enter their current password before they're permitted to change it.
If a password is lost or forgotten and the account is inaccessible, the account cannot be recovered. Please keep password records accessible and secure.
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
set provisional-status
Set the provisional status of a device-interface to down, or returning it to the "up" state after taking it down.
Usage
set provisional-status router <router> node <node> <name> <status>
Keyword Arguments
| name | description |
|---|
| node | The node on which to set the device's provisional status |
| router | The router on which to set the device's provisional status |
Positional Arguments
| name | description |
|---|
| name | Device interface on which to set the provisional status |
| status | The desired provisional status for the device |
See Also
Description
The set provisional-status command allows a specific interface to be brought down without a configuration change. This is useful in situations where you need to temporarily bring down a just device interface (i.e., to trigger an interface failover).
Example
admin@test1.Fabric128# set provisional-status node test1 10 down
✔ Setting provisional status...
Successfully set provisional status for device 10
admin@test1.Fabric128# set provisional-status node test1 10 up
✔ Setting provisional status...
Successfully set provisional status for device 10
Version History
| Release | Modification |
|---|
| 4.5.3 | This feature was introduced |
set software access-token
Save credentials for accessing SSR software repositories.
Usage
set software access-token [{router <router> | resource-group <resource-group>}] [force] [node <node>] <username> <token>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The name of the node. |
| resource-group | The name of the resource group. |
| router | The name of the router (default: <current router>). |
Positional Arguments
| name | description |
|---|
| username | The username for the software access account. |
| token | Authentication token for SSR software. |
| Release | Modification |
|---|
| 5.5.2 | This feature was introduced |
set system software image
Set the boot image.
Usage
set system software image <image>
Positional Arguments
| name | description |
|---|
| image | The image to load on next boot |
See Also
| Release | Modification |
|---|
| 6.0.0 | This feature was introduced |
set time
Set the system date and time.
Usage
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt |
Positional Arguments
| name | description |
|---|
| date | The date to be used for the system date |
Description
date can be in almost any common format. It can contain month names, time zones, AM and PM, yesterday, etc.
For example,
set time 2020-07-21 14:19:13.489392193 +0530
specifies the instant of time that is 489,392,193 nanoseconds after July 21, 2020 at 2:19:13 PM in a time zone that is 5 hours and 30 minutes east of UTC.
Relative times can also be used.
For example,
set time +2 hours
set time -5 min
the first adds two hours to the current time and the second moves the clock back by five minutes.
| Release | Modification |
|---|
| 6.1.0 | This feature was introduced |
shell
Execute a Unix shell command.
Usage
Positional Arguments
| name | description |
|---|
| command | Shell command to execute |
Description
The shell command allows administrators to execute a bash shell, or to execute a command within the context of a bash shell (specified as a series of optional parameters to the shell command).
Example
admin@cnd1.conductor# shell ls -la /var/log/128technology/ | head
Piping output...
total 134600
drwxrwxr-x+ 2 root root 12288 Feb 7 10:13 .
drwxr-xr-x. 14 root root 4096 Feb 5 03:40 ..
-rw-rwxr--+ 1 root root 6885 Feb 7 10:12 128-server.log
-rw-rwxr--+ 1 root root 5613 Jan 15 09:41 accessManager.10.log
-rw-rwxr--+ 1 root root 3640 Feb 7 10:10 accessManager.1.log
-rw-rwxr--+ 1 root root 3640 Feb 4 07:35 accessManager.2.log
-rw-rwxr--+ 1 root root 3640 Feb 1 16:36 accessManager.3.log
-rw-rwxr--+ 1 root root 3640 Jan 29 09:50 accessManager.4.log
-rw-rwxr--+ 1 root root 3640 Jan 26 10:23 accessManager.5.log
admin@cnd1.conductor#
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
show alarms
Display currently active or shelved alarms
Usage
show alarms [{router <router> | resource-group <resource-group>}] [shelved] [id <id>] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| id | ID for which to display alarm information |
| resource-group | The name of the resource group |
| router | The router for which to display alarms (default: all) |
| shelved | Display shelved alarms |
See Also
| command | description |
|---|
show events alarm | Show alarm events from the historical events database. |
Description
The show alarms subcommand shows all of the active alarms on your SSR.
A list of all alarms your SSR is capable of generating and details about them can be found in the Alarm Guide.
Example
admin@cnd1.conductor# show alarms
Wed 2018-01-17 15:14:03 EST
================== ===================== ========== ============= ========== ===================================
ID Time Severity Source Category Message
================== ===================== ========== ============= ========== ===================================
cnd1.conductor:4 2018-01-17 13:22:38 major unavailable system No connectivity to b1.branch1
cnd1.conductor:5 2018-01-17 13:22:38 major unavailable system No connectivity to dc1.datacenter
cnd1.conductor:6 2018-01-17 13:22:38 major unavailable system No connectivity to dc2.datacenter
There are 0 shelved alarms
Completed in 0.35 seconds
Version History
| Release | Modification |
|---|
| 1.1.0 | This feature was introduced |
| 3.1.0 | Previously allowed filtering by node, now the command shows all alarms. |
show app-id cache
Show information of app-id entries in cache
Usage
show app-id cache [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} <cache>
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node on which to show app-id cache entries |
| resource-group | The name of the resource group |
| router | The router on which to show app-id cache entries |
| rows | The number of app-id cache to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| cache | Show app-id entries from address, domain, or url cache |
See Also
show app-id categories
Show available top-level categories
Usage
show app-id categories [router <router>] [node <node>] [<name>]
Keyword Arguments
| name | description |
|---|
| node | The node on which to show app-id categories |
| router | The router on which to show app-id categories (default: <current router>) |
Positional Arguments
| name | description |
|---|
| name | Display the subcategories for category 'name' |
show app-id web-filtering
Show web-filtering state
Usage
show app-id web-filtering router <router> node <node>
Keyword Arguments
| name | description |
|---|
| node | The node from which to retrieve |
| router | The router from which to retrieve |
show application modules registration
Display registered application-modules.
Usage
show application modules registration [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The name of the node |
| resource-group | The name of the resource group |
| router | The name of the router |
See Also
Description
The show application modules registration subcommand shows all of the modules that provide application names to SSR as part of its Application Classification feature.
show application modules status
Display applications provided by a module.
Usage
show application modules status [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} name <name> [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | The module to get status for |
| node | The name of the node |
| resource-group | The name of the resource group |
| router | The name of the router |
| rows | The number of application entries to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
Description
The show application modules status subcommand shows all of application names and transport information of a module, as well as other debugging information.
show application names
Display application name entries.
Usage
show application names [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The name of the node |
| resource-group | The name of the resource group |
| router | The name of the router |
| rows | The number of application name entries to display at once [type: int or 'all'] (default: 50) |
Description
The show application names subcommand shows all of the application names that the SSR has learned, or been configured to recognize, as part of its Application Classification feature.
Example
admin@gouda.novigrad# show application names
Wed 2020-04-22 16:06:43 UTC
Node: gouda
================== =============== ================ ===================== =====================
Application Name Session Count Ip Tuple Count Date Discovered Last Updated
================== =============== ================ ===================== =====================
O365-Skype 6 5 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-Exchange 5 16 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-Common 0 25 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-SharePoint 0 5 2021-04-14 09:20:09 2021-04-14 09:20:09
dropbox 0 65 2021-04-14 13:37:49 2021-04-14 13:37:49
gmail 0 17 2021-04-14 13:58:09 2021-04-14 13:58:09
google-drive 0 27 2021-04-14 13:58:09 2021-04-14 13:58:09
The various columns are as follows:
| Column | Description |
|---|
| Application Name | The name of the identified application. |
| Session Count | The number of active sessions for the application. |
| Ip Tuple Count | The number of addresses and ports associated with the application. |
| Date Discovered | The time at which the router first learned this application. Restarting the router or deleting the application will reset the time. |
| Last Updated | The time at which the router updated the entries for the application. The time is updated when the ip tuple information associated with the application has changed. |
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
show arp
Shows the contents of the ARP table on the specified node.
Usage
show arp [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node from which to retrieve arp entries |
| resource-group | The name of the resource group |
| router | The router from which to retrieve arp entries |
| rows | The number of arps to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Subcommands
| command | description |
|---|
proxy | Display proxy ARP info for network-interfaces. |
See Also
| command | description |
|---|
clear arp | Clear the entire ARP cache or a subset if arguments are provided. |
Description
The show arp subcommand displays the ARP table (MAC address to IP address binding) for a given node. The number of lines of output is controlled through the use of the optional rows attribute. When the rows command is not present, the SSR will default to displaying the first 50 rows of the specified node's ARP table. Using detail displays additional information including time to next refresh (ms), retry count (if expired), and time of last resolved ARP.
Example
admin@gouda.novigrad# show arp
Wed 2020-04-22 16:01:05 UTC
Node: gouda
========== ====== ================= =================== ========
Dev Name VLAN IP Dest MAC State
========== ====== ================= =================== ========
kni254 0 169.254.127.127 1a:f1:bd:a4:ae:6e Valid
lan 0 192.168.0.34 b1:7b:c1:04:0b:ba Valid
lan 0 192.168.0.35 01:0e:58:b1:94:bf Valid
lan 0 192.168.0.146 a4:83:e7:0b:d7:e1 Valid
wan 0 1.2.3.4 21:41:71:c1:99:c1 Valid
Completed in 0.07 seconds
admin@node1.aws# show arp detail
Tue 2023-01-17 20:58:15 UTC
Node: node1.aws Page 1
========== ====== ===== ====== ======= ======== ========= ======================
Dev Name VLAN IP Mac State Expiry Retries Last Resolved
========== ====== ===== ====== ======= ======== ========= ======================
wan 0 1 a Valid 324 - 2023-01-23T10:20:32
mgmt 0 2 b Valid 400 - 2023-01-23T10:20:32
lan 0 3 0 Refresh 732 2 2023-01-23T08:11:54
lan 0 4 0 Refresh 520 2 ---
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 2.0.0 | Added requirement for use of 'node' keyword when specifying a node name. |
| 6.1.0 | Added verbosity subcommand |
show arp proxy
Display proxy ARP info for network-interfaces.
Usage
show arp proxy [{router <router> | resource-group <resource-group>}] [name <name>] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Network interface for which to display proxy ARP info (default: all) |
| node | The node for which to display proxy ARP info |
| resource-group | The name of the resource group |
| router | The router for which to display proxy ARP info (default: all) |
Description
Displays a list of all configured proxies, grouped by network interface.
Example
admin@test1.Fabric128# show arp proxy
Mon 2020-01-27 18:35:24 UTC
Node: test1
======== ======== ====== =================== ===================
Device Name VLAN MAC Prefix
======== ======== ====== =================== ===================
10 intf10 None fa:16:3e:3b:b7:ee 172.16.100.100/30
10 intf10 None fa:16:3e:3b:b7:ee 172.16.1.100/32
Completed in 0.08 seconds
show assets
Shows the automated provisioning status of SSR nodes.
Usage
show assets [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<id>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display assets |
| resource-group | The name of the resource group |
| router | The router for which to display assets (default: all) |
Positional Arguments
| name | description |
|---|
| id | The asset id of the SSR node from which to retrieve the status |
Subcommands
| command | description |
|---|
errors | Shows the SSR nodes that have errors. |
software | Shows assets software information. |
summary | A summary of assets connected to the Conductor. |
See Also
Description
The show assets command displays the automated provisioning status of the SSR nodes within an Authority. With SSR's automated provisioning feature set, each "asset" represents a platform into which the SSR software is installed, updated, managed, etc. The show assets command allows administrators to see, at a glance, the state of all assets – including which software versions have been installed on which nodes, what their router and node identifiers are, etc.
Example
admin@labsystem1.fiedler# show assets
Fri 2017-07-21 11:12:49 EDT
========== ================ ============== ============== =============
Asset Id Router Node SSR Version Status
========== ================ ============== ============== =============
T10_DUT2 none none unknown pending
T10_DUT3 RTR_WEST_COMBO combo-west-1 3.1 running
T10_DUT4 none none unknown pending
Completed in 0.03 seconds
The optional id argument allows administrators to retrieve more detailed information about a specific asset:
admin@labsystem1.fiedler# show assets T10_DUT3
Fri 2017-07-21 15:41:54 UTC
========================
T10_DUT3
========================
Router: RTR_WEST_COMBO
Node: combo-west-1
SSR Version: 3.1
Status: running
Completed in 0.19 seconds
Version History
| Release | Modification |
|---|
| 3.1.0 | This feature was introduced |
show assets errors
Shows the SSR nodes that have errors.
Usage
show assets errors [{router <router> | resource-group <resource-group>}] [force] [<id>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router for which to display assets summary (default: all) |
Positional Arguments
| name | description |
|---|
| id | The asset id of the SSR node from which to retrieve the status |
Description
show assets errors will display all assets with at least one automated provisioner related error.
Example
admin@labsystem1.fiedler# show assets errors
Fri 2017-07-21 15:41:54 UTC
======== ========== =============== ========
Router Node Asset Id Errors
======== ========== =============== ========
Boston Aquarium Aquarium-1234 1
NYC nyc asset-10 2
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
show assets software
Shows assets software information.
Usage
show assets software [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display available software |
| resource-group | The name of the resource group |
| router | The router for which to display available software (default: all) |
See Also
Description
Displays software related information for each managed asset. The following information is provided:
- Current running version of software.
- Versions available for download and the repository where they are located.
- Software versions currently being downloaded.
- Previously downloaded versions that can be used to upgrade the platform.
Example
admin@tp-cond-primary.tp-cond# show assets software
Fri 2020-04-24 13:25:52 UTC
=========== ===================== ================================== ========================================== ============= ============
Router Node Installed Available Downloading Downloaded
=========== ===================== ================================== ========================================== ============= ============
burl-corp burl-corp-primary 5.6.1-18.el7 5.6.2-7.el7
5.6.3-6.el7
5.6.4-3.el7
5.6.5-5.el7
burl-corp-secondary 5.6.1-18.el7 5.6.2-7.el7
5.6.3-6.el7
5.6.4-3.el7
5.6.5-5.el7
tp-colo tp-colo-primary 5.6.9-3.el7
tp-colo-secondary 5.6.9-3.el7
tp-cond tp-cond-primary 5.6.9-3.el7
tp-cond-secondary 5.6.9-3.el7
tp-lab tp-lab-primary 5.6.8-9.el7 5.6.9-3.el7
tp-lab-secondary 5.6.8-9.el7 5.6.9-3.el7
Completed in 0.65 seconds
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
show assets summary
A summary of assets connected to the Conductor.
Usage
show assets summary [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router for which to display assets summary (default: all) |
See Also
Description
show assets summary will display a total of all assets in each state.
Example
admin@labsystem1.fiedler# show assets summary
Fri 2017-07-21 15:41:54 UTC
=====================================
Summary of Assets
=====================================
total: 5
pending: 2
not-installed: 1
installed: 2
assets with errors: 2
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
show bfd
Show BFD Peer <>
Usage
show bfd [vrf <vrf>] [peer <ip>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| peer | Retrieve BFD information for this peer. |
| resource-group | The name of the resource group. |
| router | The router to request BFD information from. |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
show bgp
Displays information about the state of the BGP process on the SSR.
Usage
show bgp [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<route>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to display BGP routes |
| rows | The number of bgp entries to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| route | route ip-prefix [type: IP prefix] |
Subcommands
| command | description |
|---|
neighbors | Displays information about the state of the BGP neighbors on the SSR. |
path-based-policy | Show the current BGP path-based-policy summary from the routing manager. |
summary | Show the current BGP summary from the routing manager. |
See Also
| command | description |
|---|
clear bgp | Clear routes associated with one or all BGP neighbors. |
Description
The show bgp command and associated subcommands display information about the state of the BGP process on the SSR. Each of these subcommands will be described in more detail in the sections that follow.
Example
When the show bgp command is issued with no command line arguments, the system returns the general status of the BGP process:
admin@labsystem1.fiedler# show bgp
BGP table version is 0, local router ID is 128.128.128.128
Status codes: s suppressed, d damped, h history, \* valid, > best, =
multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.18.11.0/24 172.18.1.2 0 0 4200000001 i
*> 172.18.22.0/24 172.18.2.2 0 0 4200000002 i
*> 172.31.255.10/32 172.18.3.2 0 4200000003 i
*> 192.168.128.0 0.0.0.0 0 32768 i
Total number of prefixes 4
The <route> argument is given as an IP prefix (CIDR). The show bgp <route> command gives detailed information on the specified route, if it exists in the SSR's Routing Information Base (RIB).
admin@labsystem1.fiedler# show bgp 172.18.11.0/24
BGP routing table entry for 172.18.11.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
172.18.2.2 172.18.3.2
4200000001
172.18.1.2 from 172.18.1.2 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Last update: Wed Feb 10 19:08:49 2016
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 5.1.0 | Added VFR support |
show bgp neighbors
Displays information about the state of the BGP neighbors on the SSR.
Usage
show bgp neighbors [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<neighbor-ip>] [<option>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to display BGP neighbors |
| rows | The number of bgp entries to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| neighbor-ip | The IP address of the neighbor [type: IP address] |
| option | advertised-routes | received-routes |
Description
The show bgp neighbors command displays detailed information about each of the SSR's BGP peers. By specifying a specific peer (through the optional argument <neighbor-ip>), administrators can view state information about one peer at a time. When specifying a specific neighbor, the output may include the routes shared with that peer by appending advertised-route or received from that peer by appending received-routes.
Example
admin@labsystem1.fiedler# show bgp neighbors
BGP neighbor is 172.18.1.2, remote AS 4200000001, local AS 4200000128, external
link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:27:25
Last read 00:00:25, hold time is 90, keepalive interval is 30 seconds
Configured hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
...
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 5.1.0 | Added VFR support |
show bgp path-based-policy
Show the current BGP path-based-policy summary from the routing manager.
Usage
show bgp path-based-policy [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to display the BGP path-based-policy |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Description
The show bgp path-based-policy gives administrators a summary table of the current state of path based BGP.
The show bgp path-based-policy detail gives the additional information of all peers.
show bgp summary
Show the current BGP summary from the routing manager.
Usage
show bgp summary [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to display the BGP summary |
| rows | The number of bgp entries to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Description
The show bgp summary gives administrators a high-level summary table of the state of all of the SSR's BGP peers.
It includes information on each BGP neighbor, including the version (V) of BGP that they are using (generally v4), the Autonomous System number (AS), the number of BGP messages sent and received (MsgSent, MsgRcvd), the table version (TblVer), etc.
Example
admin@labsystem1.fiedler# show bgp summary
BGP router identifier 128.128.128.128, local AS number 4200000128
RIB entries 7, using 784 bytes of memory
Peers 3, using 13 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.18.1.2 4 4200000001 62 73 0 0 0 00:29:07 1
172.18.2.2 4 4200000002 62 73 0 0 0 00:29:10 1
172.18.3.2 4 4200000003 88 84 0 0 0 00:09:53 1
Total number of neighbors 3
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 5.1.0 | Added VFR support |
show capacity
Shows current fib/flow/arp/action usage and capacities at the specified node.
Usage
show capacity [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node from which to retrieve capacities |
| resource-group | The name of the resource group |
| router | The router from which to retrieve capacities |
Example
admin@gouda.novigrad# show capacity
Wed 2020-04-22 15:17:55 UTC
Node: gouda
===================== ========= ========== =======
Resource Entries Capacity Usage
===================== ========= ========== =======
access-policy-table 17 5402 0.3%
action-pool 2274 301210 0.8%
arp-table 23 65535 0.0%
fib-table 176 19051 0.9%
flow-table 1882 131554 1.4%
source-tenant-table 54 2736 2.0%
Completed in 0.09 seconds
show capture-filters
Show active capture-filters.
Usage
show capture-filters [{router <router> | resource-group <resource-group>}] [device-interface <device-interface>] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| device-interface | Device interface on which to show capture-filters (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node on which to show capture-filters |
| resource-group | The name of the resource group |
| router | The router on which to show capture-filters (default: all) |
See Also
| command | description |
|---|
create capture-filter | Creates a capture-filter using BPF syntax (as used in wireshark) on the target interface. |
delete capture-filter | Deletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.) |
show stats packet-capture | Stats pertaining to captured packets |
Description
Shows all configured capture-filters, including static capture-filters that exist as part of the configuration as well as dynamic capture-filters (i.e., those created using the create capture-filter command).
Example
admin@tp-colo-primary.tp-colo# show capture-filters device-interface blended-5
Thu 2020-04-23 20:28:05 UTC
========= ================= ================ =================
Router Node Interface Name Capture Filters
========= ================= ================ =================
tp-colo tp-colo-primary blended-5 host 172.18.5.4
Completed in 0.01 seconds
Version History
| Release | Modification |
|---|
| 4.4.0 | This feature was introduced |
show certificate webserver
Display the webserver certificate
Usage
show certificate webserver
See Also
Example
admin@labsystem1.fiedler# show certificate webserver
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17087 (0x42bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=MA, O=a, CN=a
Validity
Not Before: May 5 04:49:02 2016 GMT
Not After : May 6 04:49:02 2017 GMT
Subject: C=US, ST=MA, O=a, CN=a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
...
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
show config candidate
Display candidate configuration data
Usage
show config candidate [verbose] [flat]
Description
This command returns the current candidate configuration on the SSR (i.e., the configuration that is currently being edited, not the configuration that is actively running). The output from show config candidate will only show fields and values within the configuration that are set to non-default values, for brevity.
The show config candidate command has two optional flags: verbose and flat. Adding the verbose flag will show the entire configuration, including items that are part of the system's default configuration (normally hidden when using show config candidate by itself). Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements, which can singularly affect each component of the configuration discretely. That is, any of the lines can be used without any context to configure a single attribute, object, etc.
Note that the output from show config candidate is formatted in such a way so as to allow the text to be cut and pasted into a CLI session to configure a separate SSR.
admin@labsystem1.fiedler# show config candidate
config
authority
router Fabric128
name Fabric128
node labsystem1
name labsystem1
id 1
description "Primary lab system"
location "Newton, MA"
role combo
device-interface 1
id 1
description "external network"
type ethernet
pci-address 0000:02:00.0
...
The same configuration using the flat flag is displayed quite differently:
admin@labsystem1.fiedler# show config candidate flat
config authority router Fabric128 name Fabric128
config authority router Fabric128 node labsystem1 name labsystem1
config authority router Fabric128 node labsystem1 id 1
config authority router Fabric128 node labsystem1 description "Primary lab system"
config authority router Fabric128 node labsystem1 location "Newton, MA"
config authority router Fabric128 node labsystem1 role combo
config authority router Fabric128 node labsystem1 device-interface 1 id 1
config authority router Fabric128 node labsystem1 device-interface 1 description "external network"
config authority router Fabric128 node labsystem1 device-interface 1 type ethernet
config authority router Fabric128 node labsystem1 device-interface 1 pci-address 0000:02:00.0
The show config candidate command also lets users show specific portions of the configuration by specifying the path to the areas of interest. For multiple instance items, such as node, service, etc., a keyword all will display all items of the specified type:
admin@labsystem1.fiedler# show config candidate authority session-type verbose all
config
authority
session-type HTTP
name HTTP
service-class Standard
timeout 7200000
transport tcp
protocol tcp
port-range 80
start-port 80
exit
port-range 8080
start-port 8080
exit
exit
exit
...
Keyword Arguments
| name | description |
|---|
| flat | Display with full paths on each line instead of as a hierarchy |
| verbose | Display all config data, including default values |
Subcommands
| command | description |
|---|
authority | Show configuration data for authority |
generated | Show configuration data for generated |
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced as "show candidate-config" |
| 2.0.0 | Renamed and reorganized as "show config candidate". flat, verbose, and configuration branch arguments added |
show config exports
Display configuration exports.
Usage
show config exports [<name>] [<flat>]
Description
This command lists the set of exported configurations that are stored on your SSR.
The show config exports command has two optional flags: name and flat. Use the name flag to identify a specific configuration to display. Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements.
Positional Arguments
| name | description |
|---|
| name | The name of the exported configuration to display (default: all) |
| flat | Display with full paths on each line instead of as a hierarchy. Only applicable when name is not 'all' |
See Also
Example 1
admin@conductor-east-1.RTR_EAST_CONDUCTOR# show config exports
Mon 2021-02-22 15:19:28 EST
✔ Retrieving exported configurations...
======================= ====================== ================= ===================
Name Date Modified Compressed Size Uncompressed Size
======================= ====================== ================= ===================
Arthur-C-Doyle.gz 2021-01-25T16:28:27Z 1.8 kB 18.1 kB
SherlockHolmes.gz 2021-01-25T16:04:29Z 1.8 kB 18.1 kB
DoctorWatson.gz 2021-01-25T16:06:27Z 1.8 kB 18.1 kB
Completed in 0.22 seconds
Example 2
admin@conductor-east-1.RTR_EAST_CONDUCTOR# show config exports DoctorWatson.gz flat
Mon 2021-02-22 15:21:35 EST
✔ Retrieving exported configurations...
config authority router RTR_EAST_CONDUCTOR name RTR_EAST_CONDUCTOR
config authority router RTR_EAST_CONDUCTOR location usa
config authority router RTR_EAST_CONDUCTOR resource-group east-admin
config authority router RTR_EAST_CONDUCTOR system log-level trace
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 name conductor-east-1
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric type ethernet
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric pci-address 0000:00:04.0
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric forwarding false
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric global-id 22
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric type fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric address 172.16.3.1 ip-address 172.16.3.1
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric address 172.16.3.1 prefix-length 24
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 name conductor-east-2
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric type ethernet
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric pci-address 0000:00:04.0
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric forwarding false
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric global-id 23
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric type fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric address 172.16.3.2 ip-address 172.16.3.2
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric address 172.16.3.2 prefix-length 24
config authority resource-group east-admin name east-admin
config authority access-management role east-admin name east-admin
config authority access-management role east-admin capability config-write
config authority access-management role east-admin capability config-read
config authority access-management role east-admin resource-group east-admin
config authority access-management token expiration 1800
Completed in 0.18 seconds
admin@conductor-east-1.RTR_EAST_CONDUCTOR#
Version History
| Release | Modification |
|---|
| 3.0.0 | This feature was introduced |
| 5.1.0 | Added the name flag, allowing you to identify a specific configuration to display. |
show config locally-modified
Display all routers with a locally modified config version.
Usage
show config locally-modified
show config out-of-sync
Display all routers with a config version that is out of sync with the conductor.
Usage
show config running
Display running configuration data
Usage
show config running [verbose] [flat]
Description
This command returns the current running configuration on the SSR (i.e., the configuration that is active and processing traffic). The output from show config running will only show fields and values within the configuration that are set to non-default values, for brevity.
The show config running command has two optional flags: verbose and flat. Adding the verbose flag will show the entire configuration, including items that are part of the system's default configuration (normally hidden when using show config running by itself). Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements, which can singularly affect each component of the configuration discretely. That is, any of the lines can be used without any context to configure a single attribute, object, etc.
Note that the output from show config running is formatted in such a way so as to allow the text to be cut and pasted into a CLI session to configure a separate SSR.
admin@labsystem1.fiedler# show config running
config
authority
name Authority128
router Fabric128
name Fabric128
description "Default router"
inter-node-security internal
...
The show config running command also lets users show specific portions of the configuration by specifying the path to the areas of interest. For multiple instance items, such as node, service, etc., a keyword all will display all items of the specified type:
admin@labsystem1.fiedler# show config running authority service-class verbose all
config
authority
service-class Standard
name Standard
dscp 0
priority 0
rate-limit false
max-flow-rate 0
max-flow-burst 0
exit
service-class NetworkControl
name NetworkControl
dscp 48
priority 0
rate-limit false
max-flow-rate 0
max-flow-burst 0
exit
...
Keyword Arguments
| name | description |
|---|
| flat | Display with full paths on each line instead of as a hierarchy |
| verbose | Display all config data, including default values |
Subcommands
| command | description |
|---|
authority | Show configuration data for authority |
generated | Show configuration data for generated |
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced as "show running-config" |
| 2.0.0 | Renamed and reorganized as "show config running" |
show config version
Display running configuration version.
Usage
show config version [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router (default: <current router>) |
See Also
Description
This command displays the version number of the running configuration on the SSR. This version number is auto-generated, and is the UNIX timestamp when the configuration is committed. (As a consequence, you should expect that successive commits to the same configuration will increment the version by more than one. This is a change in behavior from pre-2.0 software, which used a monotonically incrementing integer to represent the configuration version.)
Example
admin@labsystem1.fiedler# show config version
Fri 2017-02-24 09:34:43 EST
Version 1487780689 committed at: Wed 2017-02-22 11:24:49
Completed in 0.17 seconds
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 2.0.0 | The behavior changed as described in the Description text above |
| 3.0.0 | Updated to display the timestamp of the configuration change in human readable form |
show context stats start-time
Usage
show context stats start-time
Description
The show context stats start-time subcommand shows the stats start-time (if set), or indicates that there is no start-time currently set. For more information on setting stats start-time, please refer to set context in this manual.
Example
admin@cnd1.conductor# show context stats start-time
No stats start time set, show stats will be relative to launch time
admin@cnd1.conductor# set context stats start-time "December 25, 2017"
Stats start time set to: 2017-12-25 00:00:00
admin@cnd1.conductor# show context stats start-time
Stats start time set to: 2017-12-25 00:00:00
admin@cnd1.conductor# clear context stats start-time
Success
admin@cnd1.conductor# show context stats start-time
No stats start time set, show stats will be relative to launch time
Privileges Required
Available to admin and user.
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
| 5.0.0 | This feature was removed |
show device-interface
Display detailed device interface information.
Usage
show device-interface [name <name>] [force] [node <node>] router <router> [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| name | Device interface to display (if omitted, all will be displayed) (default: all) |
| node | The node for which to display device interfaces |
| router | The router for which to display device interfaces |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary | extended-statistics | registers (default: detail) |
Description
This command displays detailed information about device interface(s) (i.e., physical ports) on an SSR node. The optional command line arguments allow a user to reduce the set of information to a specific set of interfaces on a given node, or a specific interface on a specific node.
Omitting all optional arguments will display detailed information on all device interfaces defined within the SSR.
Example
admin@test1.Fabric128# show device-interface name 10
Mon 2020-11-23 20:45:37 UTC
✔ Retrieving device interface information...
========================================
test1:10
========================================
Type: ethernet
Forwarding: true
PCI Address: 0000:00:04.0
MAC Address: fa:16:3e:16:42:6c
Admin Status: up
Operational Status: up
Provisional Status: up
Redundancy Status: non-redundant
Speed: 1 Gb/s
Duplex: full
in-octets: 0
in-unicast-pkts: 0
in-errors: 0
out-octets: 0
out-unicast-pkts: 0
out-errors: 0
Plugin Info: unavailable
Completed in 0.17 seconds
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
| 3.0.0 | Added requirement for prepending keywords to the device-interface-id and node arguments to avoid command line ambiguity |
| 3.2.0 | Device-interface is keyed by name rather than id |
| 4.5.3 | Added support for Provisional Status |
show dhcp mappings
Show each DHCP mapping from an interface to mapping/IP family/config types.
Usage
show dhcp mappings [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node from which to identify DHCP mappings |
| resource-group | The name of the resource group |
| router | The name of the router to show |
| rows | The number of mappings to display at once [type: int or 'all'] (default: 50) |
See Also
Example
admin@gouda.novigrad# show dhcp mappings
Wed 2020-04-22 15:05:25 UTC
Node: gouda
================= ================== ====== ============== ================ =============
Src Device Port Dest Device Port VLAN Mapping Type IP Family Type Config Type
================= ================== ====== ============== ================ =============
1 252 0 originating ipv4 server
2 0 0 originating ipv4 client
252 1 0 derived ipv4 server
Completed in 0.05 seconds
show dhcp prefix-delegation
Show the prefix learned for prefix-delegation.
Usage
show dhcp prefix-delegation [group <group>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| group | Prefix-delegation group to display (if omitted, all will be displayed) |
| resource-group | The name of the resource group |
| router | The name of the router to show |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
Example
admin@gouda.novigrad# show dhcp prefix-delegation
Wed 2020-04-22 14:47:05 UTC
========== ============ ================ ========== ============== ===============
Router Group Name Interface Name Status Prefix Prefix Length
========== ============ ================ ========== ============== ===============
novigrad pd-group-1 t128tuntap1 resolved 2001:db2:1:: 56
Completed in 0.08 seconds
show dhcp v4
Display dhcp lease info for network-interfaces.
Usage
show dhcp v4 [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Network interface to display (default: all) |
| node | The node for which to display dhcp lease info |
| resource-group | The name of the resource group |
| router | The router for which to display dhcp lease info |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
Example
admin@gouda.novigrad# show dhcp v4
Wed 2020-04-22 14:47:05 UTC
========== ======= ================== =================== ============ ================ =============== ==============
Router Node Device Interface Network Interface Dhcp State Address Prefix Length Gateway
========== ======= ================== =================== ============ ================ =============== ==============
novigrad gouda wan wan-interface Resolved 1.2.3.4 24 1.2.3.1
Completed in 0.20 seconds
Specifying the argument detail provides additional information
admin@gouda.novigrad# show dhcp v4 detail
Wed 2020-04-22 14:55:43 UTC
============================================================
Router
============================================================
Node: gouda
Device Interface: wan
Network Interface: wan-interface
Dhcp State: Resolved
State Machine State: Bound
Lease Start Time: Wed Apr 22 14:13:09 2020
Lease Renewal Time: Wed Apr 22 15:13:09 2020
Lease Rebinding Time: Wed Apr 22 15:43:09 2020
Lease Expiration Time: Wed Apr 22 16:13:09 2020
Learned MTU: 0 bytes
Server Address: 1.2.3.1
Dns Server Address:
- 8.8.8.8
- 1.1.1.1
Addresses:
Address: 1.2.3.4
Prefix Length: 24
Gateway: 1.2.3.1
Completed in 0.30 seconds
show dhcp v6
Display dhcp lease info for network-interfaces.
Usage
show dhcp v6 [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Network interface to display (default: all) |
| node | The node for which to display dhcp lease info |
| resource-group | The name of the resource group |
| router | The router for which to display dhcp lease info |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
Example
admin@gouda.novigrad# show dhcp v6
Wed 2020-04-22 14:47:05 UTC
========== ======= ================== =================== ============ ================================= =============== =================================
Router Node Device Interface Network Interface Dhcp State Address Prefix Length Gateway
========== ======= ================== =================== ============ ================================= =============== =================================
novigrad gouda wan wan-interface Resolved 2001:db8:85a3:0:0:8a2e:370:7334 96 2001:db8:85a3:0:0:8a2e:370:7330
Completed in 0.20 seconds
show dns resolutions
Shows all DNS resolutions
Usage
show dns resolutions [{router <router> | resource-group <resource-group>}] [hostname <hostname>] [rows <rows>] [force] [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| hostname | The DNS hostname belonging to a node |
| resource-group | The name of the resource group |
| router | The name of the router holding the node with the DNS resolutions (default: <current router>) |
| rows | The number of dns resolutions to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
Description
Shows all hostnames that require DNS resolution. Hostnames can be specified throughout the configuration; commonly defined on the network-interface and within a service.
Example
admin@gouda.novigrad# show dns resolutions
Wed 2020-04-22 14:31:54 UTC
========== ======= ========================= ========== ====================== ======================
Router Node Hostname Resolved Last Resolved Expiration
========== ======= ========================= ========== ====================== ======================
novigrad gouda my.host.name Y 2020-04-22T14:30:43Z 2020-04-22T14:34:43Z
Completed in 0.02 seconds
Specifying the argument detail provides additional information
admin@gouda.novigrad# show dns resolutions detail
Wed 2020-04-22 14:43:43 UTC
=============================================
Node: gouda.novigrad
=============================================
Router: novigrad
Node: gouda
DNS Resolution:
Hostname: my.host.name
Resolved: Y
IPv4 Address: 1.2.3.4
Last Resolved: 2020-04-22T14:42:44Z
Expiration: 2020-04-22T14:46:44Z
Completed in 0.10 seconds
show domain-categories
Display app-id-v2 domain-name categories used by sessions
Usage
show domain-categories [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display domain-name categories of active sessions |
| resource-group | The name of the resource group |
| router | The router for which to display domain-name categories of active sessions |
See Also
show domain-names
Display app-id-v2 domain-names used by sessions
Usage
show domain-names [category <category>] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<request-order>]
Keyword Arguments
| name | description |
|---|
| category | Category to show domain-names for |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node from which to retrieve app-id domain-names |
| resource-group | The name of the resource group |
| router | The router from which to retrieve app-id domain-names |
| rows | The number of domain-names to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| request-order | Get domains sorted by most-sessions or most-recent |
See Also
show dynamic-peer-update
Display view of dynamic peer update on the conductor.
Usage
show dynamic-peer-update [{router <router> | resource-group <resource-group>}] [rows <rows>] [force] [<table>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | Router for which to show dynamic peer update information (default: all) |
| rows | The number of hostnames to display at once [type: int or 'all'] (default: 50) |
Positional Arguments
| name | description |
|---|
| table | Show the learned-hostnames of a router, or show the peer-hostnames of a router, or all (default: all) |
See Also
show entitlement
Displays entitlement utilized.
Usage
show entitlement [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The name of the router for which to display entitlement utilized. Conductor routers will show the entitlement utilized per project of all conducted routers. (default: <current router>) |
Description
The SSR Networking Platform calculates the Peak Router Bandwidth Capacity; this is the highest router bandwidth value of any 5 second interval over the specific license period. The Router Bandwidth is calculated based on the aggregate of sessions traversing the router.
Example
admin@gouda.novigrad# show entitlement
Tue 2020-04-21 18:56:30 UTC
============= =========== ======================
Project Month Entitlement Utilized
============= =========== ======================
Lab Router *Apr 2020 11.94 Mbps
Mar 2020 14.23 Mbps
Completed in 0.63 seconds
The asterisk next to the date indicates the current month and therefore a partial entitlement calcuation.
Version History
| Release | Modification |
|---|
| 1.1.0 | This feature was introduced |
show events
Show events from the historical events database.
Usage
show events [{router <router> | resource-group <resource-group>}] [from <from>] [to <to>] [type <type>] [flat] [rows <rows>] [limit <limit>] [force] [<verbosity>]
Keyword Arguments
| name | description |
|---|
| flat | Display configuration with full paths on each line instead of as a hierarchy. Only applicable for 'admin.running_config_change' events. |
| force | Skip confirmation prompt. Only required when targeting all routers |
| from | Only show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] (default: 1970-01-01 00:00:00) |
| limit | The total number of events to retrieve [type: int] |
| resource-group | The name of the resource group |
| router | The name of the router for which to display events (default: <current router>) |
| rows | The number of events to display at once [type: int or 'all'] (default: 50) |
| to | Only show events before the provided time. You can use the provided standard timestamps, such as 45m, 1d, or 1mo; or enter a value [type: timestamp] |
| type | Filter events based on the event type and subtype |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
| command | description |
|---|
show alarms | Display currently active or shelved alarms |
Description
The show events command displays various event records that the SSR collects during operation.
The output can be optionally restricted to specific time windows using the from and to qualifiers. Because this command can generate a lot of output, the rows limiter is particularly useful on busy systems.
Categories can be enabled or disabled individually in config > authority > router > audit. There are five main top-level categories that can be filtered using the type argument.
admin: A catch-all category for events that are triggered by a user's action.
alarm: A historical record of 'show alarms' including a unique event each time an alarm was created and cleared.
system: A catch-all category for events that the system creates itself.
traffic: A record of whether traffic was allowed or denied. By default this is disabled.
provisioning: A historical record of show assets including unique events for each internal state transition.
Additional filtering can be done by specifying a dot (.) followed by a subtype. For example, type admin.running_config_change will only show configuration change events, while type system.ntp_adjustment will only display NTP adjustment events.
The output can be optionally restricted to specific time windows using the from and to qualifiers. Because this command can generate a lot of output, the rows and limit limiters are particularly useful on busy systems.
Example
user@labsystem1.fiedler> show events alarm
Fri 2017-07-21 11:59:51 EDT
=================== ============ ====================== ==========
Node Event Type Time Severity ...
=================== ============ ====================== ==========
labsystem1 clear 2017-07-21T15:24:04Z major
labsystem1 clear 2017-07-21T15:24:04Z major
labsystem1 add 2017-07-21T15:23:59Z major
labsystem2 add 2017-07-21T15:23:59Z major
labsystem2 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 add 2017-07-21T15:23:14Z major
Completed in 0.11 seconds
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Version History
| Release | Modification |
|---|
| 3.1.0 | This feature was introduced |
show events config commit
Shows events related to running config change
Usage
show events config commit [{router <router> | resource-group <resource-group>}] [flat] [from <from>] [to <to>] [force] [<verbosity>]
Keyword Arguments
| name | description |
|---|
| flat | Display with full paths on each line instead of as a hierarchy |
| force | Skip confirmation prompt. Only required when targeting all routers |
| from | Only show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo. [type: timestamp] |
| resource-group | The name of the resource group |
| router | The router for which to display config commit events (default: <current router>) |
| to | Only show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: detail) |
See Also
Example
admin@node1.t128# configure authority router t128 description "test router"
*admin@node1.t128# commit
Are you sure you want to commit the candidate config? [y/N]: y
✔ Validating, then committing...
Configuration committed
admin@node1.t128# show events config commit
Thu 2020-06-04 12:47:59 UTC
✔ Retrieving configuration events...
======================================================================
2020-06-04T12:47:53.487Z admin changed running configuration on t128
======================================================================
config
authority
router t128
name t128
description "test router"
exit
exit
exit
Completed in 0.09 seconds
Version History
| Release | Modification |
|---|
| 4.5.0 | This feature was introduced |
show events config encryption
Shows events related to config encryption change
Usage
show events config encryption [{router <router> | resource-group <resource-group>}] [from <from>] [to <to>] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| from | Only show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] |
| resource-group | The name of the resource group |
| router | The router for which to display config encryption events (default: <current router>) |
| to | Only show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] |
Example
admin@node1.t128# show events config encryption
Thu 2020-06-04 13:24:47 UTC
✔ Retrieving configuration events...
========================================================================
2020-06-04T12:38:17.409Z root changed configuration encryption on t128
========================================================================
enable encryption
========================================================================
2020-06-04T12:39:37.930Z root changed configuration encryption on t128
========================================================================
disable encryption
Completed in 0.08 seconds
Version History
| Release | Modification |
|---|
| 4.5.0 | This feature was introduced |
show fib
Shows current fib entries at the specified node.
Usage
show fib [{service-name <name> | hierarchy-service-name <name> | contains-service-name <name> | match-service-name <name>}] [rows <rows>] [vrf <vrf>] [tenant <tenant>] [source-ip <source-ip>] [source-interface <source-interface>] [summary] [force] [node <node>] {router <router> | resource-group <resource-group>} [<ip-prefix>]
Keyword Arguments
| name | description |
|---|
| contains-service-name | The partial substring match to show for the fib |
| force | Skip confirmation prompt. Only required when targeting all routers. |
| hierarchy-service-name | The hierarchy root to show for the fib |
| match-service-name | The regex to match service names to show for the fib |
| node | The node from which to retrieve fib entries |
| resource-group | The name of the resource group |
| router | The router from which to retrieve fib entries |
| rows | The number of fib nodes to display at once. Enter a number or all (default: 50). |
| service-name | The exact service name to show for the fib |
| source-interface | The incoming network-interface used to perform a source lookup |
| source-ip | The incoming ip-address used to perform a source lookup [type: IP address] |
| summary | show next-hop information as a count if summary |
| tenant | The tenant name match to show for the fib |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| ip-prefix | FIB IP prefix [type: IP prefix] |
Subcommands
| command | description |
|---|
lookup | Shows current fib entries at the specified node using incoming packet info |
Description
This command shows the Forwarding Information Base (FIB) entries on the node that is specified by the node-name argument. The output may be limited to a specified number of rows by adding the optional rows modifier at the end of the command.
This command can generate a large quantity of output on a busy system, and it is advised that administrators exercise caution when issuing this command without the rows modifier.
Example
admin@gouda.novigrad# show fib
Tue 2020-04-21 17:48:39 UTC
Node: gouda
Entry Count: 176
Capacity: 19051
==================== ======= ======= ==================== ========================= ==============
IP Prefix Port Proto Tenant Service Next Hops
==================== ======= ======= ==================== ========================= ==============
0.0.0.0/0 <any> <any> lanSubnet Internet 1.2.3.4
0.0.0.0/0 <any> <any> _internal_ Internet 1.2.3.4
0.0.0.0/0 <any> <any> MBP.lanSubnet Internet 1.2.3.4
96.230.191.0/24 <any> <any> lanSubnet Internet 1.2.3.4
96.230.191.0/24 <any> <any> _internal_ Internet 1.2.3.4
1.2.3.430/32 <any> igmp <global> <ControlMessageService> <none>
1.2.3.4/32 179 tcp <global> <ControlMessageService> <none>
1.2.3.4/32 179 tcp blocklist <ControlMessageService> <none>
1.2.3.4/32 500 udp <global> VPN 192.168.0.3
1.2.3.4/32 500 udp blocklist VPN 192.168.0.3
127.0.0.0/8 <any> <any> <global> <ControlMessageService> <none>
127.0.0.0/8 <any> <any> untrustedLanSubnet <ControlMessageService> <none>
169.254.127.126/31 <any> <any> lanSubnet Internet 1.2.3.4
169.254.127.126/31 <any> <any> _internal_ Internet 1.2.3.4
169.254.127.126/32 53 udp _internal_ LanDnsProxy 1.2.3.4
1.2.3.4
169.254.127.126/32 53 udp MBP.lanSubnet LanDnsProxy 1.2.3.4
1.2.3.4
169.254.127.126/32 179 tcp _internal_ <ControlMessageService> <none>
169.254.128.132/32 <any> <any> lanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> <any> _internal_ Internet 1.2.3.4
169.254.128.132/32 <any> <any> MBP.lanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> <any> untrustedLanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> igmp <global> <ControlMessageService> <none>
...
Version History
| Release | Modification |
|---|
| 1.0.0 | This feature was introduced |
| 3.0.0 | Added node keyword to enforce PCLI consistency |
| 5.1.0 | Added next hop details, and the ability to filter by VFR, resource-group, and tenant. |
| 5.2.0 | Added and the following arguments: service-name, hierarchy-service-name, contains-service-name, match-service-name, source-ip, and source-interface. |
show fib lookup
Shows current FIB entries at the specified node using incoming packet info.
Usage
show fib lookup [tenant <tenant>] [source-ip <source-ip>] [source-interface <source-interface>] [summary] [force] [node <node>] {router <router> | resource-group <resource-group>} destination-ip <destination-ip> destination-port <destination-port> protocol <protocol>
Keyword Arguments
| name | description |
|---|
| destination-ip | The incoming destination IP-address used to lookup fibs [type: IP address]. |
| destination-port | The incoming destination port used to lookup the fib [type: port]. |
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node on which to find a fib entry. |
| protocol | Name or number of the protocol used to lookup the fib [type: string or uint8]. |
| resource-group | The name of the resource group. |
| router | The router on which to find a fib entry. |
| source-interface | The incoming network-interface used to perform a source lookup. |
| source-ip | The incoming ip-address used to perform a source lookup [type: IP address]. |
| summary | show next-hop information as a count if summary. |
| tenant | The tenant name used to lookup the fib. |
Description
This command shows the Forwarding Information Base (FIB) entries on the node that is specified by the node-name argument. The output may be limited to a specified number of rows by adding the optional rows modifier at the end of the command.
This command can generate a large quantity of output on a busy system, and it is advised that administrators exercise caution when issuing this command without the rows modifier.
| Release | Modification |
|---|
| 5.2.0 | Introduced the command |
show history
Show PCLI command history for the current user.
Usage
show history [rows <rows>] [from <from>] [to <to>]
Keyword Arguments
| name | description |
|---|
| from | Only show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] |
| rows | The number of recent commands to show [type: int between 0 and 500 or 'all'] (default: all) |
| to | Only show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] |
See Also
| command | description |
|---|
clear history | Clear the PCLI's command history for this user. |
Example
admin@gouda.novigrad# show history
1 show run
2 show config running
3 quit
4 shell
...
465 show ntp
466 show network-interface
467 show network-interface wan-interface
468 show network-interface name wan-interface
469 show network-interface application
470 show history
show idp application details
Show IDP engine details.
Usage
show idp application details [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which engine started. |
| resource-group | The name of the resource group. |
| router | The router for which engine started. |
See Also
Description
Query and display the IDP engine details.
show idp application status
Show underlying IDP application status.
Usage
show idp application status [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which to display status. |
| resource-group | The name of the resource group. |
| router | The router for which to display status. |
See Also
Description
Query and display the current state of the IDP application along with detailed messages.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp details
Show underlying IDP details.
Usage
show idp details [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which to display idp details. |
| resource-group | The name of the resource group. |
| router | The router for which to display idp details. |
See Also
Description
Query and display the IDP details.
show idp events
Show all IDP events.
Usage
show idp events [{from <from> | since <since>}] [to <to>] [verbose] [rows <rows>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| from | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| node | The name of the node. |
| router | The name of the router. |
| rows | The number of event entries to display at once [type: int or 'all'] (default: 50). |
| since | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| to | Only show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| verbose | Get detailed event information. |
Subcommands
See Also
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp events by-application
Show IDP events by application.
Usage
show idp events by-application [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| from | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| name | Filter IDP events by application. |
| node | The name of the node. |
| router | The name of the router. |
| rows | The number of event entries to display at once [type: int or 'all'] (default: 50). |
| since | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| to | Only show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| verbose | Get detailed event information. |
See Also
Description
Query by application name and display summary, brief or detailed, of filtered events.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp events by-attack
Show IDP events by attack type.
Usage
show idp events by-attack [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| from | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| name | Filter IDP events by attack. |
| node | The name of the node. |
| router | The name of the router. |
| rows | The number of event entries to display at once [type: int or 'all'] (default: 50). |
| since | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| to | Only show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| verbose | Get detailed event information. |
See Also
Description
Query by attack type and display summary, brief or detailed, of filtered events.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp events by-severity
Show IDP events by severity level.
Usage
show idp events by-severity [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| from | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| name | Filter IDP events by severity. |
| node | The name of the node. |
| router | The name of the router. |
| rows | The number of event entries to display at once [type: int or 'all'] (default: 50). |
| since | Only show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| to | Only show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp]. |
| verbose | Get detailed event information. |
See Also
Description
Query by severity level and display summary, brief or detailed, of filtered events.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp network
Show IDP networks.
Usage
show idp network [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which to display networks. |
| resource-group | The name of the resource group. |
| router | The router for which to display networks. |
See Also
Description
Query and display the current state of the IDP network along with detailed messages.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
Show IDP platform data.
Usage
show idp platform [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which to display IDP platform informatiion. |
| resource-group | The name of the resource group. |
| router | The router for which to display IDP platform information. |
See Also
Description
Query and display IDP platform data.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show idp signatures
Show IDP signature package details.
Usage
show idp signatures [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | The node for which to display signature package details. |
| resource-group | The name of the resource group. |
| router | The router for which to display signature package details. |
See Also
Description
Query and display the IDP signature package details.
Version History
| Release | Modification |
|---|
| 6.0.4 | This feature was introduced. |
show igmp groups
Show IGMP groups
Usage
show igmp groups [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| ip-address | Specify address to see individual IGMP group [type: IP address] |
| resource-group | The name of the resource group |
| router | The router to request IGMP information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
show igmp interface
Show IGMP interface
Usage
show igmp interface [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [name <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| ip-address | Specify address to see individual Interface [type: IP address] |
| name | Specify name to see individual IGMP interface |
| resource-group | The name of the resource group |
| router | The router to request IGMP information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
show load-balancer
Shows current load balancer agent entries from the highway manager at the specified node.
Usage
show load-balancer [service <service>] [agent <agent>] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| agent | Agent name to show. If unspecified, shows all agents. (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | node for which to display load balancer |
| resource-group | The name of the resource group |
| router | router for which to display load balancer |
| rows | The number of load balance services to display at once [type: int or 'all'] (default: 50) |
| service | Service name to show. If unspecified, shows all services. (default: all) |
Description
The show load-balancer command provides feedback on the SSR's load balancing behavior, when configured to balance traffic (via a service-policy).
This command, when issued without any filters (agent, node, or service) will display all agents, nodes, and services that are subject to load balancing. (The output can be quite verbose.) These filters may be combined to "hone in" on specific agents/nodes/services selectively.
This command is extremely helpful for identifying why the SSR selected specific destinations for its session-oriented traffic.
Example
admin@labsystem1.fiedler# show load-balancer
===============================================================================
Service: web
Strategy: proportional
+-----------+--------+-----------+
| Agent | Node | Service |
|-----------+--------+-----------|
| agent_2_a | test1 | web |
+-----------+--------+-----------+
Capacity:
====== ===== ====== ======
Used Max Util Rate
====== ===== ====== ======
0 2000 0.0% 0/s
====== ===== ====== ======
Paths (count 1):
intf10.0 gateway 172.16.12.1
====== ========= ======= ======= ========= ========
Type Quality State Loss Latency Jitter
====== ========= ======= ======= ========= ========
local 30 unknown unknown unknown unknown
====== ========= ======= ======= ========= ========
...
Version History
| Release | Modification |
|---|
| 1.1.0 | This feature was introduced |
show lte
Display LTE summary.
Usage
show lte [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
Subcommands
show lte connection
Display LTE connection.
Usage
show lte connection [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
Description
This command queries the LTE devices and displays the following state info:
- registration-status
- connection-status
- netstat (tx, rx, tx-error, rx-error, etc)
show lte detail
Display LTE detail.
Usage
show lte detail [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
show lte firmware
Display lte firmware information.
Usage
show lte firmwware [device-interface <device-interface>] [force] [node <node>] router <router>
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| router | The router for which to display LTE data |
Description
This command queries the LTE devices and displays the following state info:
- carrier-name
- FW-version
- IMEI
- card-model
- bands-supported
- bands-enabled
show lte modem
Display LTE modem.
Usage
show lte modem [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
show lte network
Display LTE network.
Usage
show lte network [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
show lte profile
Display LTE profile.
Usage
show lte profile [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
show lte signal
Display LTE signal.
Usage
show lte signal [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
Description
This command queries the LTE devices and displays the following state info:
- rating
- RSSI
- SNR
- carrier-name
show lte sim
Display LTE sim.
Usage
show lte sim [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| resource-group | The name of the resource group |
| router | The router for which to display LTE data |
Description
This command queries the LTE devices and displays the following state info:
- ICCID
- registration-status
- carrier-name
- carrier-mcc
- carrier-mnc
show lte summary
Display lte device summary.
Usage
show lte summary [device-interface <device-interface>] [force] [node <node>] router <router>
Keyword Arguments
| name | description |
|---|
| device-interface | LTE device interface (default: all) |
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node for which to display LTE data |
| router | The router for which to display LTE data |
Description
This command queries the LTE devices and displays the following state info:
- device-name
- target-name
- registration-status
- connection-status (show IP if connected, otherwise, show previous error)
- signal-strength (rating, RSSI, and SNR)
show mist
Display information about the link between the SSR and the Mist Cloud.
Usage
show mist [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers. |
| node | Node for which to display Mist state. |
| resource-group | The name of the resource group. |
| router | Router for which to display Mist state (default: all). |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
See Also
| command | description |
|---|
adopt | Assign the current router to a Mist organization. |
| Release | Modification |
|---|
| 5.5.2 | This feature was introduced |
show network-interface
Display network-interface data for network-interface.
Usage
show network-interface [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Network interface to display (if omitted, all will be displayed) |
| node | The node for which to display network-interface data |
| resource-group | The name of the resource group |
| router | The router for which to display network-interface data |
Subcommands
| command | description |
|---|
application | Display application data info for network-interfaces. |
Description
The show network-interface, a counterpart to show device-interface, shows information and statistics relevant to the logical interfaces configured on your SSR networking platform.
The show network-interface command will show router, node, and device names, as well as the network-interface name and basic information about each interface.
Example
admin@gouda.novigrad# show network-interface
Tue 2020-04-21 15:19:25 UTC
========== ======= ======== ================ ============ ====== ============= ========== ========== =================== ============== ========================= ======== ======== ======
Router Node Device Name Forwarding VLAN Device Type Type DHCP Address Gateway Hostname Admin Oper GIID
Status Status
========== ======= ======== ================ ============ ====== ============= ========== ========== =================== ============== ========================= ======== ======== ======
novigrad gouda wan wan-interface true 0 ethernet external v4 1.2.3.4/24 2.3.4.5 my.host.name up up 1
novigrad gouda lan lan-interface true 0 ethernet external disabled 192.168.0.1/24 -- -- up up 2
novigrad gouda lan lan-untrusted true 3000 ethernet external disabled 172.16.0.1/24 -- -- up up 4
novigrad gouda mgmt mgmt-interface false 0 ethernet external disabled 192.168.0.2/24 -- -- n/a n/a 3
Completed in 0.33 seconds
Version History
| Release | Modification |
|---|
| 3.2.0 | This feature was introduced |
show network-interface application
Display application data info for network-interfaces.
Usage
show network-interface application [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Network interface to display (default: all) |
| node | The node for which to display application data |
| resource-group | The name of the resource group |
| router | The router for which to display application data |
Description
The command show network-interface application can be used to display information regarding DHCP client reservations when running a DHCP server on the respective network-interface.
Example
admin@gouda.novigrad# show network-interface application
Tue 2020-04-21 15:26:19 UTC
====================================================================================================
Application Data
====================================================================================================
Interface: gouda:wan-interface
state: Interface not configured for any managed application
Interface: gouda:lan-interface
dhcp-server:
kea-status:
active (running/success) since Sat 2020-04-11 12:57:23 UTC
kea-ctrl-status:
active (running/success) since Sat 2020-04-11 12:57:23 UTC
metrics:
declined-addresses: 0
pkt4-ack-sent: 1900
pkt4-discover-received: 403
pkt4-inform-received: 469
pkt4-offer-sent: 403
pkt4-received: 2317
pkt4-release-received: 2
pkt4-request-received: 1443
pkt4-sent: 2303
reclaimed-declined-addresses: 0
reclaimed-leases: 13
subnet[1].assigned-addresses: 24
subnet[1].declined-addresses: 0
subnet[1].reclaimed-declined-addresses:0
subnet[1].reclaimed-leases: 13
subnet[1].total-addresses: 181
subnets:
subnet:
current-lease-count: 24
current-leases:
lease:
client-last-transaction-time: 2020-04-21 15:26:12
hostname: homecomtsiphone
hw-address: 70:3c:69:58:01:28
ip-address: 192.168.0.36
valid-lifetime: 86400
subnet: 192.168.0.1/24
...
ha-heartbeat:
role: primary
state: standalone
Interface: gouda:lan-untrusted
state: Interface not configured for any managed application
Interface: gouda:mgmt-interface
state: Interface not configured for any managed application
Completed in 0.76 seconds
show ntp
Display ntp status from the node monitor at the specified node.
Usage
show ntp [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| node | The node from which to retrieve ntp status |
| resource-group | The name of the resource group |
| router | The router from which to retrieve ntp status (default: <current router>) |
Description
The show ntp subcommand displays properties of the NTP (Network Time Protocol) process running on the local node, or on the node specified as the optional <node‑name> parameter passed on the command line.
Example
admin@gouda.novigrad# show ntp
Tue 2020-04-21 15:17:26 UTC
Node: gouda
======== ================== ================= ========= ====== ====== ====== ======= ========= ======== ======== ============
Status Time Source Ref. ID Stratum Type When Poll Reach Delay Offset Jitter Tally Code
======== ================== ================= ========= ====== ====== ====== ======= ========= ======== ======== ============
active *time-a-g.nist.g .NIST. 1 u 628 1024 377 22.968 -0.239 1.700 syspeer
active +time-a-wwv.nist .NIST. 1 u 18 1024 377 50.919 0.959 1.524 candidate
active +voipmonitor.wci 216.218.254.202 2 u 659 1024 377 71.502 -2.721 8.596 candidate
active +ec2-52-6-191-28 128.138.140.44 2 u 85 1024 377 19.926 -1.250 2.324 candidate
active -time.cloudflare 10.11.8.211 3 u 334 1024 375 45.860 -9.908 10.247 outlyer
active +electrode.felix 77.37.6.59 3 u 124 1024 377 115.003 -0.834 2.565 candidate
active +ntp1.as34288.ne 85.158.25.74 2 u 183 1024 377 114.938 -5.516 4.387 candidate
active +time-b-b.nist.g .NIST. 1 u 971 1024 377 48.929 -0.438 3.269 candidate
active -acheron.bitsrc. 120.251.163.32 3 u 588 1024 377 77.970 3.562 3.732 outlyer
Completed in 1.30 seconds
The "Ref. ID" field is a four letter ASCII string assigned to the reference clock, and refers to the identifiers defined in RFC 5905.
Version History
| Release | Modification |
|---|
| 2.0.0 | This feature was introduced |
show ospf
Show general information about OSPF.
Usage
show ospf [rows <rows>] [vrf <vrf>] [area <area-id>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| area | The area to filter OSPF information for |
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Subcommands
| command | description |
|---|
border-routers | Show information about the OSPF border routers. |
database | Show OSPF database information. |
interfaces | Show information about the OSPF interfaces. |
neighbors | Show information about OSPF neighbors. |
routes | Show information about the OSPF routes. |
Example
admin@combo-east.ComboEast# show ospf
Fri 2020-04-17 19:11:06 UTC
=========== ============ ========== ============= ==================== ========= =========== =============
Router Router ID ABR Type ASBR Router External LSA Count Area ID Area Type Area Border
Router
=========== ============ ========== ============= ==================== ========= =========== =============
ComboEast 172.16.4.2 cisco true 1 0.0.0.0
ComboEast 172.16.4.2 cisco true 1 0.0.0.1 normal
Completed in 0.35 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf detail
Fri 2020-04-17 19:11:14 UTC
====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Deferred Shutdown: 0.0 s
RFC1583 Compatible: false
Stub Advertisement Enabled: false
Opaque Capable: false
Post-Start Enabled: 0.0 s
Pre-Shutdown Enabled: 0.0 s
SPF Schedule Delay: 0.0 s
Holdtime Minimum: 50 ms
Holdtime Maximum: 5000 ms
Holdtime Multiplier: 1
SPF Last Executed: 4m 16s ago
SPF Last Duration: 0 ms
SPF Has Not Run: false
SPF Timer Due: 0.0 s
LSA Minimum Interval: 5.0 s
LSA Minimum Arrival: 1.0 s
Write Multiplier: 20
Refresh Timer: 10.0 s
ABR Type: cisco
ASBR Router: true
External LSA Count: 1
External LSA Checksum: 0x00004aa4
Opaque AS LSA Count: 0
Opaque AS LSA Checksum: 0x00000000
Attached Area Count: 2
Adjacency Changes Logged: false
Adjacency Changes Logged (all): false
Area:
Area ID: 0.0.0.0
Backbone: true
Interface Total Count: 1
Interface Active Count: 1
Fully Adjacent Neighbor Count: 1
Authentication: none
Passing Fully Virtual Adjacencies: 0
SPF Executed Count: 8
LSA Count: 5
LSA Router Count: 2
LSA Router Checksum: 0x00019ad4
LSA Network Count: 1
LSA Network Checksum: 0x0000f755
LSA Summary Count: 2
LSA Summary Checksum: 0x0000f3ad
LSA ASBR Count: 0
LSA ASBR Checksum: 0x00000000
LSA NSSA Count: 0
LSA NSSA Checksum: 0x00000000
LSA Opaque Link Count: 0
LSA Opaque Link Checksum: 0x00000000
LSA Opaque Area Count: 0
LSA Opaque Area Checksum: 0x00000000
Area:
Area ID: 0.0.0.1
Area Type: normal
Backbone: false
No Summaries: false
Shortcutting Mode: default
S-bit Concensus: true
Interface Total Count: 1
Interface Active Count: 1
Fully Adjacent Neighbor Count: 0
Authentication: none
Passing Fully Virtual Adjacencies: 0
SPF Executed Count: 3
LSA Count: 3
LSA Router Count: 1
LSA Router Checksum: 0x000042bc
LSA Network Count: 0
LSA Network Checksum: 0x00000000
LSA Summary Count: 2
LSA Summary Checksum: 0x00014c4b
LSA ASBR Count: 0
LSA ASBR Checksum: 0x00000000
LSA NSSA Count: 0
LSA NSSA Checksum: 0x00000000
LSA Opaque Link Count: 0
LSA Opaque Link Checksum: 0x00000000
LSA Opaque Area Count: 0
LSA Opaque Area Checksum: 0x00000000
Completed in 0.29 seconds
show ospf border-routers
Show information about the OSPF border routers.
Usage
show ospf border-routers [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf border-routers
Fri 2020-04-17 19:12:20 UTC
============= ================== ================
Router Name Border Router ID Routes (count)
============= ================== ================
ComboEast 172.16.4.3 1
Completed in 0.29 seconds
Specifying the argument detail provides additional information
dmin@combo-east.ComboEast# show ospf border-routers detail
Fri 2020-04-17 19:12:30 UTC
========================================
Router: ComboEast
========================================
Border Router:
Border Router ID: 172.16.4.3
Route:
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
ABR: true
ASBR: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11
Completed in 0.33 seconds
show ospf database
Show OSPF database information.
Usage
show ospf database [rows <rows>] [vrf <vrf>] [self-originate] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| self-originate | Retrieve only self-originated LSA information |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Subcommands
| command | description |
|---|
lsa | Show OSPF database LSA information. |
max-age | Show OSPF LSAs which have reached maximum age. |
Example
admin@combo-east.ComboEast# show ospf database
Fri 2020-04-17 19:13:24 UTC
=========== ============= ============= ============ ==================== ====== =================
Router Area ID Type LSA ID Advertising Router Age Sequence Number
=========== ============= ============= ============ ==================== ====== =================
ComboEast 0.0.0.0 Router 172.16.4.2 172.16.4.2 386 0x80000006
ComboEast 0.0.0.0 Router 172.16.4.3 172.16.4.3 1120 0x80000005
ComboEast 0.0.0.0 Network 172.16.3.3 172.16.4.3 1121 0x80000001
ComboEast 0.0.0.0 Summary 172.16.1.0 172.16.4.2 421 0x80000002
ComboEast 0.0.0.0 Summary 172.16.2.0 172.16.4.3 1289 0x80000002
ComboEast 0.0.0.1 Router 172.16.4.2 172.16.4.2 381 0x80000005
ComboEast 0.0.0.1 Summary 172.16.2.0 172.16.4.2 421 0x80000001
ComboEast 0.0.0.1 Summary 172.16.3.0 172.16.4.2 421 0x80000001
ComboEast unavailable AS_External 12.0.0.1 172.16.4.2 386 0x80000001
Completed in 0.39 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf database detail
Fri 2020-04-17 19:13:37 UTC
==============================================
Router: ComboEast
==============================================
Area:
Area ID: 0.0.0.0
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 398
Sequence Number: 0x80000006
Checksum: 0x0000d067
Link Count: 1
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
Age: 1133
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Link Count: 1
LSA Type:
Type: Network
LSA:
LSA ID: 172.16.3.3
Advertising Router: 172.16.4.3
Age: 1133
Sequence Number: 0x80000001
Checksum: 0x0000f755
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.1.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000002
Checksum: 0x0000824f
Route IP Prefix: 172.16.1.0/24
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.3
Age: 1301
Sequence Number: 0x80000002
Checksum: 0x0000715e
Route IP Prefix: 172.16.2.0/24
Area:
Area ID: 0.0.0.1
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 393
Sequence Number: 0x80000005
Checksum: 0x000042bc
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000001
Checksum: 0x0000dde9
Route IP Prefix: 172.16.2.0/24
LSA:
LSA ID: 172.16.3.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000001
Checksum: 0x00006e62
Route IP Prefix: 172.16.3.0/24
Area:
Area ID: unavailable
LSA Type:
Type: AS_External
LSA:
LSA ID: 12.0.0.1
Advertising Router: 172.16.4.2
(self)
Age: 398
Sequence Number: 0x80000001
Checksum: 0x00004aa4
Route IP Prefix: 12.0.0.1/32
External Metric Type: type-2
Route Tag: 0
Completed in 0.34 seconds
show ospf database lsa
Show OSPF database LSA information.
Usage
show ospf database lsa [{origin <ip> | self-originate}] [rows <rows>] [vrf <vrf>] [lsa-id <id>] [force] {router <router> | resource-group <resource-group>} lsa-type <type> [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| lsa-id | The Link State ID to retrieve |
| lsa-type | The LSA type to retrieve |
| origin | Retrieve LSAs from this advertising router IP |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| self-originate | Retrieve only self-originated LSA information |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf database lsa lsa-type router
Fri 2020-04-17 19:15:01 UTC
=========== ========= ============ ========== =========== ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== =========== ============= ============
ComboEast 0.0.0.0 172.16.4.2 Router ABR, ASBR unavailable 1
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1
ComboEast 0.0.0.1 172.16.4.2 Router ABR, ASBR unavailable 1
Completed in 0.33 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf database lsa lsa-type router detail
Fri 2020-04-17 19:15:24 UTC
====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
LSA Type: Router
Age: 506
Sequence Number: 0x80000006
Checksum: 0x0000d067
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
- ASBR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.2
Metric: 10
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 1240
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10
Area:
Area ID: 0.0.0.1
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
LSA Type: Router
Age: 501
Sequence Number: 0x80000005
Checksum: 0x000042bc
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
- ASBR
Metric: unavailable
Link Count: 1
Link:
Link Type: Stub
Link ID Type: Net
Link ID: 172.16.1.0
Data Type: NetworkMask
Data: 255.255.255.0
Metric: 10
Completed in 0.40 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-id 172.16.4.3 lsa-type router
Fri 2020-04-17 19:16:25 UTC
=========== ========= ============ ========== ======= ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== ======= ============= ============
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1
Completed in 0.35 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-id 172.16.4.3 lsa-type router detail
Fri 2020-04-17 19:17:24 UTC
====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 1359
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10
Completed in 0.26 seconds
show ospf database max-age
Show OSPF LSAs which have reached maximum age.
Usage
show ospf database max-age [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf database max-age
Fri 2020-04-17 19:19:15 UTC
=========== ========== ============= ======================= =================
Router LSA ID LSA Type Advertising Router IP Reference Count
=========== ========== ============= ======================= =================
ComboEast 12.0.0.1 AS_External 172.16.4.2 4
Completed in 0.34 seconds
admin@combo-east.ComboEast# show ospf database self-originate
Fri 2020-04-17 19:21:29 UTC
=========== ========= ========= ============ ==================== ===== =================
Router Area ID Type LSA ID Advertising Router Age Sequence Number
=========== ========= ========= ============ ==================== ===== =================
ComboEast 0.0.0.0 Router 172.16.4.2 172.16.4.2 148 0x80000007
ComboEast 0.0.0.0 Summary 172.16.1.0 172.16.4.2 906 0x80000002
ComboEast 0.0.0.1 Router 172.16.4.2 172.16.4.2 148 0x80000006
ComboEast 0.0.0.1 Summary 172.16.2.0 172.16.4.2 906 0x80000001
ComboEast 0.0.0.1 Summary 172.16.3.0 172.16.4.2 906 0x80000001
Completed in 0.33 seconds
admin@combo-east.ComboEast# show ospf database self-originate detail
Fri 2020-04-17 19:21:39 UTC
============================================
Router: ComboEast
============================================
Area:
Area ID: 0.0.0.0
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 158
Sequence Number: 0x80000007
Checksum: 0x0000c870
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.1.0
Advertising Router: 172.16.4.2
(self)
Age: 915
Sequence Number: 0x80000002
Checksum: 0x0000824f
Route IP Prefix: 172.16.1.0/24
Area:
Area ID: 0.0.0.1
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 158
Sequence Number: 0x80000006
Checksum: 0x00003ac5
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.2
(self)
Age: 916
Sequence Number: 0x80000001
Checksum: 0x0000dde9
Route IP Prefix: 172.16.2.0/24
LSA:
LSA ID: 172.16.3.0
Advertising Router: 172.16.4.2
(self)
Age: 916
Sequence Number: 0x80000001
Checksum: 0x00006e62
Route IP Prefix: 172.16.3.0/24
Completed in 0.32 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-type router origin 172.16.4.3
Fri 2020-04-17 19:25:03 UTC
=========== ========= ============ ========== ======= ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== ======= ============= ============
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1
Completed in 0.38 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-type router origin 172.16.4.3 detail
Fri 2020-04-17 19:25:12 UTC
====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 144
Sequence Number: 0x80000006
Checksum: 0x0000c86e
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10
Completed in 0.37 seconds
show ospf interfaces
Show information about the OSPF interfaces.
Usage
show ospf interfaces [rows <rows>] [vrf <vrf>] [network-interface <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| network-interface | The network interface to fetch OSPF information for |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf interfaces
Fri 2020-04-17 19:29:52 UTC
============= ================== =========== ======== ============ =========== ========= ===========
Router Name Device Interface Network Status IP Address OSPF Type Area ID Area Type
Interface
============= ================== =========== ======== ============ =========== ========= ===========
ComboEast 10 intf10 up 172.16.1.2 Peer 0.0.0.1 normal
/24
ComboEast 11 intf11 up 172.16.3.2 Peer 0.0.0.0 normal
/24
Completed in 0.37 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf interfaces detail
Fri 2020-04-17 19:30:06 UTC
===============================================
Router: ComboEast
===============================================
Interface:
Device Interface: 10
Network Interface: intf10
Interface Index: 3
Status: up
MTU Size: 1500 bytes
Bandwidth: 10 Mbps
OSPF Enabled: true
OSPF Running: false
Flags:
- UP
- BROADCAST
- RUNNING
- MULTICAST
Address:
IP Address: 172.16.1.2/24
Broadcast IP Address: unavailable
Unnumbered Interface: false
V-Link Peer: unavailable
MTU Mismatch Detection: false
Router ID: 172.16.4.2
OSPF Type: Peer
OSPF State: DR
Area ID: 0.0.0.1
Area Type: normal
Network Type: BROADCAST
Cost: 10
Transmit Delay: 1.0 s
Priority: 1
BDR ID: unavailable
BDR Address: unavailable
LSA Sequence: 0x00000000
Multicast Member (All): true
Multicast Member (DR): true
Timer Hello: 0.1 s
Timer Dead: 0.025 s
Timer Wait: 0.025 s
Timer Retransmit: 0.2 s
Timer Hello Due: 6.981 s
Timer Passive: false
Neighbor Count: 0
Adjacent Neighbor Count: 0
Interface:
Device Interface: 11
Network Interface: intf11
Interface Index: 4
Status: up
MTU Size: 1500 bytes
Bandwidth: 10 Mbps
OSPF Enabled: true
OSPF Running: false
Flags:
- UP
- BROADCAST
- RUNNING
- MULTICAST
Address:
IP Address: 172.16.3.2/24
Broadcast IP Address: unavailable
Unnumbered Interface: false
V-Link Peer: unavailable
MTU Mismatch Detection: false
Router ID: 172.16.4.2
OSPF Type: Peer
OSPF State: Backup
Area ID: 0.0.0.0
Area Type: normal
Network Type: BROADCAST
Cost: 10
Transmit Delay: 1.0 s
Priority: 1
BDR ID: 172.16.4.2
BDR Address: 172.16.3.2
LSA Sequence: 0x00000000
Multicast Member (All): true
Multicast Member (DR): true
Timer Hello: 0.1 s
Timer Dead: 0.025 s
Timer Wait: 0.025 s
Timer Retransmit: 0.2 s
Timer Hello Due: 1.85 s
Timer Passive: false
Neighbor Count: 1
Adjacent Neighbor Count: 1
Completed in 0.32 seconds
show ospf neighbors
Show information about OSPF neighbors.
Usage
show ospf neighbors [rows <rows>] [vrf <vrf>] [network-interface <name>] [neighbor <ip>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| neighbor | The neighbor IP address for which to fetch OSPF information |
| network-interface | The network interface to fetch OSPF neighbor information for |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf neighbors
Fri 2020-04-17 19:30:22 UTC
============= ==================== ========== ======= ==================== =================== ===========
Router Name Neighbor Router ID Priority State Dead Timer Due (s) Interface Address Interface
State
============= ==================== ========== ======= ==================== =================== ===========
ComboEast 172.16.4.3 1 Full 31.302 172.16.3.2 DR
Completed in 0.32 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf neighbors detail
Fri 2020-04-17 19:30:36 UTC
==============================================================
Router: ComboEast
==============================================================
Neighbor:
Neighbor Router ID: 172.16.4.3
Priority: 1
State: Full
Dead Timer Due: 37.832 s
Interface Address: 172.16.3.2
Device Interface: 11
Network Interface: intf11
Interface State: DR
Area ID: 0.0.0.0
Area Type: normal
Database Summary List Count: 0
LSA Request List Count: 0
LSA Retransmission List Count: 0
State Change Count: 6 changes
Last Progressive Change: 35m 52s ago
Last Regressive Change: never
Last Regressive Change Reason: NoEvent
Designated Router ID: 172.16.3.3
Backup Designated Router ID: 172.16.3.2
Options:
- E
Thread Inactivity Timer: true
Thread Database Description Retransmission: false
Thread LSA Request Retransmission: true
Thread LSA Update Retransmission: true
Completed in 0.30 seconds
show ospf routes
Show information about the OSPF routes.
Usage
show ospf routes [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router to request OSPF information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Example
admin@combo-east.ComboEast# show ospf routes
Fri 2020-04-17 19:33:20 UTC
============= =============== ============ ========= ====== ========= =======
Router Name Route Prefix Route Type Area ID Cost Discard Paths
============= =============== ============ ========= ====== ========= =======
ComboEast 172.16.1.0/24 Network 0.0.0.1 10 1
ComboEast 172.16.2.0/24 Network 0.0.0.0 20 1
ComboEast 172.16.3.0/24 Network 0.0.0.0 10 1
Completed in 0.40 seconds
Specifying the argument detail provides additional information
admin@combo-east.ComboEast# show ospf routes detail
Fri 2020-04-17 19:33:29 UTC
===========================================
Router: ComboEast
===========================================
Network Route:
Route Prefix: 172.16.1.0/24
Area ID: 0.0.0.1
Cost: 10
Inter-Area: false
Intra-Area: true
Path:
Device Interface: 10
Network Interface: intf10
Network Route:
Route Prefix: 172.16.2.0/24
Area ID: 0.0.0.0
Cost: 20
Inter-Area: true
Intra-Area: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11
Network Route:
Route Prefix: 172.16.3.0/24
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
Intra-Area: true
Path:
Device Interface: 11
Network Interface: intf11
No External Routes
Router:
Router ID: 172.16.4.3
Route:
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
ABR: true
ASBR: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11
Completed in 0.35 seconds
show packet-buffer-locations
Display the packet buffer pool locations.
Usage
show packet-buffer-locations [pool <pool>] router <router> node <node>
Keyword Arguments
| name | description |
|---|
| node | Node for which to display packet-buffer pool information |
| pool | Display the location details of the packet buffer pools (default: all) |
| router | Router for which to display packet-buffer pool information |
Description
This command displays the total number of allocated buffers, capacity and their buffer pool location in the highway.
show peers
Display peer information.
Usage
show peers [name <name>] [dynamic-damping] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| dynamic-damping | display BFD dynamic-damping stats |
| force | Skip confirmation prompt. Only required when targeting all routers |
| name | Peer to display (default: all) |
| resource-group | The name of the resource group |
| router | The router on which to display peers |
Positional Arguments
| name | description |
|---|
| verbosity | detail | summary (default: summary) |
Subcommands
| command | description |
|---|
hostnames | Display resolved hostnames of peers |
Description
The show peers command displays properties of each of the "neighboring" SSRs that the router in question has a peering association with.
This command shows information on peering associations between SSRs, not peering associations with BGP peers. For information on BGP peering statistics, refer to "show bgp" in this document.
For each peer it shows which interface the peer is reachable via, the destination IP address for which the peer is reached, the VLAN to use to reach it, and whether the peer is currently "up", "down", or "initializing".
Example
admin@tp-cond-primary.tp-cond# show peers router all
Fri 2020-04-17 19:07:42 UTC
============================== ===================== ==================== ================ ========= ============= =============
Peer Node Network Interface Destination Status Hostname Path MTU
============================== ===================== ==================== ================ ========= ============= =============
burl-corp -> brawny burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> seattle-site burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tpn_router burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
tp-colo -> imjustarouter tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> imjustarouter tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> mobile128T tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> mobile128T tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> brawny tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> brawny tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable
tp-colo -> tp-lab tp-colo-primary colo-lab-pri 1.2.3.4 up unavailable unavailable
tp-colo -> tp-lab tp-colo-secondary colo-lab-sec 1.2.3.4 standby unavailable unavailable
tp-lab -> tp-colo tp-lab-primary lab-colo-pri 1.2.3.4 standby unavailable unavailable
tp-lab -> tp-colo tp-lab-secondary lab-colo-sec 1.2.3.4 up unavailable unavailable
Completed in 1.25 seconds
The detail option will show peer path statistics (loss, latency, jitter, calculated MOS, uptime) for each peer path.
admin@tp-cond-primary.tp-cond# show peers router all detail
Wed 2020-04-22 20:58:38 UTC
WARNING: Targeting router 'all' may take a long time. Continue anyway? [y/N]: y
============================== ===================== ==================== ============= ========= ============= ============= ============= ============ ========= ======= =============
Peer Node Network Interface Destination Status Hostname Path MTU Latency(ms) Jitter(ms) Loss(%) MOS Uptime
============================== ===================== ==================== ============= ========= ============= ============= ============= ============ ========= ======= =============
burl-corp -> brawny burl-corp-secondary lighttower 1.2.3.4 down unavailable unavailable 22 1 0 0.439 unavailable
burl-corp -> seattle-site burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 88 0 0 0.436 12d4h31m
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable 8 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable 1 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 7 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 3 0 0 0.44 12d4h31m
burl-corp -> tpn_router burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 1 0 0 0.44 12d4h31m
tp-colo -> imjustarouter tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable 19 1 0 0.439 1d0h46m
tp-colo -> imjustarouter tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 17 0 0 0.44 unavailable
tp-colo -> mobile128T tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable 18 0 0 0.44 1d0h46m
tp-colo -> mobile128T tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 19 0 0 0.439 unavailable
tp-colo -> brawny tp-colo-primary public-lab-dmz-pri 1.2.3.4 down unavailable unavailable 33 0 0 0.439 unavailable
tp-colo -> brawny tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 22 0 0 0.439 unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable 8 0 0 0.44 0d12h41m
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable 7 0 0 0.44 1d0h46m
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable 1 0 0 0.44 1d0h57m
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable 2 0 0 0.44 0d10h2m
tp-colo -> tp-lab tp-colo-primary colo-lab-pri 1.2.3.4 up unavailable unavailable 0 0 0 0.44 1d0h46m
tp-colo -> tp-lab tp-colo-secondary colo-lab-sec 1.2.3.4 standby unavailable unavailable 0 0 0 0.44 unavailable
tp-lab -> tp-colo tp-lab-primary lab-colo-pri 1.2.3.4 standby unavailable unavailable - - - - unavailable
tp-lab -> tp-colo tp-lab-secondary lab-colo-sec 1.2.3.4 up unavailable unavailable 0 0 0 0.44 1d0h46m
Completed in 1.34 seconds
Version History
| Release | Modification |
|---|
| 3.0.0 | This feature was introduced |
show peers hostnames
Display resolved hostnames of peers
Usage
show peers hostnames [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| resource-group | The name of the resource group |
| router | The router on which to display peer hostnames (default: all) |
Example
admin@tp-cond-primary.tp-cond# show peers hostnames router tp-lab
Fri 2020-04-17 19:16:15 UTC
=================== ======== ======================== ============
Peer Router Hostname IP Address
=================== ======== ======================== ============
tp-lab -> tp-colo tp-lab nodea.router1.128t.com 1.2.3.4
tp-lab -> tp-colo tp-lab nodea.router1.128t.com 1.2.3.4
Completed in 0.24 seconds
show pim interface
Show PIM interface
Usage
show pim interface [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [name <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
| name | description |
|---|
| force | Skip confirmation prompt. Only required when targeting all routers |
| ip-address | Specify address to see individual PIM Interface [type: IP address] |
| name | The global interface to fetch PIM information for |
| resource-group | The name of the resource group |
| router | The router to request PIM information from |
| rows | The number of items to display at once [type: int or 'all'] (default: 50) |
| vrf | VRF name |
Positional Arguments