Plexxi 4.0.0 Switch Admin-CLI Guide 5-3-2018 · Plexxi Switch Administrator Guide using Linux and Plexxi CLI, 4.0.0 2 Legal Notices The information contained herein is subject to

®

Plexxi HCN™ Plexxi Switch Software

Administrator Guide using Linux and Plexxi CLI Release 4.0.0

May 3, 2018

® 100 Innovative Way - Suite 3322 Nashua, NH 03062 Tel. +1.888.630.PLEX (7539) www.plexxi.com

Plexxi Switch Administrator Guide using Linux and Plexxi CLI, 4.0.0 2

Legal Notices The information contained herein is subject to change without notice. Plexxi®, the Plexxi logo, and LightRail® are registered trademarks, and Plexxi HCN™, Plexxi Control™ and Plexxi Connect™ are trademarks of Plexxi, Inc. in the United States and other countries. Other product or service name may be trademarks or service marks of others. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Plexxi, Inc. Plexxi, Inc. reserves all rights of copyright in this documentation. PLEXXI, INC. PROVIDES THIS DOCUMENTATION “AS IS,” WITHOUT WARRANTY, TERM, OR CONDITION OF ANY KIND, EITHER IMPLIED OR EXPRESSED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES, TERMS, OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Plexxi, Inc. reserves the right to make changes to equipment design or program components described in this documentation, as progress in engineering, manufacturing methods, or other circumstances may warrant. No responsibility is assumed for the use of Plexxi, Inc. software or hardware, all rights, obligations and remedies related to which are as set forth in the applicable sales and license agreements.

Plexxi, Inc. 100 Innovative Way - Suite 3322 Nashua, NH 03062 Tel: +1.888.630.PLEX (7539) www.plexxi.com

Published May 3, 2018 Printed in United States of America. Copyright © 2018 Plexxi, Inc. All rights reserved.

The Plexxi Switch system is classified as a class 1 telecommunications laser product employing embedded class 1 lasers and complies with the following:

THIS PRODUCT COMPLIES WITH FDA RULE 21 CFR SUBCHAPTER J IN EFFECT AT DATE OF MANUFACTURE. PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11

PRODUIT CONFORME SELON LE SOUS CHAPITRE J DU DOCUMENT FDA RÈGLE 21 CFR EN VIGUEUR LORS DE LA DATE DE FABRICATION. PRODUIT CONFORME SELON 21CFR 1040.10 ET 1040.11.

Electrotechnical Commission (IEC) 60825-1, 60825-2

This product is classified as a: CLASS 1 LASER PRODUCT

APPAREIL À LASER DE CLASSE 1

This unit is intended to be installed in a Restricted Access Location only with access only by trained personnel.

Warning: The primary hazards of exposure to invisible laser radiation from an optical fiber communications system are:

• Damage to the eye by viewing an unterminated optical fiber or fiber optic connector. • Damage to the eye from invisible laser radiation from viewing a cut fiber or a broken fiber.

Never attempt to view optical connectors that may be emitting laser energy and always avoid possible exposure to invisible optical laser radiation. Using optical fiber scopes or magnifying lenses may increase the possibility for an eye hazard. It is recommended that you use an optical power meter to determine if there is optical laser radiation present or use a remote video display inspection tool to inspect connectors.


Table of Contents

LegalNotices...................................................................................................................................................2

Welcome.........................................................................................................................................................12RelatedDocumentation.............................................................................................................................13

ContactingPlexxiSupport.........................................................................................................................131 SwitchManagementConnections................................................................................................14

Ports.........................................................................................................................................................................14SerialConsolePort............................................................................................................................................................................14SSHthroughManagementPort..................................................................................................................................................14SSHSessionopenedfromPlexxiControl..............................................................................................................................14

Loggingintotheswitch.......................................................................................................................................14UserAccounts........................................................................................................................................................14

2 InitialSwitchSetup..........................................................................................................................15SerialConsole........................................................................................................................................................15Runningpx-setup.................................................................................................................................................15ConfiguringthePlexxiControlIPAddressontheDHCPServer..............................................................15ConnectingthroughtheManagementInterface..........................................................................................16ChangingtheadminUserPassword................................................................................................................16AccessingthePlexxiCLI......................................................................................................................................16ConfiguringLightRails........................................................................................................................................17SavingtheConfiguration....................................................................................................................................17UpgradingPlexxiSwitchSoftware...................................................................................................................17

3 PlexxiLinuxUtilitiesforSwitchConfiguration........................................................................18px-adduser.............................................................................................................................................................18px-hostname..........................................................................................................................................................20px-lspart..................................................................................................................................................................20px-log-bundle........................................................................................................................................................20px-package-check.................................................................................................................................................21px-setup..................................................................................................................................................................22px-ssl-install..........................................................................................................................................................24px-sslgen.................................................................................................................................................................24px-topology............................................................................................................................................................25

4 ManagingPlexxiSwitchLinuxUserAccountsandAuthenticationMethods...................27LocalSwitchAuthentication..............................................................................................................................28AddingaLocalUserUsingthePlexxipx-adduserUtility..............................................................................................28AccessingthePlexxiCLI.................................................................................................................................................................28

TACACS+AuthenticationforaSwitch.............................................................................................................29Overview................................................................................................................................................................................................29ConfiguringTACACS+AuthenticationonaSwitch..........................................................................................................29TACACS+PAMsetup........................................................................................................................................................................29TACACS+NSSConfiguration........................................................................................................................................................30

RADIUSAuthenticationforaSwitch...............................................................................................................31Overview................................................................................................................................................................................................31ConfiguringRADIUSAuthenticationonaSwitch.............................................................................................................31


EnablingRADIUS...............................................................................................................................................................................31LDAPAuthenticationforaSwitch....................................................................................................................32Overview................................................................................................................................................................................................32ConfiguringLDAPAuthenticationforaSwitch..................................................................................................................32

EnablingtheAuthenticationMethodforaSwitch.......................................................................................345 DebianLinuxCommandsforSwitchConfiguration................................................................35

ConfiguringClocks...............................................................................................................................................35ManuallySettingtheTimeandDate.......................................................................................................................................35ChangingtheTimeZone................................................................................................................................................................35SettingTimeOncewithNTP........................................................................................................................................................35ConfiguringNTP.................................................................................................................................................................................35

ConfiguringtheIPDomain.................................................................................................................................37ConfiguringtheManagementInterface.........................................................................................................37ConfiguringtheIPAddressoftheManagementInterface...........................................................................................37ConfiguringtheMTUSizeoftheManagementInterface..............................................................................................37EnablingandDisablingtheManagementInterface.........................................................................................................38ConfiguringaVLANontheManagementInterface.........................................................................................................38

ConfiguringIPRoutes.........................................................................................................................................38ConfiguringSNMP.................................................................................................................................................38Groups.....................................................................................................................................................................................................38Communities........................................................................................................................................................................................39MIBViews..............................................................................................................................................................................................39SNMPv3User-BasedSecurityModel......................................................................................................................................39

CopyingFilestoaSwitch....................................................................................................................................40ConfiguringSSHKeysonaSwitch....................................................................................................................40RegeneratingSSHHostKeysontheSwitch.........................................................................................................................40StartingorStoppingtheSSHserviceontheSwitch........................................................................................................40MakingSSHPersistentontheSwitch.....................................................................................................................................40

6 SavingConfigurationChanges......................................................................................................41SavingConfigurationChanges..........................................................................................................................41CheckingtheCurrentConfiguration...............................................................................................................41

7 HandlingFiles....................................................................................................................................42HandlingFilesfromtheDebianLinuxPrompt............................................................................................42CopyingFilesfromaRemoteSystem......................................................................................................................................42

HandlingFilesfromthePlexxiCLI...................................................................................................................42running-configandstartup-config...........................................................................................................................................42Copy,Move,andDeleteExamples............................................................................................................................................42FileCopywithURL...........................................................................................................................................................................43

8 UpgradingthePlexxiSwitchSoftwaretoRelease4.0.0.........................................................44PreparingtoUpgradefromaPre-3.3.0Release..........................................................................................44UpgradingtheSwitches......................................................................................................................................44ImplementingtheIS-ISProtocol......................................................................................................................44RunningaFit..........................................................................................................................................................44

9 In-BandManagement......................................................................................................................45Overview.................................................................................................................................................................45ConfiguringIn-BandManagement...................................................................................................................46RelatedPlexxiCLICommands..........................................................................................................................47inband-managementconfigdhcp.............................................................................................................................................48


inband-managementconfigip....................................................................................................................................................48inband-managementdelete.........................................................................................................................................................48inband-managementgwadd.......................................................................................................................................................48showinband-management...........................................................................................................................................................48

10 ConfiguringLightRails.....................................................................................................................49Overview.................................................................................................................................................................49LightRail1.............................................................................................................................................................................................49LightRail2(Switch3eq)................................................................................................................................................................49LightRail3(Switch3eq)................................................................................................................................................................49UserInterfaceandWorkflowDetails......................................................................................................................................49

CLICommandstoConfigureLightRails..........................................................................................................5011 Switch2eDCImode.........................................................................................................................51

Operation................................................................................................................................................................51Modesofoperation..............................................................................................................................................51Switch2eDCICLICommand:fabricredirect.................................................................................................52Switch2eI/OPanelPorts..................................................................................................................................53

12 FabricLinkEncapsulation(FLE)..................................................................................................54Overview.................................................................................................................................................................54ConfiguringDCIL2FLEonPlexxiSwitches2,2s,2p,2sp..........................................................................55Example:Switch2East-Flexx.....................................................................................................................................................57Example:Switch2West-Flexx...................................................................................................................................................57

ConfiguringDCIL2FLEonPlexxiSwitch2e..................................................................................................58Example:Switch2eW-SFP...........................................................................................................................................................60Example:Switch2eSFP-E.............................................................................................................................................................61

ConfiguringL2FLEonPlexxiSwitch3eq.......................................................................................................62Example:Switch3eqLightRail1WestPortEncapsulation........................................................................................64Example:Switch3eqLightRail1EastPortEncapsulation..........................................................................................65

CLICommands.......................................................................................................................................................6613 BGP-EVPN...........................................................................................................................................67

AboutBGP-EVPN...................................................................................................................................................67ConfiguringBGP-EVPNonEachPlexxiSwitch..............................................................................................67address-family......................................................................................................................................................68exit-address-family..............................................................................................................................................68neighboractivate..................................................................................................................................................69neighborpeer-group...........................................................................................................................................70neighborremote-as.............................................................................................................................................70

14 RoutedPortInterface......................................................................................................................72Overview.................................................................................................................................................................72Considerations......................................................................................................................................................72ViewingtheConfiguredLAGsonaPlexxiSwitch.........................................................................................72Prerequisites.........................................................................................................................................................73ConfiguringaRoutedPortInterface...............................................................................................................73CreatingtheInterface......................................................................................................................................................................73AssigninganIPAddresstotheInterface..............................................................................................................................73VerifyingtheConfiguration..........................................................................................................................................................74

15 SpineSwitchFabric..........................................................................................................................75CLICommandstoConfiguretheSpineSwitchFabric.................................................................................75ConfiguretheSpineLightRail.....................................................................................................................................................75ConfiguretheFabricSpeedforLightRailType1or2ontheSpineSwitch........................................................75


ConfiguretheFabricEgressRateforFabricPortsontheSpineSwitch...............................................................7516 PlexxiCLIModes...............................................................................................................................76

OpeningthePlexxiCLIShell..............................................................................................................................76EnteringtheCLIModes.......................................................................................................................................77EnteringtheEXECMode................................................................................................................................................................77EnteringthePRIV-EXECMode...................................................................................................................................................77EnteringtheCONFIGMode..........................................................................................................................................................77EnteringtheCONFIG-LINEMode..............................................................................................................................................77ExitingtheCONFIG-LINEMode.................................................................................................................................................77

ExitingtheCLIModes..........................................................................................................................................78ReturningtothePreviousCLIMode.......................................................................................................................................78ReturningtothePRIV-EXECMode...........................................................................................................................................78

ExitingPlexxiShelltoBash................................................................................................................................7817 CLICommandReference–Execmode........................................................................................79

clearaccess-list.....................................................................................................................................................79clearcounters........................................................................................................................................................79clearip.....................................................................................................................................................................79clearipv6................................................................................................................................................................79clearmacsw-table...............................................................................................................................................80debugbgp...............................................................................................................................................................80debugip...................................................................................................................................................................80debugmrd..............................................................................................................................................................81debugnsm..............................................................................................................................................................82debugospf..............................................................................................................................................................82debugpim...............................................................................................................................................................82debugpip................................................................................................................................................................83debugprd...............................................................................................................................................................83disable.....................................................................................................................................................................83enable......................................................................................................................................................................83exit|quit.................................................................................................................................................................83help...........................................................................................................................................................................83logout.......................................................................................................................................................................84no..............................................................................................................................................................................84nodebugall............................................................................................................................................................84ping...........................................................................................................................................................................84quit...........................................................................................................................................................................84resetlog...................................................................................................................................................................84showaccess-list....................................................................................................................................................84showbgp.................................................................................................................................................................85showcli....................................................................................................................................................................86showclock..............................................................................................................................................................87showcrossbars.....................................................................................................................................................87showcutthru..........................................................................................................................................................87showdebugging....................................................................................................................................................87showfabric.............................................................................................................................................................87showflow................................................................................................................................................................87showhardware.....................................................................................................................................................88showhistory..........................................................................................................................................................88showhold-policy..................................................................................................................................................88showhosts..............................................................................................................................................................88


showinterface.......................................................................................................................................................88showinterfacesummary....................................................................................................................................88showip....................................................................................................................................................................89showiparp.............................................................................................................................................................89showipdhcp-relay...............................................................................................................................................91showipdomain-list.............................................................................................................................................91showipdomain-name.........................................................................................................................................91showipfastpathstatistics..................................................................................................................................91showiphost...........................................................................................................................................................92showipigmpsnooping.......................................................................................................................................94showipinterface..................................................................................................................................................94showipname-server...........................................................................................................................................95showiproute.........................................................................................................................................................95showlacp................................................................................................................................................................98showlacplag..........................................................................................................................................................98showlag..................................................................................................................................................................98showlaglacp..........................................................................................................................................................98showlagIFNAMEvlan.........................................................................................................................................98showlist..................................................................................................................................................................99showlldp.................................................................................................................................................................99showlldplocal-info..............................................................................................................................................99showlocate-led.....................................................................................................................................................99showlog..................................................................................................................................................................99showmrib.............................................................................................................................................................100showneighbor-discovery.................................................................................................................................100shownsm..............................................................................................................................................................100showntp................................................................................................................................................................100showpost..............................................................................................................................................................100showprivilege.....................................................................................................................................................100showqinqsvlan..................................................................................................................................................100showqsfp..............................................................................................................................................................100showrouter-channel.........................................................................................................................................101showrouter-id....................................................................................................................................................101showsflow............................................................................................................................................................101showsystemresources.....................................................................................................................................101showsystemuptime..........................................................................................................................................101showtimezone....................................................................................................................................................101showtopography................................................................................................................................................101showtransceivers..............................................................................................................................................101showtranslationtvlan......................................................................................................................................101showusers............................................................................................................................................................101showversion........................................................................................................................................................101showvirtual-routers.........................................................................................................................................101showvlan..............................................................................................................................................................102ssh...........................................................................................................................................................................102telnet......................................................................................................................................................................102terminal................................................................................................................................................................102trace-attachment................................................................................................................................................102traceroute.............................................................................................................................................................102undebug................................................................................................................................................................102

18 CLICommandReference–PRIV-EXECmode.........................................................................103


boottoggle............................................................................................................................................................103cleararp-cache....................................................................................................................................................103clearcontrolleraddress...................................................................................................................................103clearcontrollerconfig.......................................................................................................................................103clearcores............................................................................................................................................................103clearhold..............................................................................................................................................................103cleariproutekernel..........................................................................................................................................103clearmachw-table.............................................................................................................................................103clearpolicerstatistics.......................................................................................................................................104configure(terminal)..........................................................................................................................................104controllerset.......................................................................................................................................................104copyFILE...............................................................................................................................................................104copyrunning-config...........................................................................................................................................104copystartup-config............................................................................................................................................104copyURL...............................................................................................................................................................104cutthru...................................................................................................................................................................104dci-behavior.........................................................................................................................................................105deleteFILE............................................................................................................................................................105deletestartup-config.........................................................................................................................................105dir...........................................................................................................................................................................105disable...................................................................................................................................................................105enable....................................................................................................................................................................105fabric-encapcreate............................................................................................................................................105fabricclear-fabric-id.........................................................................................................................................107fabric-encapdelete............................................................................................................................................107fabriceast-egress-rate(Switch2e)...............................................................................................................107fabriceast-speed(Switch2e)..........................................................................................................................107fabricegress-rate(Switch3eq)......................................................................................................................107fabriclearn-fabric-id.........................................................................................................................................108fabriclightrails....................................................................................................................................................108fabricprotocol-change......................................................................................................................................109fabricredirect(forSwitch2e)........................................................................................................................110fabricredirect(forSwitch2,2s,2p,2sp).....................................................................................................111fabricspeed(Switch3eq).................................................................................................................................112fabricwest-egress-rate(Switch2e)..............................................................................................................112fabricwest-speed(Switch2e).........................................................................................................................112flow.........................................................................................................................................................................113hold........................................................................................................................................................................113hold-policy...........................................................................................................................................................113holdIFNAME.........................................................................................................................................................113inband-managementconfigport...................................................................................................................113inband-managementconfigdhcp..................................................................................................................114inband-managementconfigip........................................................................................................................114inband-managementdelete............................................................................................................................114install<FILE>.......................................................................................................................................................114lldpportIFNAMEreceive..................................................................................................................................114locate-led..............................................................................................................................................................114logout.....................................................................................................................................................................114migrate-data........................................................................................................................................................114moveFILE.............................................................................................................................................................115mstat......................................................................................................................................................................115


mtrace....................................................................................................................................................................115ptp...........................................................................................................................................................................115qsfpconfig............................................................................................................................................................115quit.........................................................................................................................................................................115reload(rescue)....................................................................................................................................................115rpicreate..............................................................................................................................................................115rpidelete...............................................................................................................................................................115showboot.............................................................................................................................................................116showcontroller...................................................................................................................................................116showdebuggingsnmp.......................................................................................................................................116showfabric...........................................................................................................................................................116showfabric-encap..............................................................................................................................................116showfile................................................................................................................................................................117showflow..............................................................................................................................................................117showfsat...............................................................................................................................................................117showhistory........................................................................................................................................................117showhosts............................................................................................................................................................117showinband-management..............................................................................................................................117showinstall..........................................................................................................................................................117showinterface.....................................................................................................................................................117showl2-isis..........................................................................................................................................................117showloop-detection-stats................................................................................................................................118showmachw-table............................................................................................................................................118showmacsw-table.............................................................................................................................................118shownsmclient..................................................................................................................................................118showpeers...........................................................................................................................................................118showprocess.......................................................................................................................................................118showpsat..............................................................................................................................................................118showrunning-config..........................................................................................................................................118showstartup-config...........................................................................................................................................119showsystemcores.............................................................................................................................................119showtech-support.............................................................................................................................................119showtopography................................................................................................................................................121showtopologyresidual.....................................................................................................................................121showtopologyvlan............................................................................................................................................122showuser-defined-path...................................................................................................................................122showusers............................................................................................................................................................122supportlog-bundle............................................................................................................................................123verifyFILE............................................................................................................................................................123

19 CLICommandReference–CONFIGmode...............................................................................124access-list.............................................................................................................................................................124arp..........................................................................................................................................................................124bannermotd........................................................................................................................................................124bgp..........................................................................................................................................................................124debug.....................................................................................................................................................................125debugnsm............................................................................................................................................................125do<command>....................................................................................................................................................125dumpbgp..............................................................................................................................................................125enablepassword.................................................................................................................................................125exit|quit................................................................................................................................................................125fibretain...............................................................................................................................................................125


help.........................................................................................................................................................................126interface................................................................................................................................................................126ipforwarding.......................................................................................................................................................126iproute..................................................................................................................................................................126lineconsole0.......................................................................................................................................................126linevty...................................................................................................................................................................126logfile....................................................................................................................................................................126max-fib-routes.....................................................................................................................................................127max-static-routes...............................................................................................................................................127maximum-access-list.........................................................................................................................................127maximum-paths..................................................................................................................................................127no............................................................................................................................................................................127route-map<tag>.................................................................................................................................................127routerbgp.............................................................................................................................................................127routerospf............................................................................................................................................................128router-channel....................................................................................................................................................128router-id...............................................................................................................................................................128serviceadvanced-vty.........................................................................................................................................128servicepassword-encryption.........................................................................................................................128serviceterminal-length....................................................................................................................................128showcli..................................................................................................................................................................128showlist................................................................................................................................................................128showrunning-config..........................................................................................................................................128synce......................................................................................................................................................................128

20 CLICommandReference–CONFIG-LINEmode.....................................................................129exec-timeout........................................................................................................................................................129end|exit|quit|CTRL-D...................................................................................................................................129help.........................................................................................................................................................................129history...................................................................................................................................................................129login.......................................................................................................................................................................129privilegelevel......................................................................................................................................................129showcli..................................................................................................................................................................130showlist................................................................................................................................................................130showrunning-config..........................................................................................................................................130

AppendixA CLIHelp..............................................................................................................................131OutputModifiers................................................................................................................................................132RepeataShowCommand............................................................................................................................................................132

AppendixB Troubleshooting..............................................................................................................133SwitchLog.............................................................................................................................................................133TestNetworkConnectivity..............................................................................................................................133AssessSystemHealth........................................................................................................................................133DisplayRunningProcesses..............................................................................................................................134HardwareStatus.................................................................................................................................................134PowerSupplyDetails....................................................................................................................................................................134TemperatureSensorReadings.................................................................................................................................................135FanStatus............................................................................................................................................................................................135

AppendixC WorkingwithPlexxiCareSupport.............................................................................136OpeningthePRIV-EXECMode.........................................................................................................................136CombiningshowCommandOutput...............................................................................................................136


RedirectingshowCommandOutput.............................................................................................................137Bundling Log Files..........................................................................................................................................138SpecifyingtheNumberofDaystoIncludeinLogOutput..........................................................................................138SpecifyingaTime.............................................................................................................................................................................138

Copying Plexxi Switch Core Files.............................................................................................................139CheckingforCoreFiles.................................................................................................................................................................139CopyingaCoreFiletoAnotherNetworkHost.................................................................................................................139CopyingaCoreFiletoLocalUserDiskSpace...................................................................................................................139VerifyingaCoreFileinitsOriginalLocation....................................................................................................................139DeletingCoreFiles..........................................................................................................................................................................139


Welcome This document describes switch administration tasks and commands/functions that are performed at either the Debian Linux Bash prompt or at a Plexxi configuration command line interface (CLI) prompt.

The CLI is used for initial switch set up, some feature configurations, and troubleshooting. You can use the CLI to access information available from Plexxi Control and to display system status.

Although some Plexxi Switch configurations are performed using the Plexxi CLI, most switch configuration tasks are performed using either the Plexxi Control graphical user interface (GUI) or the Plexxi Connect GUIs.

Configuration parameters that are set at the Linux prompt as outlined in this document include:

• Clocks

• management interface

• NTP

• SNMP

• switch user management

Configuration parameters that are set at the Plexxi CLI prompt as described in this document include:

• Switch 2e DCI

• L2 Fabric Link Encapsulation

• In-band Management

• Redirection

Configuration parameters that are set using the Plexxi Control GUI are described in the Plexxi Control Online Help and include:

• VLANs

• Affinities

• User-Defined Paths

• Switch ports

• Switch software upgrades


Related Documentation The following additional documentation supports this release:

• Plexxi Compatibility Matrix, Version 10 or greater. The Plexxi Compatibility Matrix contains version-specific software and hardware support information as well as cable and transceiver support information.

• Plexxi Release Notes, Release 4.0.0

• Plexxi Control Installation, Upgrade and Administration Guide, Release 4.0.0

• Plexxi Control Online Help is available while logged into the Plexxi Control UI

Except for the online help, this documentation is available on the Resources > Technical Publications page of http://www.plexxi.com.

Contacting Plexxi Support Plexxi Technical Support services are available to answer your questions and to make sure that your software and hardware continue to operate properly.

You can contact Plexxi Support at:

[email protected]

1.888.415.9809 (US/Canada toll-free)

+1 603-782-0702 (US/International).

www.plexxi.com/support


1 Switch Management Connections

Ports You can connect to a Plexxi Switch to perform switch management using the following methods:

• connect via SSH through the management port

• open a terminal session from Plexxi Control

• connect a console system to the console port on the switch.

IMPORTANT: If you are performing an initial setup of the switch, refer to 2, Initial Switch Setup.

Serial Console Port The serial console may be needed for part of the initial switch setup, for troubleshooting, or for general switch management using Linux and the Plexxi CLI. For serial access, the console system must be connected to the console port on the switch. To connect to the serial console port, the following settings are needed:

• 115.2 Kb/s

• 8 data bits

• 1 stop bit

• No Parity

SSH through Management Port If a switch has undergone the initial switch setup and if the management port is connected to a network for management, you can SSH remotely through the switch’s management port.

IMPORTANT: If you are performing an initial setup of the switch, refer to 2, Initial Switch Setup.

SSH Session opened from Plexxi Control You can open an SSH session from Plexxi Control as described in the Plexxi Control Online Help, which is accessible from the Plexxi Control UI (User Interface).

Logging into the switch When you connect to the switch, you are prompted for a username and password. The default values for the pre-configured administrator account are:

• username: admin

• password: plexxi

When you log in, you start in your home directory at /home/<username>.

At the shell prompt, you can:

• perform switch setup using px-setup utilities

• perform some switch configuration tasks using the Plexxi CLI

User Accounts For information on managing Plexxi user accounts from Linux, refer to the next chapter.


2 Initial Switch Setup

When you initially install a switch, you need to open a console connection to any switch in the fabric, then run the px-setup command to configure the appropriate switch(es) as described in the sections that follow. Additionally, you can specify a new password for access to Linux on any new switches, and for switch 3eq, define LightRail configuration.

Serial Console The serial console may be needed for part of the initial switch setup, for troubleshooting, or for general switch management using Linux and the Plexxi CLI. For serial access, the console system must be connected to the console port on the switch. To connect to the serial console port, the following settings are needed:

• 115.2 Kb/s

• 8 data bits

• 1 stop bit

• No Parity

Running px-setup px-setup is a Plexxi utility that simplifies Plexxi switch setup by eliminating the need to edit configuration files and restart services on the Plexxi Switch. The utility queries administrators for information, then configures the IP or hostname of the Plexxi Control software, time zone, network address, default gateway, SNMP management, and several network services, including NTP and DNS.

The px-setup commands require root/sudo privilege to modify core services. For example, logged into the switch as admin: $ sudo px-setup

To setup all switches and all network characteristics for a new install, use px-setup without arguments: $ sudo px-setup

For detailed information about the px-setup command, refer to the following section in px-setup on page 22.

Note: Instead of specifying the IP address or hostname of the Plexxi Control server using the px-setup command, refer to the next section to configure the IP address or hostname of the Plexxi Control server on the DHCP server. You only need to perform this step for the first Plexxi switch installed in the fabric.

Configuring the Plexxi Control IP Address on the DHCP Server Rather than configuring the IP address or hostname of the Plexxi Control server on a Plexxi switch via the px-setup-controller CLI command, administrators can configure the IP address or hostname of the Plexxi Control server on the DHCP server. Follow the instructions in this section for the first Plexxi switch being deployed in your fabric.

Note: These instructions assume that Plexxi Control has already been deployed on a Plexxi Control server.

For an ISC (Internet Systems Consortium) DHCP server, include the following option lines in the DHCP server's configuration file: option plexxi-control-address code 240 = text;

option plexxi-control-address = “1.2.3.4”;


You can define either an IP address or hostname.

The Plexxi switch will obtain the IP address or hostname of the Plexxi Control server from the DHCP server when the switch is booted or rebooted. The DHCP server will send the code 240 value to the Plexxi Switch in the DHCP Reply message. The Plexxi switch will then configure the specified IP address or hostname for communicating with the Plexxi Control server.

IMPORTANT: If an IP address or hostname for the Plexxi Control server has already been configured on the Plexxi switch using the px-setup-controller CLI command, the IP address or hostname received in the DHCP Reply message will not override it.

Once the configuration is complete, you can remove the option lines above from the DHCP server’s configuration file, because the configured IP address or hostname of the Plexxi Control server will persist even through upgrades and will only be removed by explicitly removing it using the px-setup-controller (or equivalent) command on the Plexxi switch.

Connecting through the Management Interface Connect to the switch using the ssh command. This requires that the MGMT port on the switch be connected and that you know the IP address of the switch management port (the address you just configured).

Connect to the switch using ssh and log in using the default credentials. For example: ssh admin@ipaddress

Reply as prompted; the default administrator login is:

Username: admin

Password: plexxi

This puts you at the Debian Linux prompt on the switch in the /home/admin directory.

Changing the admin User Password You can change the password for the Linux admin user on any new switches using the Linux passwd command while logged in as admin and at the Linux prompt on the switch: $ passwd

Accessing the Plexxi CLI Access the Plexxi CLI as follows:

1. Open the Plexxi CLI Shell. At the Bash prompt, enter the following sudo command and then enter the password for admin: admin@switch:~$ sudo px-shell

This opens the EXEC Mode prompt: switch>

For example: admin@plexxi1:~$ sudo px-shell [sudo] password for admin: . . . plexxi1>


2. Enter the PRIVILEGED EXEC mode, from the EXEC mode, enter the enable command. For example, on switch Plexxi1: plexxi1> enable plexxi1#

The prompt changes from > to #.

Configuring LightRails Configure the LightRails as described in

• Chapter 10, Configuring LightRails

• If you are configuring a L2 FLE DCI connection, refer to Chapter 11, Fabric Link Encapsulation (FLE).

Saving the Configuration An asterisk preceding the prompt indicates that the configuration has changed and not saved. In the PRIV-EXEC mode (# prompt), save the new configuration settings to the switch, enter the command: *plexxi1# copy running-config startup-config Building configuration... [OK] plexxi1#

Upgrading Plexxi Switch Software You might need to upgrade to the latest version of the switch software when you initialize the switch for the first time. If you are not sure, verify with your Plexxi representative.


3 Plexxi Linux Utilities for Switch Configuration

Some Plexxi switch specific configuration settings are accomplished using Plexxi Linux utilities as outlined in the sections that follow.

IMPORTANT: Man pages are available for Plexxi px- utilities.

Running Plexxi Linux Utilities

To run the Plexxi Linux utilities:

1. Connect to the Plexxi switch using ssh and log in using the default credentials using the following command: ssh admin@ipaddress

For example: ssh [email protected]

In the above command, you can specify the hostname rather than the IP address, as follows: ssh admin@hostname

For example: ssh admin@sw2

2. Reply as prompted. The default administrator login is:

Username: admin

Password: plexxi

3. This puts you at the Debian Linux prompt on the switch in the /home/admin directory.

4. Change directory to the root directory: cd /

5. At the prompt, enter a Plexxi utility command. For example: $ px-topology --info

6. To get a man page for a Plexxi utility command, enter the following command: $ man command_name

For example: $ man px-adduser

px-adduser Add a User

The px-adduser utility enables you to easily create accounts that adhere to Plexxi switch user roles. It is accessible in the switch Bash environment; it is not available from the px-shell CLI.

Note: It is not mandatory that you use this utility to create Plexxi switch user accounts - it just makes it easier.

Syntax px-adduser <username> px-adduser [--user-role administrator|operator|viewer] [--full-name <name>] <user_name> px-adduser [--disabled-login] <user_name> px-adduser [-h|--help]

Helper utility for creating local user accounts that adhere to Plexxi user roles.


Options

-h, --help Display help for this command.

--user-role role Specify the role for this account: administrator, operator or viewer.

--full-name name Indicate the full name of this user or any comment for the account.

--disabled-login Create the account without prompting for the initial password.

Issuing this command with only the user_name argument prompts you to enter the user role, full name and password for this new account.

The optional parameters listed above can be passed to avoid entering settings interactively.

Note: The password cannot be passed on the command line. You can use the disabled-login option to create the account initially disabled, then later, use the passwd command to set the initial password and enable the account.

User Roles

Plexxi supports the following user roles:

• Administrator - This role has the highest privileges on the system. It equates, indirectly, to superuser access. User accounts of this role have:

o Membership in group px_administrator; this group has sudo access to all system commands

o Default shell is /bin/bash

• Operator - This is the second highest privilege level. It allows for configuration changes in px-shell, but is more limited for the rest of the system. It has:

o Membership in group px_operator; this group has sudo access only to px-shell.

o Default shell is /bin/bash

• Viewer - This is the least privileged role. Users with this role are only allowed unprivileged access to px-shell and no access to Bash. It includes:

o Membership in group px_viewer; this group has no sudo privileges

o Default shell is /bin/px-shell

Examples

The following command, you are prompted for role, full name and initial password. $ sudo px-adduser nemo

The following command generates no prompts and creates an operator account that is disabled: $ sudo px-adduser --user-role operator --full-name "Dory fish" --disabled-login dory

The following command displays Help for the px-adduser command: $ sudo px-adduser –-help

Exit Status

This utility essentially calls the useradd command, followed by the passwd command (unless opted out). If either of these exhibit an error, their status is propagated out by this utility. See useradd(8) and passwd(1) for more details on their status codes.

Scripting

It may be desirable to script the creation of accounts. This can be accomplished by using the optional --user-role and --full-name arguments to pass the information normally prompted for. The password cannot be passed on the command line - it could be visible to other users in the process listing. Instead, the --disabled-login option can be passed, and the account gets created in an initially disabled state. Later on, /usr/bin/passwd can be used to set the initial password and enable the account.


px-hostname Configure the Switch Host Name

The standard Linux hostname command does not make a persistent change to the switch hostname. To make a persistent switch hostname change, use the Plexxi px-hostname utility from BASH. When using the px-hostname command to change the hostname of the switch, the command must be run as 'root' (with 'sudo').

Note: The host name becomes part of the Linux and Plexxi CLI command prompts on the next login.

Syntax px-hostname px-hostname <new_host_name> [-y|--yes-restart] px-hostname -h|--help

Options:

-h, --help Print help for this command.

-y, --yes-restart Proceed with the hostname change without prompting. When you configure the switch hostname, various services are restarted. Therefore, you will be prompted to continue. You can avoid the prompt by entering –y or --yes-restart as a command argument.

px-hostname with no arguments returns the current active hostname.

px-hostname with a new hostname persistently applies the new hostname to the switch.

px-lspart Display Install Partition Information

The /usr/bin/px-lspart utility lists the installed software version for each of the install partitions (A and B). It also indicates which partition is currently running (‘r’ is shown next to the partition) and which partition is currently the default boot partition (‘b’ is shown next to the partition).

Syntax px-lspart px-lspart -h|--help

Options

-h, --help Display a help summary.

Notes

If the alternate partition is not mounted, an error is given indicating as such. The command relies on /alt being mounted.

Also, the version strings shown are those for the install package that was installed to the partition (either via ONIE or Plexxi upgrade). If you need to know more granular information about specific package versions, try the ‘px-package-check’ or ‘dpkg’ commands.

px-log-bundle Generate log bundle

The px-log-bundle utility allows users to retrieve a log bundle from a specified switch. The output file has the format HOSTNAME-YYYYMMDD-HHMM-sw-log-bundle.tar.gz and contains log files for a switch that are newer than the specified or default (24 hours) time.

Syntax px-log-bundle [-h] [-v] [-d days | -H hours | -f [YYYY][MM][DD]hhmm]


Optional Arguments

-h|--help Display help for this command.

-d|--days=(days) Include files newer than number of days before now. -f|--format=[YYYY][MM][DD]hhmm

Include files newer than the specified date/time:

YYYY 4-digit year

MM 2-digit month

DD 2-digit day

hhmm Hour and minute

-H|--hours=(hours) Include files newer than number of hours before now.

-v|--verbose Run in verbose mode. Can be used with [-d days | -H hours | -f [YYYY][MM][DD]hhmm] or with no other options (which collects logs from the previous 24 hours).

Examples

The following command generates a log bundle containing data from the last 36 hours: $ px-log-bundle -H 36

The following command generates a log bundle containing data from the last 30 days: $ px-log-bundle -d 30

The following command generates a log bundle containing data starting at 1:00 April 27, 2018: $ px-log-bundle -f 201804270100

px-package-check List Installed Software Packages

The Plexxi px-package-check utility returns a report of any packages that have been added, removed, or updated since the current partition was installed.

Syntax px-package-check [-h] [-e] [-i] [-r] [-u]

Optional Arguments

-h or --help Show help for this command.

-e or --errors List error conditions. Returns the name, version, and status.

-i or --installed List packages installed since initial install. Returns the name and version.

-r or --removed List packages removed since initial install. Returns the name and version.

-u or --upgraded List packages upgraded since initial install. Returns the name, original version and current version.

If no arguments are passed, the px-package-check utility lists the following:

• packages that do not appear to be fully installed.

• packages that have been added since the initial installation

• packages that have been removed since the initial installation

• packages that have upgraded (or otherwise changed version) since the initial installation

This utility does not detect reinstallation or reconfiguration of packages.


Note: You can also refer to the 'dpkg-query' command and the /var/log/dpkg.log file.

px-setup Switch Setup

px-setup is a Plexxi utility that simplifies Plexxi switch setup by eliminating the need to edit configuration files and restart services on the Plexxi Switch. The utility queries administrators for information, then configures the IP or hostname of the Plexxi Control software, time zone, network address, default gateway, SNMP management, and several network services, including NTP and DNS.

The px-setup commands require root/sudo privilege to modify core services. For example, logged into the switch as admin: $ sudo px-setup

To setup all switches and all network characteristics for a new install, use px-setup without arguments: $ sudo px-setup

To setup a new Plexxi switch added to an existing Plexxi fabric, use px-setup and define the switch by its MAC address: $ sudo px-setup –t MAC_Address

To configure a specific parameter in an existing Plexxi fabric, use px-setup with the protocol/network characteristic to configure. For example, to configure time zone: $ sudo px-setup-tz

Note: px-setup uses UTC by default for time zone. Plexxi recommends that you use UTC for Plexxi Switch and Plexxi Control.

IMPORTANT: Plexxi recommends that Plexxi Connect, Plexxi Control and Plexxi Switches all be connected to a reliable NTP service.

Determining Your Operating Environment

Determine whether the installed switches will use static IP addresses or DHCP.

For static IP, run px-setup without arguments to configure all parameters. $ sudo px-setup

For DHCP, determine which services DHCP configures in your environment, and which services you configure with px-setup. Refer to the Syntax below.

Syntax px-setup px-setup [-t switch,…,switch] px-setup --help

Command Function

px-setup Entering px-setup with no arguments queries for all service information and applies the configuration to all Plexxi switches on the fabric.

You can answer 'n' to omit service queries as they are prompted.

With no arguments, it configures ALL switches discovered by census info; in other words, all switches properly connected and detected on the Plexxi fabric.


Command Function

px-setup-controller

Configure the fully-qualified host name or IP address of the Plexxi Control server. This value was assigned when you deployed Plexxi Control on the Plexxi Control host.

px-setup-hostaddr Configure the host name and management IP address for each switch being configured.

px-setup-tz Set the time zone for each switch being configured.

Note: px-setup uses UTC by default for time zone. Plexxi recommends that you use UTC for Plexxi Switch and Plexxi Control.

px-setup-ntp Configure NTP for each switch being configured.

px-setup-dns Configure DNS for each switch being configured.

px-setup-snmp Configure SNMP for each switch being configured.

Options

-t MAC,…,MAC Specify one or more switches to configure. This is a comma delimited (no spaces) list of MAC address which uniquely identify the Plexxi switches.

If one or more switches is specified using the -t, only the listed switches are configured and only questions which apply to those switches will be posed. This option is recommended to configure an individual switch or multiple switches of a similar class (city, service-type, etc).

--help Display a help summary.

Examples $ sudo px-setup This asks a series of questions about all detectable

switches and common services, then applies the configuration to the switches.

$ sudo px-setup -t 01:02:03:aa:bb:cc This prompts and collects configuration information for a specified switch (01:02:03:aa:bb:cc) identified by its unique base MAC address. The configuration is applied to the specified switch only.

$ sudo px-setup -t 01:02:03:aa:bb:cc,55:44:ff:ee:bb:00

Specifies two switches. The utility queries about all services common to the specified switches, then applies the configuration on the specified switches.

$ sudo px-setup-ntp Queries only about NTP, then applies the configuration to all Plexxi switches.

$ sudo px-setup-ntp -t 01:02:03:aa:bb:cc

Queries only about NTP, then applies the configuration to only the specified switch.

$ sudo px-setup --help Displays a help summary.


Notes

The px-setup commands create a set of backup files of the puppet manifests it utilizes to distribute and apply the configuration. These are stored in the /var/opt/px-setup-backups directory in a subdirectory which uses a date-time format such as 2017-05-10_20-27. This directory is populated with configuration data (in an intermediary state) on all systems where the configuration is to be applied. To prevent disk over-usage, a limited set of backup files is retained. If an automated backup system is in place, it is advisable to collect the data in these directories.

The px-setup commands keep the output simple and clean. More detailed debug information can be found in /var/log/px-setup.log. This log is only produced on the switch where px-setup was executed. It is unique per switch and not shared or distributed.

px-ssl-install Install an SSL Certificate and Keys

The px-ssl-install utility enables administrators to install their own custom certificates and key pairs on the Plexxi switch. This tool places the files in the correct place in the file system and restarts the Plexxi client so that the client can import the certificate and keys.

Syntax px-ssl-install <cert> <key> px-ssl-install -h | --help

Where:

<cert> The path and name for the certificate file. Needs to be in curl format.

<key> The path and name for the key file. Needs to be in curl format.


Examples

The following command installs from local files: $ px-ssl-install file:///<certfile>.pem file:///<keyfile>.pem

The following command installs from a Web server: $ px-ssl-install http://<webserver>/<certfile>.pem http://<webserver>/<keyfile>.pem

px-sslgen Generate a Pair of Self-Signed SSL Keys

The px-sslgen utility generates two self-signed SSL keys for the Plexxi switch, one private key and one public key. All fields in the px-sslgen command are optional. The tool generates SSL certificates with default values.

Syntax px-sslgen -o | --output <output> px-sslgen -c | --country <country> px-sslgen -st | --state <state> px-sslgen -l | --location <location> px-sslgen -org | --organization <organization> px-sslgen -cn | --cname <cname> px-sslgen -em | --email <email> px-sslgen -a | --altname <alternate name> px-sslgen -ex | --expires <expires> px-sslgen -fp | --fileprefix <fileprefix> px-sslgen –h | --help


Optional Arguments

-o, --output The --output option specifies an optional output location. The default location is “simple1/”.

-c, --country The --country option specifies a value for the optional country field in SSL keys. The default value is US.

-st, --state The --state option specifies a value for the optional state field in SSL keys. The default value is New Hampshire.

-l, --location The --location option specifies a value for the optional location field in SSL keys. The default value is Nashua.

-org, --organization The --organization option specifies a value for the optional organization field in SSL keys. The default value is Plexxi.

-cn, --cname The --cname option specifies a value for the optional cname field in SSL keys. The default value is the system hostname.

-em, --email The --email option specifies a value for the optional email field in SSL keys. The default value is [email protected].

-a, --altname The --altname option specifies a value for the optional alternate name field in SSL keys. The default value is derived from the system hostname, FQDN, and interface IP addresses.

-ex, --expires The --expires option specifies a value for when the certificates expire in the expires field in SSL keys. The default value is 157680000 seconds (5 years).

-fp, --fileprefix The --fileprefix option specifies a prefix used when generating output files. The default value is server.


Examples

The following command generates two SSL keys, one private and one public, in the default directory “simple1/”: $ px-sslgen

The following command generates two SSL keys, one private and one public, in the current directory: $ px-sslgen –-output "./"

px-topology View and Diagnose the Plexxi Fabric Topology

The px-topology command can be used to view and diagnose the Plexxi fabric (topology).

Syntax px-topology -s|--show residual px-topology -s|--show vlan [vlan <VLAN>] [root <ROOT>] px-topology -t|--trace residual px-topology -t|--trace vlan <VLAN> [root <ROOT>] px-topology -t|--trace attachments px-topology -v|--validate px-topology -e|--state residual px-topology -e|--state vlan px-topology -c|--control px-topology -i|--info px-topology -h|--help


Optional Arguments

-s, --show The --show option displays the currently active paths from this switch to one or more root switches in the Plexxi network.

-t, --trace The --trace option sends trace packets from this switch to destination switches on the residual or VLAN (ISO) topologies. When tracing, you can specify the "attachments" argument to simulate actual lookup failures to follow attachments from this switch to the root switches the attachments reside on.

-v, --validate The --validate option uses trace packets to test if the topology is healthy. It outputs a status message that indicates success or failure of the topology.

-e, --state The --state option shows the state of active and backup paths for either the residual or VLAN (ISO) topologies. Failures are indicated in the output; for example, switch or uplink failures.

-c, --control Show the active list of Plexxi switches.

-i, --info Show information on the state of the last fitting transaction.


vlan The vlan (ISO) option filters results for a specific VLAN or root switch.


4 Managing Plexxi Switch Linux User Accounts and Authentication Methods

Plexxi Switch supports the following user authentication methods:

• Local switch authentication

• TACACS+

• RADIUS

• LDAP

These methods are described in this chapter.

In addition, this chapter describes how to enable the configuration authentication method.


Local Switch Authentication Local Linux and Plexxi CLI users can be created on each Plexxi switch. Linux users can be created on the switch platform using the Plexxi px-adduser utility. Each Plexxi switch user must be a member of one of the following pre-defined groups which give them their privileges:

IMPORTANT: Only an Administrator can create users.

px_administrator – This user Role provides root access to the Plexxi Switch through pre-arranged sudoers config file. Upon login, any px_administrator user has full administrator access to all Linux commands and utilities, via sudo.

px_operator – This Role provides normal, unprivileged access to the Linux system. It cannot, for example, create or edit user accounts. Upon login, a px_operator user has elevated sudo privileges for 'px-shell' only. In this way, the user has full configuration ability within the Plexxi CLI.

px_viewer - This user Role provides only viewing access in the Plexxi CLI, and NO access to Linux.

Adding a Local User Using the Plexxi px-adduser Utility Important: This is the preferred utility to use when adding a user.

Any Administrator can add a local user at the Linux prompt on the switch using the px-adduser utility:

1. Create the user by issuing this command and following the prompts: $ sudo px-adduser <username>

Important: The px-adduser utility is described in detail in Chapter 4, in the section, Adding a User - px-adduser. This section also provides options on how to script px-adduser without user interaction.

2. Respond to the prompts, assigning the appropriate group (px_administrator, px_operator, or px_viewer)

Accessing the Plexxi CLI As an Administrator

To access the Plexxi CLI, at the Linux prompt on the switch, a user with Administrator role must execute the command: $ sudo px-shell

In the Plexxi CLI, this user has full configuration privileges. Upon exiting the Plexxi CLI, this user is returned to their Linux shell until logout.

As an Operator

To access the Plexxi CLI, at the Linux prompt on the switch, a user with Operator role must execute the command: $ sudo px-shell

In the Plexxi CLI, this user has full configuration privileges. Upon exiting the Plexxi CLI, this user is returned to their Linux shell with read-only privileges until logout.

As a Viewer

Upon login, a user with Viewer role is placed directly in the Plexxi CLI with Viewer privileges. Viewer users do not have Linux access.


TACACS+ Authentication for a Switch

Overview TACACS+ support allows Switch users to be authenticated using TACACS+ using the standard Linux Pluggable Authentication Modules (PAM) infrastructure. In Release 3.0, this needs to be configured directly on each Plexxi switch. When enabled, users that log in to the Switch platform using ssh, will be authenticated using an external TACACS+ server, and placed in an Administrator, Operator or Viewer group as defined in the TACACS server configuration. The groups refer to the privileges as documented in the Local AAA feature.

Configuring TACACS+ Authentication on a Switch To configure TACACS for PAM authentication on a switch:

1. Configure TACACS+ PAM as described in TACACS+ PAM Setup, below.

2. If you are going to support remote users (as opposed to local users in /etc/passwd), then configure TACACS+ NSS as described in TACACS+ NSS Configuration page 30.

3. if you are using NSS, then add tacplus to the passwd and group lines in /etc/nsswitch.conf. For example:

# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and ìnfo' packages installed, try: # ìnfo libc "Name Service Switch"' for information about this file. passwd: compat tacplus group: compat tacplus

4. Enable TACACS+ using the pam-auth-update utility as described in Enabling the Authentication Method for a Switch, page 34.

5. if you are using TACACS+ NSS, restart the NSCD service: $ sudo service nscd restart

TACACS+ PAM setup For PAM, configure the /etc/tacplus.conf file with the following parameters:

Variable Description Valid values

server TACACS+ server. May have more than one entry.

server=HOSTNAME server=IP_ADDR server=HOSTNAME:PORT server=IP_ADDR:PORT

secret TACACS+ server secret. May have more than one entry. Each entry will be applied to the servers defined before the entry.

secret=PLAIN-TEXT-STRING

login TACACS+ authentication service. login=pap login=chap login=login DEFAULT is pap (suggest login=login)


Variable Description Valid values

service TACACS+ service for authorization and accounting

Don't care but the protocol wants it to be defined

protocol TACACS+ protocol for authorization and accounting

Don't care but the protocol wants it to be defined

timeout Timeout value in seconds The default value is 5 seconds

Example /etc/tacplus.conf server=1.2.3.4 secret=mySecret login=login service=linuxlogin protocol=ssh

TACACS+ NSS Configuration For NSS, configure the /etc/nss_tacplus.conf file with the following parameters:

Field name Description Example

server Comma separated list of TACACS+ servers

server 1.1.1.1 server 2.2.2.2:49 server 3.3.3.3,4.4.4.4

secret secret used to authenticate to the TACACS+ server

secret=PLAIN-TEXT-STRING

timeout timeout in seconds The default value is 5 seconds

debug enable debug logging

service service to query on TACACS+ server This is where UID and ROLE need to be defined

protocol The default value is ssh

Example /etc/nss_tacacs.conf server 1.2.3.4 secret mySecret timeout 2 service linuxlogin protocol ssh


RADIUS Authentication for a Switch

Overview Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

RADIUS support allows Switch users to be authenticated using RADIUS and the standard Linux Pluggable Authentication Modules (PAM). When enabled, users who log in to the Switch using SSH are authenticated using an external RADIUS server and placed in an Administrator, Operator or Viewer group as defined in the RADIUS server configuration. The groups refer to the privileges as documented in the Local AAA feature.

Configuring RADIUS Authentication on a Switch This feature needs to be configured directly on each Plexxi switch. Configure the RADIUS PAM module via the file /etc/pam_radius_auth.conf. Each line of the file consists of: <server_address>[:port] <secret> <timeout>

Where:

• server_address is either an IPv4 address or a FQDN.

• port or server port, is optional.

• secret is the RADIUS server secret.

• timeout is the server timeout value in seconds.

Example

Multiple lines may be provided to use multiple RADIUS servers. For example: /etc/pam_radius_auth.conf 1.2.3.4:500 mySecret 2 radius.plexxi.com plexxi_secret 5

Enabling RADIUS Enable RADIUS using the pam-auth-update utility as described in Enabling the Authentication Method for a Switch, page 34.


LDAP Authentication for a Switch

Overview LDAP allows Switch users to be authenticated using LDAP using the standard Linux Pluggable Authentication Modules (PAM) infrastructure. In Release 3.0, this needs to be configured directly on each switch. When enabled, users that log in to a switch using ssh will be authenticated using an external LDAP server, and placed in an Administrator, Operator or Viewer group as defined in the LDAP server configuration.

Configuring LDAP Authentication for a Switch When LDAP is configured, the nsswitch.conf file must be edited to use LDAP. In this case, LDAP is configured for passwd, group and shadow: # /etc/nsswitch.conf # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and ìnfo' packages installed, try: # ìnfo libc "Name Service Switch"' for information about this file. passwd: ldap compat group: ldap compat shadow: ldap compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sudoers: files ldap

Example: Configuring LDAP with SSL

Before configuring LDAP with SSL, make sure to copy your LDAP server's certificate to the switch. The 'tls_cacertfile' option in the nslcd config should point to wherever the certificate is located on the switch. # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldaps://172.17.1.150:636 # The search base that will be used for all queries. base dc=qa,dc=plexxi,dc=com # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn cn=annonymous,dc=example,dc=net #bindpw secret # The DN used for password modifications by root. #rootpwmoddn cn=admin,dc=example,dc=com # SSL options ssl on tls_reqcert demand tls_cacertfile /etc/ldap/slapd.crt # The search scope. #scope sub


Example: Configuring LDAP with TLS

Similar to the SSL configuration, before configuring LDAP with TLS make sure to copy your LDAP server's certificate to the switch. The 'tls_cacertfile' option in the nslcd config should point to wherever the certificate is located on the switch. # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://172.17.1.150:389 # The search base that will be used for all queries. base dc=qa,dc=plexxi,dc=com # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn cn=annonymous,dc=example,dc=net #bindpw secret # The DN used for password modifications by root. #rootpwmoddn cn=admin,dc=example,dc=com # SSL options ssl start_tls tls_reqcert demand tls_cacertfile /etc/ldap/slapd.crt # The search scope. #scope sub


Enabling the Authentication Method for a Switch To enable the authentication method for a switch:

Note: You must be logged in as administrator user.

1. Using sudo, enter the following command to run the interactive PAM (Pluggable Authentication Modules) configuration tool: sudo pam-auth-update

2. In the PAM configuration window, select the authentication method, then click OK. For example, to enable LDAP authentication:

3. Restart the nscd and nslcd services on the switch to finish applying the configuration. For example:

sudo service nscd restart sudo service nslcd restart


5 Debian Linux Commands for Switch Configuration

Some switch configuration settings are accomplished using Debian Linux commands as outlined in the sections that follow.

IMPORTANT: These commands are issued from the Linux Bash prompt, and may require sudo to execute.

NOTE: Refer to the Debian Linux man pages for command-specific information.

Configuring Clocks

Manually Setting the Time and Date You can manually set the time and date using the date command. For example: $ sudo date 05041322 Thu May 4 13:22:00 EDT 2017 $

Refer to the man page date[1].

Changing the Time Zone To change the time zone, Debian recommends reconfiguring the 'tzdata' package which is done with the command: $ sudo dpkg-reconfigure tzdata

When this is run, an interactive menu prompt is displayed for you to select the desired system time zone.

Setting Time Once with NTP The NTP protocol can be configured to continually keep system time synchronized using an NTP server. To perform a one-time setting of system time based on an NTP server, the ntpdate command can be used only if the NTP service is disabled. For example, the following uses an NTP server at IP address 1.1.1.1: $ sudo ntpdate 1.1.1.1

Refer to the man page ntpdate(8) for more details.

Configuring NTP The NTP client can be configured by editing the file /etc/ntp.conf. Details about this file's syntax can be found in the man page ntp.conf(5). The client itself is the executable 'ntpd' which also has more information in its man page ntpd(8).

The following is a generic example of an ntp.conf file. You must fill in values that make sense for your environment: $ cat /etc/ntp.conf # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> server 10.10.10.10 server 10.10.11.11 #server 0.debian.pool.ntp.org iburst #server 1.debian.pool.ntp.org iburst #server 2.debian.pool.ntp.org iburst #server 3.debian.pool.ntp.org iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient $

NTP can be started or stopped via 'monit' as follows: $ sudo monit start|stop ntpd

To persistently enable or disable NTP to run when the system boots, use 'update-rc.d' instead as follows: $ sudo update-rc.d ntp enable|disable


Configuring the IP Domain To configure the IP domain, use the domain or search fields in the file: /etc/resolv.conf

The following is a generic example of an resolv.conf file. You must fill in values that make sense for your environment: $ cat /etc/resolv.conf domain selab.plexxi.com search selab.plexxi.com. plexxi.com. ilab.plexxi.com. nameserver 172.18.1.2 nameserver 10.10.10.10 nameserver 10.10.11.11 nameserver 172.19.2.10 $

Refer to the resolv(5) man page.

The FQDN (fully-qualified domain name) should be set in the file: /etc/hosts

Refer to the hosts(5) man page

All DNS settings are in the /etc/resolv.conf file.

Configuring the Management Interface The following sections outline how to configure the management interface on a switch.

Configuring the IP Address of the Management Interface To change the management interface to static IP, in the /etc/network/interfaces.d/mgmt file, replace the dhcp configuration with the static IP address definition as follows:

For example, the syntax for DHCP: auto mgmt iface mgmt inet dhcp hwaddress e0:39:d7:00:26:7f

For example, the syntax for static IP: auto mgmt iface mgmt inet static address 192.168.2.7/16 gateway 192.168.2.1 hwaddress e0:39:d7:00:26:7f

Note: The 'address', 'gateway' and 'hwaddress' must be indented as shown; do not change.

Note: The 'hwaddress' line and the exact value that is put there by default MUST be kept in place for either static IP or DHCP; do not remove or change this value.

Configuring the MTU Size of the Management Interface The MTU size is set in the /etc/network/interfaces.d/mgmt file as part of the interface settings. For example, add the following line (indent the line):

mtu 9000

Note: The valid MTU range is 68 – 9216.


Enabling and Disabling the Management Interface To disable or enable the management interface, use the ifdown and ifup commands: $ sudo ifdown $ sudo ifup

To persistently disable the management interface, in the interfaces.d/mgmt file, comment out the auto mgmt. line. For example: # auto mgmt iface mgmt inet dhcp hwaddress e0:39:d7:00:26:7f

Configuring a VLAN on the Management Interface To configure a VLAN on the management interface, add a mgmt.VID statement into the/etc/network/interfaces.d/mgmt file. For example, to add VLAN ID 5 to the management interface: iface mgmt.5 inet static

Configuring IP Routes Use the post-up and pre-down directives of the /etc/network/interfaces.d/mgmt file to setup or tear down static routes as the interface is brought up or down.

Refer to the interfaces(5) man page and Debian documentation.

Configuring SNMP The SNMP client can be configured by editing the file /etc/snmpd.conf. Details about this file's syntax can be found in the man page snmpd.conf(5). The client itself is the executable 'snmpd' which also has more information in its man page snmpd(8).

The following is a generic example of an snmpd.conf file. You must fill in values that make sense for your environment: $ cat /etc/snmp/snmpd.conf sysname plexxi1 syslocation Nashua syscontact [email protected] authtrapenable 1 sysservices 10 sysObjectID .1.3.6.1.4.1.37341 master agentx rocommunity public

SNMP can be started or stopped at runtime using the 'service' command as follows: $ sudo service snmpd start|stop

To persistently enable or disable SNMP to run when the system boots, use 'update-rc.d' instead as follows: $ sudo update-rc.d snmpd enable|disable

Groups You can give a group of users the same access permissions to the same MIB view by defining a named group and assigning the users to the group.


Communities Refer to the snmpd.conf man page for detailed information on configuring SNMP communities.

A community name is used for basic authentication for SNMP v1 and v2c access. You can configure a community for read-only (ro) access to the entire MIB.

You can restrict community access by specifying a:

• predefined MIB view that is accessible for the community

• specific host or IP subnet that is allowed access with that community name

MIB Views You can constrain SNMP clients to a specific subset of the entire MIB using views. You define the view by giving it a name and an OID 'root' that is either included or excluded from the view. OIDs are alphanumeric. Refer to the snmpd.conf man page.

Supported SNMP Groups and MIBs

The following SNMP groups are implemented by Plexxi

systemGroup snmpEngineGroup

The following SNMP MIBs are implemented by Plexxi:

SNMP-MPD-MIB SNMP-USER-BASED-SM-MIB SNMP-VIEW-BASED-ACM-MIB HOST-RESOURCES-MIB

The following tables are implemented by Plexxi: ifTable ifXTable dot1dBasePortTable dot1dTpFdbTable dot3StatsTable lldpRemManAddrTable lldpRemTable dot1qTpFdbTable dot1qVlanCurrentTable dot1qVlanStaticTable

SNMP v3 User-Based Security Model Version 3 of SNMP introduced a user-based security model (USM) that includes options for user authentication and encryption of information in requests and responses. Each user can be assigned an authentication password using either MD5 or SHA-1 hashing algorithms. They can also be assigned a privacy (encryption) password using DES or AES encryption standards. Additionally, the user access and security are defined.


Copying Files to a Switch You can copy files to the switch at the Linux prompt using the Linux scp command.

For example, to copy a file namedresolv.conf from an admin workstation to a switch named 'bb2' and save it as my_resolv.conf: $ scp resolv.conf admin@bb2:~/my_resolv.conf admin@bb2's password: resolv.conf

To verify that the file is copied: $ ssh admin@bb2 [email protected]'s password: Linux bb2 3.16.0-4-px-amd64 #1 SMP Debian 3.16.36-1+deb8u2+plexxi.1 (2016-10-31) x86_64 Plexxi Switch - 3.1.0 For help with Plexxi Switch software or hardware, please contact Plexxi Care: email: [email protected] web: http://support.plexxi.com/ phone: +1.888.415.9809 admin@bb2:~$ pwd /home/admin admin@bb2:~$ ls my_resolv.conf admin@bb2:~$

Configuring SSH Keys on a Switch SSH Keys can be managed as described in the following subsections.

Regenerating SSH Host Keys on the Switch You might need to regenerate SSH host keys on the Plexxi switch as directed by IT policy or as otherwise needed. To regenerate SSH host keys on a switch, at the Bash prompt on the switch:

1. Delete the old SSH host keys: $ sudo rm /etc/ssh/ssh_host_*

2. Reconfigure the OpenSSH server: $ sudo dpkg-reconfigure openssh-server

3. Restart the SSH server: $ sudo monit restart sshd

4. As needed, update SSH keys on any client hosts that will be used to log into the switch.

Starting or Stopping the SSH service on the Switch To start or stop the SSH service on the switch: $ sudo monit start|stop sshd

Making SSH Persistent on the Switch To make SSH persistent on the switch: $ sudo update-rc.d ssh enable|disable

Also refer to the Linux update-rc.d(8) man page.


6 Saving Configuration Changes

Saving Configuration Changes You need to save the configuration information you enter using the CLI to have them persist across switch reboots and software upgrades.

If the switch configuration is changed while in CONFIG mode, an asterisk precedes the prompt to indicate that the configuration has changed.

For example, the banner command makes a configuration change: plexxi1(config)# banner motd "Hello, World" *plexxi1(config)# exit *plexxi1#

If you then save the running-config, the indicator disappears. To save your changes, use the following command: *plexxi1# copy running-config startup-config Building configuration... [OK] plexxi1#

The CLI parser accepts the shortest unambiguous substring for each command and parameter name. So the above will also work if all that is typed is copy run start.

Checking the Current Configuration To check the current state of the system configuration for those elements configured by px-shell, in the PRIV-EXEC mode, enter the command: plexxi1# show running-config ! service password-encryption ! ip domain-lookup ! ! line con 0 login line vty 0 4 login ! end plexxi#


7 Handling Files

Handling Files from the Debian Linux Prompt

Copying Files from a Remote System You can copy files from a remote system at the Linux prompt using the scp command.

Handling Files from the Plexxi CLI In the PRIV-EXEC mode of the Plexxi CLI, you can manipulate and list files using the copy, move, delete and dir commands available in that mode.

The CLI presents a local file system containing a single, unnamed directory. You cannot create or navigate nested directories. You can use the dir command to list the contents of the local file system: plexxi1# dir User Files: --------------------------------------------------------- 243264462 May 2 2016 17:27 2.3.0 380 May 6 2016 10:41 config 434 March 30 2016 16:37 test_config plexxi1#

• the first column shows the file size in bytes

• the second column shows the time/date the file was last written

• the third column shows the file name

running-config and startup-config When working with files, note that the special names:

• running-config refers to the current configuration

• startup-config refers to the saved configuration

Neither of these are housed in the visible local file system space.

Copy, Move, and Delete Examples The following example shows the use of the copy, move, and delete commands in the PRIV-EXEC mode of the Plexxi CLI. plexxi1# delete test_config plexxi1# dir User Files: --------------------------------------------------------- 243264462 May 2 2016 17:27 2.3.0 380 May 6 2016 10:41 config plexxi1# move config old_config plexxi1# dir User Files: --------------------------------------------------------- 243264462 May 2 2016 17:27 2.3.0 380 May 6 2016 10:41 old_config


plexxi1# copy running-config current_config plexxi1# dir User Files: --------------------------------------------------------- 243264462 May 2 2016 17:27 3.0.0 434 March 30 2016 16:44 current_config 380 May 6 2016 10:41 old_config plexxi1#

With that last example using copy, the current system configuration was built and saved to the destination filename.

File Copy with URL The copy command can use URLs for either the source or destination (not both). Using URLs with the copy command lets you copy files from a remote file server to the local switch file system and vice versa.

URLs follow the general form: protocol://[username[:password]@]host[:port]/path/filename

where username, password and port can be optionally included in the URL. The following protocols are supported:

• http

• scp

• sftp

• ftp

• tftp.

SCP and SFTP

You could be prompted for either or both a username and password if they are not embedded in the given URL. You can opt to always leave the password information out of the URL so that it is not shown on the screen in plain text. When prompted for password information, the characters will not be echoed to the screen. For example: plexxi1# copy current_config sftp://me@my_server/configs/my_switch/oct3_config Password: ****** plexxi1# plexxi1# copy scp://release_server/releases/*_3.0.0.tar.gz latest_release Username: admin Password: ****** plexxi1#

HTTP and FTP

A username and password might or might not be needed. You will not be prompted unless a username is embedded in the URL but no password is included.

TFTP

Any username or password info embedded in the URL is ignored.


8 Upgrading the Plexxi Switch Software to Release 4.0.0

Upgrading switches in a Plexxi fabric to Release 4.0.0 involves three primary steps:

1. If upgrading from a pre-3.3.0 release, run an MLAG script.

2. Upgrade the switch software on the switches.

3. Implement the IS-IS protocol on the fabric.

4. Run a fit.

Preparing to Upgrade from a Pre-3.3.0 Release Before upgrading a Switch from a pre-3.3.0 release, if you have Link Aggregation Groups with member ports on different switches (MLAG), and you are running STP/Loopguard in your environment connected to Plexxi, please contact Plexxi Support for a pre-upgrade script, pre-upgrade-3.3-MLAG.sh.

Upgrading the Switches To upgrade a Plexxi switch to Release 4.0.0, perform the upgrade using the Plexxi Control UI by following the instructions in the Plexxi Control Online Help.

Implementing the IS-IS Protocol To switch to the new IS-IS based mechanism for fabrics that have been upgraded to Release 4.0.0, from the px-shell on any Plexxi switch in the fabric, issue the following CLI command: fabric protocol-change l2isis

IMPORTANT: Issuing this command might create a short interruption in seconds to traffic forwarding.

Running a Fit After upgrading a Plexxi switch to Release 4.0.0 and switching to the new IS-IS fabric management mechanism, Plexxi recommends that you use the Plexxi Control UI to configure and perform a new fit. Refer to the Plexxi Control Online Help for instructions.


9 In-Band Management

Overview Prior to release 2.4.0, network access to Plexxi Switches was solely through the management Ethernet port on the I/O panel. This management port was external – or out-of-band – to the Plexxi fabric. Each switch needed to have this external port connected to achieve console action via SSH and connectivity to Plexxi Control.

In-band management allows network management access via a I/O panel access port on a single Plexxi switch in the fabric. For redundancy, additional Plexxi switches can be connected via access ports by creating an MLAG. All other Plexxi switches communicate via the confluent fabric to one of the Plexxi switches in the management LAG.

As illustrated below, for in-band management, a configured 4-port LAG (2 Plexxi switches 2 access ports each) is connected to external routers or switches that provide connectivity to Plexxi Control and other management tools and applications that reside on a customer server. The Plexxi switches pass management information within the configured VLAN over the Plexxi fabric.


Configuring In-Band Management Initial configuration of in-band management is done via the CLI. Adding additional external ports to create a management MLAG is done through Plexxi Control. The inband-management config command creates a VLAN group and a LAG and notifies Plexxi Control of all configured parameters. Once created, the VLAN group and LAG can be modified using the Plexxi Control UI, however they cannot be deleted (except by deleting the entire in-band management configuration).

Note: Refer to the related Plexxi CLI command descriptions that follow the procedure.

To configure an In-Band Management interface:

1. Log into the switch via a console session using:

• 115.2 Kb/s

• 8 data bits

• 1 stop bit

• No Parity

2. Open the px-shell. At the Bash prompt, enter the sudo px-shell command and then enter the administrator password. For example: admin@plexxi1:~$ sudo px-shell [sudo] password for admin: . . . plexxi1>

3. Enter the enable command to access the PRIVILEGED EXEC mode. For example: plexxi1> enable plexxi1#


4. At the # prompt, enter the following command to configure in-band management:

For DHCP: inband-management config port xp2 speed 1G vlan 20 native true ipmode dhcp

For static IP: inband-management config port xp2 speed 1G vlan 20 native true ipmode static

You can then change to/from dhcp or static with inband-management config dhcp true

5. For static IP, on each Plexxi switch in the fabric, you need to issue the following command with a unique IP address for each switch: inband-management config ip ipaddress[/CIDR]

6. For static IP, you can configure a gateway: inband-management gw add ip_address

Example inband-management config gw add 172.18.1.1

7. When finished, from the PRIV-EXEC mode, to exit the Plexxi Shell and return to the Bash prompt: plexxi1# logout admin@plexxi1:~$

Continue in Plexxi Control

8. Log into the Plexxi Control UI.


9. When in-band management is initially configured via the CLI, a default LAG is created. This LAG can be modified (ports added, removed, switches added or removed (MLAG)), however it can not be deleted. To modify the default LAG, in Plexxi Control:

a. Select Configuration > Link Aggregation Groups > Edit.

b. In the LAG edit window, select the InbandMgmtFabricID LAG from the list.

Where FabricID is a 4-character fabric identifier.

c. Under Lag Members, you can add or remove ports on the current switch, and add other switches and ports to create an MLAG.

d. When finished with changes to the LAG/MLAG, click Apply.

e. Click Done.

10. Configure VLANs for in-band management as follows:

a. Select Configuration > VLANs > Assignments > Edit.

b. Enter the VLAN ID, InbandMgmtFabricID, in the search field.

Where FabricID is a 4-character fabric identifier.

c. For Native VLANs, check the Native checkbox. The preconfigured VLAN appears in the main panel. You can add and remove ports and switches from the configuration.

d. When completed, click Apply.

Related Plexxi CLI Commands The in-band-management CLI commands are valid in the PRIV-EXEC mode of the CLI, which is available by entering the enable command from the initial EXEC mode. inband-management config port

Use this command to initially configure in-band management.

Syntax inband-management config port xp## [speed #G] [vlan vlanid native (true | false)] ipmode (dhcp | static)

where:

port – Local access port on which to configure in-band management. This is entered as xp##.

speed – Port speed for the access port. Valid values are 1000, 1G, 10000, 10G.

vlan – The VLAN used for in-band management. Valid values are 1-4000.

native – Configure whether the in-band management VLAN is untagged (native) or tagged.

• true = Untagged

• false = Tagged

ipmode – Configure whether the in-band management address is DHCP or static IP:

• dhcp = Configures DHCP for in-band management.

• static = Configures static IP for in-band management.

Examples




inband-management config dhcp After initially configuring in-band management, you can change to/from DHCP or static IP using this command.

Syntax inband-management config dhcp (true | false)

inband-management config ip If static IP is used, use this command to configure the static IP address for in-band management. If you use static IP, you must issue this command on every switch in the Plexxi fabric, with a unique IP address for each switch.

Syntax inband-management config ip ipaddress[/CIDR]

where:

ipaddress – The unique static IP address for in-band management on the switch you are logged into.

/CIDR – Optional: Specifies a subnet using CIDR (Classless Inter-Domain Routing) notation.

Example inband-management config ip 192.168.1.100/24

inband-management delete Use this command to delete in-band management on the switch that you are logged into.

Syntax inband-management delete

inband-management gw add Use this command to add a gateway for inband management.

Syntax inband-management gw add ip_address

Example inband-management config gw add 172.18.1.1

show inband-management This command shows the in-band management configuration or ‘No inband configuration’ if none is configured

Syntax show inband-management


10 Configuring LightRails

Overview A Plexxi fabric is a mesh of connectivity between switches. The cabling and optics required to create this mesh is called the Plexxi LightRail. Plexxi's LightRail provides the physical connectivity between Plexxi switches in a Plexxi mesh.

The Plexxi switch models support slightly different flavors of LightRail connectivity: currently LightRail 1, LightRail 2 and LightRail 3 as defined in the following sections.

LightRail 1 LightRail 1 supports 10 GbE links between Plexxi switch uplink ports. Each Plexxi switch in the fabric connects directly to 5 neighbors to its East and 5 neighbors to its West through 4x10, 2x10, 2x10, 2x10, 2x10 GbE connections in each direction. This connectivity is provided through the use of WDM optics in Switch models 1x, 2 and 2s, or through the use of the Pod Switch Interconnect (PSI) for Switch models 2p, 2sp, 2e and 3eq.

LightRail 2 (Switch 3eq) LightRail 2 supports 25 GbE links between Plexxi switch uplink ports. Each Plexxi switch in the fabric connects directly to 5 neighbors to its East and 5 neighbors to its West through 4x25, 2x25, 2x25, 2x25, 2x25 GbE connections in each direction. This connectivity is provided through the use of PSI devices using 25GbE PSM4 optics. Switches connected using LightRail 2 cannot interoperate with LightRail 1 based switches. LightRail 2 is used with Plexxi Switch 3eq.

LightRail 3 (Switch 3eq) LightRail3 supports either 4x25 GbE or 1x100 GbE connectivity modes. The 1x100 mode enables four 25 GbE channels to remain parallel between any two pair of switches, effectively creating a single 100 GbE fabric link. LightRail3 delivers either 4x25 GbE or 1x100 GbE to each of 4 neighbors east and west. LightRail 3 is used with Plexxi Switch 3eq.

When the 1x100 mode is configured, Forward Error Correction (FEC) is automatically enabled.

LightRail3 uses CWDM4 or LR4 optics. The optics used must be consistent on both sides of a connection.

On Switch 3eq, a single LightRail3 uses the rightmost 8 QSFP ports 25-32. A second LightRail3 uses the next 8 QSFP ports 17-24. The first two QSFP ports (25 and 26) in the first LightRail 3 are the confluent fabric ports. Refer to the following guide:

Switch 3eq Hardware Installation and Administration Guide

For limited size deployments, you can use direct cabling with DAC or AOC cables.

Refer to the Plexxi Connectivity Guide for supported cables.

User Interface and Workflow Details This is an overview of the steps to install and configure Switch 3eq:

1. Install the switch in the rack.

2. Determine the number and type of LightRails as follows. The default configuration for all switches is two LightRails.

• Two LightRail 1 or LightRail 2 LightRails.

• One LightRail 1 or LightRail 2 LightRail.


• Two LightRail 3 LightRails.

• One LightRail 3 LightRail.

3. Install the LightRail cables.

• LightRail 1 or LightRail 2: These LightRails use 6 QSFP ports per LightRail or 12 for twoLightRails. The first LightRail uses QSFP ports 27-32 (ports 105-128). The second LightRail uses QSFP ports 21-26 (ports 81-104)

• LightRail 3 (Switch 3eq only): These LightRails use 8 QSFP ports per LightRail or 16 for twoLightRails, The first LightRail uses QSFP ports 17-24 (ports 65-96). The second LightRail uses QSFP ports 25-32 (ports 97-128).

• Cables: Refer to the Plexxi Compatibility Matrix document for cable compatibility and part numbers.

4. Configure the LightRails using the CLI commands as outlined in the next section.

5. Reboot the switch(es).

The switch is ready to use.

CLI Commands to Configure LightRails The following commands are used to configure the LightRails:

Note: These commands are described in detail in the reference chapter, CLI Command Reference: PRIV-EXEC Mode.

For LightRail Type 3 (Switch 3eq only)

• fabric lightrails

• fabric egress-rate

For LightRail Type 2

• fabric lightrails (for LightRail Type 2 on Switch 3eq)

• fabric redirect (for Switch 2, 2s and 2e in DCI mode)

• fabric egress-rate (for LightRail Type 2 on Switch 3eq or Switch 2e)

• fabric speed (for LightRail Type 2 on Switch 3eq or Switch 2e)

For LightRail Type 1

• fabric lightrails (for LightRail Type 1 on Switch 3eq)

• fabric redirect (for Switch 2, 2s and 2e in DCI mode)

• fabric egress-rate (for LightRail Type 1 on Switch 3eq)

• fabric speed (for LightRail Type 1 on Switch 3eq)


11 Switch 2e DCI mode

The Switch 2e DCI (Data Center Interconnect) mode remaps the front panel ports used for Plexxi fabric uplinks from the 6 QSFP ports to the rightmost 24 SFP+ ports. The use of SFP+ ports for data center interconnect provides simpler and more flexible cabling options. In DCI mode, the QSFP ports are used as access ports, therefore no switch capacity is lost.

Operation Using CLI commands, Switch 2e QSFP ports can be remapped to SFP+ ports that can be used in DCI environments to connect data centers. This enables you to extend the Plexxi fabric out to multiple data centers.

Normally, the QSFP interfaces (and the 10 GbE ports behind them) are uplink (fabric) ports while the SFP+ ports are access ports. To attach the Plexxi fabric to a remote data center, it may be more convenient to use SFP+ ports as uplinks. This requires that some or all of the Plexxi fabric on the switch be remapped from QSFP ports to SFP+ ports.

Modes of operation Modes of Operation determine the use of the QSFP ports and the right-most 24 SFP ports in a Switch 2e. The mode used determines how the Plexxi fabric is configured on that switch and how that switch connects to switches within the local data center as well as to other data centers. Switch 2e ports can be operated in Normal mode or in DCI mode as defined in the following table:

Modes Port Type Port Name/Number

Normal mode

west-east

West = QSFP East = QSFP

West = Q1 East = Q2

DCI mode

east-sfp

West = SFP East = QSFP

West = xp25 East = Q2

west-sfp

West = QSFP East = SFP

West = Q1 East = xp26

west-sfp-east

West = SFP East = SFP

West = xp25 East = xp26

A switch in east-sfp mode, connects to its east neighbor using its west SFP ports, and it connects to its west neighbor using east QSFP ports. A switch in west-sfp mode does the exact opposite – the west neighbor is connected via east SFP ports and the east neighbor is connected via west QSFP ports. Finally, a switch in west-sfp-east mode connects to both neighbors using SFP ports.


Switch2e DCI CLI Command: fabric redirect The fabric redirect command, in the Priv-Exec commands in the Plexxi CLI, supports DCI mode on Switch 2e.

Syntax fabric redirect (west-sfp | east-sfp | west-sfp-east | west-east) (east-speed | west-speed) (east-egress-rate | west-egress-rate)

Argument Description Values

west-east From West to East (default).

west-sfp Remaps the twelve 10GbE uplinks represented by the top 3 QSFP ports (Q1, Q3, Q5) to the last 12 SFP+ top ports (odd-numbered ports 25-47). The QSFP ports become access ports.

east-sfp Remaps the twelve 10GbE uplinks represented by the bottom 3 QSFP ports (Q2, Q4, Q6) to the last 12 bottom SFP+ ports (even-numbered ports 26-48). The Q2, Q4 and Q6 become access ports

west-sfp-east Remaps both west and east QSFP ports to the corresponding SFP+ ports. All QSFP ports become access ports.

Also set the west and east speeds and egress rates.

east-speed

or

west-speed

Set the line speed of the East or West confluent fabric.

10G Set speed to 10 Gb/s.

1G Set speed to 1 Gb/s.

The default is 10G.

east-egress-rate

or

west-egress-rate

Configure the east or west confluent fabric egress shaping.

Set the value of egress rate in Mbps; it cannot be more than the line speed.

<1-10000> Set to the provisioned rate for the service.

1000 = 1 Gb/s and 400 = 400 Mb/s.

These commands require a value. Once set, to remove any shaping on a link, the command must be given with the full line speed as the value.


Description

When used on a Switch 2e, this command configures (remaps or redirects) all Switch 2e east, west, or east-and-west Plexxi fabric pathways from QSFP ports to corresponding SFP+ ports, as defined by the following mapping arguments:

QSFP west port To SFP+ west ports QSFP east port To SFP+ east ports

Q1 25, 27, 29, 31 Q2 26, 28, 30, 32

Q3 33, 35, 37, 39 Q4 34, 36, 38, 40

Q5 41, 43, 45, 47 Q6 42, 44, 46, 48

When you execute the fabric redirect command and modify the redirect mode, the switch must be rebooted for the configuration to be updated. Changing the speed or egress shaping does not require a reboot.

For example, reboot the switch as prompted when the following command is issued: fabric redirect west-sfp The fabric engagement mode is being changed. This will cause a reboot. You want to reboot? (y/n)y

Note that a reboot is required only when changing the fabric engagement mode. Changing speed and/or egress rate for a switch using the current engagement mode will take effect immediately. For example, to change the speed and egress shaping on a switch currently in west-sfp enter the following command. fabric redirect west-sfp east-speed 1G east-egress-rate 400

A reboot is not required.

Switch 2e I/O Panel Ports The following figure shows the Switch 2e I/O panel QSFP and SFP ports and identifies ports used for redirection from QSFP to SFP.

Switch 2e

QSFP portsUpper = Q1, Q3, Q5Lower = Q2, Q4, Q6

Normal mode: Uplink portsDCI mode: half or all ports

become Access ports.

SFP+ portsUpper = Odd ports 25 - 47Lower = Even ports 26 - 48Normal mode: Access portsDCI mode: half or all ports

become Uplink ports.

SFP+ portsUpper = Odd ports 1 - 23Lower = Even ports 2 - 24

Access ports

Q1 = ports 49 - 52Q2 = ports 53 - 56Q3 = ports 57 - 60Q4 = ports 61 - 64Q5 = ports 65 - 68Q6 = ports 69 - 72


12 Fabric Link Encapsulation (FLE)

Overview The Plexxi Data Center Interconnect solution relies on Layer 1 or fully transparent Layer 2 connectivity for fabric links between sites. Any Layer 2 learning device in the paths created for fabric links will interfere with correct operation of the Plexxi fabric. In the event that true L1 or fully transparent L2 connectivity cannot be guaranteed, fabric link encapsulation capability is available. By encapsulating the packets traversing these fabric links, a tunnel is created between Plexxi switches through any intermediate devices and issues that result from network learning at these intermediate devices are eliminated.

Due to the capabilities of the switching chipset within the Plexxi switch, fabric link encapsulation requires two passes through the chipset to operate. For packets egressing the Plexxi switch on an encapsulated fabric link; the initial pass through the switching element determines regular packet forwarding out the fabric link and the second pass adds the necessary encapsulation. As a result, an encapsulated fabric port uses 3 ports on the switching device.

For packets received from the DCI link, on ingress, the first pass removes the encapsulation, and passes un-encapsulated packets into a second pass for regular fabric link packet processing.

These ports involved in the packet encapsulation process are designated as:

• Uplink Port – the switch fabric port that is to be encapsulated.

• Loopback Port – the internal (external on Switch 2e and Switch 3eq) switch port which is the ingress for the second pass to encapsulate packets.

• Egress Port – the internal (external on Switch 2e and Switch 3eq) switch port to be used to forward the encapsulated packets, attached to the circuit connecting two Plexxi switches in DCI mode.

For example, consider a Plexxi Switch 2 set to “east-flexx” DCI mode. In this case, fabric port xp53 is connected to I/O panel port xp71 due to the fabric engagement mode. To encapsulate this fabric link, we pick two other switch ports for the loopback and egress ports – e.g. xp87 and xp88.

In this example, a packet that is processed to egress regular fabric port xp53 is sent back into the switch via xp87. Processing for xp87 adds the encapsulation layer and directs the packet to egress port xp88. Port xp88 is connected to I/O panel port xp71 where the physical DCI cabling is in place. Similarly, an encapsulated packet entering the switch via port xp71 is de-encapsulated at switch port xp88 and egresses un-encapsulated on port xp87. The packet leaving xp87 is sent in turn to xp53 and processed in the normal fabric port way.

Plexxi Switch 2’s unique hardware design allows internal hardware re-wiring capabilities to provide the paths described above. In this case, no additional external cabling is required. For switch 2e, internal wiring is not possible and external cabling is required.


Configuring DCI L2 FLE on Plexxi Switches 2, 2s, 2p, 2sp Fabric Link Encapsulation (FLE) is configured via the Plexxi switch CLI.

For Plexxi switches 2, 2s, 2p, 2sp, you loop the uplink path internally as illustrated in the following figure. Network cables remain plugged into their original connectors. Only a single command is required to complete this configuration. In this command, you need to provide the uplink port number, loopback port number, and egress port number.

To configure DCI L2 fabric link encapsulation on Plexxi switches 2, 2s, 2p, 2sp in both directions between two switches:

1. Plan the ports to be used.

Note: You can use the Plexxi Control UI to help determine which switch ports are available to be used as loopback and egress ports for encapsulation. A switch port graphic window is available in Plexxi Control. The I/O panel graphic identifies currently used ports and available ports. Unavailable ports are grayed out.

2. Log into the switch via SSH or through the terminal access in Plexxi Control.



For example: admin@plexxi1:~$ sudo px-shell [sudo] password for admin: . . . *plexxi1>




5. Enter the following command to configure the DCI FLE: fabric-encap create uplink-port UplinkPort

<loopback-port LoopbackPort [internal]> <egress-port EgressPort [front-panel-port <xp#>]> [vlan <VLAN>]

For example, for the Switch 2 DCI East-Flexx example (that follows this procedure): fabric-encap create uplink-port xp53 loopback-port xp87 internal egress-port xp88

For example, for the Switch 2 DCI West-Flexx example (that follows this procedure): fabric-encap create uplink-port xp54 loopback-port xp80 internal egress-port xp81

6. Enter the following command and verify that the tunnel is configured: show fabric-encap configuration

7. Return to the EXEC mode: exit

8. Logout of the switch.

9. Repeat the steps for to create a DCI L2 FLE tunnel in the reverse direction.

The link is ready to use.


Example: Switch 2 East-Flexx Consider a Plexxi Switch 2 set to East-Flexx DCI mode. In this case, fabric port xp53 is connected to I/O panel port xp71 due to the fabric engagement mode. To encapsulate this fabric link, we pick two other available switch ports for the loopback and egress ports – e.g. xp87 and xp88. Encapsulated packets exit the switch through I/O panel port xp71, the original DCI uplink port. There is NO impact on cabling. fabric-encap create uplink-port xp53 loopback-port xp87 internal egress-port xp88

Example: Switch 2 West-Flexx Consider a Plexxi Switch 2 set to West-Flexx DCI mode. In this case, fabric port xp54 is connected to I/O panel port xp72 due to the fabric engagement mode. To encapsulate this fabric link, we pick two other available switch ports for the loopback and egress ports – e.g. xp80 and xp81. Encapsulated packets exit the switch through I/O panel port xp72, the original DCI uplink port. There is NO impact on cabling. fabric-encap create uplink-port xp54 loopback-port xp80 internal egress-port xp81


Configuring DCI L2 FLE on Plexxi Switch 2e Fabric Link Encapsulation is configured via the Plexxi switch CLI.

For Plexxi Switch 2e, you must externally loop the path from the uplink port to the loopback port as illustrated in the following figure. You also need to define a new uplink port for the encapsulated packets to egress the switch.

To configure DCI L2 fabric link encapsulation on Plexxi switch 2e in both directions between two switches:

1. Plan the ports to be used,


2. Physically unplug the uplink cable from the Uplink port (disconnect the cable that connects from the Uplink port to the customer cloud/device).

3. Connect a loopback cable from the uplink port to the loopback port.

4. Plug the uplink cable into the new egress port.








8. Enter the following command to configure DCI FLE: fabric-encap create uplink-port UplinkPort

<loopback-port LoopbackPort [internal]> <egress-port EgressPort> [vlan <VLAN>]

For example, for the Switch 2e W-SFP DCI example (that follows this procedure), if you want to encapsulate uplink port xp26, the following command applies: fabric-encap create uplink-port xp26 loopback-port xp27 egress-port xp29







Example: Switch 2e W-SFP Consider a Plexxi Switch 2e set to W-SFP DCI mode. In this example, I/O panel port xp26 is the uplink port to be encapsulated. To encapsulate this fabric link, we pick two other available switch ports for the loopback and egress ports – for example, access port xp27 for loopback and either xp29 (access port) or xp38 (uplink port) for the egress port. The network cable must be unplugged from I/O panel port xp26 and plugged into either xp27 or xp38, whichever is configured as the egress port. A Loopback cable must be connected between I/O panel port xp26 and port xp27.

Notes:

• If you want to use uplink ports for either the loopback or egress port, the available uplink ports depend partly on the current and future planned confluent fabric size. For example, for W-SFP, with a confluent fabric size =1, port xp28 may be available. With a confluent fabric size =2 egressing port xp30 may be available. With a confluent fabric size =4 port xp34 may be available. it is assumed that xp38, an uplink port, is available to be used for FLE.

• In this example, ports xp27 and xp29 are available access ports, not currently used or planned for future use.

If you use xp29 as the egress port, the following command applies: fabric-encap create uplink-port xp26 loopback-port xp27 egress-port xp29


For example:


Example: Switch 2e SFP-E Consider a Plexxi Switch 2e set to SFP-E DCI mode. Packets routed to uplink port xp25 are looped back through Loopback (access) port xp26, encapsulated, egress through Egress port xp28, and exit the switch through I/O panel Uplink port xp28. The network cable must be unplugged from port xp25 and plugged into port xp28. A Loopback cable must be connected between I/O panel port xp25 and port xp26.

Notes:

• If you want to use uplink ports for either the loopback or egress port, the available uplink ports depend partly on the current and future planned confluent fabric size. For example, for W-SFP, with a confluent fabric size =1, port xp27 may be available. With a confluent fabric size =2 egressing port xp29 may be available. With a confluent fabric size =4 port xp33 may be available. it is assumed that xp37, an uplink port, is available to be used for FLE.

• In this example, ports xp27 and xp29 are available access ports, not currently used or planned for future use.



For example:


Configuring L2 FLE on Plexxi Switch 3eq Fabric Link Encapsulation is configured via the Plexxi switch CLI.

For Plexxi Switch 3eq, you must externally loop the uplink port to be encapsulated/decapsulated to the selected loopback port as illustrated in the following figure. You also need to define a new uplink port for the encapsulated packets to egress the switch.

To configure L2 fabric link encapsulation on Plexxi switch 3eq in both directions between two switches:

IMPORTANT: For switch 3eq, you must make sure that the uplink port, loopback port and egress port are all set to the same port speed. The QSFP28 Port Mode which sets the port speed for access ports on a port-by-port basis is set using Plexxi Control as described in the Plexxi Control Help.

IMPORTANT: This procedure assumes that breakout cables are already installed on any LightRail QSFP ports that are part of the encapsulation.

IMPORTANT: For FLE connections in a Switch 3eq, breakout cables must be installed on all QSFP ports that contain a FLE port connection. These breakout cables split out the SFP ports to make them available for FLE.

1. Plan the ports to be used,


2. Physically unplug the uplink connector, on the breakout cable, from the Uplink port that connects from the Uplink port to the customer cloud/device. If this is a pre-existing configuration and a breakout cable is not installed, you need to install a breakout cable and redesign any related cabling.

IMPORTANT: Changing the cabling, especially in a LightRail, can be complex. Contact Plexxi Support with any questions and assistance regarding FLE.

3. Connect a loopback cable from the uplink port (breakout cable port) to the loopback port (another breakout cable port). If the loopback connects to a different QSFP port, that port must also contain a breakout cable.

4. Plug the uplink cable into the new egress port.








8. Enter the following command to configure FLE: fabric-encap create uplink-port UplinkPort

<loopback-port LoopbackPort [internal]> <egress-port EgressPort> [vlan <VLAN>]

Refer to the examples that follow.







Example: Switch 3eq LightRail 1 West Port Encapsulation Consider a Plexxi Switch 3eq with one LightRail and where uplink port XP116 in LightRail 1 West needs to be encapsulated. To encapsulate this fabric link, we pick two other available switch ports for the loopback and egress ports – for example, access ports xp99 for loopback and xp96 for the egress port.

Notes:

• If you want to use uplink ports for either the loopback or egress port, the available uplink ports depend partly on the current and future planned confluent fabric size. For example, with a confluent fabric size = 4, West ports xp105 - 108 are unavailable.

• In this example, access ports xp96 and xp99 are available; not currently used or planned for future use.

The following command configures this encapsulation: fabric-encap create uplink-port xp116 loopback-port xp99 egress-port xp96

For example:

IMPORTANT: This example assumes that access QSFP ports 24 and 25 and LightRail 1 QSFP port 30 contain breakout cables. If not already done, breakout cables must be installed. Changing the cabling, especially in a LightRail, can be complex. Contact Plexxi Support with any questions and assistance regarding FLE.


Example: Switch 3eq LightRail 1 East Port Encapsulation Consider a Plexxi Switch 3eq where uplink port XP120 in LightRail 1 East needs to be encapsulated. To encapsulate this fabric link, we pick two other available switch ports for the loopback and egress ports – for example, uplink ports xp125 for loopback and xp126 for the egress port.

Notes:

• If you want to use uplink ports for either the loopback or egress port, the available uplink ports depend partly on the current and future planned confluent fabric size. For example, with a confluent fabric size = 4, East ports xp109 - 112 are unavailable.

• In this example, uplink ports xp125 and xp126 are available; not currently used or planned for future use.

• The following command configures this encapsulation:

• fabric-encap create uplink-port xp120 loopback-port xp125 egress-port xp126

For example:

IMPORTANT: This example assumes that LightRail 1 QSFP ports 31 and 32 contain breakout cables. If not already done, breakout cables must be installed. Changing the cabling, especially in a LightRail, can be complex. Contact Plexxi Support with any questions and assistance regarding FLE.


CLI Commands The following commands are used to configure, show and delete DCI fabric link encapsulation: fabric-encap create show fabric-encap configuration fabric-encap delete

Note: When configuring encapsulation and determining ports, to avoid confusion, think in terms of outgoing packet direction where packets are to be encapsulated and sent over DCI; not in terms of incoming packets from a DCI connection.

The fabric-encap commands must be executed from the PRIV-EXEC mode of the CLI. To access this mode, after logging into the switch, enter the enable command. You should be at a prompt similar to: Plexxi1#


13 BGP-EVPN

About BGP-EVPN Within a Plexxi fabric, L2 VPN and MAC attachment information is exchanged using the Plexxi control plane. For VXLAN environments where VXLAN tunnels extend beyond the Plexxi fabric, Plexxi supports BGP – MPLS Based Ethernet VPN (EVPN) standard (see https://tools.ietf.org/rfc/rfc7432.txt) which enables Plexxi switches to exchange MAC attachment information with devices outside a Plexxi fabric or with another Plexxi fabric.

Configuring BGP-EVPN on Each Plexxi Switch IMPORTANT: Before you configure L2 VPNs in the Plexxi Control UI, if BGP-EVPN is used, you need to set up and enable BGP-EVPN on each switch as described in this chapter.

Execute the commands described in this section on each Plexxi switch that needs BGP-EVPN configured. The commands in this section are examples. For further information on these commands, refer to the command descriptions in the sections that follow.

Note: Switch “Plexxi1” is being configured in these examples.

Enter the terminal config mode: plexxi1#configure terminal plexxi1(config)#

The following command configures BGP with autonomous system number 65000, and enters the router mode: plexxi1(config)#router bgp 65000 plexxi1(config-router)#

This command is issued in the router mode. To configure a peer with its AS # 65000: plexxi1(config-router)# neighbor 192.168.10.4 remote-as 65000

The next 4 lines are optional. They combine multiple peers that share the same configuration data into one peer-group. plexxi1(config-router)# neighbor plexxi-ibgp peer-group plexxi1(config-router)# neighbor plexxi-ibgp remote-as 65000 plexxi1(config-router)# neighbor 192.168.10.1 peer-group plexxi-ibgp plexxi1(config-router)# neighbor 192.168.10.2 peer-group plexxi-ibgp

Configure the L2 VPN routing exchange and enter the address-family mode: plexxi1(config-router)# address-family l2vpn evpn plexxi1(config-router-af)#

Enable the EVPN address family for a specified peer: plexxi1(config-router-af)# neighbor 192.168.10.4 activate

Advertise EVPN routes from all the configured VNIs: plexxi1(config-router-af)# advertise-all-vni

Exit the address-family mode: plexxi1(config-router-af)# exit-address-family


The following sections provide command descriptions and syntax for commands used above.

address-family This command is used to configure routing exchange between Provider Edge (PE) devices.

The BGP sessions between PE routers can carry different types of routes (L2 VPN-EVPN, IPv4). Address families are used to control the type of BGP session. Configure a BGP address family to carry L2 VPN-EVPN routes between PE routers. All non L2 VPN-EVPN BGP neighbors are defined using the Router mode. All L2 VPN-EVPN BGP neighbors are defined under its associated Address Family mode. The BGP process with no address-family specified is the default address-family.

To enter an address family mode, in the Router mode, enter the address-family command. To exit the address-family mode and return to the Configure mode, use the exit-address-family command.

Use the no parameter with this command to disable the address-family configurations.

Command Syntax

To configure routing exchange between PE devices: address-family l2vpn evpn address-family ipv4 (unicast|multicast)

To disable the address-family configurations: no address-family l2vpn evpn no address-family ipv4 (unicast|multicast)

Parameters

l2vpn-evpn L2 VPN-EVPN address family.

ipv4 IPv4 address family.

unicast Unicast address prefixes.

multicast Multicast address prefixes.

Command Mode

Router mode

Example

The following example enters the router mode, issues the L2 VPN address family command and enters the address-family mode, activates a neighbor, and exits the address family mode: plexxi1(config)# router bgp 65000 plexxi1(config-router)# address-family l2vpn evpn plexxi1(config-router-af)# neighbor 192.168.10.4 activate plexxi1(config-router-af)# exit-address-family plexxi1(config-router)#

exit-address-family Use this command to exit the Address-Family mode.

For information on how to enter the address family mode, see the address-family command.

Command Syntax exit-address-family

Parameters

None


Examples

The following example shows the exit-address-family command being used to return to the router mode: plexxi1(config)# router bgp 65000 plexxi1(config-router)# address-family l2vpn evpn plexxi1(config-router-af)# neighbor 192.168.10.4 activate plexxi1(config-router-af)# exit-address-family Plexxi1(config-router)#

neighbor activate Use this command to enable the exchange of specific Address Family (AF) routes with a neighboring router. Use the no parameter with this command to disable the exchange of specific AF routes.

Command Syntax

To enable the exchange of AF routes with a neighboring router: neighbor (A.B.C.D | NAME) activate

To disable the exchange of specific AF routes: no neighbor (A.B.C.D | NAME) activate

Parameters

A.B.C.D is the address of the BGP neighbor in IPv4 format.

NAME is the name of the BGP peer group.

Note: For information on creating peer groups, refer to the neighbor peer-group and neighbor remote-as commands. When this parameter is used with a command, the command applies to all peers in the group.

Default

A neighbor under address-family IPv4 is activated by default. For all other address-families, use this command to enable a neighbor to exchange routing information of a specific address-family with a neighbor.

Command Mode

Address Family mode and Router mode.

Example

The following example shows the neighbor activate command used in the address family mode: plexxi1(config)# router bgp 65000 plexxi1(config-router)# address-family l2vpn evpn plexxi1(config-router-af)# neighbor 192.168.10.4 activate plexxi1(config-router-af)# exit-address-family plexxi1(config-router)#

The following example shows the neighbor activate command used in the router mode: plexxi1# configure terminal plexxi1(config)# router bgp 10 plexxi1(config-router)# neighbor 192.168.10.8 activate


neighbor peer-group Use this command to add a neighbor to an existing peer group. Neighbors with the same update policies are grouped into peer groups. This facilitates the updates of various policies, such as distribute and filter lists. The peer group is then configured easily with any of the neighbor commands. Any changes made to the peer group affect all members.

Use the no parameter with this command to remove a neighbor from a named peer group.

Command Syntax

To create a peer group: neighbor (A.B.C.D |NAME) peer-group

To put a peer (PEERNAME) in a peer group: neighbor (A.B.C.D |PEERNAME) peer-group NAME

To to remove a neighbor from a named peer group: no neighbor (A.B.C.D | NAME) peer-group no neighbor (A.B.C.D | NAME) peer-group NAME

Parameters

A.B.C.D is the address of the BGP neighbor in IPv4 format.

PEERNAME is the name of the peer being added-to or removed-from a peer group.

NAME is the name of the BGP peer group.

Command Mode

Router mode.

Example

The following example configures the neighbor peer group named group1: plexxi1#configure terminal plexxi1(config)#router bgp 10 plexxi1(config-router)#neighbor group1 peer-group

neighbor remote-as This command establishes BGP peering with a customer edge router.

Use this command to specify a neighbor’s autonomous system number. If the specified ASN matches the ASN number specified in the router BGP global configuration, the neighbor is identified as internal. If the ASN does no match, it is identified as external to the local AS.

The specified neighbor only exchanges unicast address prefixes, unless the neighbor is also activated using the neighbor activate command, which allows the exchange of other routing information.

Use the no parameter with this command to delete this peering.

Command Syntax

To establish BGP peering with a customer edge router: neighbor (A.B.C.D | NAME) remote-as <1-65535> neighbor (A.B.C.D | NAME) remote-as <1-4294967295>

To delete BGP peering with a customer edge router: no neighbor (A.B.C.D | NAME) remote-as <1-65535> no neighbor (A.B.C.D | NAME) remote-as <1-4294967295>


Parameters

A.B.C.D Address of the BGP neighbor in IPv4 format.

NAME Name of the BGP peer group.

<1-65535> Neighbor’s AS number.

<1-4294967295> Neighbor’s AS number when extended capabilities are configured.

Note: ASNUM 23456 is a reserved 2-octet AS number. An old BGP speaker (2-byte implementation) should be configured with 23456 as its remote AS number while peering with a non-mappable new BGP speaker (4-byte implementation).

Command Mode

Router mode.

Examples

To configure a peer with its AS # 65000: plexxi1(config)# router bgp 65000 plexxi1(config-router)# neighbor 192.168.10.4 remote-as 65000


14 Routed Port Interface

Overview A routed port interface on a Plexxi switch enables Layer 3 IP routing using static or dynamic routes to a Plexxi switch in another fabric or to a third-party router.

A routed port interface is a point-to-point IP interface between a Plexxi switch and an attached device. It forwards only those packets that need to be routed and is most commonly used as a way to route among multiple subnets over the same physical port when there is no requirement to switch packets within those subnets. The only packets accepted by a Plexxi switch on a routed port interface are packets that are destined for the unique station MAC address of the Plexxi switch.

A routed port interface is most commonly used for IP connectivity between:

• Two independent Plexxi fabrics

• A Plexxi fabric and a device that requires no VLAN forwarding (an IP-only endpoint)

• A Plexxi switch and an upstream router

You create routed port interfaces on a Plexxi switch using access ports. When configuring a routed port interface, you specify either a physical port number or the identifier for a logical Link Aggregation Group (LAG ID). You can also specify a VLAN ID as a way to configure and route among multiple subnets over the same physical port or logical LAG. You then assign a unique IP address to each of the interfaces, and each corresponding subnet is shared only with the Layer 3 devices that connect to that interface.

Considerations • All Layer 2 binding functions such as learning and flooding are disabled on routed port

interfaces.

• Once you associate a port or LAG with a routed port interface, the port or LAG can no longer be assigned to a VLAN used for bridging.

• Multi-chassis Link Aggregation Groups (MLAGs) are not supported on routed port interfaces.

• An IP subnet assigned to a routed port interface exists only on the Plexxi switch where it is assigned.

Viewing the Configured LAGs on a Plexxi Switch Follow this procedure if you plan to use an identifier for a Link Aggregation Group (LAG ID) rather than a port number when configuring a routed port interface.

To view a list of the currently-configured LAGs on a Plexxi switch and their corresponding LAG IDs:

1. Connect to the Plexxi switch using ssh. For example: ssh admin@ipaddress

2. Enter the administrator password as prompted. The default administrator password is: plexxi.

3. Enter the following command: admin@switch:~$ sudo –i bash

4. At the prompt, enter the administrator password.

5. Enter the following command to view a list of currently-configured LAGs: root@switch:~$ showLag


A table appears displaying the names of the LAGs (in the Label column) that were configured using the Plexxi Control UI along with their corresponding ports, speed, and LAG IDs (in the SwID column).

6. In the Label column, locate the name of the LAG to use when creating the routed port interface.

7. In the SwId column, locate the corresponding LAG ID. You will specify this LAG ID when configuring the routed port interface.

8. Follow the procedure below to configure the routed port interface.

Prerequisites Before you configure a routed port interface on a Plexxi switch, you must do the following:

• Use the Plexxi Control UI create and enable a virtual router.

• Use the Plexxi CLI to create a router channel on the Plexxi switch to share routing information with the other Plexxi switches in the fabric.

• Use the Plexxi CLI to enable the administrative state for the access port or LAG to be used for the routed port interface. Also make sure the correct speed has been specified for the access port.

Configuring a Routed Port Interface To configure a routed port interface on a Plexxi switch, follow the steps below.

Creating the Interface 1. To create the interface, in the Plexxi CLI shell, from the PRIV-EXEC mode, enter the rpi

create command using the following syntax: rpi create rpi-port port ( tag vlanid )

Where:

port Can be an access port in the format xp## or can be a LAG ID.

vlanid A VLAN ID in the range of 1 – 4000. Adding a VLAN ID is optional.

For example, on switch Plexxi1: plexxi1# rpi create rpi-port xp10 tag 100

This example creates a routed port interface using port xp10 and VLAN ID 100. The system assigns the interface name in the following format: vr0-xp10.100

You use this format when specifying the interface name in Step 3.

Assigning an IP Address to the Interface 2. From the PRIV-EXEC mode, enter the CONFIG mode by entering the configure command.

For example, on switch Plexxi1: plexxi1# configure plexxi1(config)#

3. From the CONFIG mode, enter the interface command to specify the interface name of the routed port interface using following syntax: interface vr0-port.vlanid

vr0-port.vlanid is the interface name, where:

port Can be an access port in the format xp## or a LAG ID in the format l####.

vlanid A VLAN ID in the range of 1 – 4000. Adding a VLAN ID is optional.


For example, on switch Plexxi1: plexxi1(config)# interface vr0-xp10.100

This command enters the CONFIG INTERFACE mode for the specified routed port interface.

4. Enter the ip address command and specify the IP address for the specified routed port interface.

For example, on switch Plexxi1: plexxi1(config interface)# ip address 192.168.100.1/24 plexxi1(config interface)# exit plexxi1(config)# exit plexxi1#

Verifying the Configuration 5. Enter the show ip interface command to verify that the routed port interface for port xp10

and VLAN ID 100 has been created and is assigned an IP address. For example, on switch Plexxi1: plexxi1# show ip interface

6. Look for command output similar to the following for the newly-created routed port interface: IPv4 interface: vr0-xp10.100 Administrative Status: up Operational Status: up Link Status: up Interface Type: Routed Port Interface IP Address: 192.168.100.1/24 Broadcast: 192.168.100.255 Mac Address: xxxx:xxxx:xxxx

Administrative status, operational status, and link status should all be in the up state.


15 Spine Switch Fabric

Configuring a Plexxi Switch 3eq as a spine switch turns all ports into fabric ports. These fabric ports can then be connected using QSFP or SFP connections to fabric ports on Plexxi leaf switches. This feature supports Leaf/Spine (Tree) network configurations.

CLI Commands to Configure the Spine Switch Fabric The following CLI commands are used to configure the LightRails:

IMPORTANT: These commands are described in detail in the reference chapter, CLI Command Reference: PRIV-EXEC Mode.

Configure the Spine LightRail Configure the Spine LightRail for the spine switch using the fabric lightrails CLI command.

To configure a spine switch of six LightRails for either LightRail1 or LightRail2: fabric lightrails 6 lr

To configure a spine switch of four LightRail3 LightRails: fabric lightrails 4 lr3

Configure the Fabric Speed for LightRail Type 1 or 2 on the Spine Switch Configure the speed for LightRail Type 1 or 2 in the spine switch using the fabric speed CLI command.

Examples: fabric speed 10G xp1-128 fabric speed 25G xp1-128 fabric speed auto xp1-128

Configure the Fabric Egress Rate for Fabric Ports on the Spine Switch Configure the speed for LightRail Type 3 in the spine switch using the fabric speed CLI command.

Example: fabric egress-rate speed 25000 xp1-128


16 Plexxi CLI Modes

The Plexxi CLI can be accessed from the Plexxi CLI Shell (px-shell).

The Plexxi CLI contains the following modes:

• EXEC - The EXEC mode (also known as View mode) is the mode available when you first login to the CLI. You use this mode to perform basic commands. You cannot make any changes to the Plexxi Switch.

• PRIV-EXEC – PRIV-EXEC includes the EXEC commands plus additional configuration, debug, and cleanup commands. The PRIV-EXEC mode (also known as Enable mode), lets you issue debugging commands, write commands for saving and viewing the configuration, and issue additional show commands.

• CONFIG - mode: includes the commands from EXEC and PRIV-EXEC modes;

o You must prefix EXEC and PRIV-EXEC commands with the word do. For example, to issue a PRIV- EXEC command boot toggle, from any CONFIG mode, you must use the syntax do boot toggle.

o Configuration changes that you make in this mode are immediately saved to running-config and immediately take effect. However, these changes must be copied to startup-config for them to persist to subsequent switch reboots and software upgrades. Refer to 6, Saving Configuration Changes, page 41.

o running-config is the current configuration and startup-config is the saved configuration.

• CONFIG-LINE - CONFIG-LINE is a sub-mode of CONFIG and is used to manage console and Virtual Terminal (VTY) lines.

NOTE: For prompts, this document uses a switch named ‘plexxi1’ as the prompt example throughout.

Opening the Plexxi CLI Shell To open the Plexxi CLI Shell, at the Bash prompt, enter the following sudo command and then enter the password for admin: admin@switch:~$ sudo px-shell

This opens a prompt such as: plexxi1>



Entering the CLI Modes

Entering the EXEC Mode When you open Plexxi Shell session to a switch, you are automatically in the EXEC mode. The prompt is: switch>

For example, the prompt for a switch named plexxi1: plexxi1>

Entering the PRIV-EXEC Mode To enter the PRIVILEGED EXEC mode, from the EXEC mode, enter the enable command. For example, on switch Plexxi1: plexxi1> enable plexxi1#


Note: To return to EXEC mode, use the 'disable' command.

Note: If px-shell is not invoked using 'sudo', such as would be the case for a Viewer user account whose default shell is /bin/px-shell, then the 'enable' command is ineffective and elevated modes are not accessible.

Entering the CONFIG Mode To enter the CONFIG mode, from the PRIV-EXEC mode, enter the configure command. For example, on switch Plexxi1: plexxi1# configure plexxi1(config)#

Entering the CONFIG-LINE Mode To enter the CONFIG-LINE mode, from the CONFIG mode, enter the line console # command. For example, for console line 0: plexxi1(config)# line console 0 plexxi(config-line)#

Exiting the CONFIG-LINE Mode To exit the CONFIG-LINE mode and return to the PRIV-EXEC mode, enter the end command: plexxi(config-line)# end plexxi1#


Exiting the CLI Modes

Returning to the Previous CLI Mode To exit any mode and return to the previous mode, enter CTRL-Z, CTRL-D, quit or exit. If in the CONFIG mode, you will return to the PRIV-EXEC mode. If in either CONFIG-IF or CONFIG-LINE mode, you return to the CONFIG mode.

NOTE: Entering any of these commands from the PRIV-EXEC mode will exit the CLI session.

Returning to the PRIV-EXEC Mode To return to the PRIV-EXEC mode from any mode (except EXEC), enter the end command. For example: plexxi1(config)# end plexxi1#

Exiting Plexxi Shell to Bash To exit Plexxi Shell and return to the Bash prompt, you need to return to the PRIV-EXEC mode.:

From the config mode, to return to the PRIV-EXEC mode: plexxi(config)# exit plexxi1#

From the PRIV-EXEC mode, to exit the Plexxi Shell and return to the Bash prompt plexxi1# logout admin@plexxi1:~$


17 CLI Command Reference – Exec mode

The EXEC (Executive) mode includes all of the following commands:

The EXEC mode prompt is: SwitchNum>

clear access-list Clear access list statistics.

Syntax clear access-list clear access-list WORD

clear counters Clear interface counters.

Syntax clear counters (IFNAME|all)

clear ip Clear the IP database.

Syntax clear ip fastpath statistics clear ip igmp clear ip igmp group * clear ip igmp group A.B.C.D clear ip igmp group A.B.C.D IFNAME clear ip igmp interface IFNAME clear ip mroute * clear ip mroute * pim (dense-mode|sparse-mode) clear ip mroute A.B.C.D clear ip mroute A.B.C.D A.B.C.D clear ip mroute A.B.C.D A.B.C.D pim (dense-mode|sparse-mode) clear ip mroute A.B.C.D pim sparse-mode clear ip mroute statistics * clear ip mroute statistics A.B.C.D clear ip mroute statistics A.B.C.D A.B.C.D clear ip pim sparse-mode bsr rp-set *

clear ipv6 Clear Internet Protocol version 6 (IPv6) database.

Syntax clear ipv6 access-list clear ipv6 access-list WORD


clear mac sw-table Clear MAC address database.

Syntax clear mac sw-table clear mac sw-table mac MAC clear mac sw-table vlan-ids VLANS

debug bgp Enable Border Gateway Protocol (BGP) troubleshooting functions. Use this command without any parameters to turn on normal BGP debug information.

Use the no parameter with this command to disable this function.

Syntax debug bgp (all|) debug bgp dampening debug bgp events debug bgp filters debug bgp fsm debug bgp keepalives debug bgp nht debug bgp nsm debug bgp updates debug bgp updates (in|out)

where: all all debugging dampening BGP Dampening events BGP events filters BGP filters fsm BGP Finite State Machine keepalives BGP keepalives nht NHT message nsm NSM message updates BGP updates

debug ip Enable IP debugging.

Syntax Description debug ip igmp all debug ip igmp decode debug ip igmp encode debug ip igmp events debug ip igmp fsm debug ip igmp tib

Enable Internet Group Management Protocol (IGMP) debugging.

debug ip mrib (all|event|vif|mrt|stats|fib-msg|register-msg|nsm-msg|mrib-msg|mtrace|mtrace-detail)

Enable Multicast Routing Information Base (MRIB) debugging.


Syntax Description debug ip pim all debug ip pim events debug ip pim mfc debug ip pim mib debug ip pim mtrace debug ip pim nexthop debug ip pim nsm debug ip pim packet debug ip pim packet in debug ip pim packet out debug ip pim state debug ip pim timer debug ip pim timer assert debug ip pim timer assert at debug ip pim timer bsr debug ip pim timer bsr bst debug ip pim timer bsr crp debug ip pim timer hello debug ip pim timer hello ht debug ip pim timer hello nlt debug ip pim timer hello tht debug ip pim timer joinprune debug ip pim timer joinprune et debug ip pim timer joinprune jt debug ip pim timer joinprune kat debug ip pim timer joinprune ot debug ip pim timer joinprune ppt debug ip pim timer register debug ip pim timer register rst

Enable Protocol Independent Multicast (PIM) debugging.

debug ip routing (add-route|delete-route|mod-route|) Enable debugging for routing events.

debug mrd Enable Plexxi Multicast Route Daemon (MRD) debugging.

Syntax debug mrd (all|) debug mrd event ({cnode|nsm|mdrv|mrib|psd}|) debug mrd ({fib|fsm|vif}|)

where: all Enable all MRD debugging event Events fib FIB logs fsm FSM logs vif Interface logs


debug nsm Enable Network Service Module (NSM debugging. Enable and specify debug options for NSM events, kernel, and receive and send packets. Use the no parameter with these commands to disable NSM debugging.

Syntax debug nsm (all|) debug nsm events debug nsm ha debug nsm ha all debug nsm kernel debug nsm packet (recv|send|) (detail|)

where: all Enable all debugging events NSM events ha NSM High Availability kernel NSM kernel packet NSM packets

debug ospf Enable Open Shortest Path First (OSPF) debugging.

Syntax debug ospf (all|) debug ospf database-timer rate-limit debug ospf events ({abr|asbr|lsa|nssa|os|router|vlink}|) debug ospf ifsm ({events|status|timers}|) debug ospf lsa ({flooding|generate|install|maxage|refresh}|) debug ospf nfsm ({events|status|timers}|) debug ospf nsm ({interface|redistribute}|) debug ospf packet ({hello|dd|ls-request|ls-update|ls-ack|send|recv|detail}|) debug ospf route ({ase|ia|install|spf}|)

where: all Enable all debugging database-timer OSPF Database Timers events OSPF events information ifsm OSPF Interface State Machine lsa OSPF Link State Advertisement nfsm OSPF Neighbor State Machine nsm OSPF NSM information packet OSPF packets route OSPF route information

debug pim Enable Protocol Independent Multicast (PIM) debugging.

Syntax debug pim all


debug pip Enable Plexxi Imi Proxy Daemon (PIP) debugging.

Syntax debug pip (all|) debug pip ({events|cfg-cmd})

Where: all Enable all PIP debugging cfg-cmd Config Cmd Log events PIP Event Log

debug prd Enable Plexxi Route Daemon (PRD) debugging.

Syntax debug prd (all|) debug prd event ({cmd|nsm|psd}|) debug prd host ({nexthop|intfaddr|dynarp}|) debug prd pdu ({xmt-fp|rcv-fp|xmt-sp|rcv-sp|arp-bus|cmd-vr}) debug prd ({vr|intf|fib})

Where: all Enable all PRD debugging event PRD Events to and from fib Vlan Intf logs host PRD Host Logging intf Virtual Router logs pdu PRD PDU Logging vr PRD Regular Logging

disable Exit the privileged exec (PRIV-EXEC) mode.

enable Turn on the privileged exec (PRIV-EXEC) mode.

exit | quit Exit the current mode down to the next lower mode

help Display general help info. plexxi1> help This CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input


logout Exit the Plexxi CLI.

no Disable debugging.

Syntax no debug

no debug all Disable all debugging.

ping Send an ICMP echo to the host or IP address specified by WORD. With no arguments, the command is interactive.

Syntax ping ping ip WORD ping ipv6 WORD (|IFNAME) ping (vr0|) WORD

where: WORD Ping destination address or hostname ip IP echo ipv6 IPv6 echo vr0 Ping from vr0 namespace

quit Exit current mode and down to previous mode.

reset log Reset the log.

show access-list List IP access lists.


show bgp Display Border Gateway Protocol (BGP) network information.

Syntax Description

show bgp X:X::X:X IPv6 prefix <network>, e.g. 2003::

show bgp X:X::X:X/M IPv6 prefix <network>/<length>, e.g., 2003::/16

show bgp community Display routes matching the communities

show bgp community-lis Display routes matching the community-list.

show bgp dampening Display detailed information about dampening.

show bgp filter-list Display routes conforming to the filter-list.

show bgp inconsistent-as Display routes with inconsistent AS Paths.

show bgp ipv4 Internet Protocol (IP).

show bgp ipv6 Internet Protocol version 6 (IPv6).

show bgp neighbors Detailed information on TCP and BGP neighbor connections.

show bgp nexthop-tracking Border Gateway Protocol (BGP)

show bgp nexthop-tree-details

Border Gateway Protocol (BGP)

show bgp paths Path information.

show bgp prefix-list Display routes matching the prefix-list.

show bgp quote-regexp Display routes matching the AS path "regular expression".

show bgp regexp Display routes matching the AS path regular expression.

show bgp route-map Display routes matching the route-map.

show bgp summary Summary of BGP neighbor status.


show cli Display a tree of CLI commands available in the current mode. Output includes all arguments.

Syntax Arguments Action

show cli IFNAME Interface name.

all All interfaces.

Display a tree of all CLI commands in the current mode.

show cli memory (detail | extensive) fastpath Fastpath information.

mroute Delete multicast route table entries.

pim Protocol Independent Multicast (PIM).

For example, the beginning of a long output: switch10> show cli Exec mode: +-clear +-counters +-IFNAME [clear counters (IFNAME|all)] +-all [clear counters (IFNAME|all)] +-ip +-fastpath +-statistics [clear ip fastpath statistics] +-mroute +-* [clear ip mroute *] +-pim +-dense-mode [clear ip mroute * pim (dense-mode|sparse-mode)] +-sparse-mode [clear ip mroute * pim (dense-mode|sparse-mode)] +-A.B.C.D [clear ip mroute A.B.C.D] +-A.B.C.D [clear ip mroute A.B.C.D A.B.C.D] +-pim +-dense-mode [clear ip mroute A.B.C.D A.B.C.D pim (dense-mode|sparse-mode)] +-sparse-mode [clear ip mroute A.B.C.D A.B.C.D pim (dense-mode|sparse-mode)] +-pim +-sparse-mode [clear ip mroute A.B.C.D pim sparse-mode] +-statistics +-* [clear ip mroute statistics *] +-A.B.C.D [clear ip mroute statistics A.B.C.D] +-A.B.C.D [clear ip mroute statistics A.B.C.D A.B.C.D] +-pim +-sparse-mode +-bsr +-rp-set +-* [clear ip pim sparse-mode bsr rp-set *] +-mac +-sw-table [clear mac sw-table] +-vlan-ids +-VLANS [clear mac sw-table vlan-ids VLANS] +-pip +-client +-debug [clear pip client debug] +-debug +-bgp [debug bgp (all|)] . . .


show clock Display system time and date

show crossbars Display crossbar status

show cutthru Shows whether the cutthru feature on the switch fabric hardware is enabled to be used when conditions are appropriate. (Cut-through means that the switch fabric chip starts transmitting data before it has received all the packet data into its internal buffer.)

show debugging Debugging functions (see also 'undebug')

Syntax: show debugging option

where options are bgp Border Gateway Protocol (BGP) ip Internet Protocol (IP) mrd Plexxi Multicast Route Daemon (MRD) nsm Display current Network Service Module (NSM) debug setting. ospf Open Shortest Path First (OSPF) pim Protocol Independent Multicast (PIM) pip Plexxi Imi Proxy Daemon (PIP) prd Plexxi Route Daemon (PRD)

show fabric Displays the Plexxi fabric configuration.

The following “show fabric” example was issued on a Switch 2e: bb2> show fabric Ring redirect setting: west-east Confluent LAG link speeds (West-East): 10G-10G Control channel protocol in use: L2-ISIS Each link in confluent fabric has a speed of 10 Gbps

show flow Shows switch flows by various types and filters

Syntax show flow option

where options are: <0-4294967295> Flow identifier dashboard Shows Available Tcam entries detail Flow details lag Show flow for a LAG outputter Outputter configuration policer Policer configuration port Show flow for a Port redirector Redirector configuration statistics Flow statistics summary Summary view of all flows vlan Show flow for a VLAN


show hardware Display general info about the hardware. Optionally, more detailed system hardware info, specific status information for fans, power supplies, and temperature sensors.

Syntax show hardware [detail|fans|power|temp]

where: detail Detailed system hardware data fans Fan module info power Power supply info temp Temperature readings

show history Display the session command history.

show hold-policy Port holddown policy

show hosts Display domain and IP hostname lookup settings.

show interface Display interface information. If IFNAME is not given, all interfaces are listed. With 'statistics', normal counters are shown. With 'statistics errors', error counters are shown.

Syntax show interface (IFNAME|) [statistics [errors]]

where: IFNAME Interface name statistics Statistical counters summary Summary information for all interfaces

show interface summary Display a summary information for all interfaces

Issuing the show interface summary command returns port status information as shown in the following example.

Example Plexxi3> show interface summary ------------------------------------------------------------------------------ IFNAME UserLabel AdminStatus LinkStatus OperStatus Bandwidth MTU ------------------------------------------------------------------------------ lo up up up 16436 mgmt up up up 1g 1500 xp1 up down down 10g 9416 xp2 up down down 10g 9416 xp3 up down down 10g 9416 xp4 up down down 10g 9416 . . .


show ip Show Internet Protocol (IP).

Syntax show option

where option is: access-list List IP access lists arp Address Resolution Protocol (ARP) as-path-access-list List AS path access lists bgp Border Gateway Protocol (BGP) community-list List community-list dhcp-relay Display DHCP Relay servers domain-list Domain list for DNS domain-name Default domain for DNS extcommunity-list List extended-community list fastpath Fastpath information host Host information igmp IGMP information interface IP interface status and configuration mroute IP multicast routing table mvif IP multicast interface name-server DNS nameservers ospf OSPF information pim Protocol Independent Multicast (PIM) protocols IP routing protocol process parameters and statistics route IP routing table rpf Display RPF information for multicast source

show ip arp Display the ARP cache.

Syntax show ip arp (fastpath | macbind | proactive) (detail)

where detail Show ARP cache detailed information. fastpath Show ARP cache Fastpath information. macbind Show ARP cache macbind information. proactive Show proactive ARP information.

Examples

Example: plexxi1# show ip arp fastpath [Virtual Router vr0] Codes: K - Kernel, F - fastPath IpAddr MAC Address Interface Active 192.168.10.108 0050:5682:cb86 vr0.10 K 192.168.20.109 0050:5682:596c vr0.20 K

Example: plexxi1# show ip arp fastpath detail [Virtual Router vr0] IPv4 host: 192.168.10.108 Interface: vr0.10 Interface Index: 10 Type: ARP NEXTHOP Mac Address: 0050:5682:cb86 FSM State: P2Updt Flags: ACTIVE MACBIND_ACTIVE PAARP_ACTIVE PAARP_SESSION FASTPATH_NEXTHOP


FASTPATH_ENTRY ACTIVE_IN_KERNEL Hardware Encap Index: 0 Hardware Nexthop Index: 100005 Hardware Port: LAG lag25 port xp25 Up Time: 12 mins Last Modified Time: 12 mins IPv4 host: 192.168.20.109 Interface: vr0.20 Interface Index: 11 Type: ARP NEXTHOP Mac Address: 0050:5682:596c FSM State: P2Updt Flags: ACTIVE MACBIND_ACTIVE PAARP_ACTIVE PAARP_SESSION FASTPATH_NEXTHOP FASTPATH_ENTRY ACTIVE_IN_KERNEL Hardware Encap Index: 1 Hardware Nexthop Index: 100004 Hardware Port: LAG lag32 port xp32 Up Time: 48 mins Last Modified Time: 48 mins

Example: plexxi1# show ip arp macbind [Virtual Router vr0] Interface MAC Address P2Port IpAddr UpTime LastModTime vr0.10 0050:5682:cb86 xp25 192.168.10.108 14m 14m vr0.20 0050:5682:596c xp32 192.168.20.109 50m 50m

Example: plexxi1# show ip arp macbind detail [Virtual Router vr0] MacBind: 0050:5682:cb86 Database ID: 2 Interface: vr0.10 p2Port: LAG lag25 port xp25 Flags: REGISTERED REACHABLE IP Address: 192.168.10.108 Up Time: 15 mins Last Modified Time: 15 mins MacBind: 0050:5682:596c Database ID: 1 Interface: vr0.20 p2Port: LAG lag32 port xp32 Flags: REGISTERED REACHABLE IP Address: 192.168.20.109 Up Time: 51 mins Last Modified Time: 51 mins


show ip dhcp-relay Display learned DHCP servers being relayed.

show ip domain-list Display list of DNS search domains.

show ip domain-name Display default domain assigned.

show ip fastpath statistics Display IP fast path statistics.

Syntax show ip fastpath statistics {active}

where: active This optional argument shows active counters.

Examples

Example: plexxi1# show ip fastpath statistics description count lastIncrTime RX ARP Request 3 6m TX ARP Request 0 never RX ARP Reply 461 0m TX ARP Reply 0 never RX ARP Bus 447 0m TX ARP Bus 14 0m TX ARP Bus Failed 0 never RX IP Packet 382 now TX IP Packet 379 now MAC Request 3 1h18m MAC Request Failed 0 never MAC Reply 3 1h18m MAC Reply Failed 0 never Egress Request 2 1h18m Egress Request Failed 0 never Egress Reply 2 1h18m Egress Reply Failed 0 never Linx Send 9 6m Linx Send Failed 0 never Nexthop Request 5 6m Nexthop Request Failed 0 never Nexthop Reply 5 6m Nexthop Reply Failed 0 never Host Request 3 6m Host Request Failed 0 never Host Reply 3 6m Host Reply Failed 0 never LPM Request 2 1h18m LPM Request Failed 0 never LPM Reply 2 1h18m LPM Reply Failed 0 never ECMP Request 0 never ECMP Request Failed 0 never ECMP Reply 0 never ECMP Reply Failed 0 never Member Request 0 never Member Request Failed 0 never Member Reply 0 never


Member Reply Failed 0 never PAARP Request 0 never PAARP Request Failed 0 never PAARP Reply 0 never PAARP Reply Failed 0 never PAARP Update 0 never MacBind Request 1 6m MacBind Request Failed 0 never MacBind Reply 1 6m MacBind Reply Failed 0 never MacBind Update 1 6m

Example: plexxi1# show ip fastpath statistics active description count lastIncrTime RX ARP Request 3 13m RX ARP Reply 517 now RX ARP Bus 487 now TX ARP Bus 30 0m RX IP Packet 799 now TX IP Packet 796 now MAC Request 3 1h25m MAC Reply 3 1h25m Egress Request 2 1h25m Egress Reply 2 1h25m Linx Send 9 13m Nexthop Request 5 13m Nexthop Reply 5 13m Host Request 3 13m Host Reply 3 13m LPM Request 2 1h25m LPM Reply 2 1h25m MacBind Request 1 13m MacBind Reply 1 13m MacBind Update 1 13m

show ip host Displays IP host information for a specified host.

Syntax show ip host [hostname] (detail | extensive)

Examples

Example: plexxi1# show ip host [Virtual Router vr0] Codes: L - LocalAddr, N - NextHop, A - DynArp, Lo - Loopback, D - Discard, X - Dead Type IP Address VLAN MAC Address UpTime LastModTime D 0.0.0.0 -- 0000:0000:0000 1h15m 1h15m Lo 127.0.0.1 -- 0000:0000:0000 1h15m 1h15m L 192.168.10.254 10 e039:d700:0001 1h14m 1h14m A 192.168.20.109 20 0050:5682:596c 2m 2m L 192.168.20.254 20 e039:d700:0001 1h14m 1h14m

Example: plexxi1# show ip host 192.168.20.109 detail [Virtual Router vr0] IPv4 host: 192.168.20.109 Interface: vr0.20 Interface Index: 11 Type: ARP Mac Address: 0050:5682:596c FSM State: P2Updt


Flags: ACTIVE MACBIND_ACTIVE FASTPATH_NEXTHOP FASTPATH_ENTRY ACTIVE_IN_KERNEL ACTIVE_IN_FASTPATH Hardware Encap Index: 1 Hardware Nexthop Index: 100004 Hardware Port: LAG lag32 port xp32 Up Time: 0 min Last Modified Time: 0 min

Example: plexxi1# show ip host 192.168.20.109 extensive [Virtual Router vr0] IPv4 host: 192.168.20.109 Database ID: 5 Interface: vr0.20 Interface Index: 11 Interface VLAN ID: 20 Type: ARP Mac Address: 0050:5682:596c Mac Generation ID: 1 FSM State: P2Updt Previous FSM State: FP:L3Host FSM State Changes: 4 Pended FSM Events: Flags: ACTIVE MACBIND_ACTIVE FASTPATH_NEXTHOP FASTPATH_ENTRY ACTIVE_IN_KERNEL ACTIVE_IN_FASTPATH Hardware Encap Index: 1 Hardware Nexthop Index: 100004 Hardware Port: LAG lag32 port xp32 Nexthop Use Count: 0 Pended FIB Entries: Associated ECMP Set Database IDs: MacBind Database ID: 1 MacBind p2Port: LAG lag32 port xp32 MacBind Flags: REGISTERED REACHABLE MacBind IP Address: 192.168.20.109 MacBind Up Time: 1 min MacBind Last Modified Time: 1 min Up Time: 1 min Last Modified Time: 1 min PAARP Sesssion Up Time: never PAARP Session Last Modified Time: never


show ip igmp snooping Display IGMP snooping configuration, group info, and multicast router info. Optional VLAN ID may be specified.

Syntax show ip igmp snooping [vlan VLAN] show ip igmp snooping groups [vlan VLAN] show ip igmp snooping mrouter [vlan VLAN]

show ip interface Display information about one or all IP interfaces.

Syntax show ip interface [IFNAME] (brief | detail | extensive | hardware | statistics)

Examples

Example: plexxi1# show ip interface vr0.10 detail

[Virtual Router vr0] IPv4 interface: vr0.10 Administrative Status: up Operational Status: up IP Address: 192.168.10.254/24 Broadcast: 192.168.10.255 Mac Address: e039:d700:0001 Uptime: 51 mins RX packets:296 errors:0 dropped:0 TX packets:0 errors:0 dropped:0 RX bytes:15984 (15.6 KiB) TX bytes:0 (0.0 KiB)

Example: plexxi1# show ip interface vr0.10 extensive [Virtual Router vr0] IPv4 interface: vr0.10 Administrative Status: up Operational Status: up IP Address: 192.168.10.254/24 Broadcast: 192.168.10.255 Mac Address: e039:d700:0001 Uptime: 53 mins Kernel Index: 10 HW Administrative Status: ENABLED HW Operational Status: ENABLED HW Encapsulation Index: 0 INITIALIZED IFNAME VIRTUAL_MAC KERNEL HARDWARE BOUND ACTIVE RX packets:308 errors:0 dropped:0 TX packets:0 errors:0 dropped:0 RX bytes:16632 (16.2 KiB) TX bytes:0 (0.0 KiB)


Example: plexxi1# show ip interface vr0.10 hardware [Virtual Router vr0] IPv4 interface: vr0.10 Uptime: 55 mins Mac Address: e039:d700:0001 Kernel Index: 10 HW Administrative Status: up HW Operational Status: UP HW Encapsulation Index: 0 INITIALIZED IFNAME VIRTUAL_MAC KERNEL HARDWARE BOUND ACTIVE

Example: plexxi1# show ip interface vr0.10 statistics [Virtual Router vr0] IPv4 interface: vr0.10 RX packets:325 errors:0 dropped:0 TX packets:0 errors:0 dropped:0 RX bytes:17550 (17.1 KiB) TX bytes:0 (0.0 KiB)

show ip name-server Display configured DNS server IP addresses.

show ip route Display information from the IP routing table for a specific network, subnet, source, or all.

Syntax show ip route [A.B.C.D | A.B.C.D/M] (connected | database | ecmp | fastpath | kernel | ospf | registration | static | summary)

where:

A.B.C.D Network in the IP routing table to display

A.B.C.D/M IP prefix <network>/<length>, e.g., 35.0.0.0/8

connected Connected

database IP routing table database

ecmp ECMP information

fastpath Fastpath information

kernel Kernel

ospf Open Shortest Path First (OSPF)

registration IP routing table registrations

static Static routes

summary Summary of all routes


Examples

The default output of this command has been extended to show creation time for static routes and last modified time for static and dynamic routes.

Example: plexxi1# show ip route [Management] Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, () - last modified time Gateway of last resort is 172.17.214.1 to network 0.0.0.0 K* 0.0.0.0/0 via 172.17.214.1, mgmt C 127.0.0.0/8 is directly connected, lo C 172.17.0.0/16 is directly connected, mgmt [Virtual Router vr0] Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, () - last modified time S 99.0.0.0/8 [1/0] via 192.168.20.109, vr0.20, 00:00:10 (00:00:10) C 127.0.0.0/8 is directly connected, lo C 192.168.10.0/24 is directly connected, vr0.10 C 192.168.20.0/24 is directly connected, vr0.20 Gateway of last resort is not set

Example: plexxi1# show ip route database [Management] Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info () - last modified time K *> 0.0.0.0/0 via 172.17.214.1, mgmt C *> 127.0.0.0/8 is directly connected, lo C *> 172.17.0.0/16 is directly connected, mgmt Gateway of last resort is not set [Virtual Router vr0] Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2


i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info () - last modified time S *> 99.0.0.0/8 [1/0] via 192.168.20.109, vr0.20, 00:00:59 (00:00:59) C *> 127.0.0.0/8 is directly connected, lo C *> 192.168.10.0/24 is directly connected, vr0.10 C *> 192.168.20.0/24 is directly connected, vr0.20 Gateway of last resort is not set

Example detailed output: plexxi1# show ip route 99.0.0.0/8 [Management] % Network not in table [Virtual Router vr0] Routing entry for 99.0.0.0/8 Known via "static", distance 1, metric 0, best Last update 00:02:23 (00:02:23) ago * 192.168.20.109, via vr0.20

Example: plexxi1# show ip route fastpath [Virtual Router vr0] Codes: C - Connected, S - Static, R - RIP, B = BGP O- OSPF, I - IS-IS Type Prefix Nh Idx #NH NH Address IfName UpTime LastModTime S 99.0.0.0/8 100004 1 192.168.20.109 vr0.20 4m 4m C 192.168.10.0/24 100003 1 0.0.0.0 vr0.10 1h41m 1h41m C 192.168.20.0/24 100003 1 0.0.0.0 vr0.20 1h41m 1h41m

Example: plexxi1# show ip route 99.0.0.0/8 fastpath detail [Virtual Router vr0] IPv4 route: 99.0.0.0/8 Type: static Up Time: 7 mins Last Modified Time: 7 mins Flags: FASTPATH_LPM_TABLE Active Fastpath Nexthop Index: 100004 Nexthop 1: 192.168.20.109, vr0.20 Pending Fastpath Nexthop Index: <none>


Example: plexxi1# show ip route ecmp [Virtual Router vr0] Codes: * - Usable Hw Idx UseCnt Idx NH Address IfName NH Idx UpTime 200256 1 1 * 192.168.10.108 vr0.10 100005 2m 2 * 192.168.20.109 vr0.20 100004

Example: plexxi1# show ip route ecmp detail [Virtual Router vr0] ECMP Set Hardware ID: 200256 Database ID: 1 Use Count: 1 Up Time: 0 min Flags: ACTIVE DATABASE FASTPATH Member 1 Hardware Index: 100005 Nexthop Address: 192.168.10.108 Nexthop Interface: vr0.10 Flags: ACTIVE FASTPATH Member 2 Hardware Index: 100004 Nexthop Address: 192.168.20.109 Nexthop Interface: vr0.20 Flags: ACTIVE FASTPATH

show lacp Display LACP status information for access ports (or one specified port). show lacp [IFNAME]

show lacp lag Display LACP information for all LAGs (or one specified LAG). This command has the same output as show lag lacp. show lacp lag [IFNAME]

show lag Display information on link aggregations. Optionally, indicate one specific LAG interface. show lag [IFNAME]

show lag lacp Display LACP information for all LAGs (or one specified LAG) This command has the same output as show lacp lag. show lag lacp [IFNAME]

show lag IFNAME vlan Display what VLANs are applied to a specific LAG. show lag IFNAME vlan


show list Display a list of CLI commands available in the current mode.

For example, the beginning of a long list: *plexxi1> show list clear counters (IFNAME|all) clear counters (IFNAME|all) clear ip fastpath statistics clear ip mroute * clear ip mroute * pim (dense-mode|sparse-mode) clear ip mroute * pim (dense-mode|sparse-mode) clear ip mroute A.B.C.D clear ip mroute A.B.C.D A.B.C.D clear ip mroute A.B.C.D A.B.C.D pim (dense-mode|sparse-mode) clear ip mroute A.B.C.D A.B.C.D pim (dense-mode|sparse-mode) clear ip mroute A.B.C.D pim sparse-mode clear ip mroute statistics * clear ip mroute statistics A.B.C.D clear ip mroute statistics A.B.C.D A.B.C.D clear ip pim sparse-mode bsr rp-set * clear mac sw-table clear mac sw-table vlan-ids VLANS debug bgp (all|) debug bgp (all|) debug bgp dampening debug bgp events debug bgp filters debug bgp fsm debug bgp keepalives debug bgp nht debug bgp nsm debug bgp updates debug bgp updates (in|out) debug bgp updates (in|out) …

show lldp Displays the Link Layer Discovery Protocol (LLDP) global configuration. show lldp [detail]

show lldp local-info Displays the Link Layer Discovery Protocol (LLDP) local node information. For detailed view, you need to provide the interested port name. show lldp local-info[IFNAME]

show locate-led Display the current state (ON/OFF) of the LOC_ID LED on the switch I/O panel. For example: show locate-led LocId LED is now OFF

show log Show system log entries. The log entries are displayed in reverse chronological order.


show mrib MRIB

show neighbor-discovery Displays the Link Layer Discovery Protocol (LLDP) or the Cisco Discovery Protocol (CDP) remote/neighboring nodes information. For a detailed view, provide the port name.

Syntax show neighbor-discovery <lldp | cdp >

or: show neighbor-discovery [statistics] [IFNAME | all]

where: IFNAME For the specified IFNAME all For all interfaces cdp CDP neighbors lldp LLDP neighbors statistics Display Statistics details

show nsm Network Service Module (NSM)

show ntp Show Network Time Protocol (NTP) settings.

Syntax show ntp option

where option is: associations Show NTP associations status Show NTP Status

show post Show power-on self-test results

show privilege Show current privilege level

show qinq svlan Display QinQ information for Service VLANs, or for a specific Service VLAN ID. show qinq svlan [SVLANID]

show qsfp Display current Quad Small Form-factor Pluggable (QSFP) transceiver configuration settings such as redirect and control channel.


show router-channel Display Router Channel setting

show router-id Display router identifier.

show sflow Display sFlow parameters and operational status.

Syntax show sflow option

where option is: interface Show sflow status and statistics per port.

show system resources Display resource usage such as CPU, Memory, etc.

show system uptime Display time the system has been running.

show timezone System configured timezone

show topography Display fabric status and neighbor information.

show transceivers Display transceiver status and info.

show translation tvlan Displays translated VLAN information or for a specific translated VLAN ID. show translation tvlan [TVLANID]

show users Display list of user sessions currently connected.

show version show version [detail]

Display running version of software. Option 'detail' shows extra version info about software components.

show virtual-routers Display any virtual routers that exist and their status.


show vlan Display VLAN (virtual LAN) information. QinQ information is included.

Syntax show vlan option

where option is: VLAN Display VLAN information for the specified VLAN. group Display VLAN and QinQ group settings. translation Display VLAN translation settings. tunnel Display QinQ tunnels.

If no argument, display VLAN information for all VLANs.

ssh Open a SSH connection to username@hostname or username@IPAddress: ssh ( username@hostname | username@IPAddress )

telnet Open a TELNET connection to a host at a host name or IP address. If a PORT is not given, the default is 23. telnet (hostname | IPAddress) [PORT]

terminal Use this session to monitor (display) debug output.

Syntax Arguments Action

terminal length <0-512>

terminal no length

<0-512> Number of lines on screen (0 for no pausing)

Set number of lines on a screen.

terminal monitor

terminal no monitor

Start forwarding log output to this terminal.

no Negate a command or set its defaults.

trace-attachment Trace a MAC attachment to its source and the path it takes.

traceroute Execute a traceroute to a host. If no arguments are given, the command is interactive. traceroute [ip] [hostname|IPAddress]

undebug Disable debugging functions.


18 CLI Command Reference – PRIV-EXEC mode

The PRIV-EXEC (Privileged or Executive) mode includes all the commands available in EXEC mode plus the following commands:

The PRIV-EXEC mode prompt is: switch#

boot toggle Toggle the active boot partition so the alternate partition runs on the next cold restart (reload).

Syntax boot toggle

clear arp-cache Remove all dynamic ARP entries.

clear controller address Clear configured address for Plexxi Controller.

clear controller config Removes any configurations on the switch that originated from the controller and to remove any configuration it has that is associated with the switch. With the partial argument, it removes any configurations on the switch that originated from the controller. clear controller config clear controller config partial

clear cores Delete any existing core files on the system.

clear hold Disable administrative hold on one specific interface or all interfaces. clear hold <IFNAME | all>

clear ip route kernel Remove stale IP routes sourced by the kernel.

clear mac hw-table Clear out the MAC table in hardware. You can specify a single address or a specific VLAN. clear mac hw-table <address MAC> | <vlan VLAN>


clear policer statistics Clear the statistics for a policer. With flow-id argument, clears the policer for the specified flow. clear policer [flow-id <0-42949667295>]

configure (terminal) Enter CONFIG mode.

controller set Configure the Plexxi Control IP address. You only need to configure the IP address on one of the switches in a Plexxi fabric because that switch’s software passes the address to all other switches in the Plexxi fabric. They then automatically connect to Plexxi Control.

Note: Because the address is shared among all switches on the fabric, this setting is not saved in the startup-config file.

From the PRIV-EXEC mode (# prompt), configure the Plexxi Control IP address on one Plexxi Switch in the Plexxi fabric. *plexxi1# controller set PlexxiControl_IP_Address

For example: plexxi1# controller set 10.10.11.129 plexxi1#

Note: The controller address is shared among all switches on the fabric. To avoid conflicts, this setting is not saved in startup config.

copy FILE Save local file to the persistent storage to be loaded on reboot, or to a different local file, or to a remote URL. copy FILE <FILE> <startup-config><URL>

copy running-config Save all running settings to the persistent storage to be loaded on reboot, or to a local file, or to a remote URL. copy running-config <startup-config> <FILE> <URL>

copy startup-config Save persistent storage to a local file, or to a remote URL. copy startup-config <FILE> <URL>

copy URL Save remote URL to local file or to persistent storage to be loaded on reboot. copy URL <FILE> <startup-config>

cutthru Enable or disable the ability of the switch fabric chip to use cut-through mode under the conditions that allow it.


dci-behavior Enable or disable east and/or west DCI behavior. dci-behavior [east | west] [enable | disable]

delete FILE Delete a local file. delete FILE <FILE>

delete startup-config Deletes persistent configuration; rebooting without saving would bring the system back to a default state.

dir List the contents of the local file system: plexxi1# dir User Files: --------------------------------------------------------- 502905375 May 5 2016 12:03 SwitchPlatform.install Disk partition is 16% full plexxi1#

The columns are defined as follows.

• The first column shows the file size in bytes.

• The second column shows the time/date the file was last written.

• The third column shows the file name.

disable Disable PRIV-EXEC mode and return to EXEC mode.

enable Enable PRIV-EXEC mode. Issued from the EXEC mode.

fabric-encap create This command configures a DCI fabric link encapsulation for a specified uplink port on a Plexxi switch. The command must be run on both switches in the DCI link to configure FLE in both directions.

The CLI command syntax is: fabric-encap create uplink-port UplinkPort

<loopback-port LoopbackPort [internal]> <egress-port EgressPort [front-panel-port <xp#>]> [vlan <VLAN>]

The command arguments are defined as follows:

• UplinkPort is the original uplink port to which packets are originally routed and for which the packets need to be encapsulated.

• LoopbackPort is the port on the internal switch through which non-encapsulated packets enter to be encapsulated. The loopback port can be any available access port or uplink port.



Plexxi switches 2, 2s, 2p, 2sp

The internal keyword, which is valid only for Plexxi switches 2, 2s, 2p, 2sp, specifies that the loopback from uplink port to loopback port is performed internally. When the internal keyword is used, an external loopback cable is NOT needed. The loopback port can be any uplink port or access port greater than xp48.

If you do not use the internal keyword, loopback is external and an external loopback cable is required. if you use any of the ports xp1-xp48 for loopback, you cannot specify the internal keyword and must have an external cable.

Plexxi switch 2e or 3eq

In Plexxi switch 2e, a cable must be installed between the original uplink port and the loopback port. The uplink cable that is part of the DCI circuit must be unplugged from the original uplink port and connected to the new I/O panel egress port.

Important: Switch 2e and 3eq do not support the internal keyword.

• EgressPort is the port on the internal switch through which encapsulated packets egress the switch. The egress port is a fabric port that can be an access port or an uplink port.


Plexxi switches 2, 2s, 2p, 2sp

If you do not specify a I/O panel egress port using the front-panel-port argument, the internal switch egress port connects to the original I/O panel uplink port. Re-cabling is not needed. However, if you specify an egress port xp1-xp48 using the front-panel-port argument, you will need to move the cable to that port.

Plexxi switch 2e or 3eq

In Plexxi switch 2e, the egress port defines the new I/O panel port through which encapsulated packets egress the switch. The I/O panel port number is the same as the internal switch egress port number. The uplink cable that is part of the DCI circuit must be unplugged from the original uplink port and connected to the new I/O panel egress port. The egress port can be any available access port or uplink port.

• xp# is the variable associated with the Optional front-panel-port argument, and is valid only for Plexxi switches 2, 2s, 2p, 2sp, front-panel-port defines a new I/O panel port as the uplink port that carries encapsulated packets.

Important: If the egress port is in the range 1-48, do NOT specify a I/O panel xp# port.

Important: The xp# parameter does not apply to Switch 2e.

• VLAN is optional. If specified, it will be used in the tunnel header. If not specified, a value from the Plexxi reserved VLAN range (4040) will be used. The VLAN parameter is important if the Plexxi switches are connecting to an intermediate switch/switches whose ports are members of a VLAN.


fabric clear-fabric-id Brief Description

When connecting Plexxi switches that were previously in a fabric to a new fabric, the switches do not automatically join the new fabric until you issue the fabric clear-fabric-id command. This behavior is to ensure that the switches can be easily returned to the previous fabric if necessary.

To join the new fabric, the switches must have no fabric identifier just as a new switch has no fabric identifier. The fabric clear-fabric-id command clears the fabric identifier from the switches that were in the previous fabric and are now connected to the new fabric. After the fabric identifier has been cleared, the switches that were already in the fabric assign their shared fabric identifier to the newly-connected switches, and the newly-connected switches join the new fabric.

Syntax fabric clear-fabric-id

fabric-encap delete This command deletes the fabric encapsulation configuration associated with a specified uplink port.

At the plexxi1# prompt on the switch, enter the command: fabric-encap delete uplink-port UplinkPort

where UplinkPort is the original uplink port.

For example: fabric-encap delete uplink-port xp53

fabric east-egress-rate (Switch 2e) Sets the East egress traffic rate.

Syntax fabric east-egress-rate ( <1-1000> | none )

Where: <1-1000> sets the value of the egress rate in Mbps. This value cannot be more than the West LAG speed. none removes any existing egress rate configuration.

fabric east-speed (Switch 2e) Changes the speed of the East LAG.

Syntax fabric east-speed (10G | 1G ) east-egress-rate ( <1-1000> | none )

Where:

(10G | 1G) sets the line speed of the East confluent fabric.

east-egress-rate specifies the East egress traffic rate.

<1-1000> sets the value of the egress rate in Mbps. This value cannot be more than the West LAG speed. none removes any existing egress rate configuration.

fabric egress-rate (Switch 3eq) fabric egress-rate limits the transfer rate for data sent out any specified uplink port on a Switch 3eq or its East or West confluent fabric.


Syntax fabric egress-rate speed ( port | east | west )

Where:

speed specifies the egress rate limit in Mbps in the range of 1-25000 Mbps or none specifies no rate limiting.

port specifies the port in the format xp##.

east specifies the maximum egress data speed for the East confluent fabric.

west specifies the maximum egress data speed for the West confluent fabric.

Example

This command can be used for DCI mode to limit the link speed if the confluent fabric is connected through a slower link to a switch in the next Data Center.

fabric learn-fabric-id Brief Description

When you break up a fabric into multiple smaller fabrics, the Plexxi switches in the smaller fabrics retain the fabric identifier assigned by the original fabric. Because Plexxi Control uses the fabric identifier to identify the switches in a fabric, it will view the switches now part of the smaller fabrics as part of a single segmented fabric.

The fabric learn-fabric-id command creates and assigns a new fabric identifier to all the switches in a fabric. Issue this command on any switch in each of the smaller fabrics to enable Plexxi Control to recognize the smaller fabric as an entirely new and separate fabric.

Note: If Plexxi Control has never detected and controlled these switches before, issuing the fabric learn-fabric-id command is the same as issuing the fabric clear-fabric-id command.

Syntax fabric learn-fabric-id

fabric lightrails Configure LightRails on a Plexxi Switch. This command must be executed during the initial switch setup. Also, if you add a 2nd LightRail to a switch operating with one LightRail, configure for two LightRails using this command.

Syntax fabric lightrails (1 - 6| default) (lr|lr3)

where:

• (1- 6) configures 1 to 6 LightRails. Plexxi switches support one to six LightRails. default sets the number of lightrails to the default setting (2).

• (lr|lr3) configures the type of LightRail:

• lr is LightRail1 (10 Gb/s) or LightRail2 (25 Gb/s)

• lr3 is LightRail3 (100 Gb/s) LightRail3 is supported by Switch 3eq only.

Examples

To configure two LightRails that are either LightRail1 or LightRail2: fabric lightrails 2 lr

To configure two LightRail3 LightRails: fabric lightrails 2 lr3


To configure a single LightRail3: fabric lightrails 1 lr3

The following "show fabric" example was issued on a Switch 3eq containing a LightRail3: s3eq814b> show fabric Control channel protocol in use: L2-ISIS Each link in confluent fabric has a speed of 25 Gbps Switch 3eq Lightrail mode: Original Lightrail Number of lightrails: 2 (12 QSFPs, 48 Uplinks) Uplink Ports Speed Setting Actual Speed Egress Limit ------------ ------------- ------------ ------------ xp81-104 (auto detect) (no link) (unknown) xp105-114 (auto detect) 25000 Mbps (none set) xp115 (auto detect) (no link) (unknown) xp116-118 (auto detect) 25000 Mbps (none set) xp119 (auto detect) (no link) (unknown) xp120 (auto detect) 25000 Mbps (none set) xp121-128 (auto detect) (no link) (unknown)

Spine Switch Examples

To configure a spine switch of six LightRails for either LightRail1 or LightRail2: fabric lightrails 6 lr

To configure a spine switch of four LightRail3 LightRails: fabric lightrails 4 lr3

fabric protocol-change Brief Description

For fabrics that have been upgraded to Plexxi Switch Release 4.0.0, the fabric protocol-change l2isis command changes the control protocol for the fabric to the new IS-IS based protocol. Issue this command from the px-shell on any Plexxi switch in the fabric and the command will change all switches in the fabric to the new IS-IS based fabric management mechanism.

Fabrics that are upgraded from a release prior to Release 4.0.0 will continue to use the old fabric management mechanism to ensure full operation during an upgrade. After the upgrade to Release 4.0.0 has been completed and the fabric is stable, these fabrics need to be configured to use the IS-IS based fabric management mechanism. This change can potentially create a short interruption (in seconds) in traffic forwarding.

Syntax fabric protocol-change l2isis


fabric redirect (for Switch 2e) Brief Description

Remap all Switch 2e east, west, or east-and-west fabric pathways from QSFP ports to SFP+ ports.

Syntax fabric redirect (east-sfp | west-east | west-sfp | west-sfp-east ) (east-speed | west-speed) (east-egress-rate | west-egress-rate)

Argument Description Values

east-sfp Remaps the twelve 10GbE uplinks represented by the bottom 3 QSFP ports (Q2, Q4, Q6) to the last 12 bottom SFP+ ports (even-numbered ports 26-48). The Q2, Q4 and Q6 become access ports

west-east From West to East (default).

west-sfp Remaps the twelve 10GbE uplinks represented by the top 3 QSFP ports (Q1, Q3, Q5) to the last 12 SFP+ top ports (odd-numbered ports 25-47). The QSFP ports become access ports.

west-sfp-east Remaps both west and east QSFP ports to the corresponding SFP+ ports. All QSFP ports become access ports.

Also set the west and east speeds and egress rates.

east-speed Set the line speed of the East or West confluent fabric.

10G Set speed to 10 Gb/s. 1G Set speed to 1 Gb/s. The default is 10G.

west-speed

east-egress-rate Configure the east or west confluent fabric egress shaping.

Set the value of egress rate in Mbps; it cannot be more than the line speed.

<1-10000> Set to the provisioned rate for the service.

1000 = 1 Gb/s and 400 = 400 Mb/s.

These commands require a value. Once set, to remove any shaping on a link, the command must be given with the full line speed as the value.

west-egress-rate


Description

When used on a Switch 2e, this command configures (remaps or redirects) all Switch 2e east, west, or east-and-west Plexxi fabric pathways from QSFP ports to corresponding SFP+ ports, as defined by the following mapping arguments:

QSFP west port To SFP+ west ports QSFP east port To SFP+ east ports

Q1 25, 27, 29, 31 Q2 26, 28, 30, 32

Q3 33, 35, 37, 39 Q4 34, 36, 38, 40

Q5 41, 43, 45, 47 Q6 42, 44, 46, 48

When you execute the fabric redirect command and modify the redirect mode, the switch must be rebooted for the configuration to be updated. Changing the speed or egress shaping does not require a reboot.

For example, reboot the switch as prompted when the following command is issued: fabric redirect west-sfp The fabric engagement mode is being changed. This will cause a reboot. You want to reboot? (y/n)y

Note that a reboot is required only when changing the fabric engagement mode. Changing speed and/or egress rate for a switch using the current engagement mode will take effect immediately. For example, to change the speed and egress shaping on a switch currently in west-sfp enter the following command: fabric redirect west-sfp east-speed 1G east-egress-rate 400

A reboot is not required.

fabric redirect (for Switch 2, 2s, 2p, 2sp) Brief Description

Configure the Plexxi fabric pathway using Flexx ports.

Syntax fabric redirect (west-east | west-flexx | east-flexx | west-flexx-east)

Description

This command redirects LightRail optical paths to Flexx ports.

You can redirect optical paths using the Layer 1 optical cross-connect. Switch 2, 2s, 2p and 2sp have additional optical components and SFP+ Flexx ports that you can use to redirect WDM waves. The WDM waves can be turned into 80 km DWDM waves for longer distances as individual 10GbE connections that become part of the Plexxi fabric mesh, using external DWDM SFP+ Transceivers.

Fabric Engagement Modes

You can extend the Plexxi fabric by using the fabric engagement modes and configuring data paths through the switches using the SFP+ Flexx ports. With this capability, you can enable a true multisite


fabric rather than two separate fabrics that are connected with IP and regular routing protocols. When you assign a fabric engagement mode other than the default of WEST-EAST, you are causing the packet switching ASIC to direct the LightRail wave to a Flexx port. Changing the fabric engagement mode changes the paths that are under switch control. To create a data path from one switch to another, you need to configure the fabric engagement modes for both switches.

Engagement Mode Description

WEST-EAST Default switch configuration; No Flexx ports used.

WEST-FLEXX On a West Flexx node, East is replaced by Flexx (redirect East to Flexx port)

EAST-FLEXX On a East Flexx node, West is replaced by Flexx (redirect West to Flexx port)

WEST-FLEXX-EAST Combines the WEST-FLEXX and EAST-FLEXX options (For example, if one switch connects two data centers.)

fabric speed (Switch 3eq) fabric speed changes the speed of the "uplinks" for Switch 3eq when either LightRail 1 or LightRail2 is used. This command does not apply to LightRail3. The QSFP ports in the 3eq have more than one speed available, however all of the ports on any QSFP port set (4 ports) in Switch 3eq must be set to the same speed.

Note: If LightRail3 mode is used, trying to use this command will return an error explaining that the command cannot be used with this mode.

Syntax fabric speed (10G | 25G | auto ) xp##-##

Where:

(10G | 25G | auto) specifies the port speed for each port in that range of QSFP ports. auto sets the speed to automatically configure (default).

xp##-## specifies the range of QSFP ports. The range must always include only whole QSFPs.

fabric west-egress-rate (Switch 2e) Sets the West egress traffic rate.

Syntax fabric west-egress-rate ( <1-1000> | none )

Where:

<1-1000> sets the value of the egress rate in Mbps. This value cannot be more than the East LAG speed. none removes any existing egress rate configuration.

fabric west-speed (Switch 2e) Changes the speed of the West LAG.

Syntax fabric west-speed (10G | 1G ) west-egress-rate ( <1-1000> | none )

Where:

(10G | 1G) sets the line speed of the West confluent fabric.


west-egress-rate specifies the West egress traffic rate.

<1-1000> sets the value of the egress rate in Mbps. This value cannot be more than the East LAG speed. none removes any existing egress rate configuration.

flow User defined topology flow configuration.

hold Enable administrative hold on an interface.

hold-policy Port holddown policy.

hold IFNAME Enable administrative hold on an interface.

inband-management config port Use this command to initially configure in-band management.

Syntax inband-management config port xp## [speed #G] [vlan vlanid native (true | false)] ipmode (dhcp | static)

where:

port Local access port on which to configure in-band management. This is entered as xp##.

speed Port speed for the access port. Valid values are 1000, 1G, 10000, 10G.

vlan The VLAN used for in-band management. Valid values are 1-4000.

native Configure whether the in-band management VLAN is untagged (native) or tagged.

o true = Untagged

o false = Tagged

ipmode Configure whether the in-band management address is DHCP or static IP:

o dhcp = Configures DHCP for in-band management.

o static = Configures static IP for in-band management.

Examples



You can then change to/from DHCP or static IP using the command: inband-management config dhcp (true | false)


inband-management config dhcp After initially configuring in-band management, you can change to/from DHCP or static IP using this command.

Syntax inband-management config dhcp (true | false)

inband-management config ip If DHCP is not used, use this command to configure static IP addressing for in-band management. If you use static IP, you must issue this command on every switch in the Plexxi fabric, with a unique IP address for each switch.

The command syntax is: inband-management config ip ipaddress[/CIDR]

where:

ipaddress – The unique static IP address for in-band management on the switch you are logged into.

/CIDR – Optional: Specifies a subnet using CIDR (Classless Inter-Domain Routing) notation.

Example: inband-management config ip 192.168.1.100/24

inband-management delete Use this command to delete in-band management on the switch that you are logged into. The command syntax is: inband-management delete

install <FILE> Install a package file (tarball) that was previously copied locally, to the alternate boot partition. A confirmation is requested of the user before proceeding.

lldp port IFNAME receive Enable or disable the reception of LLSP PDUs on a specific port. lldp port IFNAME receive (enable|disable)

locate-led Illuminate or extinguish LOC_ID LED on the Plexxi Switch faceplate. When you set the LED on you can either specify number of minutes or retain the default value of 1440 minutes. locate-led <on [MINS]> <off>

logout Exit the CLI session.

migrate-data Migrate switch data to alternate partition (for switch upgrade).


move FILE Rename a local file. move FILE <FILE>

mstat Show statistics after multiple multicast traceroutes.

mtrace Trace multicast path from source to destination

ptp Precision Time Protocol

qsfp config This command is for Plexxi Switch 1 only. Configure the QSFP mode (1x40 or 4x10). You will be prompted to confirm the setting. If changed, an immediate system reload is imposed.

Note: For Plexxi Switch 1x, 2-series and 3eq, use the Plexxi Control UI to configure QSFP+ ports.

Syntax qsfp config [1x40 | 4x10]

quit Exit current mode and down to previous mode

reload (rescue) Reboot the entire device. You can use the rescue option to reboot the Plexxi Switch into ONIE rescue mode. A subsequent reboot brings the Plexxi Switch back to the previous boot default.

rpi create Create a Routed Port Interface (RPI) on the Plexxi switch.

Syntax rpi create rpi-port port ( tag vlanid )

Where:


vlanid A VLAN ID in the range of 1 – 4000.

rpi delete Delete a Routed Port Interface (RPI) on the Plexxi switch.

Syntax rpi delete rpi-port port ( tag vlanid )

Where:


vlanid A VLAN ID in the range of to 1 – 4000.


show boot Show information about what is installed in each disk partition, which partition is currently running, and which is alternate.

show controller Display current configured hostname/IP for the controller.

show debugging snmp Display current SNMP settings.

show fabric Displays the Plexxi fabric configuration.

The following “show fabric” example was issued on a Switch 2e: bb2> show fabric Ring redirect setting: west-east Confluent LAG link speeds (West-East): 10G-10G Control channel protocol in use: L2-ISIS Each link in confluent fabric has a speed of 10 Gbps

show fabric-encap This show command provides information of FLE configuration, packet statistics, and link status. This command is valid at the plexxi# prompt on the switch.

Syntax:

show fabric-encap <config | link | stats>

Where:

config: Shows the FLE configuration.

link: Shows the link status for all FLE ports.

stats: Shows packet counters for the links in both directions.

Examples: FED_LAB_2SP# show fabric-encap config link stats

FED_LAB_2SP# show fabric-encap config UplinkPort Loopbackport EgressPort Internal FrontPanelPort Vlan ---------- ------------ ---------- -------- -------------- ---- xp73 xp95 xp96 true xp67 1000 FED_LAB_2SP# show fabric-encap link UplinkPort Link Loopbackport Link EgressPort Link ---------- ---- ------------ ---- ---------- ---- xp73 up xp95 up xp96 up FED_LAB_2SP#

FED_LAB_2SP# show fabric-encap stats UplinkPort Loopbackport EgressPort Uplink-TxPkts Loopback-RxPkts Egress-TxPkts Uplink-RxPkts Loopback-TxPkts Egress-RxPkts

---------- ------------ ---------- ------------- --------------- ------------- ------------- --------------- -------------

xp73 xp95 xp96 27538679 27538679 27538679 761937 761937 761937


show file List contents of a local file. show file <FILE>

show flow Display configured User Defined Topology (UDT) or statistics for existing UDTs. show flow (config|stats)

For example: plexxi1# show flow config flow create TestFlow priority 1 egress-ports xp67 cir 3000 cbs 3000 qualifiers src_mac=01:02:03:04:05:06/0xffffffffffff,ip_protocol=17/0xff plexxi1#

show fsat Display Fully Specified Affinity Topologies

show history Display previously entered commands for this session.

show hosts Display domain and IP hostname lookup settings.

show inband-management This command shows the in-band management configuration or ‘No inband configuration’ if none is configured

The command syntax is: show inband-management

show install Show information about what is installed in each disk partition, which partition is currently running, and which is alternate.

show interface Display interface information. If you do not specify an interface name (IFNAME), then all interfaces are listed. show interface <IFNAME>

show l2-isis Display Plexxi L2 IS-IS routing daemon information.

Syntax show l2-isis bum-graph show l2-isis counter show l2-isis database show l2-isis interface show l2-isis neighbors show l2-isis protocol


show l2-isis route show l2-isis summary show l2-isis topology

Where:

bum-graph Display an L2 IS-IS Broadcast, Unknown and Multicast (BUM) graph.

counter Display L2 IS-IS interface counters.

database Display the L2 IS-IS link state database.

interface Display L2 IS-IS interface information.

neighbors Display L2 IS-IS neighbor adjacencies.

protocol Display L2 IS-IS routing protocol process information.

route Display the L2 IS-IS routing table.

summary Display the L2 paths to the Intermediate Systems.

topology Display the L2 summary of port and packet counts.

show loop-detection-stats Show loop detection port statistics. show loop-detection-stats

show mac hw-table Display MAC table from forwarding hardware.

show mac sw-table Display MAC table in software. Optionally you can specify verbose display, a summary or a detailed summary. show mac sw-table [verbose | summary [detail]]

show nsm client Display list of clients of NSM daemon.

show peers Display peer information.

show process Display list of running processes.

show psat Display Partially Specified Affinity Topologies.

show running-config Display currently operating settings.


show startup-config Display settings saved in persistent storage.

show system cores List any existing core files on the system.

show tech-support Display system information for troubleshooting. show tech-support [page]

where:

page – Optional: Paginate the command output

The show tech-support command runs the following show commands: show boot show version detail show hosts show users show clock show timezone show ntp status show ntp associations show ptp show cutthru show inband-management show transceivers show crossbar show hardware detail show hardware power show hardware temp show hardware fans show running-config show vlog all show system cores show process show system resources show sflow show vlan show qinq svlan show translation tvlan show lag show lacp show interface show interface statistics show interface statistics errors show loop-detection-stats show lldp detail show neighbor-discovery cdp show neighbor-discovery lldp show neighbor-discovery statistics show flow detail show flow statistics detail show user-defined-path full show topology vlan show topology residual paths show topology residual state show topology residual trace show fabric-encap config show fabric-encap link show fabric-encap stats show controller show fabric


show peers show mac sw-table show mac hw-table show ip arp show ip arp fastpath show ip arp macbind show ip arp proactive show ip host show ip host extensive show ip interface brief show ip interface extensive show nsm paarp show nsm client show virtual-routers show virtual-servers show router-id show router-channel show route-map show ip route show ip route summary show ip route connected show ip route registration show ip fastpath statistics active show ip route fastpath show ip route fastpath detail show ip route kernel show ip route static show ip route ecmp show ip route ecmp detail show ip route database show ip bgp summary show ip bgp show ip bgp neighbors show ip ospf database network show ip ospf show ip ospf border-routers show ip ospf neighbor detail all show ip ospf database show ip ospf database router show ip ospf database external show ip ospf database self-originate show ip nat interface show ip nat translation show ip nat statistics show prd interface show prd macbind show prd fib show prd master show prd master ports show prd vr show prd ecmp show prd counters show prd mac-binding show prd host show mrib client show ip mvif show ip mvif extensive show ip mroute summary show ip mroute show ip mroute fastpath show ip igmp interface brief show ip igmp interface show ip igmp groups show ip igmp snooping show ip igmp snooping groups show ip igmp snooping mrouter show ip igmp snooping fastpath show ip igmp snooping fastpath groups show ip igmp snooping fastpath groups detail


show ip igmp snooping fastpath mrouter show ip igmp snooping fastpath mrouter detail show ip pim nexthop show ip pim interface show ip pim interface detail show ip pim neighbor show ip pim neighbor detail show ip pim mroute detail

show topography Display fabric neighbor information. show topography

show topology residual Display all residual paths from this switch (from which you are executing the command) to all other switches in the Plexxi fabric.

Syntax show topology residual

The following command shows the status of residual topologies. show topology residual state

The following command shows the trace of residual topologies. Trace indicates the path through the switch fabric. show topology residual trace

Example show topology residual Root Switch VLAN Traffic Distribution ----------- ---- -------------------- switch23 **** 24% to xp78 (lag77, primary), 24% to xp80 (lag79, primary), 21% to xp85 (lag84, primary), 11% to xp87 (lag86, primary), 9% to xp94 (lag93, primary), 8% to xp94 (lag93, primary), 3% to xp87 (lag86, primary) switch87 **** 25% to xp77 (lag76, primary), 23% to xp93 (lag92, primary), 25% to xp95 (lag94, primary), 9% to xp95 (lag94, primary), 10% to xp93 (lag92, primary), 8% to xp77 (lag76, primary)

Example show topology residual trace Root Switch VLAN Dist Result Path Taken ----------- ---- ---- ------ ---------- switch23 **** 25% success --- [s2603.plexxi.com out-port xp78/lag77 (residual/primary)] TO [s2723.plexxi.com in-port xp77/lag76] switch23 **** 25% success --- [s2603.plexxi.com out-port xp85/lag84 (residual/primary)] TO [s2723.plexxi.com in-port xp86/lag85] s2723.plexxi.com **** 25% success --- [s2603.plexxi.com out-port xp87/lag86 (residual/primary)] TO [s2723.plexxi.com in-port xp88/lag87] switch23 **** 25% success --- [s2603.plexxi.com out-port xp94/lag93 (residual/primary)] TO [s2723.plexxi.com in-port xp93/lag92] switch 96 **** 26% success --- [s2603.plexxi.com out-port xp82/lag81 (residual/primary)] TO [s28596.plexxi.com in-port xp81/lag80] switch 96 **** 23% success --- [s2603.plexxi.com out-port xp83/lag82 (residual/primary)] TO [s28596.plexxi.com in-port xp84/lag83] . . .


show topology vlan Display VLAN topology information. show topology vlan show topology vlan (vlan Vlan | root Root) show topology vlan state show topology vlan trace vlan Vlan (root Root) show topology vlan (vlan Vlan | root Root)

where:

root (Option) Perform the operation for a specific destination switch. Enter the name of the destination switch.

state Show the status of a topology.

trace Trace a topology. Tracing sends special trace packets from a source switch to the destination switch.

vlan (Option) Perform the operation on a specific VLAN. Enter the VLAN ID.

Example show topology vlan trace vlan 2000 [root switch23 switch96] Root Switch VLAN Dist Result Path Taken ----------- ---- ---- ------ ---------- switch23 2000 17% success --- [s2603.plexxi.com out-port xp79/lag78 (isolated/primary)] TO [s28587.plexxi.com in-port xp80/lag79, out-port xp88/lag87 (isolated/primary)] TO [s28596.plexxi.com in-port xp87/lag86, out-port xp93/lag92 (isolated/primary)] TO [s2723.plexxi.com in-port xp94/lag93] switch23 2000 39% success --- [s2603.plexxi.com out-port xp79/lag78 (isolated/primary)] TO [s28587.plexxi.com in-port xp80/lag79, out-port xp93/lag92 (isolated/primary)] TO [s28596.plexxi.com in-port xp94/lag93, out-port xp79/lag78 (isolated/primary)] TO [s2723.plexxi.com in-port xp80/lag79] switch23 2000 44% success --- [s2603.plexxi.com out-port xp79/lag78 (isolated/primary)] TO [s28587.plexxi.com in-port xp80/lag79, out-port xp93/lag92 (isolated/primary)] TO [s28596.plexxi.com in-port xp94/lag93, out-port xp86/lag85 (isolated/primary)] TO [s2723.plexxi.com in-port xp85/lag84] switch96 2000 56% success --- [s2603.plexxi.com out-port xp77/lag76 (isolated/primary)] TO [s28587.plexxi.com in-port xp78/lag77, out-port xp79/lag78 (isolated/primary)] TO [s28596.plexxi.com in-port xp80/lag79] switch96 2000 11% success --- [s2603.plexxi.com out-port xp77/lag76 (isolated/primary)] TO [s28587.plexxi.com in-port xp78/lag77, out-port xp88/lag87 (isolated/primary)] TO [s28596.plexxi.com in-port xp87/lag86] switch96 2000 33% success --- [s2603.plexxi.com out-port xp84/lag83 (isolated/primary)] TO [s28596.plexxi.com in-port xp83/lag82] . . .

show user-defined-path Show user defined paths. show user-defined path [(name String) (full)]

show users Display configured user accounts.


support log-bundle Gather system log files into an archived bundle (log-bundle.tar.gz) for analysis by Plexxi technical support. By default, gathers logs from past 24 hours. Can optionally specify a number of days or hours prior, or a specific date/time from which to gather. support log-bundle [days DAYS | hours HOURS] support log-bundle HH:MM [DAY [ MONTH [YEAR]]]

verify FILE Calculate a checksum of a local file using either MD5 or SHA1 hash algorithms. Optionally pass in an expected value for the computed hash to be compared against. verify (md5|sha) FILE (WORD|)


19 CLI Command Reference – CONFIG mode

IMPORTANT: You must prefix EXEC and PRIV-EXEC commands with the word do. For example, to issue a PRIV- EXEC command boot toggle, from any CONFIG mode, you must use the syntax do boot toggle.

IMPORTANT: Configuration changes that you make in this mode are immediately saved to running-config and immediately take effect. However, these changes must be copied to startup-config for them to persist to subsequent switch reboots and software upgrades.

The CONFIG mode prompt is: switch(config)#

access-list Add an access list entry.

arp Set or remove static Address Resolution Protocol (ARP) entry. Optionally, you can indicate a specific interface for this ARP entry. arp A.B.C.D MAC (IFNAME|) no arp A.B.C.D (IFNAME|)

banner motd Specify a message of the day login banner or use the default banner.

Syntax Description

banner motd default Specify default banner.

banner motd message Create a custom MOTD banner.

no banner motd Disable the banner.

bgp Configure Border Gateway Protocol (BGP).

Syntax bgp options

Where options are: aggregate-nexthop-check Perform aggregation only when next hop is same config-type Configuration type disable-adj-out Disable BGP ADJ_OUT extended-asn-cap Enable the router to send 4-octet ASN capabilities multiple-instance Enable bgp multiple instance nexthop-trigger delay <1-50> Configure nexthop tracking feature nexthop-trigger enable Enable nexthop tracking feature rfc1771-path-select RFC1771 path selection mechanism rfc1771-strict Strict RFC1771 behavior


debug Enable or disable debugging. debug all no debug all

debug nsm Description:

Specify debug options for NSM events, kernel, and receive and send packets. Use the no parameter with these commands to disable NSM debugging.

Syntax: debug nsm [all|nsm|ha|events|kernel|packet] no debug nsm [all|nsm|ha|events|kernel|packet] [no] debug all nsm [no] debug nsm (all|) [no] debug nsm events [no] debug nsm ha [no] debug nsm ha all [no] debug nsm kernel [no] debug nsm packet (recv|send|) (detail|)

do <command> Run EXEC and PRIV-EXEC commands from CONFIG mode prompt. This will cause you to leave any sub-mode of the CONFIG mode (e.g. CONFIG-IF or CONFIG-LINE). If the command being run is interrupted (e.g. CTRL-C with 'ping') this may cause you to leave CONFIG mode entirely.

dump bgp BGP packet dump.

enable password Specify a password for the enable command.

enable password (8|) LINE no enable password no enable password LINE

exit| quit Exit the current mode down to the previous mode.

fib retain Set the retain time for stale routes in the Forwarding Information Base (FIB) during NSM restart to either forever or to a specific time in seconds. Use the no parameter to revert to the default, which is do not retain NSM routes in the FIB when NSM is killed. NSM still retains the stale routes for 60 seconds when it restarts. fib retain (forever|time <1-65535>|) no fib retain (forever|time <1-65535>|)


help Display general help text.

interface Enter CONFIG-IF mode for interface IFNAME. interface IFNAME no interface IFNAME

ip forwarding Enable/Disable IP forwarding. ip forwarding [no] ip forwarding

ip route Add or remove a static IP route.

ip route A.B.C.D A.B.C.D (A.B.C.D|INTERFACE) no ip route A.B.C.D A.B.C.D (A.B.C.D|INTERFACE) ip route A.B.C.D A.B.C.D (A.B.C.D|INTERFACE){<1-255>|tag <1-4294967295>|description WORD} no ip route A.B.C.D A.B.C.D (A.B.C.D|INTERFACE){<1-255>|tag <1-4294967295>|description WORD} ip route A.B.C.D/M (A.B.C.D|INTERFACE) no ip route A.B.C.D/M (A.B.C.D|INTERFACE) ip route A.B.C.D/M (A.B.C.D|INTERFACE){<1-255>|tag <1-4294967295>|description WORD} no ip route A.B.C.D/M (A.B.C.D|INTERFACE){<1-255>|tag <1-4294967295>|description WORD}

line console 0 Enter CONFIG-LINE mode for console 0. line console 0

line vty Enter CONFIG-LINE mode for vty (ssh) sessions. line vty <0-871> (<0-871>|) [no] line vty <0-871> (<0-871>|)

log file Specify settings for system logging. log file FILENAME [no] log file (|FILENAME) [no] log record-priority [no] log stdout [no] log syslog log trap (emergencies|alerts|critical|errors|warnings|notifications|informational|debugging) no log trap


max-fib-routes Set or clear the maximum number of FIB routes, excluding Kernel, Connect and Static. max-fib-routes <1-4294967294> no max-fib-routes

max-static-routes Set or clear the maximum number of static routes. max-static-routes <1-4294967294> no max-static-routes

maximum-access-list Set or clear the maximum number of access list entries. maximum-access-list <1-4294967294>

maximum-paths Set or clear maximum paths. maximum-paths <1-64> no maximum-paths

no Negate a command or set its defaults.

route-map <tag> Create route-map or enter route-map command mode route-map tsg (deny|permit) <1-65535>

router bgp Use this command to start a BGP process.

Use the ‘no’ parameter with this command to disable an existing routing process.

Command Syntax router bgp <1-65535> router bgp <1-4294967295> no router bgp <1-65535> no router bgp <1-4294967295>

Parameters

<1-65535> Associate the routing process with this autonomous system number

<1-4294967295>

Associate the routing process with this autonomous system number

Command Mode

Configure mode

Examples Plexxi1#configure terminal Plexxi1(config)#router bgp 12 Plexxi1(config-router)#


router ospf Enable an OSPF routing process. router ospf

router-channel Configure a router channel. router-channel A.B.C.D/M

using an IP address (e.g. 10.0.0.1/8)

router-id Set or clear router identifier for this system.. router-id A.B.C.D no router-id A.B.C.D

where router ID is in IP address format.

service advanced-vty Enable and disable advanced VTY setting. service advanced-vty no service advanced-vty

service password-encryption Enable and disable password encryption for saved and displayed configuration. service password-encryption no service password-encryption

service terminal-length Set up the number of lines all future sessions default to. service terminal-length (<0-512>|) no service terminal-length

show cli Display a tree of CLI commands available in the current mode.

show list Display a list of CLI commands available in the current mode, showing the syntax of each command.

show running-config Display the currently running settings.

synce Configure synce parameters.


20 CLI Command Reference – CONFIG-LINE mode

exec-timeout Specify idle timeout on this line in minutes and/or seconds. exec-timeout (<0-35791>|) (<0-2147483>|) no exec-timeout

end | exit | quit | CTRL-D Leave the current mode. Note that the end command will exit all the way back to the PRIV-EXEC mode. end | exit | quit | CTRL-D

help Display general help text. For example: *plexxi1(config-line)# help This CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.) *plexxi1(config-line)#

history Specify a maximum size for the command history. history max <0-2147483647> no history max

login Enable or disable local password checking for this line. login [local] no login [local]

privilege level Set the privilege level for this line. privilege level (<1-15>|16)

The privilege level is either 16 for maximum privilege for this line, or 1-15.


show cli Display a tree of commands, including arguments and value ranges, available in this mode.

show list Display a list of CLI commands available in the current mode, showing the syntax of each command.

show running-config Display the currently running configuration settings. For example: *plexxi1(config-line)# show running-config ! service password-encryption ! ip domain-lookup ! ! line con 0 login line vty 0 19 login ! end *plexxi1(config-line)#


Appendix A CLI Help

The CLI includes a help system. You can type a question mark (?) at the prompt to display a list of available commands. For example: plexxi1# ? Exec commands: clear Reset functions debug Debugging functions (see also 'undebug') disable Turn off privileged mode command enable Turn on privileged mode command exit End current mode and down to previous mode get Show running system information help Description of the interactive help system logout Exit from the EXEC no Negate a command or set its defaults ping Send echo messages quit Exit current mode and down to previous mode reset Reset command show Show running system information ssh Open a SSH connection telnet Open a telnet connection terminal Set terminal line parameters trace-attachment Trace a MAC attachemnt to its source and the path it takes traceroute Trace route to destination undebug Disable debugging functions (see also 'debug') plexxi1#

You can also get help for a specific command by typing the command name followed by ?. The next expected parameters for that command are displayed. A <cr> indication means you can complete the command by typing Enter. For example: plexxi1# show ? bgp Border Gateway Protocol (BGP) boot Display partition install and boot setup cli Show CLI tree of current mode clns Connectionless-Mode Network Service (CLNS) clock Display system time and date crossbars Display crossbar status . . . tunnels Services Information users Display information about terminal lines version Display version info virtual-routers Virtual Router information virtual-servers Virtual-servers vlan Display virtual LAN information vlinks Virtual links used by L2-ISIS protocol. One per peer plexxi1# plexxi1> show clock ? | Output modifiers > Output redirection <cr> plexxi1> plexxi1> show clock Fri May 6 14:24:00 EDT 2016 plexxi1>


Output Modifiers This guide refers to some of the output modifiers available in the CLI. For example:

plexxi1# show clock ? | Output modifiers > Output redirection <cr> plexxi1# show clock | ? begin Begin with the line that matches exclude Exclude lines that match include Include lines that match redirect Redirect output repeat Repeat command

Repeat a Show Command You can use the repeat output modifier with any show command and its associated arguments to have this command repeatedly executed with a delay between executions. You specify the delay in seconds or retain the default value of 2 seconds.

The show command continues to be run over and over until interrupted with CTRL-C.

For example: plexxi1# show interface mgmt | repeat Repeat every 2s (CTRL-C to stop): show interface mgmt Interface: mgmt ifIndex: 3 Ethernet Hardware Address: e039.d700.957f Admin: up Link: up Oper: up STP: blocked Duplex: full MTU: 1500 Bandwidth: 1g Inet: 172.17.225.252/16 Broadcast: 172.17.255.255 Repeat every 2s (CTRL-C to stop): show interface mgmt Interface: mgmt ifIndex: 3 Ethernet Hardware Address: e039.d700.957f Admin: up Link: up Oper: up STP: blocked Duplex: full MTU: 1500 Bandwidth: 1g Inet: 172.17.225.252/16 Broadcast: 172.17.255.255 . . . Repeat every 2s (CTRL-C to stop): show interface mgmt Interface: mgmt ifIndex: 3 Ethernet Hardware Address: e039.d700.957f Admin: up Link: up Oper: up STP: blocked Duplex: full MTU: 1500 Bandwidth: 1g Inet: 172.17.225.252/16 Broadcast: 172.17.255.255 <CTRL-C> plexxi1#


Appendix B Troubleshooting

You can do basic troubleshooting of your Plexxi switch using the Plexxi CLI commands described in this section. These commands are issued using the PRIV-EXEC CLI mode.

Switch Log You can view the primary system log using the show log command. The output shows log entries in reverse-chronological order, so that as you page through the entries, you go back further in time.

plexxi1# show log Oct 4 14:34:02 plexxi syslogd 1.5.0: restart. Oct 4 14:30:01 plexxi crond[1242]: crond: USER root pid 20625 cmd /sbin/hwclock --systohc --utc Oct 4 14:22:00 plexxi snmpd[20538]: Turning on AgentX master support. Oct 4 14:22:00 plexxi snmpd[20538]: NET-SNMP version 5.7.1 restarted Oct 4 14:22:00 plexxi snmpd[20538]: Reconfiguring daemon Oct 4 14:21:59 plexxi snmpd[20538]: NET-SNMP version 5.7.1 Oct 4 14:21:59 plexxi snmpd[20536]: Turning on AgentX master support. Oct 4 14:21:59 plexxi monit[20533]: 'snmpd' start: /etc/init.d/S59snmpd Oct 4 14:21:58 plexxi NSM[1539]: NSM: AgentX: read, connection (sock 12) closed: length is zero Oct 4 14:21:58 plexxi snmpd[20399]: Received TERM or STOP signal... shutting down... Oct 4 14:21:58 plexxi monit[20524]: 'snmpd' stop: /etc/init.d/S59snmpd . . .

Test Network Connectivity You can use ping and traceroute to test network connectivity via the MGMT interface. For example: plexxi1# ping xbuild PING xbuild (172.17.214.8): 56 data bytes 64 bytes from 172.17.214.8: seq=0 ttl=64 time=0.213 ms 64 bytes from 172.17.214.8: seq=1 ttl=64 time=0.259 ms 64 bytes from 172.17.214.8: seq=2 ttl=64 time=0.193 ms --- xbuild ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.193/0.221/0.259 ms plexxi1# traceroute xbuild traceroute to xbuild (172.17.214.8), 30 hops max, 46 byte packets 1 172.17.214.8 (172.17.214.8) 0.220 ms 0.131 ms 0.189 ms plexxi1#

Assess System Health You can assess the general health of the system using the show system resources command. plexxi1# show system resources top - 14:51:49 up 23:52, 2 users, load average: 0.11, 0.15, 0.14 Tasks: 96 total, 1 running, 95 sleeping, 0 stopped, 0 zombie Cpu(s): 4.3%us, 0.3%sy, 0.0%ni, 95.4%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 3674476k total, 1160188k used, 2514288k free, 41084k buffers Swap: 0k total, 0k used, 0k free, 998288k cached us:user sy:system ni:nice id:idle wa:io wait hi:hard irq si:soft irq st:steal time plexxi1#


Display Running Processes You can display a list of all running processes using the show process command. plexxi1# show process PID TTY STAT TIME COMMAND 1 ? Ss 0:05 init 2 ? S 0:00 [kthreadd] 3 ? S 0:00 [ksoftirqd/0] 6 ? S 0:00 [migration/0] 7 ? S 0:00 [watchdog/0] 8 ? S 0:00 [migration/1] . . .

You can use output modifiers if you want to check on a particular process. plexxi1# show process | include snmp 20538 ? S 0:01 /usr/sbin/snmpd -I-ifTable -ifXTable -Lsd -p /var/run/snmpd.pid 20706 pts/1 S+ 0:00 egrep snmp plexxi1#

If you suspect any processes might have crashed, you can inspect for the presence of core dump files using the show system cores command.

Hardware Status You can view information about the chassis and hardware using the show hardware command. plexxi1# show hardware Product Data: -------------------------------------------------------- Board Type: SM2 Board Revision: 1.07 Serial Number: 1211200579 Manufacturer Code: 1 Manufacturing Date: 20MAR2016 Base MAC Address: e039.d700.0e00 Number of MAC Addresses: 128 System Configuration: All QSFPs as 4x10Gbps plexxi1#

Power Supply Details For details about the power supplies use the show hardware power command. plexxi1# show hardware power Power Supply 1 Power Supply 2 -------------------------------------------------------------------- Input Voltage: 123.00 V (not present) Input Current: 1.28 A Input Power: 158.00 W Output Voltage (12V): 12.00 V Output Voltage (3.3V): 3.34 V Output Current (12V): 12.12 A Output Current (3.3V): 0.00 A Output Power (12V): 144.00 W Output Power (3.3V): 0.00 W Inlet Temp: 29.62 C Outlet Temp: 36.25 C Fanspeed: 7968 RPM plexxi1#


Temperature Sensor Readings You can view temperature sensor readings using the show hardware temp command. plexxi1# show hardware temp Temperature Data: ----------------------------------------------------- Fan Temp Sensor 0: 31.12 C Fan Temp Sensor 1: 50.25 C Fan Temp Sensor 2: 32.50 C Power Supply 1 Temp Sensor 0: 29.62 C Power Supply 1 Temp Sensor 1: 36.25 C Power Supply 2 Temp Sensor 0: 0.00 C Power Supply 2 Temp Sensor 1: 0.00 C CPU Module Temp Sensor 0: 33.50 C Switch Fabric Temp Sensor 0: 48.00 C Switch Fabric Temp Sensor 1: 51.00 C Switch Fabric Temp Sensor 2: 48.00 C Switch Fabric Temp Sensor 3: 44.00 C Switch Fabric Temp Sensor 4: 50.00 C Switch Fabric Temp Sensor 5: 47.00 C Switch Fabric Temp Sensor 6: 47.00 C Switch Fabric Temp Sensor 7: 50.00 C plexxi1#

Fan Status You can view the status of the fan modules using the show hardware fans command. plexxi1# show hardware fans Chassis Fan Speeds: ----------------------------------- Fan 1: 4054 RPM Fan 2: 4014 RPM Fan 3: 4093 RPM Fan 4: 4006 RPM Fan 5: 4107 RPM Fan 6: 4014 RPM plexxi1#


Appendix C Working with Plexxi Care Support

If you are working with Plexxi Care Support, there are several types of log files they might request to troubleshoot a switch event such as a reboot.

The commands to generate the files are run from the PRIV-EXEC mode of the Plexxi CLI. You must open the PRIV-EXEC CLI mode as described in the next section before continuing.

Opening the PRIV-EXEC Mode The commands to generate these files are run from the PRIV-EXEC mode of the Plexxi CLI.

To enter the Plexxi CLI PRIV-EXEC mode:

1. Open the Plexxi CLI Shell, at the Bash prompt, enter the following sudo command and then enter the password for admin: admin@switch:~$ sudo px-shell

This opens a prompt such as: plexxi1>


2. Enter the EXEC mode. When you open Plexxi Shell session to a switch, you are automatically in the EXEC mode. The prompt is: switch>

For example, the prompt for a switch named plexxi1: plexxi1>

3. Enter the PRIVILEGED EXEC mode. From the EXEC mode, enter the enable command. For example, on switch Plexxi1: plexxi1> enable plexxi1#


Note: To return to EXEC mode, use the 'disable' command.

Note: If px-shell is not invoked using 'sudo', such as would be the case for a Viewer user account whose default shell is /bin/px-shell, then the 'enable' command is ineffective and elevated modes are not accessible.

Combining show Command Output You can combine the output from show commands (such as version, the running configuration, system resources, interface information, and other hardware details) using the show tech-support command. This combined output enables Plexxi support to gain a perspective on the current state of the system.


Redirecting show Command Output When you generate output, you can page through the output of a show command on the screen; however, it is more practical to redirect the show command output to a local file, For example: plexxi1# show tech-support > support_info.txt

The file is generated text, For example: plexxi1# dir User Files: --------------------------------------------------------- 243264462 Oct 7 2016 17:27 2.3.0 434 March 30 2016 16:44 current_config 380 May 6 2016 10:41 old_config 28034 Oct 4 2016 15:07 support_info.txt

You can then view the contents of the generated text file, For example: plexxi1# show file support_info.txt *** show version detail *** Plexxi Switch version 2.3.0 r#### 10/03/12 14:18:29 Copyright (c) 2016 Plexxi, Inc. All rights reserved. PlexxiSwitch 0.4.32 PlexxiClient 2.3.0-a25 *** show running-config *** ! service password-encryption ! username admin password 8 bJbSh8jND7i1A ! ip domain-name plexxi.com ip name-server 10.10.10.204 ip domain-lookup ! snmp-server community "general" ro . . .

You can now copy that file off the switch to a file server and forward it to Plexxi Support as requested.


Bundling Log Files A Plexxi Switch records verbose system messages in an internal system log. Because the messages can be quite lengthy, it is not practical to include them in the show tech support output. However, if Plexxi Care Support requests these logs, you can use the support log-bundle command — available in PRIV-EXEC (or ENABLE) mode — to bundle the requested logs together. The system log files are gathered into an archived bundle named log-bundle.tar.gz.

To gather these logs into a bundle for Plexxi Care technical support:

1. Display the log files in reverse chronological order by using the show log command in EXEC or PRIV-EXEC mode.

2. Bundle the files using one of the following commands: support log-bundle [days DAYS | hours HOURS] support log-bundle HH:MM [DAY [MONTH [YEAR]]]

If no time period is specified, the command gathers logs from the past 24 hours. However, you can optionally specify a number of days or hours prior, or specify a date and time from which to gather logs.

3. Copy the log-bundle.tar.gz file and send it to Plexxi Care support.

4. If you want, you can delete the log-bundle.tar.gz file from your system using the delete command. The actual system logs are not affected or modified.

Each time you run the support log-bundle command, you overwrite the existing log-bundle.tar.gz file.

Specifying the Number of Days to Include in Log Output If you report that an event occurred recently on a Plexxi Switch, Plexxi Care technical support might ask you to supply a log bundle that covers the period when the event occurred. If an event was "about two days ago", you might be asked to gather three days' worth of logs, as shown in the following example. plexxi1# support log-bundle days 3 Gathering files newer than Sun Jan 20 15:17:19 2016 Written to log-bundle.tar.gz plexxi1# dir User Files: ---------------------------------------------------------

419 Jan 23 2016 14:02 config.txt 275604 Jan 23 2016 15:17 log-bundle.tar.gz

Specifying a Time Another example might be an event that occurred at 2:00 a.m. on Christmas Day. Gathering logs from just prior to the event (say, 1:00 a.m.) might be appropriate: plexxi1# support log-bundle 01:00 25 12 2016 Gathering files newer than Tue Dec 25 01:00:00 2016 Written to log-bundle.tar.gz plexxi1# dir User Files: ---------------------------------------------------------

419 Jan 23 2016 14:02 config.txt 4108450 Jan 23 2016 15:21 log-bundle.tar.gz


Copying Plexxi Switch Core Files In the rare event of software crashes, the switch software creates core files that may provide useful information for Plexxi support. This section describes how to copy the core files for transmittal to Plexxi.

Checking for Core Files To see if system core files have been generated, use the show system cores command. For example: plexxi1# show system cores System Core Files --------------------------------------------------------- 18358272 Jan 22 2016 13:16 nsm_1358878580_1644.core

Copying a Core File to Another Network Host You can copy the core file from the core file disk space to another network host using the copy command and a core:// style URL to refer to the core filename.

For example: plexxi1# copy core://nsm_1358878580_1644.core scp://<username>@<host>/ <path>/nsm.core Password:

Copying a Core File to Local User Disk Space You can copy the core file to the local user disk space using the copy command and a core:// style URL to refer to the core filename. For example: plexxi1# copy core://nsm_1358878580_1644.core keep_this_nsm.core

You can check for the new filename by using the dir command. For example: plexxi1# dir User Files: ---------------------------------------------------------

484 Jan 23 2016 14:02 config.txt 18358272 Jan 22 2016 15:21 keep_this_nsm.core 264629316 Jan 18 2016 09:52 latest.tar.gz

IMPORTANT: You cannot copy core files into the Plexxi Switch core file area: For example: plexxi1# copy keep_this_nsm.core core://nsm.core % Bad destination plexxi1# show system cores System Core Files: -------------------------------------------------

Verifying a Core File in its Original Location You can verify the switch core file is still in its original location. plexxi1# show system cores System Core Files: --------------------------------------------------------- 18358272 Jan 22 2016 13:16 nsm_1358878580_1644.core

Deleting Core Files At this point, you may want to delete the original core file and verify its deletion. plexxi1# delete core://nsm_1358878580_1644.core plexxi1# show system cores System Core Files: ---------------------------------------------------------

To delete all core files on the system core file disk space, you can use the clear cores command.

Plexxi 4.0.0 Switch Admin-CLI Guide 5-3-2018 · Plexxi Switch Administrator Guide using Linux and Plexxi CLI, 4.0.0 2 Legal Notices The information contained herein is subject to

Documents