Reference Guide
Table Of Contents
- OS10 Enterprise Edition User Guide Release 10.4.0E(R2)
- Getting Started
- Download OS10 image and license
- Installation
- Log into OS10
- Install OS10 license
- Remote access
- Upgrade OS10
- CLI Basics
- User accounts
- Key CLI features
- CLI command modes
- CLI command hierarchy
- CLI command categories
- CONFIGURATION Mode
- Command help
- Check device status
- Candidate configuration
- Change to transaction-based configuration
- Copy running configuration
- Restore startup configuration
- Reload system image
- Filter show commands
- Alias command
- Batch mode commands
- Linux shell commands
- SSH commands
- OS9 environment commands
- Common commands
- alias
- alias (multi-line)
- batch
- boot
- commit
- configure
- copy
- default (alias)
- delete
- description (alias)
- dir
- discard
- do
- feature config-os9-style
- exit
- license
- line (alias)
- lock
- management route
- move
- no
- reload
- show alias
- show boot
- show candidate-configuration
- show environment
- show inventory
- show ip management-route
- show ipv6 management-route
- show license status
- show running-configuration
- show startup-configuration
- show system
- show version
- start
- system
- system identifier
- terminal
- traceroute
- unlock
- write
- Interfaces
- Ethernet interfaces
- Unified port groups
- L2 mode configuration
- L3 mode configuration
- Fibre Channel interfaces
- Management interface
- VLAN interfaces
- User-configured default VLAN
- Loopback interfaces
- Port-channel interfaces
- Configure interface ranges
- Switch-port profiles
- Configure breakout mode
- Breakout auto-configuration
- Reset default configuration
- Forward error correction
- Energy-efficient Ethernet
- View interface configuration
- Interface commands
- channel-group
- default interface
- default vlan-id
- description (Interface)
- duplex
- enable auto-breakout
- fec
- interface breakout
- interface ethernet
- interface loopback
- interface mgmt
- interface null
- interface port-channel
- interface range
- interface vlan
- link-bundle-utilization
- mgmt
- mode
- mtu
- port-group
- show interface
- show link-bundle-utilization
- show port-channel summary
- show port-group
- show switch-port-profile
- show vlan
- shutdown
- speed (Fibre Channel)
- speed (Management)
- switch-port-profile
- switchport access vlan
- switchport mode
- switchport trunk allowed vlan
- Fibre channel
- Fibre Channel over Ethernet
- Terminology
- Virtual fabric
- Fibre Channel zoning
- F_Port on Ethernet
- F_Port, NPG, and FCoE commands
- clear fcoe database
- clear fcoe statistics
- fc alias
- fc zone
- fc zoneset
- fcoe
- fcoe max-sessions-per-enodemac
- feature fc
- feature fc npg
- feature fip-snooping
- fip-snooping enable
- fip-snooping fc-map
- fip-snooping port-mode fcf
- member (alias)
- member (zone)
- member (zoneset)
- name
- show fc alias
- show fc ns switch
- show fc statistics
- show fc switch
- show fc zone
- show fc zoneset
- show fcoe enode
- show fcoe fcf
- show fcoe sessions
- show fcoe statistics
- show fcoe system
- show fcoe vlan
- show npg devices
- show running-config vfabric
- show vfabric
- vfabric
- vfabric (interface)
- vlan
- zone default-zone permit
- zoneset activate
- Layer 2
- 802.1X
- Link aggregation control protocol
- Link layer discovery protocol
- Protocol data units
- Optional TLVs
- Organizationally-specific TLVs
- Media endpoint discovery
- Network connectivity device
- LLDP-MED capabilities TLV
- Network policies TLVs
- Define network policies
- Packet timer values
- Disable and re-enable LLDP
- Disable and re-enable LLDP on management ports
- Advertise TLVs
- Network policy advertisement
- Fast start repeat count
- View LLDP configuration
- Adjacent agent advertisements
- Time to live
- LLDP commands
- Media Access Control
- Multiple spanning-tree protocol
- Rapid per-VLAN spanning-tree plus
- Rapid spanning-tree protocol
- Virtual LANs
- Port monitoring
- Layer 3
- Border gateway protocol
- Sessions and peers
- Route reflectors
- Multiprotocol BGP
- Attributes
- Selection criteria
- Weight and local preference
- Multiexit discriminators
- Origin
- AS path and next-hop
- Best path selection
- More path support
- Advertise cost
- 4-Byte AS numbers
- AS number migration
- Configure border gateway protocol
- Enable BGP
- Configure Dual Stack
- Peer templates
- Neighbor fall-over
- Fast external fallover
- Passive peering
- Local AS
- AS number limit
- Redistribute routes
- Additional paths
- MED attributes
- Local preference attribute
- Weight attribute
- Enable multipath
- Route-map filters
- Route reflector clusters
- Aggregate routes
- Confederations
- Route dampening
- Timers
- Neighbor soft-reconfiguration
- BGP commands
- Equal cost multi-path
- IPv4 routing
- IPv6 routing
- Internet group management protocol
- Open shortest path first
- Object tracking manager
- Policy-based routing
- Virtual routing and forwarding
- Virtual router redundancy protocol
- Border gateway protocol
- UFT modes
- System management
- Access Control Lists
- IP ACLs
- MAC ACLs
- IP fragment handling
- L3 ACL rules
- Assign sequence number to filter
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- continue Clause
- ACL flow-based monitoring
- Enable flow-based monitoring
- ACL commands
- clear ip access-list counters
- clear ipv6 access-list counters
- clear mac access-list counters
- deny
- deny (IPv6)
- deny (MAC)
- deny icmp
- deny icmp (IPv6)
- deny ip
- deny ipv6
- deny tcp
- deny tcp (IPv6)
- deny udp
- deny udp (IPv6)
- description
- ip access-group
- ip access-list
- ip as-path deny
- ip as-path permit
- ip community-list standard deny
- ip community–list standard permit
- ip extcommunity-list standard deny
- ip extcommunity-list standard permit
- ip prefix-list description
- ip prefix-list deny
- ip prefix-list permit
- ip prefix-list seq deny
- ip prefix-list seq permit
- ipv6 access-group
- ipv6 access-list
- ipv6 prefix-list deny
- ipv6 prefix-list description
- ipv6 prefix-list permit
- ipv6 prefix-list seq deny
- ipv6 prefix-list seq permit
- mac access-group
- mac access-list
- permit
- permit (IPv6)
- permit (MAC)
- permit icmp
- permit icmp (IPv6)
- permit ip
- permit ipv6
- permit tcp
- permit tcp (IPv6)
- permit udp
- permit udp (IPv6)
- remark
- seq deny
- seq deny (IPv6)
- seq deny (MAC)
- seq deny icmp
- seq deny icmp (IPv6)
- seq deny ip
- seq deny ipv6
- seq deny tcp
- seq deny tcp (IPv6)
- seq deny udp
- seq deny udp (IPv6)
- seq permit
- seq permit (IPv6)
- seq permit (MAC)
- seq permit icmp
- seq permit icmp (IPv6)
- seq permit ip
- seq permit ipv6
- seq permit tcp
- seq permit tcp (IPv6)
- seq permit udp
- seq permit udp (IPv6)
- show access-group
- show access-lists
- show ip as-path-access-list
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- Route-map commands
- continue
- match as-path
- match community
- match extcommunity
- match interface
- match ip address
- match ip next-hop
- match ipv6 address
- match ipv6 next-hop
- match metric
- match origin
- match route-type
- match tag
- route-map
- set comm-list add
- set comm-list delete
- set community
- set extcomm-list add
- set extcomm-list delete
- set extcommunity
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show route-map
- Quality of service
- Configure quality of service
- Ingress traffic classification
- Egress traffic classification
- Policing traffic
- Mark Traffic
- Color traffic
- Modify packet fields
- Shaping traffic
- Bandwidth allocation
- Strict priority queuing
- Buffer management
- Congestion avoidance
- Storm control
- QoS commands
- bandwidth
- class
- class-map
- clear interface priority-flow-control
- clear qos statistics
- clear qos statistics type
- control-plane
- flowcontrol
- match
- match cos
- match dscp
- match precedence
- match qos-group
- match vlan
- mtu
- pause
- pfc-cos
- pfc-max-buffer-size
- pfc-shared-buffer-size
- pfc-shared-headroom-buffer-size
- police
- policy-map
- priority
- priority-flow-control mode
- qos-group dot1p
- qos-group dscp
- queue-limit
- queue bandwidth
- queue qos-group
- random-detect (interface)
- random-detect (queue)
- random-detect color
- random-detect ecn
- random-detect pool
- random-detect weight
- service-policy
- set cos
- set dscp
- set qos-group
- shape
- show class-map
- show control-plane info
- show control-plane statistics
- show interface priority-flow-control
- show qos interface
- show policy-map
- show qos control-plane
- show qos egress bufffers interface
- show egress buffer-stats interface
- show qos ingress buffers interface
- show ingress buffer-stats interface
- show queuing statistics
- show qos system
- show qos system buffers
- show qos maps
- show qos wred-profile
- system qos
- trust
- trust dot1p-map
- trust dscp-map
- qos-map traffic-class
- trust-map
- wred
- Virtual link trunking
- Converged data center services
- sFlow
- Troubleshoot OS10
- Support resources
• Enter an ORIGIN attribute in ROUTE-MAP mode.
set origin {egp | igp | incomplete}
• Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295.
set tag tag-value
• Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535.
set weight value
Check set conditions
OS10(config)# route-map ip permit 1
OS10(conf-route-map)# match metric 2567
continue Clause
Only BGP route-maps support the continue clause. When a match is found, set clauses run and the packet is forwarded — no route-
map processing occurs. If you congure the continue clause without conguring a module, the next sequential module processes.
If you congure the continue command at the end of a module, the next module processes even after a match is found. The example
shows a continue clause at the end of a route-map module — if a match is found in the route-map test module 10, module 30 processes.
Route-map continue clause
OS10(config)# route-map test permit 10
OS10(conf-route-map)# continue 30
ACL ow-based monitoring
Flow-based monitoring conserves bandwidth by selecting only the required ow to be mirrored instead of mirroring entire packets from an
interface. This feature is available for L2 and L3 ingress trac. Specify ow-based monitoring using ACL rules. Flow-based monitoring
copies incoming packets that match the ACL rules applied on the ingress port and forwards (mirrors) them to another port. The source
port is the monitored port (MD), and the destination port is the monitoring port (MG).
When a packet arrives at a monitored port, the packet validates against the congured ACL rules. If the packet matches an ACL rule, the
system examines the corresponding ow processor and performs the action specied for that port. If the mirroring action is set in the ow
processor entry, the port details are sent to the destination port.
Flow-based mirroring
Flow-based mirroring is a mirroring session in which trac matches specied policies that are mirrored to a destination port. Port-based
mirroring maintains a database that contains all monitoring sessions, including port monitor sessions. The database has information
regarding the sessions that are enabled or not enabled for ow-based monitoring. Flow-based mirroring is also known as policy-based
mirroring.
To activate ow-based mirroring, use the flow-based enable command. Trac with particular ows that are traversing through the
ingress interfaces are examined. Appropriate ACL rules apply in the ingress direction. By default, ow-based mirroring is not enabled.
To enable the evaluation and replication of trac traversing to the destination port, congure the monitor option with the permit, deny,
or
seq commands for ACLs assigned to the source or the monitored port (MD). Enter the keywords capture session session-id
with the seq, permit, or deny command for the ACL rules to allow or drop IPv4, IPv6, ARP, UDP, EtherType, ICMP, and TCP packets.
IPV4-ACL mode
seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]]
[fragments] [threshold-in-msgs count] [capture session session-id]
486
Access Control Lists