Show Menu
Cheatography
  1. Home >
  2. Software >

A10 - ACOS System Configuration & Administration Cheat Sheet by

Management commands for A10 Thunder TPS Device.

Commands

enable
To access the Privileged EXEC level of the CLI and allow access to all config­uration levels.
 
config
To access the global config­uration level.
 
clear console
Terminate the current login process and start a new one.

Time & Date Parameters

#show clock
Shows the time.
 
#clock set 19:15:33 December 17 2023
The following example sets the time to 7:15 PM and 33 seconds on December 17, 2015 (for times beyond 12:00 PM, use 24-hour notation).
 
#timezone Europe­/Is­tanbul
The following example sets the timezone to Europe­/Is­tanbul.
 
#ntp server 216.17­1.1­24.36
To configure a preferred NTP server.
 
#prefer
Then use the prefer command to make this the preferred server:.
 
#ntp auth-key 13579 M ascii XxEnc192
Create authen­tic­ation keys (13579).
 
#ntp truste­d-key 13579
Add key (13579) to the list of trusted keys.
 
#ntp server 207.69.13­1.204
Configure the NTP server at 207.69.13­1.204 to use trusted key (13579).
 
#show runnin­g-c­onfig | include ntp
Verify the NTP server and authen­tic­ation key config­ura­tion.

Basic System Parameters

#hostname ACOS-TPS2
Change the hostname.
 
#ip dns suffix a10net­wor­ks.com
To set the default domain name (DNS suffix) for host names on the ACOS device.
 
#ip dns primary 10.10.1­28.101
To set the primary DNS server for resolving DNS requests.
 
#ip dns secondary 10.10.1­28.102
To set the secondary DNS server for resolving DNS requests.
 
#show runnin­g-c­onfig | include dns
Show runnin­g-c­onfig command to view your config­ura­tion.
 
#banner login “welcome to login mode”
To set the login banner.
 
#banner login “welcome to exec mode”
To set the exec banner.
 
#web-s­ervice secure wipe
 
#import cert
To import a CA-signed certif­icate.
 
#interface management
Puts you in interface management mode, where you can continue the management interface config­ura­tion.
 
#ip address 192.16­8.10.2 /24
To configure IPv4 access.
 
#ip defaul­t-g­ateway 192.16­8.2.1
To configure IPv4 access.
 
#ipv6 address 2001:d­b8:­:2/32
To configure IPv6 access.
 
#ipv6 defaul­t-g­ateway 2001:d­b8::1
To configure IPv6 access.
 
#show interfaces management
To verify the config­ura­tion.

System Parameters

#secur­ity­-reset
Destroys all sensitive inform­ation.
 
#snmp-­server SNMPv3
SNMPv3 Config­uration
 
#system fips enable
Enabling FIPS.
 
#system fips disable
Disabling FIPS.
 
#system defaul­t-mtu
To configure the MTU for supported physical and logical ports at the global config­uration level.
 
#syste­m-j­umb­o-g­lobal enable­-jumbo
To enable jumbo frame support on FTA models.
 
#syste­m-j­umb­o-g­lobal enable­-jumbo

#write memory

#reboot
To enable jumbo frame support on a non-FTA model.
 
#no system­-ju­mbo­-global enable­-jumbo
To disable jumbo frame support on FTA models.
 
#no system­-ju­mbo­-global enable­-jumbo

#write memory

#reboot
To disable jumbo frame support on a non-FTA model.
 
#system defaul­t-mtu 9216
To configure the MTU for all interface ports at the global config­uration level.
 
#interface ethernet 1

mtu 1800
To change the MTU on a particular interface, use the mtu command at the config­uration level for the interface.
 
#show interface ve 300
To view VE interface inform­ation.
 
#show interface ethernet 15
To view Ethernet interface inform­ation.

SSL

#import key
To import a key. (RSA & ECDSA)
 
#import cert
To import a CA-signed certif­­icate. (RSA & ECDSA)
 
#web-s­ervice secure privat­e-key load
(RSA & ECDSA)
 
#web-s­ervice secure certif­icate load
(RSA & ECDSA)
 
#import glm-cert
(RSA)
 
#sshd key load
(RSA)
 
#ssh-p­ubkey import
(RSA)

Backup

#backup system scp://­exa­mpl­eus­er@­192.16­8.3.3/­hom­e/u­ser­s/e­xam­ple­use­r/b­ack­ups­/ba­cku­pfi­le.t­ar.gz
To creates a backup of the system (start­up-­config file, aFleX scripts, and SSL certif­icates and keys) on a remote server using SCP.
 
#backup log period 1 use-mg­mt-port scp://­exa­mpl­eus­er@­192.16­8.3.3/­hom­e/u­ser­s/e­xam­ple­use­r/b­ack­ups­/ba­cku­plo­g.t­ar.gz
To creates a daily backup of the log entries in the syslog buffer. The connection to the remote server will be establ­ished using SCP on the management interface (use-m­gmt­-port).

Config­uration Management

#write memory
Replaces the config­uration profile in the image area with the runnin­g-c­onfig.
 
#write force
Forces the ACOS device to save the config­uration regardless of whether the system is ready.
 
#write memory primary
Replaces the config­uration profile stored in the primary image area with the runnin­g-c­onfig
 
#write memory secondary
Replaces the config­uration profile stored in the secondary image area with the runnin­g-c­onfig.
 
#write memory profil­e-name
The ACOS device replaces the commands in the specified profil­e-name with the runnin­g-c­onfig.
 
#show startu­p-c­onfig
To view locally stored config­uration inform­ation.
 
#show startu­p-c­onfig all
To display a list of the locally stored config­uration profiles.
 
#show startu­p-c­onfig profile profil­e-name
Displays the commands that are in the specified config­uration profile.
 
#copy
To copy config­ura­tions.
 
#copy startu­p-c­onfig profil­e-name
Copies the config­uration profile that is currently linked to “start­up-­config” and saves the copy under the specified profil­e-name.
 
#copy startu­p-c­onfig runnin­g-c­onfig
Copies the config­uration profile that is currently linked to “start­up-­config” and replaces the current runnin­g-c­onfig.
 
#copy runnin­g-c­onfig startu­p-c­onfig
Copies the runnin­g-c­onfig and saves it to the config­uration profile currently linked to the startu­p-c­onfig.
 
#diff startu­p-c­onfig runnin­g-c­onfig
Compares the config­uration profile that is currently linked to “start­up-­config” with the runnin­g-c­onfig.
 
#diff startu­p-c­onfig profil­e-name
Compares the config­uration profile that is currently linked to “start­up-­config” with the specified config­uration profil­e-name.
 
#diff profil­e-name1 profil­e-name2
To compare any two config­uration profiles.
 
#link
To link config­uration profiles.
 
#link startu­p-c­onfig test-p­rofile primary
To links the startu­p-c­onfig to a new profile called test_p­rofile.
 
#link startu­p-c­onfig default
To relink “start­up-­config” to the config­uration profile stored in the image area.
 
#delete
To delete config­ura­tions.
 
#delete startu­p-c­onfig test_p­rofile1
To remove a specific config­uration profile.

Source Interface for Management Traffic

#show ip route mgmt
To display the routes in the management route table.
 
#show ip route
To display the data plane routes.
 
#show ip fib
To display the data plane routes.
 
#show techsu­pport
To display general inform­ation about the router when reporting a problem.
 
#ip contro­l-a­pps­-us­e-m­gmt­-port
To management interface as the source interface for automated management traffic is enable. (Execute in 
interface management
)
 
#interface loopback 2

#ip address 10.10.1­0.66 /24

#exit
To configure an IP address on loopback interface 2.
 
#ip mgmt-t­raffic all source­-in­terface loopback 2
To configures the ACOS device to use loopback interface 2 as the source interface for management traffic of all types listed above.

Boot Options

#show version
To shows storage area inform­ation.
 
#show bootimage
To view the storage location for future reboots.
 
#bootimage hd sec
To configure the ACOS device to use the secondary storage area on the SSD or hard drive for future reboots, and verify the setting.

Fail-Safe Automatic Recovery

#fail-safe fpga-b­uff­-re­cov­ery­-th­reshold 2
Trigger the fail-safe recovery if the number of free (avail­able) FPGA buffers drops below 2 long enough for the recovery timeout to occur.
 
#fail-safe sw-err­or-­rec­ove­ry-­timeout 3
Trigger the fail-safe recovery if a software error remains in effect for longer than 3 minutes.
 
#show fail-safe config
Verify the config­ura­tion.
 
#show fail-safe inform­ation
To output differs between models that use FPGAs in hardware and models that do not.
 
#system asic-m­mu-­fai­l-safe recove­ry-­thr­eshold 5
To configures the error threshold count to 5 (the default value is 2).
 
#fail-safe total-­mem­ory­-si­ze-­check 5 log
The fail-safe feature will be triggered when the total memory size is less than 5 GB. When this happens, this event will be logged.

Power On Auto Provis­ioning

#show poap
To show the status (enabled or disabled) of POAP mode.

Monitoring Tools

glid 1
  pkt-rate-limit 4
  over-limit-action drop
!
ddos src entry src-v41 10.10.71.7
  log-enable
  log-periodic
  l4-type tcp
    glid 1
!
system ddos-a­ttack log
!
To configure a custom packet rate limit for TCP traffic from a source, and enable logging of DDoS events for the source.
ddos template logging default
  log-format-cef
  use-obj-name
!
Enable CEF and object name display for DDoS event messages.
ddos dst entry dst-host8 10.10.10.8
  log-enable
  log-periodic
! vsystem ddos-a­ttack log
!
For the template to be used, DDoS event logging also must be enabled globally and in the individual rules that will use logging.
 
#logging single­-pr­iority error
 
#logging email buffer
To configure log email settings.
 
#logging email buffer number 32 time 30
To configures the ACOS device to buffer log messages to be emailed. Messages will be emailed only when the buffer reaches 32 messages, or 30 minutes passes since the previous log message email, whichever happens first.
 
#logging email filter 1 "­level inform­ation pattern abc and"
To configures a filter that matches on log messages if they are inform­ati­on-­level messages and contain the string “abc”. The messages will be buffered and not emailed immedi­ately.
 
#logging email filter 1 "­level inform­ation pattern abc and" trigger
To reconf­igures the filter to immedi­ately email matching messages by using the trigger option.
ddos template logging default
  log-format-cef
  use-obj-name
!
To configure the default DDoS logging template.
glid 2
  conn-limit 800000
!
To configure GLID 2, to set a custom connection limit.
ddos src entry v4-71 192.168.71.7
  log-enable
  log-periodic
  l4-type tcp
    glid 2
!
To configure a rule for source 192.16­8.71.7
glid 3
  bit-rate-limit 8000000
!
To configure GLID 3, to set a custom bandwidth limit (bit rate).
ddos dst entry dst-81 10.10.10.8
  log-enable
  log-periodic
  l4-type tcp
    glid 3
!
To configure a rule for protected destin­ation 10.10.10.8
system ddos-a­ttack log
!
To globally enables DDoS event logging.
ddos protection enable
!
To enables DDoS Mitiga­tion.
 
#snmp-­server enable traps
To enable SNMP traps.
 
#snmp-­server enable traps system start
To enables system start traps.
 
#snmp-­server view
To configure an SNPM view.
 
#snmp-­server view exampl­eview 1.2.3 included
To creates a view called “examp­leview” which includes OID 1.2.3
 
#snmp-­server SNMPv1-v2c user u1

#community read exampl­estring

#show runnin­g-c­onfig | sec snmp
To configure an SNMP community string for SNMPv1 or SNMPv2c users.
 
#snmp-­server view exampl­eview 1.2.3 included

#snmp-­server group exampl­egroup v3 auth read exampl­eview

#snmp-­server SNMPv3 user exampl­euser group exampl­egroup v3 auth md5 exampl­epa­ssword1 priv aes exampl­epa­ssword2

#show runnin­g-c­onfig | sec snmp
To configure an SNMP community string for SNMPv3 users.
 
#remote 192.16­8.20.1 /24
To restrict access to allow only specific remote hosts to access SNMP data
 
#oid 1.2.3

remote 192.16­8.40.1 255.25­5.255.0
To restrict access so that only a specific OID (1.2.3) can be accessed by the specified hosts (subnets 192.16­8.30.x and 192.16­8.4­0.x).
 
#snmp-­server group exampl­egroup v3 priv read exampl­eview
To configure an SNMP group.
 
#snmp-­server view exampl­eview 1.2.3 included

#snmp-­server group exampl­egroup v3 auth read exampl­eview

#snmp-­server SNMPv3 user exampl­euser group exampl­egroup v3 auth md5 exampl­epa­ssword1 priv aes exampl­epa­ssword2
Shows how to configure an SNMPv3 user “examp­leu­ser”, who is a member in “examp­leg­roup”, which is part of “examp­lev­iew”.
 
#snmp enable traps system ?
Note that using the ? allows you to see all SNMP traps within the category before activating that category.
 
#snmp enable traps system packet­-drop
To enables SNMP traps for all packet drops performed by the system.
 
#snmp-­server location exampl­e-l­ocation
To configure location inform­ation.
 
#snmp-­server contact exampl­e-c­ontact
To configure contact inform­ation.
 
#snmp-­server host exampl­e-t­rap­-host
To configure external SNMP trap receivers.
 
#snmp-­server community read exampl­e-c­omm­uni­ty-­string
To configure one or more read-only commun­ities.
 
snmp-s­erver view exampl­e-v­iew­-name exampl­e-oid included
To configure an SNMP view.
 
#snmp-­server group exampl­e-g­rou­-name v3 auth read exampl­e-r­ead­-vi­ew-name
To configure an SNMP group.
 
#snmp-­server user exampl­e-user group exampl­e-group v3 auth md5 exampl­e-p­assword
To configure an SNMP user.
 
#snmp-­server enable traps all
To enable the SNMP agent and SNMP traps.
 
#mirro­r-port
To configure mirror ports.
 
#mirro­r-port 1 ethernet 4
Example for mirror ports.
 
#mirro­r-port 2 ethernet 7 output
Example for mirror ports.
 
#mirro­r-port 3 ethernet 9
Example for mirror ports.
 
#mirro­r-port 4 ethernet 3 input
Example for mirror ports.
 
#show mirror
Verifies the mirror config­ura­tion.
 
#interface ethernet 1

#monitor input 1
To access the config­uration level for Ethernet interface 1 and enable monitoring of its traffic.
 
#interface ethernet 2

#monitor output 2
To access the config­uration level for Ethernet interface 2 and enable monitoring of its traffic.
 
#interface ethernet 2

#no monitor output 2
To removing the monitor config­ura­tion.
 
#no mirror­-port 2 ethernet 7 output
To removing the mirror port config­ura­tion.
 
#ddos template monitor 1

#monitor link-down eth 5 sequence 1

#monitor link-down eth 6 sequence 2

#monitor link-down eth 9 sequence 3

#monitor link-down eth 10 sequence 4
To configure monitor template 1 and the physical data interfaces and events to monitor.
 
#action clear sessions sequence 1
#action link-d­isable eth 5 sequence 2
#action link-d­isable eth 6 sequence 3
#action link-d­isable eth 9 sequence 4
#action link-d­isable eth 10 sequence 5
#exit
To configure the actions to take when a monitored event is detected.
 
#system template monitor 1
To activates the template, to place it into effect.
 
#clear session
To clears only data sessions.
 
#clear sessions all
To clear all sessions.

NetFlow

#netflow monitor test
#record netflow-v5
#record netflow-v5-ext
#destination 10.10.3.2
#show netflow monitor
To configure a NetFlow monitor named “test” to collect all NetFlow v5-com­patible flow records and export them to the host at IP 10.10.3.2
 
#netflow monitor test
#protocol v10
#resend-template records 2
#source-address ip 10.10.3.1
#record ddos-general-stat
#record ddos-http-stat
#destination 10.10.3.2
#show netflow monitor
To configure a NetFlow monitor named “test” used to export DDoS general statistics and DDoS HTTP statistics to the host IP 10.10.3.2 using IPFIX.

Network Address Transl­ation (NAT)

#ip nat pool p1 172.16­8.6.100 172.16­8.6.100 netmask /24
#ddos dst entry ip-dst­-entry 10.10.6.50
#l4-type udp
#stateful
#exit
#source-nat-pool p1
#exit
Stateful session mode is required but is disabled by default for UDP. To configure NAT at the Layer 4 UDP level or on individual UDP ports within a rule, you first must enable stateful mode. The following example configures source NAT for client traffic allowed to go to destin­ation 10.10.6.50
 
#ddos dst entry ip-des­t-entry 10.10.6.60
#dest-nat 192.16­8.6.50
To configure destin­ation NAT for destin­ation 10.10.6.60
 
#acces­s-list 1 permit 10.1.1.0 0.0.0.255
#ip nat pool pptp-pool 192.16­8.1.100 192.16­8.1.110 netmask /24
Define the ACL and configure the IP address pool.
 
#interface ethernet 1
#ip address 10.2.2.254 255.255.255.0
#ip nat inside
#exit
#interface ethernet 2
#ip address 10.3.3.254 255.255.255.0
#ip nat outside
Enable inside source NAT and outside source NAT on the interf­aces.
 
show ip nat alg pptp statistics
To displays PPTP NAT ALG statis­tics.
Make sure you are in Global Config­­ur­ation mode.

System Command Reference

ACOS>
User EXEC Level. This is the first level entered when a CLI session begins. At this level, users can view basic system inform­ation but cannot configure system or port parame­ters. (>)
 
ACOS#
Privileged EXEC Level. Critical commands (confi­gur­ation and manage­ment) require that the user be at the “Privi­leged EXEC” level. To change to the Privileged EXEC level, type 
enable
then press Enter at the 
ACOS>
prompt. (#)
 
ACOS(c­onfig)#
Privileged EXEC Level - Config Mode. The Privileged EXEC level’s config­uration mode is used to configure the system IP address and to configure switching and routing features. To access the config­uration mode, you must first be logged into the Privileged EXEC level. Enter the 
config
command.
 
?
System prompt to display a list of available commands for each command mode. The contex­t-s­ens­itive help feature provides a list of the arguments and keywords available for any command.
 
#terminal history size 500
#show terminal | sec history
To set the buffer size for the current session. For example, to set the buffer to 500, then verify the change with the show terminal command.
 
no terminal history size
To reset the buffer size for this session to the default value.
 
> show history
While in EXEC mode, lists the most recent commands entered.
 
begin string
Begins the output with the line containing the specified string.
 
include string
Displays only the output lines that contain the specified string.
 
exclude string
Displays only the output lines that do not contain the specified string.
 
section string
Displays only the lines for the specified section (for example, “ddos dst entry”, or “loggi­ng”). To display all DDoS-r­elated config­uration lines, you can enter “ddos”.
 
|
Delimiter between the 
show
command and the display filter.
 
show arp | include 192.16­8.1.3*
The output filter in this example displays only the ARP entries that contain IP addresses that match “192.1­68.1.3” and any value following “3”. The asterisk ( * ) matches on any pattern following the “3”.
 
show startu­p-c­onfig | section logging
To displays the startu­p-c­onfig lines for “loggi­ng".
 
enable
Enter privileged EXEC mode, or any other security level set by a system admini­str­ator.
 
exit
When used from User EXEC mode, this command closes an active terminal session by logging off the system. In any other mode, it will move the user to the previous config­uration level.
 
help
Display a descri­ption of the intera­ctive help system of the ACOS device.
 
no
Most config­uration commands have a 
no
form. Typically, you use the no form to disable a feature or function. The command without the 
no
keyword is used to re-enable a disabled feature or to enable a feature that is disabled by default.
 
ping
Send an ICMP echo packet to test network connec­tivity.
 
show
Show system or config­uration inform­ation.
 
ssh
Establish a Secure Shell (SSH) connection from the Thunder Series to another device.
 
telnet
Open a Telnet tunnel connection from the Thunder Series to another device.
 
traceroute
Display the router hops through which a packet sent from the ACOS device can reach a remote device.
 
axdebug
Access the AXdebug subsystem.
 
backup log
Configure log backup options and save a backup of the system log.
 
backup system
Back up the system. The startu­p-c­onfig file, and SSL certif­icates and keys will be backed up to a tar file.
 
clear
Clear statistics or reset functions. Sub-co­mmand parameters are required for specific sub-co­mmands.
 
clock
Set the system time and date.
 
configure
Enter Global config­uration mode from the Privileged EXEC mode.
 
ddos run-ti­me-­use­r-s­tring
Set the DDoS runtime user string. The runtime user string provides a way to add a nonper­sistent memo to the device. The runtime user string does not appear in the runnin­gconfig and is not saved across reboots or reloads.
 
debug
Access debug options.
 
diff
Display a side-b­y-side comparison of the commands in a pair of locally stored config­ura­tions.
 
disable
Exit the Privileged EXEC mode and enter the EXEC mode.
 
enable­-bg­p-a­dve­rti­sement
Enable BGP advert­ise­ments.
 
exit
Exit the Privileged EXEC mode and enter the EXEC Mode.
 
export
Export a file to a remote site using the specified transport method.
 
help
Display a descri­ption of the intera­ctive help system of the ACOS device.
 
import
Get a file from a remote site.
 
locale
Set the locale for the current terminal session.
 
no
Negate a command or set it to its default setting.
 
ping
Test network connec­tivity.
 
reboot
Reboot the device.
 
reload
Restart ACOS system processes and reload the startu­p-c­onfig, without rebooting.
 
repeat
Period­ically re-enter a 
show
command.
 
show
Display system or config­uration inform­ation.
 
shutdown
Schedule a system shutdown at a specified time or after a specified interval, or cancel a scheduled system shutdown.
 
ssh
Establish a Secure Shell (SSH) connection from the Thunder Series to another device.
 
telnet
Establish a Telnet connection from the ACOS device to another device.
 
terminal
Set terminal display parameters for the current session.
 
traceroute
Display the route hops to a destin­ation.
 
write force
Forces the ACOS device to save the config­uration regardless of whether the system is ready.
 
write memory
Write the runnin­g-c­onfig to a config­uration profile.
 
write terminal
Display the current runnin­g-c­onfig on your terminal.

System Command Reference 2

access­-list
Standard. Configure a standard Access Control List (ACL) to permit or deny source IP addresses.
 
access­-list
Extended. Configure an extended Access Control List (ACL) to permit or deny traffic based on source and destin­ation IP addresses, IP protocol, and TCP/UDP ports.
 
accounting
Configure TACACS+ as the accounting method for recording inform­ation about user activi­ties.
 
admin
Configure an admin account for management access to ACOS.
 
admin-­lockout
Set lockout parameters for admin sessions.
 
admin-­session clear
Clear current ACOS admin sessions.
 
arp
Create a static ARP entry.
 
arp-ti­meout
Change the aging timer for dynamic ARP entries.
 
audit
Configure command auditing.
 
authen­tic­ation console type
Configure a console authen­tic­ation type.
 
authen­tic­ation enable
Config­uration authen­tic­ation of admin enable (Privi­leged mode) access.
 
authen­tic­ation login privil­ege­-mode
Place admins into the CLI directly at the Privileged EXEC level following successful authen­tic­ation. The admin does not need to navigate to the Privileged EXEC level from the User EXEC level.
 
authen­tic­ation mode
Enable tiered authen­tic­ation.
 
authen­tic­ation multip­le-­aut­h-r­eject
Configure support for multiple concurrent admin sessions using the same account.
 
authen­tic­ation type
Set the authen­tic­ation method used to authen­ticate admini­str­ative access to ACOS.
 
author­ization
Configure author­ization for contro­lling access to functions in the CLI. The ACOS device can use TACACS+ for author­izing commands executed under a specified privilege level. This command also allows you to specify the level for author­ization debugging.
 
backup log
Configure log backup options and save a backup of the system log.
 
backup store
Configure and save file access inform­ation for backup. When you back up system inform­ation, you can save typing by specifying the name of the store instead of the options in the store.
 
backup system
Back up the system. The startu­p-c­onfig file, and SSL certif­icates and keys will be backed up to a tar file.
 
backup­-pe­riodic
Schedule periodic backups.
 
banner
Set the banners to be displayed when an admin logs onto the CLI or accesses the Privileged EXEC mode.
 
bfd echo
Enables echo support for Bidire­ctional Forwarding Detection (BFD).
 
bfd enable
Globally enable BFD packet proces­sing.
 
bfd interval
Configure BFD timers.
 
bgp
The commands in this section apply globally to the BGP process running on the ACOS device.
 
bootimage
Specify the boot image location from which to load the system image the next time the Thunder Series is rebooted.
 
boot-b­loc­k-fix
Repair the master boot record (MBR) on the hard drive or compact flash.
 
bridge­-vl­an-­group
Configure a bridge VLAN group for VLAN-t­o-VLAN bridging.
 
captur­e-c­onfig
This command configures DDoS packet capture so that the packets causing DDoS violations can be reviewed and analyzed.
 
class-list
Configure a class list.
 
conver­t-s­tar­tup­-config
Convert config­uration profile from version 3.0/3.1 to 3.2.
 
copy
Copy a runnin­g-c­onfig or startu­p-c­onfig.
 
ddos
Configure DDoS Mitigation settings.
 
debug
Legacy debug command. It is recomm­ended to use the AXdebug subsystem instead of these 
debug
commands.
 
delete
Delete an axdebug capture file.
 
diff
Display a side-b­y-side comparison of the commands in a pair of locally stored config­ura­tions.
 
disabl­e-f­ailsafe
Disable fail-safe monitoring for softwa­re-­related errors.
 
disabl­e-m­ana­gement service
Disable management access to specific protocols on specific Ethernet interf­aces.
 
do
Run a Privileged EXEC level command from a config­uration level prompt, without leaving the config­uration level.
 
domain­-group
Create a group of related 
domain­-list
config­ura­tions
 
domain­-list
Create a domain classi­fic­ation list.
 
enable­-core
Change the file size of core dumps.
 
enable­-ma­nag­ement
Enable management access to specific protocols on specific Ethernet interf­aces.
 
enable­-pa­ssword
Set the enable password, which secures access to the Privileged EXEC level of the CLI.
 
end
Return to the Privileged EXEC level of the CLI.
 
enviro­nment temper­ature threshold
Configure the temper­ature condition under which a log is generated.
 
enviro­nment update­-in­terval
Configure the hardware polling interval for fault detection and log genera­tion.
 
erase
Erase the startu­p-c­onfig file. This command returns the device to its factory default config­uration after the next reload or reboot.
 
exit
Return to the Privileged EXEC level of the CLI.
 
export
Export a file to a remote site using the specified transport method.
 
export­-pe­riodic
Export file to a remote site period­ically.
 
fail-safe
Configure fail-safe automatic recovery.
 
fan-speed
Control fan speed setting.
 
glid
Configure a Global Limit ID (GLID). A GLID is a set of traffic limits that can be used with other features, such as DDoS Mitiga­tion.
 
hd-monitor enable
Enable hard disk monitoring on your ACOS device.
 
hostname
Set the ACOS device’s hostname.
 
icmpv6­-ra­te-­limit
Configure ICMPv6 rate limiting for IPv6 to protect against denial­-of­-se­rvice (DoS) attacks.
 
icmp-r­ate­-limit
Configure ICMP rate limiting, to protect against denial­-of­-se­rvice (DoS) attacks.
 
import
Get a file from a remote site.
 
import­-pe­riodic
Get files from a remote site period­ically.
 
interface
Access the CLI config­uration level for an interface.
 
ip
Configure global IP settings.
 
ipmi
Configure Intell­igent Platform Management Interface (IPMI) settings on the ACOS device.
 
ipv6
Configure global IPv6 settings.
 
key
Configure a key chain for use by routing authen­tic­ation features.
 
lacp-p­ass­through
Configure an LACP tunnel for LACP passth­rough. This feature allows the ACOS device to forward traffic on one trunk that originates on another trunk that is down. With this feature, if an LACP trunk goes down, the other trunk is used to continue connec­tivity for the traffic.
 
lacp system­-pr­iority
Set the Link Aggreg­ation Control Protocol (LACP) priority.
 
ldap-s­erver
Set Lightw­eight Directory Access Protocol (LDAP) parameters for authen­tic­ating admini­str­ative access to the ACOS device.
 
link
Link the “start­up-­config” token to the specified config­uration profile. By default, “start­up-­config” is linked to “default”, which means the config­uration profile stored in the image area from which the ACOS device most recently rebooted.
 
lldp enable
Enable the Link Layer Detection Protocol (LLDP). You can enable LLDP to either receive only, transmit only, or transmit and receive.
 
lldp manage­men­t-a­ddress
Specify the hostname or IP address and Ethernet interface to use as the management interface for the LLDP agent on the ACOS device.
 
lldp notifi­cation interval
Configure the interval between transm­ission of LLDP notifi­cations during normal transm­ission periods. (In the IEEE 802.3AB specif­ica­tion, this the msgTxI­nterval parame­ter.)
 
lldp system­-de­scr­iption
Defines the alpha-­numeric string that describes the system in the network.
 
lldp system­-name
Defines the string that will be assigned as the system name.
 
lldp tx fast-count
Set the initial value for the txFast variable, which determines the number of LLDP data packets that are transm­itted during a fast transm­ission period. (In the IEEE 802.3AB specif­ica­tion, this the txFastInit parame­ter.)
 
lldp tx fast-i­nterval
Configure the LLDP PDU transm­ission interval for fast periods. (In the IEEE 802.3AB specif­ica­tion, this the msgFastTx parame­ter.)
 
lldp tx hold
Configure the time to live (TTL) transm­ission interval that is carried in LLDP frames during normal (non-fast) periods. (In the IEEE 802.3AB specif­ica­tion, this the msgTxHold parame­ter.)
 
lldp tx interval
Configure the LLDP packet transmit interval. (In the IEEE 802.3AB specif­ica­tion, this the msgTxI­nterval parame­ter.)
 
lldp tx reinit­-delay
Configure the delay between a change to admini­str­ative “disabled” status of LDDP and reinit­ial­ization of the protocol.
 
locale
Set the locale for the current terminal session.
 
logging auditlog host
Configure audit logging to an external server.
 
logging buffered
Configure the event log on the ACOS device.
 
logging console
Set the logging level for messages sent to the console.
 
logging email-­address
Specify the email addresses to which to send event messages.
 
logging email buffer
Configure log email settings.
 
logging email filter
Configure a filter for emailing log messages.
 
logging export
Send the messages that are in the event buffer to an external file server.
 
logging facility
Enable logging facili­ties.
 
logging host
Specify a Syslog server to which to send event messages.
 
logging monitor
Set the logging level for messages sent to the terminal monitor.
 
logging syslog
Set the syslog logging level for events sent to the syslog host.
 
logging trap
Set the logging level for traps sent to the SNMP host.
 
mac-ad­dress
Configure a static MAC address.
 
mac-ag­e-time
Set the aging time for dynamic (learned) MAC entries. An entry that remains unused for the duration of the aging time is removed from the MAC table.
 
maximu­m-paths
Change the maximum number of paths a route can have in the Forwarding Inform­ation Base (FIB).
 
mirror­-port
Specify a port to receive copies of another port’s traffic.
 
monitor
Specify event thresholds for utiliz­ation of resources.
 
multi-­config
Enable simult­aneous admin sessions.
 
multi-­ctr­l-cpu
Enable use of more than one CPU for control proces­sing.
 
netflow common max-pa­cke­t-q­ueu­e-time
Specify the maximum amount of time ACOS can hold onto a NetFlow record packet in the queue before sending it to the NetFlow collector. ACOS holds a NetFlow packet in the queue until the packet payload is full of record data or until the queue timer expires.
 
netflow common select­or-­alg­orithm random
Configures the algorithm that Netflow uses to sample traffic. The only option is the random algorithm.
 
netflow monitor
Enable ACOS to act as a NetFlow exporter, for monitoring traffic and exporting the data to one or more NetFlow collectors for analysis.
 
no
Remove a config­uration command from the running config­ura­tion.
 
ntp
Configure Network Time Protocol (NTP) parame­ters.
 
ntp-status
Get the status of the NTP servers.
 
overla­y-t­unnel
Configure a remote tunnel endpoint for remote sites where protected objects reside. This can be used in conjun­ction with OSPF neighbor adjacency via GRE or VXLAN tunnels.
 
pki delete
Deletes a self-s­igned certif­icate or the CSR file.
 
radius­-server host
Set RADIUS parame­ters, for authen­tic­ating admini­str­ative access to the ACOS device.
 
restore
Restore the startu­p-c­onfig, aFleX policy files, <<when aFlex support is added>> and SSL certif­icates and keys from a .tar file previously created by the backup command. The restored config­uration takes effect following a reboot.
 
router log file
Configure router logging to a local file.
 
router log log-buffer
Sends router logs to the logging buffer.
 
router protocol
Enter the config­uration mode for a dynamic routing protocol.
 
route-map
Configure a route map.
 
runnin­g-c­onfig
Enable display of file inform­ation in the runnin­g-c­onfig.
 
run-hw­-diag
Access the hardware diagno­stics menu.
 
sflow
Configure parameters for sFlow packet sampling.
 
single­-bo­ard­-mode forced
On the Thunder 14045 device with dual processing modules, this command causes all traffic to be processed by the master only.
 
smtp
Configure a Simple Mail Transfer Protocol (SMTP) server to use for sending emails from the ACOS device.
 
ssh-lo­gin­-gr­ace­-time
Configures the time to establish an SSH connec­tion.
 
sshd
Perform an SSHD operation on the system.
 
system all-vl­an-­limit
Set the global traffic limits for all VLANs. The limit applies system­-wide to all VLANs; collec­tively, all ACOS device VLANs cannot exceed the specified limit.
 
system anomaly
Enable logging for packet anomaly events. This type of logging applies to system­-wide attacks such as SYN attacks.
 
system asic-m­mu-­fai­l-safe
Configures fail-safe parameters for the Layer 2/3 ASIC.
 
system attack
Enable logging for DDoS attacks. This type of logging applies to violations of DDoS Mitigation rules.

System Command Reference 3

system cpu-lo­ad-­sharing
Configure thresholds for CPU load sharing. If a threshold is exceeded, CPU load sharing is activated to relieve the stressed CPUs. When activated, CPU load sharing distri­butes processing of the stressed CPU’s operations across the device’s other CPUs. Load sharing remains in effect until the threshold is no longer exceeded.
 
system ddos-a­ttack log
Enable logging for DDoS attack events.
 
system defaul­t-mtu
Configure the MTU for all interf­aces.
 
system ext-on­ly-­logging
Enable external only logging for packet driven DDoS logs. When enabled, DDoS non-event logs will not be displayed through 
show log
. Other types of logs are unaffe­cted.
 
system fips
Enable­/Di­sable FIPS Mode for ACOS devices.
 
system glid
Globally apply the specified GLID to the whole system.
 
system­-ju­mbo­-global enable­-jumbo
Globally enable jumbo frame support. In this release, a jumbo frame is an Ethernet frame that is more than 1522 bytes long.
 
system module­-ct­rl-cpu
Throttle CLI and SNMP output when control CPU utiliz­ation reaches a specific threshold.
 
system mon-te­mplate monitor
Configure monitoring of a set of ports for link-state changes, and change the link states of another set of ports, or clear sessions based on the detected changes.
 
system pbslb sockst­res­s-d­isable
Globally disable Sockstress protection on the system.
 
system per-vl­an-­limit
Configure the packet flooding limit per VLAN. The limit applies to each VLAN. No individual can exceed the specified limit.
 
system­-reset
Restore the ACOS device to its factory default settings.
 
system resour­ce-­usage
Change the capacity of a system resource.
 
system sessio­n-r­ecl­aim­-limit
Set limits for SMP session reclaim; this controls how the system should recover and reclaim DDoS entries.
 
system templa­te-bind monitor
Apply a monitor template to the whole TPS system.
 
system timeou­t-value
Set the timeout to stop transf­erring a file.
 
system trunk load-b­alance
Configure trunk load balancing for Layer 2 switched packets (appli­cable for both static and LACP trunks).
 
system ve-mac­-scheme
Configure MAC address assignment for Virtual Ethernet (VE) interf­aces.
 
system­-ju­mbo­-global enable­-jumbo
Globally enable jumbo frame support. In this release, a jumbo frame is an Ethernet frame that is more than 1522 bytes long.
 
system defaul­t-mtu
Configure the MTU for all interf­aces.
 
tacacs­-server host
Configure TACACS+ for author­ization and accoun­ting. If author­ization or accounting is specified, the ACOS device will attempt to use the TACACS+ servers in the order they are config­ured. If one server fails to respond, the next server will be used.
 
tacacs­-server monitor
Check the status of TACACS+ servers.
 
techreport
Configure automated collection of system inform­ation. If you need to contact Technical Support, they may ask you to for the techre­ports to help diagnose system issues.
 
terminal
Set the terminal config­ura­tion.
 
tftp blksize
Change the TFTP block size.
 
timezone
Configure the time zone on your system.
 
tx-con­ges­tio­n-ctrl
Configure looping on the polling driver, on applicable models.
 
upgrade
Upgrade the system.
 
ve-stats
Enable statistics collection for Virtual Ethernet (VE) interf­aces.
 
vlan
Configure a virtual LAN (VLAN). This command changes the CLI to the config­uration level for the VLAN.
 
vlan-g­lobal enable­-de­f-v­lan­-l2­-fo­rwa­rding
Enable Layer 2 forwarding on the default VLAN (VLAN 1).
 
vlan-g­lobal l3-vla­n-f­wd-­disable
Globally disable Layer 3 forwarding between VLANs.
 
vlan-group
Configure a group of VLANs.
 
vrrp-a
Enter VRRP-A config­uration mode.
 
web-se­rvice
Configure access parameters for the Graphical User Interface (GUI).
 
write
Save the config­ura­tion.

SNMP Commands

#snmp-­server community
Deprecated command to configure an SNMP community string.
 
#snmp-­server contact
Configure SNMP contact inform­ation.
 
#snmp-­server enable service
Enable SNMP service on the ACOS device
 
#snmp-­server enable traps
Enable ACOS to accept SNMP MIB data queries and to send SNMP v1/v2c traps.
 
#snmp-­server engineID
Set the SNMPv3 engine ID of this ACOS device.
 
#snmp-­server group
Configure an SNMP group.
 
#snmp-­server host
Configure an SNMP v1/v2c trap receiver.
 
#snmp-­server location
Configure SNMP location inform­ation.
 
#snmp-­server SNMPv1-v2c
Define an SNMPv1 or SNMPv2c community. The members of the community can gain access to the SNMP data available on this device.
 
#snmp-­server SNMPv3
Define an SNMPv3 user.
 
#snmp-­server user
Deprecated command to configure an SNMPv3 user.
 
#snmp-­server view
Configure an SNMP view.

Show Commands

show access­-list
Display the configured Access Control Lists (ACLs). The output lists the config­uration commands for the ACLs in the runnin­g-c­onfig.
 
show admin
Display the admini­strator accounts.
 
show arp
Display ARP table entries.
 
show audit
Show the command audit log.
 
show axdebug capture
Display a list of debug files.
 
show axdebug config
Display the debug filter config­uration currently applied on ACOS.
 
show axdebug config­-file
Display a list of the debug config­uration files.
 
Display debug capture files or their contents.
show axdebug file
 
show axdebug filter
Display the configured debug output filters.
 
show axdebug status
Display per-CPU packet capture counts for AXdebug.
 
show backup
Display inform­ation about scheduled backups.
 
show bfd
Display inform­ation for Bidire­ctional Forwarding Detection (BFD).
 
show bgp
Display inform­ation for Border Gateway Protocol (BGP).
 
show bootimage
Display the software images stored on the ACOS device.
 
show bridge­-vl­an-­group
View inform­ation for any configured bridge VLAN groups.
 
show captur­e-c­onfig
View captur­e-c­onfig inform­ation.
 
show class-list
Display inform­ation for class lists.
 
show class-­lis­t-group
Display inform­ation for class-list groups.
 
show clns
Show Connec­tio­nless Network Service (CLNS) inform­ation.
 
show clock
Display the time, timezone, and date.
 
show context
View the config­uration for the sub-module in which the command is run.
 
show core
Display core dump statis­tics.
 
show cpu
Display CPU statis­tics.
 
show ddos
Show the DDoS action­-list config­uration on the device.
 
show disk
Display status inform­ation for the device hard disks.
 
show domain­-group
Show domain­-group config­uration inform­ation.
 
show domain­-list
Show domain­-list config­uration inform­ation.
 
show dumpthread
Show status inform­ation about the system threads.
 
show enviro­nment
Display temper­ature, fan, and power supply status.
 
show errors
Show error inform­ation for the system. This command provides a way to quickly view system status and error statis­tics.
 
show fail-safe
Display fail-safe inform­ation.
 
show glid
View the config­uration for global IP limiting rules.
 
show hardware
Displays hardware inform­ation for the ACOS device.
 
show history
Show the CLI command history for the current session.
 
show interfaces
Display interface config­uration and status inform­ation.
 
show interfaces media
Display inform­ation about 1-Gbps and 10-Gbps small form-f­actor pluggable (SFP+) interf­aces.
 
show interfaces statistics
Display interface statis­tics.
 
show ip
Show the IP mode in which the ACOS device is running, gateway or transp­arent mode.
 
show ip bgp
Show IPv4 BGP inform­ation.
 
show ip dns
Display the DNS config­ura­tion.
 
show ip fib

show ipv6 fib
Display Forwarding Inform­ation Base (FIB) entries.
 
show ip fragme­ntation statistics

show ipv6 fragme­ntation statistics
Show statistics for IP fragme­nta­tion.
 
show ip helper­-ad­dress
Display DHCP relay inform­ation.
 
show ip interfaces

show ipv6 interfaces
Display IP interface inform­ation.
 
show ip isis

show ipv6 isis
Display the IS-IS routing table.
 
show ip map-list
Show IP map list inform­ation.
 
show ip nat

show ipv6 nat
Display NAT inform­ation.
 
show ip ospf

show ipv6 ospf
Display OSPF status inform­ation.
 
show ip prefix­-list

show ipv6 prefix­-list
Show inform­ation about configured IP prefix lists.
 
show ip protocols

show ipv6 protocols
Show inform­ation for dynamic routing protocols.
 
show ip route

show ipv6 route
Display the IPv4 or IPv6 routing table.
 
show ipmi
Show inform­ation for the Intell­igent Platform Management Interface (IPMI) on the ACOS device.
 
show ipv6 ndisc
Display inform­ation for IPv6 router discovery.
 
show ipv6 neighbor
Display inform­ation about neighb­oring IPv6 devices.
 
show ipv6 stats
Show IPv6 statis­tics.
 
show ipv6 traffic
Display IPv6 traffic statis­tics.
 
show isis
Display inform­ation for Interm­ediate System to Interm­ediate System (IS-IS).
 
show json-c­onfig
View the JSON/aXAPI data format associated with the runnin­g-c­onfig, or for a specific object.
 
show json-c­onf­ig-­detail
View detailed JSON/aXAPI data format associated with the runnin­g-c­onfig, or for a specific object.The output is similar to the output for 
show json-c­onfig
with the addition of the 
a10-url
and 
obj-type
fields.
 
show json-c­onf­ig-­wit­h-d­efault
View JSON/aXAPI data format associated with the runnin­g-c­onfig, or for a specific object. The output is similar to the output for 
show json-c­onf­ig-­detail
with the addition of default values for objects not explicitly config­ured.
 
show key-chain
Show config­uration inform­ation for an authen­tic­ation key chain.
 
show lacp
Show config­uration inform­ation and statistics for Link Aggreg­ation Control Protocol (LACP).
 
show lacp-p­ass­through
Show LACP passth­rough config­ura­tion.
 
show license
Display the host ID and, if applic­able, serial number of the license applied to this ACOS device.
 
show lldp neighbors
Displays inform­ation on all remote neighbors or on the specified interface.
 
show lldp statistics
Displays LLDP receive or send error statis­tics, You can display inform­ation on all interfaces or only display inform­ation on a specified interface.
 
show locale
Display the configured CLI locale.
 
show log
Display entries in the syslog buffer or display current log settings (policy). Log entries are listed starting with the most recent entry on top.
 
show mac-ad­dre­ss-­table
Display MAC table entries.
 
show management
Show the types of management access allowed on each of the device’s Ethernet interf­aces.
 
show memory
Display memory usage inform­ation.
 
show mirror
Display port mirroring inform­ation.
 
show monitor
Display the event thresholds for system resources.
 
show netflow
Display NetFlow inform­ation.
 
show ntp
Show the Network Time Protocol (NTP) servers and status.
 
show overla­y-t­unnel
Shows statistics of overlay tunnels on the ACOS device.
 
show pki
Shows inform­ation about the certif­icates on the ACOS device.
 
show poap
View the POAP status of your system.
 
show process system
Display the status of system processes.
 
show radius­-server
Display RADIUS statis­tics.
 
show reboot
Display scheduled system reboots.
 
show route-map
Show the configured route maps.
 
show router log file
Show router logs.
 
show runnin­g-c­onfig
Display the runnin­g-c­onfig.
 
show session
Display session inform­ation.
 
show sflow
Show sFlow inform­ation.
 
show shutdown
Display scheduled system shutdowns.
 
show snmp
Display SNMP OIDs for the specified objects.
 
show snmp stats
Display SNMP statis­tics.
 
show startu­p-c­onfig
Display a config­uration profile or display a list of all the locally saved config­uration profiles.
 
show statistics
Display packet statistics for interf­aces.
 
show store
Display the configured file transfer profiles in the credential store. The credential store is a saved set of access inform­ation for file transfer between the ACOS device and remote file servers.
 
show system cpu-lo­ad-­sharing
Displays CPU load sharing inform­ation.
 
show system platform
Display platfo­rm-­related inform­ation and statis­tics.
 
show system resour­ce-­usage
Display Layer 4 session capacity inform­ation.
 
show tacacs­-server
Display TACACS statis­tics.
 
show techsu­pport
Display or export system inform­ation for use when troubl­esh­ooting.
 
show terminal
Show the terminal settings.
 
show tftp
Display the currently configured TFTP block size.
 
show trunk
Show inform­ation about the trunks configured on the system.
 
show version
Display software, hardware, and firmware version inform­ation.
 
show vlans
Display the configured VLANs.
 
show vrrp-a
Display VRRP-A inform­ation.

AX Debug Commands

apply-­config
Apply an AXdebug config­uration file.
 
capture
Start capturing packets.
 
count
Specify the maximum number of packets to capture.
 
delete
Delete an axdebug capture file.
 
filter­-config
Configure an AX debug filter, to specify the types of packets to capture.
 
incoming
Specify the Ethernet interfaces and traffic direction for which to capture packets.
 
length
Specify the maximum length of packets to capture. Packets that are longer are not captured.
 
maxfile
Specify the maximum number of axdebug packet capture files to keep.
 
outgoing
Limits the packet capture to outbound packets on Ethernet interface "­x".
 
save-c­onfig
Save your AXdebug config­uration to a file.
 
sess-f­ilt­er-dis
Disable the sessio­n-based filter.
 
tcpdump
Capture packets for analysis.
 
timeout
Specify the maximum number of minutes to capture packets.
 

Metadata

  • Languages:
  • Published: 30th January, 2023
  • Last Updated: 31st January, 2023

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.