Big Cloud Fabric 4.

7
CLI Reference Guide
RELEASE DATE: May 24, 2018
Document Version 1.0, May 24, 2018
Big Switch Networks Confidential
Big Cloud Fabric CLI Reference Guide

Table of Contents
Chapter 1: Configuration Fundamentals ..................................................................................................................... 12
CLI Conventions ....................................................................................................................................................... 12
Logging In ................................................................................................................................................................. 12
Resetting the Administrator Password .................................................................................................................... 13
Using Modes ............................................................................................................................................................ 13
Using Submodes ...................................................................................................................................................... 13
Entering Text Descriptions ................................................................................................................................... 14
Navigation ............................................................................................................................................................ 14
Using CLI Help .......................................................................................................................................................... 15
Removing Configuration .......................................................................................................................................... 15
Redirecting and Saving Command Output............................................................................................................... 15
Entering Text Descriptions ....................................................................................................................................... 15
Managing the CLI Session ........................................................................................................................................ 15
CLI Session Timeout ................................................................................................................................................. 16
Changing the CLI Display Lines ................................................................................................................................. 16
Changing the Login Banner ...................................................................................................................................... 16
Managing Administrator Access .............................................................................................................................. 16
Traffic Rate History .................................................................................................................................................. 17
Copying Files to the Controller ................................................................................................................................ 17
Chapter 2: Login Mode Commands ............................................................................................................................. 19
debug Command ..................................................................................................................................................... 19
echo Command ........................................................................................................................................................ 20
enable Command ..................................................................................................................................................... 20
exit Command .......................................................................................................................................................... 20
help Command......................................................................................................................................................... 21
history Command .................................................................................................................................................... 22
jobs command ......................................................................................................................................................... 22
logout Command ..................................................................................................................................................... 22
no Command ........................................................................................................................................................... 23
ping Command ......................................................................................................................................................... 23
ping6 Command ....................................................................................................................................................... 24
reauth Command ..................................................................................................................................................... 25
set prompt Command .............................................................................................................................................. 25
show Command ....................................................................................................................................................... 26
support Command ................................................................................................................................................... 26
terminal Command .................................................................................................................................................. 26
traceroute Command .............................................................................................................................................. 27
watch Command ...................................................................................................................................................... 27
whoami Command ................................................................................................................................................... 28
Chapter 3: Enable Mode Commands ........................................................................................................................... 29
boot Command ........................................................................................................................................................ 29
clear bgp neighbors all ............................................................................................................................................. 30
clear debug counters Command .............................................................................................................................. 30
clear error-disabled Command ................................................................................................................................ 31
clear endpoint Command ........................................................................................................................................ 31
clear interface-group ............................................................................................................................................... 32
clear multicast-group ............................................................................................................................................... 32
clear nsx Command ................................................................................................................................................. 33
clear segment Command ......................................................................................................................................... 33
clear session Command ........................................................................................................................................... 33
clear sflow Command .............................................................................................................................................. 34

2 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

clear switch Command ............................................................................................................................................ 34

clear tenant Command ............................................................................................................................................ 35
clear test path Command ........................................................................................................................................ 35
clear vcenter-network-config Command ................................................................................................................. 36
compare Command ................................................................................................................................................. 36
configure Command ................................................................................................................................................ 37
connect Command ................................................................................................................................................... 37
copy Command ........................................................................................................................................................ 37
delete Command ..................................................................................................................................................... 39
deploy vsphere gui-plugin Command ...................................................................................................................... 39
reset user-password Command ............................................................................................................................... 40
show Command ....................................................................................................................................................... 40
support switch Command ........................................................................................................................................ 41
sync Command ........................................................................................................................................................ 41
system beacon switch Command ............................................................................................................................ 42
system config-push Command ................................................................................................................................ 42
system failover Command ....................................................................................................................................... 43
system install switch Command .............................................................................................................................. 43
system ping switch Command ................................................................................................................................. 44
system reboot Command ........................................................................................................................................ 44
system regenerate Command ................................................................................................................................. 45
system reinstall switch Command ........................................................................................................................... 45
system reload controller Command ........................................................................................................................ 46
system remove-node Command ............................................................................................................................. 46
system reset-connection switch Command ............................................................................................................. 47
system shutdown controller Command .................................................................................................................. 47
test path Command ................................................................................................................................................. 48
upgrade Command .................................................................................................................................................. 50
Chapter 4: Configure Mode Commands ...................................................................................................................... 53
aaa accounting command ........................................................................................................................................ 53
aaa authentication command .................................................................................................................................. 54
aaa authorization command .................................................................................................................................... 54
aaa concurrent-limit Command ............................................................................................................................... 56
banner command..................................................................................................................................................... 56
controller command ................................................................................................................................................ 57
config-controller Submode Commands ............................................................................................................... 57
controller access-control Command ................................................................................................................... 57
config-controller-access Submode Commands ................................................................................................. 57
controller/access-control access-list Command ................................................................................................ 58
config-controller-access-list Submode Commands ......................................................................................... 58
controller/access-control/access-list <rule-number> Command .................................................................... 58
controller certificate Command......................................................................................................................... 59
controller cluster-name Command.................................................................................................................... 59
controller description Command ...................................................................................................................... 60
controller private-key Command ....................................................................................................................... 60
controller virtual-ip Command ......................................................................................................................... 60
crypto Command ..................................................................................................................................................... 61
config crypto Submode Commands ..................................................................................................................... 61
crypto http Command ......................................................................................................................................... 61
config crypto-http Submode Commands ........................................................................................................... 62
config-crypto-http cipher Command ................................................................................................................. 62
config-crypto-http protocol Command.............................................................................................................. 63
crypto ssh Command ........................................................................................................................................... 63

Big Switch Networks Confidential © Big Switch Networks 3

Big Cloud Fabric CLI Reference Guide

config crypto-ssh Submode Commands ............................................................................................................ 63

config-crypto-ssh cipher Command ................................................................................................................... 63
config-crypto-ssh mac Command ...................................................................................................................... 64
end Command ......................................................................................................................................................... 64
fabric Command ...................................................................................................................................................... 65
config-fabric Submode Commands...................................................................................................................... 65
fabric endpoint-flap-protection Command ......................................................................................................... 65
fabric forwarding-mode Command ..................................................................................................................... 66
fabric gtp hash Command .................................................................................................................................... 66
fabric ipam switch Command ............................................................................................................................. 67
config-fabric-ipam-switch Submode Commands ............................................................................................... 67
fabric/ipam switch allocate Command .............................................................................................................. 67
fabric/ipam switch dns-server Command .......................................................................................................... 68
fabric/ipam switch gateway Command ............................................................................................................. 68
fabric/ipam switch ip-range Command ............................................................................................................. 69
fabric pod-role Command ................................................................................................................................... 69
fabric qos Command ........................................................................................................................................... 70
config-fabric-qos Submode Commands ............................................................................................................. 70
fabric/qos active Command ............................................................................................................................... 70
fabric/qos apply Command ............................................................................................................................... 71
fabric/qos classification-profile Command ........................................................................................................ 71
config-fabric-qos-classification Submode Commands ....................................................................................... 71
fabric/qos/classification-profile traffic-class Command .................................................................................... 71
config-fabric-qos-classification-tc Submode Commands................................................................................... 72
Fabric/qos/classification-profile/traffic-class dscp Command .......................................................................... 72
fabric qos mode Command................................................................................................................................ 73
fabric/qos pfc Command ..................................................................................................................................... 73
config-fabric-qos-pfc Submode Commands ........................................................................................................ 73
fabric/qos/pfc iscsi-tlv Command ........................................................................................................................ 73
fabric/qos queuing-profile Command ............................................................................................................... 74
config-fabric-qos-queuing Submode Commands ............................................................................................ 74
fabric/qos/queuing-profile traffic-class Command ......................................................................................... 74
fabric switch-bandwidth-mode Command ......................................................................................................... 75
fabric vlan-mapping Command........................................................................................................................... 75
group Command ...................................................................................................................................................... 76
config-group Submode Commands ..................................................................................................................... 77
group associate Command ................................................................................................................................. 77
interface-group Command ...................................................................................................................................... 78
config-interface-group Submode Commands ...................................................................................................... 78
interface-group backup-member Command ...................................................................................................... 79
interface-group backup-mode Command .......................................................................................................... 79
interface-group description Command .............................................................................................................. 80
interface-group member Command ................................................................................................................... 80
interface-group mode Command ....................................................................................................................... 81
interface-group preempt Command ................................................................................................................... 82
interface-group shutdown Command ................................................................................................................ 83
local node Command ............................................................................................................................................... 83
config-local-node Submode Commands .............................................................................................................. 83
local-node hostname Command ......................................................................................................................... 83
local-node interface Command .......................................................................................................................... 84
config-local-if Submode Commands .................................................................................................................. 84
local-node/interface ipv4 Command ................................................................................................................ 84
config-local-if-ipv4 submode commands ........................................................................................................... 85

4 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

local-node/interface/ipv4 dns Command ......................................................................................................... 85

local-node/interface/ipv4 ip Command............................................................................................................ 85
local-node/interface ipv6 Command ................................................................................................................ 86
config-local-if-ipv6 submode commands ........................................................................................................... 86
local-node/interface/ipv6 dns Command ......................................................................................................... 87
local-node/interface/ipv6 ip Command ............................................................................................................ 87
local-node/interface/ipv6 method Command ................................................................................................... 88
local-node snmp-server Command ..................................................................................................................... 88
logging remote Command ....................................................................................................................................... 89
logging switch-remote Command............................................................................................................................ 89
mac-classify-pool Command .................................................................................................................................... 90
config-mac-pool Submode Commands ................................................................................................................ 90
mac-classify-pool member Command ................................................................................................................. 90
nat-pool Command .................................................................................................................................................. 91
config-nat-pool Submode Commands ................................................................................................................. 91
nat-pool nat-switch Command ............................................................................................................................ 91
ntp Command .......................................................................................................................................................... 92
ntp controller-source Command ............................................................................................................................. 92
nsx Command .......................................................................................................................................................... 93
config-nsx Submode Commands ......................................................................................................................... 93
config-nsx/hardware-vtep Command .................................................................................................................. 93
config-nsx-nvtep Submode Commands ............................................................................................................. 93
config/nsx/hardware-vtep active Command .................................................................................................... 94
config/nsx/hardware-vtep attachment-point Command .................................................................................. 94
config-nsx-nvtep-intf Submode Commands ...................................................................................................... 94
config/nsx/hardware-vtep/attachment-point attached-interface Command................................................... 95
config/nsx/hardware-vtep nsx-controller-ip Command .................................................................................... 95
config/nsx/hardware-vtep nsx-hardware-vtep-tenant Command .................................................................... 95
config/nsx/hardware-vtep port Command ........................................................................................................ 96
config-nsx nsx-manager-hashed-password Command ........................................................................................ 96
config-nsx nsx-manager-host-name Command ................................................................................................... 96
config-nsx nsx-manager-password Command ..................................................................................................... 97
config-nsx nsx-manager-user-name Command ................................................................................................... 97
config-nsx vcenter-name Command .................................................................................................................... 97
nutanix-prism Command ......................................................................................................................................... 98
config nutanix-prism Submode Commands ......................................................................................................... 98
config-nutanix-prism automation-level Command.............................................................................................. 98
config-nutanix-prism exclude Command ............................................................................................................. 99
config-nutanix-prism hashed-password Command ............................................................................................. 99
config-nutanix-prism host-name Command ......................................................................................................100
config-nutanix-prism maintenance Command ..................................................................................................100
config-nutanix-prism manage-segment-for-vlan Command .............................................................................100
config-nutanix-prism manage-segment-for-vlan-rangeCommand ....................................................................101
config-nutanix-prism password Command ........................................................................................................101
config-nutanix-prism preserve-bcf-config Command ........................................................................................102
config-nutanix-prism user-name Command ......................................................................................................102
radius Command ....................................................................................................................................................102
secure control plane Command .............................................................................................................................103
secure control plane ca Command ........................................................................................................................104
sflow Command .....................................................................................................................................................105
config-sflow Submode Commands ....................................................................................................................105
sflow active Command ......................................................................................................................................105
sflow collector Command .................................................................................................................................105

Big Switch Networks Confidential © Big Switch Networks 5

Big Cloud Fabric CLI Reference Guide

sflow counter-interval Command .....................................................................................................................106

sflow header-size Command.............................................................................................................................107
sflow sample-rate Command ............................................................................................................................107
snmp-server Command .........................................................................................................................................107
snmp-server enable traps Command ....................................................................................................................108
snmp-server host Command .................................................................................................................................108
snmp-server switch trap Command.......................................................................................................................109
snmp-server trap Command ..................................................................................................................................110
snmp-server user Command..................................................................................................................................110
span-fabric Command............................................................................................................................................111
config-span-fabric Submode Commands ...........................................................................................................111
span-fabric active Command .............................................................................................................................112
span-fabric destination Command ....................................................................................................................112
span-fabric filter Command ...............................................................................................................................112
span-fabric-filter Submode Commands ...........................................................................................................113
span-fabric-filter <rule-number> Command...................................................................................................113
priority Command ............................................................................................................................................114
span-local Command .............................................................................................................................................114
config-span-local Submode Commands ............................................................................................................114
span-local active Command ...............................................................................................................................114
span-local destination Command ......................................................................................................................115
span-local filter Command .................................................................................................................................115
span-local-filters Submode Commands ...........................................................................................................116
span-local-filters <rule-number> Command ...................................................................................................116
priority Command ............................................................................................................................................117
storm-control-profile Command ...........................................................................................................................118
config-storm-control-profile Submode Commands ...........................................................................................118
broadcast-rate ...................................................................................................................................................118
known-multicast-rate ........................................................................................................................................118
unknown-multicast-rate ....................................................................................................................................119
unknown-unicast-rate .......................................................................................................................................119
switch Command ...................................................................................................................................................120
config-switch Submode Commands ..................................................................................................................120
switch description Command ...........................................................................................................................120
switch fabric-role Command .............................................................................................................................120
switch interface Command ...............................................................................................................................121
config-switch-if submode Commands .............................................................................................................121
switch-if autoneg command ............................................................................................................................122
switch-if bpdu-guard-disable command ..........................................................................................................122
switch-if breakout Command .........................................................................................................................123
switch-if description command .......................................................................................................................124
switch-if forward-error-correction command .................................................................................................124
switch-if shutdown command .........................................................................................................................125
switch-if storm-control Command ..................................................................................................................125
switch-if shutdown Command ........................................................................................................................126
switch leaf-group Command .............................................................................................................................126
switch mac Command .......................................................................................................................................127
switch shutdown Command .............................................................................................................................127
switch storm-control Command ........................................................................................................................127
tacacs Command....................................................................................................................................................128
tenant Command ...................................................................................................................................................129
config-tenant Submode Commands ..................................................................................................................130
tenant description Command ...........................................................................................................................130

6 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant id Command ..........................................................................................................................................130

tenant logical-router Command .......................................................................................................................131
config-tenant-lrouter Submode Commands ....................................................................................................131
tenant/logical-router apply Command ...........................................................................................................132
tenant/logical-router as-path-list Command ..................................................................................................133
tenant-lrouter-aspath Submode Commands .................................................................................................133
tenant/logical-router/as-path-list <rulenumber> Command .......................................................................133
tenant/logical-router bgp Command ..............................................................................................................134
config-tenant-lrouter-bgp Submode Commands ..........................................................................................135
tenant/logical-router/bgp aggregate-address Command .............................................................................135
tenant/logical-router/bgp graceful-restart Command ..................................................................................136
tenant/logical-router/bgp graceful-restart-stalepath-time Command .........................................................136
tenant/logical-router/bgp local-as Command ...............................................................................................137
tenant/logical-router/bgp log-neighbor changes Command.........................................................................137
tenant/logical-router/bgp maximum-paths Command .................................................................................137
tenant/logical-router/bgp neighbor Command .............................................................................................137
config-tenant-lrouter-bgp-neigh Submode Commands ..............................................................................138
tenant/logical-router/bgp/neighbor apply Command ................................................................................138
tenant/logical-router/bgp/neighbor connect-time Command....................................................................139
tenant/logical-router/bgp/neighbor description Command .......................................................................139
tenant/logical-router/bgp/neighbor ebgp-ttl Command ............................................................................139
tenant/logical-router/bgp/neighbor hold-time Command .........................................................................140
tenant/logical-router/bgp/neighbor maximum-prefix Command...............................................................140
tenant/logical-router/bgp/neighbor neighbor-ip Command ......................................................................141
tenant/logical-router/bgp/neighbor next-hop-self Command ....................................................................141
tenant/logical-router/bgp/neighbor password Command ..........................................................................141
tenant/logical-router/bgp/neighbor shutdown Command .........................................................................142
tenant/logical-router/bgp/neighbor soft-reconfiguration Command .........................................................142
tenant/logical-router/bgp/neighbor update-source Command ..................................................................143
tenant/logical-router/bgp network Command ..............................................................................................143
tenant/logical-router/bgp preference Command .........................................................................................143
tenant/logical-router/bgp protocol-ip Command .........................................................................................144
tenant/logical-router/bgp redistribute-connected Command ......................................................................144
tenant/logical-router/bgp redistribute-ospf Command ................................................................................144
tenant/logical-router/bgp redistribute-static Command ..............................................................................145
tenant/logical-router/bgp router-id Command .............................................................................................145
tenant/logical-router/bgp shutdown Command ...........................................................................................145
tenant/logical-router description Command ..................................................................................................145
tenant/logical-router interface Command ......................................................................................................146
config-tenant-lrouter-seg-iface Submode Commands ..................................................................................147
tenant/logical-router/interface/segment description Command .................................................................147
tenant/logical-router/interface/segment dhcp-relay Command ..................................................................148
tenant/logical-router/interface/segment ip address Command ...................................................................149
config-tenant-lrouter seg-iface-ip Submode Commands ..............................................................................150
tenant/logical-router/interface/segment/ip description Command .............................................................150
tenant/logical-router/interface/segment/ip directed-broadcast Command ................................................150
tenant/logical-router/interface/segment/ip virtual-ip Command ................................................................150
tenant/logical-router/interface/segment ipv6-dns-server ............................................................................151
tenant/logical-router/interface/segment ipv6-domain-name ......................................................................152
tenant/logical-router/interface/segment ipv6-link-local ..............................................................................152
tenant/logical-router/interface/segment ipv6-nd-managed ........................................................................153
tenant/logical-router/interface/segment ipv6-suppress-ra ..........................................................................153
tenant/logical-router/interface origination Command .................................................................................153

Big Switch Networks Confidential © Big Switch Networks 7

Big Cloud Fabric CLI Reference Guide

tenant/logical-router/interface private Command .......................................................................................154

tenant/logical-router/interface segment-group Command ..........................................................................154
tenant/logical-router/interface shutdown Command ...................................................................................154
config-tenant-lrouter-tenant-iface Submode Commands .............................................................................155
tenant/logical-router/tenant/interface export-route Command ..................................................................155
tenant/logical-router/tenant/interface import-route Command .................................................................155
tenant/logical-router nat-profile Command ...................................................................................................156
config-tenant-lrouter-nat Submode Commands ...........................................................................................156
tenant-lrouter-nat floating-ip Command ......................................................................................................156
tenant-lrouter-nat-flip Submode Commands ..............................................................................................157
tenant-lrouter-nat-floating-ip description Command .................................................................................157
tenant-lrouter-nat-floating-ip origination Command ..................................................................................157
tenant-lrouter-nat-floating-ip private-ip Command ....................................................................................157
tenant-lrouter-nat-floating-ip public-mac Command ..................................................................................158
tenant-lrouter-nat origination Command .....................................................................................................158
tenant-lrouter-nat port-address-translation Command ...............................................................................159
config-tenant-lrouter-nat-pat Submode Commands ...................................................................................159
tenant-lrouter-nat-pat public-ip Command ................................................................................................159
tenant-lrouter-nat public-segment Command .............................................................................................159
tenant/logical-router next-hop-group Command ..........................................................................................160
config-tenant-lrouter-next-hop-group Submode Commands .......................................................................160
tenant/logical-router/next-hop-group ip Command ....................................................................................160
tenant/logical-router origination Command .....................................................................................................161
tenant/logical-router policy-list Command ....................................................................................................161
config-tenant-lrouter-policy-list Submode Commands .................................................................................165
tenant/logical-router/policy-list <rule-number> Command .........................................................................165
tenant/logical-router ospf Command .............................................................................................................161
config-tenant-lrouter-ospf Submode Commands..........................................................................................162
tenant/logical-router/ospf apply Command.................................................................................................162
tenant/logical-router/ospf log-neighbor-changes Command ......................................................................162
tenant/logical-router/ospf ospf-interface Command ...................................................................................162
config-tenant-lrouter-ospf Submode Commands..........................................................................................163
tenant/logical-router/ospf/ospf-interface area Command ..........................................................................163
tenant/logical-router/ospf/ospf-interface cost Command...........................................................................163
tenant/logical-router/ospf/ospf-interface dead-interval Command ............................................................163
tenant/logical-router/ospf/ospf-interface hello-interval Command ............................................................164
tenant/logical-router/ospf redistribute-bgp Command ...............................................................................164
tenant/logical-router/ospf redistribute-connected Command ....................................................................164
tenant/logical-router/ospf redistribute-static Command ............................................................................164
tenant/logical-router/ospf router-id Command ..........................................................................................165
tenant/logical-router prefix-list Command .....................................................................................................167
config-tenant-lrouter-prefix Submode Commands .......................................................................................167
tenant/logical-router/prefix-list <rule number> Command .........................................................................167
tenant/logical-router/prefix-list description Command ...............................................................................168
tenant/logical-router qos-classifier-list Command .........................................................................................168
tenant-lrouter-qos-classifier Submode Commands .......................................................................................168
tenant/logical-router qos-classifier-list <rule-number> Command ..............................................................168
tenant/logical-router route Command ...........................................................................................................170
tenant/logical-router route-map Command .....................................................................................................171
tenant-lrouter-rmap Subcommands ................................................................................................................171
tenant/logical-router/route-map <entry number> Command .......................................................................171
tenant-lrouter-rmap-entry Subcommands ....................................................................................................172
tenant/logical-router/route-map match Command .....................................................................................172

8 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/route-map/<entry> set Command ............................................................................173

tenant/logical-router/route-map description Command ...............................................................................173
tenant/logical-router vtep Command................................................................................................................174
config-tenant-lrouter-vtep submode Commands ............................................................................................174
tenant/logical-router/vtep description Command ..........................................................................................174
tenant/logical-router/vtep dst-udp-port Command .......................................................................................175
tenant/logical-router/vtep flood-vtep Command ...........................................................................................175
tenant/logical-router/vtep origination Command..........................................................................................175
tenant/logical-router/vtep source Command .................................................................................................176
tenant multicast-enable Command ...................................................................................................................176
tenant multicast-group Command ....................................................................................................................177
config-tenant-mcast Submode Commands .....................................................................................................177
tenant multicast-group listener Command ....................................................................................................177
tenant origination Command............................................................................................................................178
tenant segment Command ...............................................................................................................................178
config-tenant-seg Submode Commands .........................................................................................................179
tenant/segment description Command..........................................................................................................179
tenant/segment endpoint Command .............................................................................................................179
config-tenant-seg-endpoint Submode Commands ........................................................................................180
tenant/segment/endpoint attachment-point Command .............................................................................180
tenant/segment/endpoint description Command .......................................................................................181
tenant/segment/endpoint ip Command ......................................................................................................181
tenant/segment/endpoint mac Command ...................................................................................................182
tenant/segment/endpoint origination Command ........................................................................................182
tenant/segment/endpoint shutdown Command .........................................................................................182
tenant/segment id Command .........................................................................................................................183
tenant/segment member interface-group Command ....................................................................................183
tenant/segment member switch Command...................................................................................................183
tenant/segment member virtual-switch Command .......................................................................................184
tenant/segment origination Command ........................................................................................................185
tenant/segment qos-traffic-class Command ..................................................................................................185
user Command .......................................................................................................................................................185
config-user Submode Commands ......................................................................................................................186
user access-token Command ............................................................................................................................186
user full-name Command .................................................................................................................................186
user hashed-password Command ....................................................................................................................187
user password Command .................................................................................................................................187
vcenter Command .................................................................................................................................................187
config-vcenter Submode Commands.................................................................................................................188
config-vcenter automation-level Command ...................................................................................................188
config-vcenter description Command ..............................................................................................................189
config-vcenter exclude Command ....................................................................................................................189
config-vcenter hashed-password Command ....................................................................................................189
config-vcenter host-name Command ...............................................................................................................190
config-vcenter maintenance Command .........................................................................................................190
manage-segment-for-vlan Command ..............................................................................................................190
manage-segment-for-vlan-range Command ...................................................................................................191
config-vcenter password Command .................................................................................................................191
config-vcenter preserve-bcf-config Command .................................................................................................191
config-vcenter tenant-name Command ................................................................ Error! Bookmark not defined.
config-vcenter user-name Command ...............................................................................................................192
config-vcenter vsphere-gui-plugin access-right Command ..............................................................................192
version command ..................................................................................................................................................193

Big Switch Networks Confidential © Big Switch Networks 9

Big Cloud Fabric CLI Reference Guide

vxlan-termination Command .................................................................................................................................193

config-vxlan Submode Commands ....................................................................................................................193
config-vxlan active Command ...........................................................................................................................193
config-vxlan incoming-udp-dst-port Command ................................................................................................194
config-vxlan outgoing-udp-dst-port Command ................................................................................................194
config-vxlan remote-vtep Command ................................................................................................................195
config-vxlan remotevtep submode Commands ...............................................................................................195
config-vxlan/remote-vtep id Command ..........................................................................................................195
config-vxlan/remote-vtep ip Command ..........................................................................................................196
config-vxlan/remote-vtep origination Command ............................................................................................196
config-vxlan termination Command .................................................................................................................196
Chapter 5: show Commands ......................................................................................................................................198
show banner Command .........................................................................................................................................199
show bgp segment Command ...............................................................................................................................199
show boot Command.............................................................................................................................................199
show bpdu-guard Command .................................................................................................................................200
show clock Command ............................................................................................................................................201
show controller Command ....................................................................................................................................201
show debug attachment-points Command ...........................................................................................................203
show debug bgp Command ...................................................................................................................................203
show debug coordinator Command ......................................................................................................................204
show debug counters Command ...........................................................................................................................205
show debug datapath Command ..........................................................................................................................205
show debug discovery-service Command .............................................................................................................206
show debug endpoint-manager incomplete Command ........................................................................................206
show debug event Command ................................................................................................................................207
show debug upgrade Command ............................................................................................................................208
show debug vft Command .....................................................................................................................................208
show debug zerotouch Command .........................................................................................................................208
show dump Command ...........................................................................................................................................209
show endpoint Command .....................................................................................................................................209
show endpoint-manager incomplete Command ...................................................................................................210
show environment Command ...............................................................................................................................211
show fabric connected-devices Command ............................................................................................................211
show fabric Command ...........................................................................................................................................212
show fabric error Command ..................................................................................................................................214
show fabric gtp-hash .............................................................................................................................................216
show fabric ipam switch Command .......................................................................................................................216
show fabric warning Command .............................................................................................................................217
show file Command ...............................................................................................................................................219
show forwarding Command ..................................................................................................................................219
show forwarding switch Command .......................................................................................................................221
show group Command ...........................................................................................................................................225
show image Command ..........................................................................................................................................225
show inband-port Command .................................................................................................................................226
show interface-group Command ...........................................................................................................................226
show ipv6-external-router- Command ..................................................................................................................228
show lag Command ...............................................................................................................................................228
show link Command ..............................................................................................................................................229
show local node Command ...................................................................................................................................229
show logging Command.........................................................................................................................................231
show logging audit Command ...............................................................................................................................233
show logging remote Command ............................................................................................................................233

10 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

show logical-router Command ..............................................................................................................................233

show mac-membership Command ........................................................................................................................236
show member-rule Command ...............................................................................................................................237
show multicast command ......................................................................................................................................237
show nat-endpoint Command ...............................................................................................................................238
show nat-pool Command ......................................................................................................................................239
show ntp Command ...............................................................................................................................................239
show nsx Command ...............................................................................................................................................239
show ospf Command .............................................................................................................................................241
show pswitch Command ........................................................................................................................................242
show radius Command ..........................................................................................................................................243
show running-config Command.............................................................................................................................243
show secure control plane Command ...................................................................................................................244
show segment Command ......................................................................................................................................245
show session Command ........................................................................................................................................246
show sflow Command............................................................................................................................................246
show snapshot Command .....................................................................................................................................248
show span-fabric Command ..................................................................................................................................248
show span-local Command ....................................................................................................................................249
show storm-control Command ..............................................................................................................................249
show support Command........................................................................................................................................250
show switch Command ..........................................................................................................................................251
show system Command .........................................................................................................................................257
show tacacs Command ..........................................................................................................................................258
show tenant Command .........................................................................................................................................258
show test path Command ......................................................................................................................................262
show this Command ..............................................................................................................................................262
show upgrade Command .......................................................................................................................................263
show user Command .............................................................................................................................................263
show vcenter command ........................................................................................................................................264
show version Command ........................................................................................................................................264
show vswitch Command ........................................................................................................................................265
show vxlan Command ............................................................................................................................................266
show where Command ..........................................................................................................................................266
show zerotouch request Command.......................................................................................................................267
Related Documents ...................................................................................................................................................268
Opening a Technical Support Case ............................................................................................................................268
Documentation Feedback ..........................................................................................................................................268

Big Switch Networks Confidential © Big Switch Networks 11

Big Cloud Fabric CLI Reference Guide

Chapter 1: Configuration Fundamentals

This chapter introduces the CLI and GUI system management tools available for managing the Big Cloud Fabric, describes
how to manage administrative access accounts, and how to troubleshoot problems running the boot process or accessing
the Big Cloud Fabric after installation and initial configuration. The final section describes how to manage software image
files, required for installing and upgrading the BCF controller. This chapter describes how to use the CLI to configure and
monitor the fabric. It includes the following topics:
• CLI Conventions
• Logging In
• Resetting the Administrator Password
• Using Modes
• Using Submodes
• Using CLI Help
• Removing Configuration
• Redirecting and Saving Command Output
• Entering Text Descriptions
• Managing the CLI Session
• CLI Session Timeout
• Changing the CLI Display Lines
• Changing the Login Banner
• Managing Administrator Access
• Traffic Rate History
• Copying Files to the Controller

CLI Conventions
The following typographic and special character conventions are used in the CLI and in the documentation for conciseness
and precision:

• Regular Courier type indicates output displayed by the system in response to user commands or system events, and
variable keywords that must be replaced by user input. In the current version of the document, this typeface is also
used for commands and literal parameters entered by the user.
• Parentheses ( ) indicate the required arguments for a given command.
• The vertical bar (|) indicate alternative options that can be used with a given command. Note that this character is also
used as a literal command at the command line for piping content.
• Square brackets [ ] indicate optional arguments that are not required to complete the command.
• Angle brackets < > indicate that the user should substitute a literal value for the text description, enclosed in quotes,
within the angle brackets.

Note: The CLI is case sensitive and new objects are created without prompting for confirmation. For example, if you create
the object “finance” and later refer to it as “Red” the system creates a new object without prompting for confirmation.

Logging In
To access the CLI, use the console window of the virtual machine running the controller, or use an ssh terminal (port 22) to
connect to the IP address assigned to the controller. Log in as the user admin to access the CLI in login mode. The password
for the admin user is set during the initial setup of the BCF controller. The prompt for login mode is the system name
followed by a right angle bracket (>), as shown the following:
controller login: admin
Password: admin
Last login: …
…

12 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1>

Resetting the Administrator Password

During installation of the BCF controller, a recovery user password was defined that can be used to login to the system if
the admin password is lost. To reset the admin password, login as the recovery user and enter the recovery user password
configured during installation, as in the following example:
login as: recovery
Big Cloud Fabric Appliance 2.0.11-SNAPSHOT
Log in as 'admin' to configure
[email protected]'s password:

After entering the password for the recovery user, enter the floodlight-reset-password command to set a new admin
account password, as shown in the following example:
recovery@controller:~$ floodlight-reset-password
Enter new admin password:
Re-enter new admin password:
Password updated
recovery@controller:~$ exit

After you exit from recovery mode, you can login to the controller with the admin account using the new
admin account password.

Using Modes
The CLI commands are divided into modes and submodes, which restrict commands to the appropriate context. The main
modes are as follows:

• login mode: Commands available immediately after logging in, with the broadest possible context.
• enable mode: Commands that are available only after entering the enable command.
• config mode: Commands that have a more significant effect on system configuration and that can only be entered after
entering the configure command.
When you login the CLI is in login mode, and the default prompt is the system name followed by a greater than sign:
controller-1>

To change the CLI to enable mode, enter the enable command. The default prompt for enable mode is the system name
followed by a pound sign (#), as shown the following:
controller-1> enable
controller-1#
To change to config mode, enter the configure command. The default prompt for config mode is the system name followed
by (config)#, as shown the following:
controller-1> config
controller-1(config)#
To exit configuration and return to enable mode, type end, as shown the following:
controller-1(config)# end
controller-1#

Using Submodes
Note: All configuration changes related to fabric switches must be made through the controller CLI, which provides
configuration options in the config-switch submode for each switch. Do not log in to the switch to make changes directly
using the switch CLI.
Enter commands in config mode to change to submodes. Each submode allows configuration of a specific type of object. To
change to a submode, enter the submode identifier, which is often followed by an object name.
The prompt for each submode is (config-<submode>)#, where <submode> is the submode identifier, as shown the
following:
controller-1# config
controller-1(config)# user bob
controller-1(config-local-user)#

Big Switch Networks Confidential © Big Switch Networks 13

Big Cloud Fabric CLI Reference Guide

Some submodes are available from config mode, and others are nested within other submodes. To return to the previous
mode, enter exit. To return directly to enable mode, enter end.
Use submodes to configure the different fabric components. To enter the submode,in general, enter the latter part of the
prompt in config mode, followed by an object name, if required.

Entering Text Descriptions

Use the description command in different submodes to enter a text description of the current object.

Note: Always use quotes (") before and after description text.

You can use the backslash character (\) to indicate the character following should be taken as literal text input. The system
typically uses the backslash to allow the use of a following space in a string. However, a quoted backslash (“\”) may not be
interpreted by the fabric switch CLI and the controller displays an error message if this string is entered. This reservation
regarding quoted special characters may apply to other UTF-8 special characters that cannot be interpreted by the switch
CLI interpreter.

Navigation
The CLI supports navigation common to Linux shells. For example, the following keyboard shortcuts are supported:

• Ctrl-B: Back one character

• Ctrl-F: Forward one character
• Ctrl-A: Move to the start of the line
• Ctrl-E: Move to the end of the line
• Ctrl-P: Display the previous command; repeat to access previous commands in the History buffer
• Ctrl-R: Search for text within commands in the History buffer.

To view the path to the current CLI prompt and the configuration under the current submode, enter the show this
command from a nested submode, as in the following example:
controller-1(config-tenant)# show this

! tenant
tenant Red
logical-router
controller-1(config-tenant)#
Interrupt/exit config
controller-1#

For more information about Linux shell keyboard shortcuts and utilities, refer to the following URL:
http://tiswww.case.edu/php/chet/readline/readline.html
To use command completion, press the forward Tab key. To complete the value when possible, press Tab once. To show all
possible entries, press Tab twice or type a question mark (?), as in the following example:
controller-1(config-group)#
controller-1(config-group)#
aaa debug history profile terminal
associate delete local reauth test
banner echo logging show top
boot enable logout snmp-server upgrade
clear end monitor support user
compare exit no switch version
configure fabric ntp system watch
controller group ping tacacs whoami
copy help interface-group tenant

14 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

The CLI interpreter accepts a shortened form of any command, but prompts for further input if more than one command
starts with the letters entered. For example, the sh run command is interpreted as show running-config because the
command is unambiguous. However, if you enter co, the system displays the following prompt:
Error: co is ambiguous: choices “compare”, “configure”, “copy”

Using CLI Help

To access Help for the current mode or submode, enter help. The system displays a list of the commands unique to the
submode.
controller-1> help

To display Help text for a specific command, enter help <command> or <command>?.
The help workflow command describes many common operations performed using the CLI that might require using
multiple commands.

Removing Configuration
To reverse the effect of any command, enter the command preceded by the no keyword, as in the following example:
controller-1(config-switch)# no shutdown

Note: Be careful when using the no keyword because, in general, the specified object and any nested configuration is
removed without further warning.

Redirecting and Saving Command Output

The output of any CLI command can be directed, or piped, using a vertical bar (|) to common Unix shell utilities, including
grep, awk, wc, tail, more, and less. This helps you search for data or browse through output. The CLI also supports the
begin, include, and exclude pipe options. The begin option is useful for starting the display of a long output at a particular
point.
You can redirect the output of a command to a local file or to the URL of an HTTP or FTP server. This option is convenient
for storing the output of various show commands or versions of different running-configs. For example, to store the output
of the show user command, enter the following command:
controller-1(config-local)# show user > user.txt
controller-1(config-local)# show file user.txt
# User name Full name Groups
-|---------|-------------|------|
1 admin Default admin admin
controller-1(config-local)#

To run a command continuously, prepend the watch command.

To enter multiple CLI commands on a single line, separate each command with a semi-colon (;). For example, to enter the
Switch submode directly from Enable mode using a single entry, enter the following command:
controller-1> enable; conf; switch leaf1a
controller-1(config-switch)#

Entering Text Descriptions

Use the description command in different submodes to enter a text description, enclosed in quotes, of the current object.

Note: Always use quotes (") before and after description text.

Managing the CLI Session

This section describes options for managing the behavior of the CLI session and includes the following topics:

Big Switch Networks Confidential © Big Switch Networks 15

Big Cloud Fabric CLI Reference Guide

• CLI Session Timeout

• Changing the Login Banner
• Changing the CLI Display Lines
• Changing the Login Banner

CLI Session Timeout

After two hours of inactivity, the config mode session expires and the prompt changes to <systemname> reauth.
This means that the session has expired and you must reauthenticate to enter commands that are restricted to enable or
config modes. To reauthenticate, use the reauth command, which has the following syntax.
reauth controller-1> reauth <username> [<password>]

If you don’t enter the password, the system prompts you for it. The following example shows reauthentication with the
user account admin and the password admin:
reauth controller-1> reauth admin admin

If the CLI is in enable mode or config mode, after 10 minutes of inactivity the prompt returns to login mode.

Changing the CLI Display Lines

To change the number of lines displayed in the CLI window, use the terminal length command, which has the following
syntax:
controller-1> terminal {length {<length> | term}

Replace <length> with the number of lines to display, or use term to display as many lines as permitted by the terminal
window. For example, the following command limits the display to 30 lines:
controller-1> terminal length 30

Changing the Login Banner

To change the text banner that is displayed before the login prompt, from config mode, enter the banner command from,
which has the following syntax:
[no ] banner “<banner-message>”

Enclose the banner message in double or single quotes. The following example displays the message “Welcome to the BCF
controller” before displaying the login prompt:
controller-1(config) banner “Welcome to the BCF controller”

To view the current banner message, enter the show banner command from any mode.

Managing Administrator Access

Administrative access to the BCF controller is controlled by associating privileges with groups. User accounts inherit the
privileges for the groups to which they are associated. The current release supports only two levels of administrative
access:
• Login: Provides access only to login mode. User accounts with this access level can enter only commands that can be
entered from login mode, which includes most show commands. User-defined groups are assigned login-level access
and user accounts associated with any user-defined group gets access to login mode.
• Admin: Provides access to all modes, submodes, and commands. In the current release, this access level is only
assigned to the preconfigured admin group. To assign admin-level privileges, associate a user account with the Admin
group.

The account names and passwords are stored in the local system database. The default administrator user name is admin
and the password is set during First Boot from the factory default configuration.

16 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

To create an administrative account or change the password for an existing account, enter config-user submode from config
mode by entering the following command:
controller-1(config)# user <username>

Replace <username> with the name of the administrative account. The system changes to user submode, as indicated by
the following prompt:
controller-1(config-local-user)#

To change the password for the admin account, enter the following command from config mode:
controller-1(config)# user admin
controller-1(config-local-user)# password
Password:
Re-enter:
controller-1(config-local-user)#

The system prompts for the new password for the current account. To identify the account that is currently logged in, enter
the whoami command from any mode, as in the following example:
controller-1> whoami
Id : admin
Groups : admin
Login : 2014-05-18 18:35:44.234000 UTC
Auth ip: 192.168.17.1
controller-1#

The output displays the account ID, any groups to which the account belongs, the time when the user logged in, and the IP
address that was the source of the current session.

Traffic Rate History

Big Cloud Fabric has a circular storage of 300 intervals for recording the traffic rate for each interface, segment, and tenant.
The interval polling is a periodic job that queries every 45 seconds. Excluding any delay for the query response, this provides
225 minutes of history or 3.75 hours. Network delays increase the length of time covered by the 300 intervals.
If you delete a segment or a tenant, it is no longer displayed in the output for show commands starting with the next
interval. However, deleting the object does not affect the existing history for the object. For example, if Segment A is
deleted at 09:00:00 and there is no appreciable network delay, this segment has a history of 3.75 hours. When querying the
controller, Segment A continues to be displayed until 12:40:00. At that time, the object is removed from the circular
storage.

Copying Files to the Controller

Starting with BCF Release 4.2.0, you can use SCP to copy files directly to the BCF controller from a remote host. To copy files
to the BCF controller from a remote host, complete the following steps.

Procedure
Step 1. Establish an SCP session to the BCF controller, using the IP address assigned during first boot configuration.
Step 2. Use SCP to copy the file to the controller, as in the following example of copying a BCF controller upgrade
image:
mingtaoyang@Mingtaos-MacBook-Pro:~/Downloads$ scp controller-bcf-4.2.0.iso [email protected]:image
The authenticity of host '10.8.28.15 (10.8.28.15)' can't be established.
RSA key fingerprint is 37:30:a3:17:29:eb:54:86:fa:96:ee:cd:03:de:ec:88.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.8.28.15' (RSA) to the list of known hosts.
Big Cloud Fabric 4.2.0 (bcf-4.2.0 #49)
Log in as 'admin' to configure

[email protected]'s password:

Big Switch Networks Confidential © Big Switch Networks 17

Big Cloud Fabric CLI Reference Guide

The file is copied to the /home/admin directory.

Note: It is best to avoid using spaces in the filename to avoid copying identical files with different filenames created by the
presence or absence of a space, which can be easily missed.

Step 3. When prompted, enter the password for the admin user account on the BCF controller.
Big Switch upgrade image push
controller-bcf-4.2.0.iso
100% 2035MB 107.1MB/s 00:19

After accepting the password, the system performs a validation check on the image file, as in the following example:
Validating Image Contents: check for expected contents
Validating image contents: verifying checksums
Image added: version: 4.2.0 build: 52
Big Switch upgrade image accepted

When copying an image that already exists, the system responds with an error message, preventing the existing file from
being overwritten, as in the following example:
. . .<s n i p > . . .
Validating Image Contents: check for expected contents
Validating image contents: verifying checksums
Invalid Use: 52: image/build already exists

Step 4. To verify that an image file has been copied, enter the show image command at the controller CLI prompt, as in
the following example.
controller-1# show image
# Product Version Build
-|-------|-------|-----|
1 bcf 4.2.0 52
C15# show image
# Product Version Build
-|-------|-------|-----|
1 bcf 4.2.0 52
C15# show image
# Product Version Build
-|-------|-------|-----|
1 bcf 4.2.0 51
controller-1#

Step 5. You can also enter the show file command at the controller CLI prompt to verify that a file has been copied, as
in the following example.
C15# show file
# Name Size Created
-|---------------------|----|-----------------------|
1 upgrade-fabric-health 718 2017-06-22 16:32:11 UTC
controller-1#

The file is copied to the BCF controller /home/admin directory.

18 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Chapter 2: Login Mode Commands

This chapter describes the following commands that you can enter from login mode.
• debug: Manage various cli debugging features
• echo: Print remaining arguments
• enable: Enter enable mode
• exit: Exit submode
• help: Show help
• history: Show commands recently executed
• jobs: Show suspended jobs
• logout: Logout
• no: :Prefix existing commands to delete item
• ping: Send echo messages
• ping6: Send echo messages
• reauth: Reauthenticate
• set: Manage CLI sessions settings
• show: Show various information
• support: Generate diagnostic data bundle for technical support
• terminal: Manage CLI sessions settings
• traceroute: Traceroute an IP address from the controller
• watch: Show output of other commands
• whoami: Identify the current authenticated account

debug Command

Command Syntax
[no] debug {bash | cli | cli-backtrace | cli-batch | description | rest [{details | brief} | record
<record>]}

Command Mode
Login mode

Command Description
Use the debug command to manage CLI debugging options. The debug command provides access to Big Cloud Fabric
information regarding configuration, system operations, and traffic forwarding that may be useful for troubleshooting or
performance management. The debug bash command provides access to the bash shell. The debug rest keyword causes
the system to display the REST directives required to implement each CLI command that is subsequently entered.

Next Keyword Descriptions

bash: Enter a bash shell
cli: Display more detailed information on errors
cli-backtrace: Display backtrace information on errors
cli-batch: Disable any prompts to allow simpler batch processing
description: Display verbose debug information while processing commands
rest [brief | details | record]: Display CLI information in REST command format. The following keywords are optional:
• brief: Display brief information for REST requests
• details: Display URLs and returned content for REST requests

Big Switch Networks Confidential © Big Switch Networks 19

Big Cloud Fabric CLI Reference Guide

• record <record>: Replace <record> with the filename where the REST API activity is saved

Command Examples
The following example enables and then disables the REST debug mode:
controller-1> debug rest
***** Enabled display rest mode *****
REST-SIMPLE: GET http://127.0.0.1:8080/api/v1/data/controller/core/controller/role
REST-SIMPLE: http://127.0.0.1:8080/api/v1/data/controller/core/controller/role done, 0:00:00.005695
controller-1> no debug rest
REST-POST: POST http://127.0.0.1:8080/api/v1/data/controller/core/aaa/audit-event {"attribute":
[{"value": "no debug rest", "key": "cmd_args"}], "event-type": "cli.command", "session-cookie":
"x4lGCLio1BDi3vaFy8ghgxiV0nzFaKxx"}
REST-POST: http://127.0.0.1:8080/api/v1/data/controller/core/aaa/audit-event done 0:00:00.006402
***** Disabled display rest mode *****

echo Command

Command Syntax
echo <any command>

Command Mode
Login mode

Command Description
Use the echo command to display the subsequent command at the CLI prompt. The echo command causes the command
that follows to be repeated on the next line with no other effect. This command may be useful for creating automated
scripts.

Command Examples
controller-1(config)# echo tenant Red
tenant Red
controller-1(config)#

enable Command

Command Syntax
enable

Command Mode
Login mode

Command Description
Use the enable command to change the CLI prompt to enable mode and access the commands available from enable mode.

Command Examples
controller-1> enable
controller-1#

exit Command

Command Syntax
exit

20 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
The exit command returns the CLI prompt to the previous mode or submode. When entered at the login prompt, the exit
command ends the current session and returns the CLI to the login prompt. If you are using SSH, this command ends your
SSH session.

Command Examples
controller-1(config)# exit
controller-1# exit
controller-1>

help Command

Command Syntax
help [<any command> | workflow {cli | config | examples | files | high-availability | introduction |
link | management | policy | interface-group | segment | switch | switchlight | upgrade}]

Command Mode
Login mode

Command Description
Enter the help command without options to list the commands available in the current mode or submode. Enter help
followed by a specific command to display the syntax of the command, along with a description of the command and the
parameters (next keywords). Use the help command with the workflow keyword to display information about a specified
procedure that you may perform using various CLI commands. As an alternative to the help command, type a question
mark (?) after a command to display a brief description of the command, or press the tab key to display the next keywords
allowed.

Next Keyword Descriptions

workflow: Use this keyword with any of the following descriptors for an overview of common procedures you may perform
using various CLI commands:
cli: Overview of workflow for CLI.
config: Overview of workflow for config (running-config, and so forth).
examples: Example of Big Cloud Fabric workflow.
files: Overview of workflow for files.
high-availability: Overview of workflow for high availability.
introduction: Introduction to Big Cloud Fabric.
link: Overview of link operations.
management: Overview of management network configuration.
policy: Overview of policy.
interface-group: Overview of interface-group workflow.
segment: Overview of tenant and segment operations.
switch: Overview of switch operations.

Big Switch Networks Confidential © Big Switch Networks 21

Big Cloud Fabric CLI Reference Guide

switchlight: Overview of switchlight deployment.

upgrade: Overview of workflow for upgrade.

history Command

Command Syntax
history [<count>]

Command Mode
Login mode

Command Description
The history command shows the commands that have been executed recently. You can optionally specify the number of
the most recent commands you want to display.

To search the contents of the history buffer, type Ctrl-R to search backwards in the history buffer. To exit reverse search
mode, press Ctrl-D.

Next Keyword Descriptions

count: Number of commands to show.

Command Examples
The following command displays the last three commands in the history buffer:
controller-1> history 3
8: help echo
9: controller history 3
10: history 3

jobs command

Command Syntax
jobs

Command Mode
Login mode

Command Description
Use the jobs command to show suspended jobs.

logout Command

Command Syntax
logout

Command Mode
Login mode

Command Description
Use the logout command to return to the login prompt. If you are using SSH, this command ends the session.

22 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1> logout
Big Cloud Fabric Appliance 2.0.11-SNAPSHOT (bcf_master #2002)
Log in as admin to configure
controller login:

no Command

Command Syntax
no <command>

Command Mode
Login mode

Command Description
The no command removes the configuration that follows the command. Use this command with caution because no
prompt is provided when removing configuration. The no command removes configuration associated with the specified
object or container and any nested configuration without warning.

Command Examples
controller-1> no debug rest

This stops the rest debug mode after it has been previously enabled.

ping Command

Command Syntax
ping <ip4-target | ipv6-target> {controller-management | src-tenant <tenant> src-ip <ip>) [count <ping
count>]

Command Mode
Login mode

Command Description
Use the ping command to transmit 64-byte ICMP v4/v6 packets to the specified address or hostname using IPv4 or IPv6.
This command verifies connectivity between the controller management interface or other source address and the
destination IP address in the specified tenant. The system displays information regarding the response time in milliseconds.
Longer response times may indicate congestion on the target interface.
The controller looks for an endpoint with the specified IP address in the tenant and sends a ping request to the endpoint.
The IP address must belong to one of the segment interface IP subnets of the specified tenant If there is no known
endpoint with the IP address in the tenant, the controller floods one ARP or ICMPv6 NDP Neighbor Solicitation (NS) packet
for the IP address. If the endpoint is known, the controller sends a ping request directly to the endpoint and waits for a
response.
For a single command one packet is transmitted. If the endpoint is unknown, the controller sends a single ARP packet to
discover the endpoint. If the endpoint is known, a single ping request packet is sent to the endpoint.

Next Keyword Descriptions

ip4-address ping target: An IPv4 address or resolvable DNS hostname. Use a dotted-decimal or sting-format IP address (for
example, 192.168.2.129 or 2001:1234::1), or a domain name (localhost, bigswitch.com), which can be resolved.

Big Switch Networks Confidential © Big Switch Networks 23

Big Cloud Fabric CLI Reference Guide

Alternatively, a switch alias or dpid may be used if it is currently active. In the latter case, the ping command is directed to
the IP address associated with the switch.
controller-management: Use the current controller management IP address for the source of the ping command.
src-tenant <tenant> src-ip <ip>: Identify the tenant and IP address to use for the source of the ping command.
count <integer>: The number of ICMP v4/v6 packets to send.

Command Examples
The following command sends three ICMPv4 packets to 10.192.2.98 from the controller management IP address:
controller-1> ping 10.192.2.98 controller management count 3
PING 10.192.2.98 (10.192.2.98) 56(84) bytes of data.
64 bytes from 10.192.2.98: icmp_req=1 ttl=64 time=0.910 ms
64 bytes from 10.192.2.98: icmp_req=2 ttl=64 time=0.874 ms
64 bytes from 10.192.2.98: icmp_req=3 ttl=64 time=0.847 ms
controller-1>

ping6 Command

Command Syntax
ping6 { <ip6-address> controller-management [count <ping count>]

Command Mode
Login mode

Command Description
Use the ping6 command to transmit 64-byte ICMP packets to the specified IPv6 address. This command verifies connectivity
between the controller management interface and the destination IP address. The system displays information regarding
the response time in milliseconds. Longer response times may indicate congestion on the target interface.
For a single command one packet is transmitted. If the endpoint is unknown, the controller sends an ICMPv6 NDP Neighbor
Solicitation (NS) packet to discover the endpoint. If the endpoint is known, a single ping request packet is sent to the
endpoint.

Next Keyword Descriptions

ip6-address: An IPv6-address-or-domain-name. Use an IPv6-address or a resolvable fully qualified domain name.
controller-management: Use the current controller management IP address for the source of the ping command.
count <integer>: The number of ICMP packets to send.

Command Examples
The following command sends three ICMP packets to the specified IPv6 address from the controller management IP
address:
controller-1> ping 2601:647:c800:20:4af8:b3ff:feeb:e2a1 controller management count 3
PING 10.192.2.98 (10.192.2.98) 56(84) bytes of data.
64 bytes from 10.192.2.98: icmp_req=1 ttl=64 time=0.910 ms
64 bytes from 10.192.2.98: icmp_req=2 ttl=64 time=0.874 ms
64 bytes from 10.192.2.98: icmp_req=3 ttl=64 time=0.847 ms
controller-1>

24 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

reauth Command

Command Syntax
reauth [<user> [<password>]]

Command Mode
Login mode

Command Description
Use the reauth command when you are prompted to reauthenticate your session to the controller after the session has
timed out due to inactivity. If the password is omitted, the system prompts for the password.

Next Keyword Descriptions

<user>: Name of the user account to reauthenticate
<password>: Password for the user account to reauthenticate. If the password is omitted, the system prompts for the
password. If any special characters, space or quotes are included, the password string must the enclosed in either single (')
or double quotes (").

Command Examples
Reauth> reauth admin admin
controller-1>

set prompt Command

Command Syntax
[no] set prompt timestamp

Command Mode
Login mode

Command Description
Use the set prompt command to configure the CLI prompt to display a variety of different strings, including various dynamic
values. When the '%' character appears in the string, the next character identifies various choices, as in the following
examples:
• %@ host
• %# typical prompt characer, '>' for login, '#' for other nested m
• %+ line number
• %~ non-active role (typically standby)
• %$ current mode in parenthesis
• %D date M/D/Y H:M:S
• %T time H:M:S
• %M month
• %d day
• %y year
• %h hour
• %m min
• %s seconds

Big Switch Networks Confidential © Big Switch Networks 25

Big Cloud Fabric CLI Reference Guide

To include the percent sign, use “%%.” Other characters are displayed as literal values.

Next Keyword Descriptions

timestamp

show Command

Command Syntax
show <show command>

Command Mode
Login mode

Command Description
Use the show command with one of the available options to display information about Big Cloud Fabric configuration,
operation, or traffic forwarding. Enter the help show command for a list of supported commands. Refer to Chapter 4, “show
Commands” for details about the show commands available.

Next Keyword Descriptions

Enter the help show command for a list of supported commands, or refer to the “show Commands” section in this
document.

support Command

Command Syntax
support

Command Mode
Login mode

Command Description
Use the support command to generate a diagnostic bundle of information about the controllers and switches in the Big
Cloud Fabric for technical support.

Command Examples
The following command generates a support bundle, which you can access by using the URL at the bottom of the output.
controller-1> support
Generating diagnostic data bundle for technical support. This may take several minutes...
Name : floodlight-support--controller--2014-09-29--02-36-45--UTC--t_tMmK.tar.gz
Size : 360KB
Fs path : /var/lib/floodlight/support/floodlight-support--controller--2014-09-29--02-36-45--UTC--
t_tMmK.tar.gz
Url : http://192.168.7.11:8443/api/v1/support/floodlight-support--controller--2014-09-29--02-36-45--
UTC--t_tMmK.tar.gz
controller-1>

terminal Command

Command Syntax
terminal {length {<length> | term} | clear}

26 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the set command to specify the number of lines displayed for long system responses.

Next Keyword Descriptions

length: Number of lines to display.
term: Display the maximum number of lines allowed by the terminal used for the current session. The controller console
displays 24 lines.
clear: Clear the terminal display.

Command Examples
The following command sets the number of lines displayed to 5.
controller-1> terminal length 5
For help on specific commands: help <topic>
Commands:
debug Manage various cli debugging features
echo Display output of other commands
-- hit q to quit, any character to continue (4) –
When you enter a command with many lines of output, the system prompts you to continue, with the number
of lines already displayed in parenthesis).

traceroute Command

Command Syntax
traceroute <ip-address> src-tenant <tenant-name> [src-ip <ip-address>]

Command Mode
Login mode

Command Description
Use the traceroute command to identify the route from the controller to the specified destination.

Next Keyword Descriptions

<ip-address> | <ip-address>}: Enter the IPv4 or IPv6 address of the destination address of the traceroute.
src-tenant <tenant-name>: Enter the name of the tenant from which to trace the route.
src-ip <ip-address> : Optionally, enter the IPv4 or IPv6 address of the source of the traceroute.

watch Command

Command Syntax
watch <command>

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 27

Big Cloud Fabric CLI Reference Guide

Command Description
Use the watch command to repeatedly execute the command that follows. To interrupt the display, type Ctrl-C. You can use
the watch command to monitor statistics or other dynamic information of interest.

Command Examples
The following command runs the show controller command repeatedly until it is interrupted by pressing Ctrl-C.
controller-1> watch show controller
Command: "show controller"
Cluster Name : techpubs
Cluster HA Status : paired
~~~~~~~~~~~~~~~~~~~ Nodes ~~~~~~~~~~~~~~~~~~~
# IP @ State Status Uptime
-|--------------|-|------|---------|---------|
1 192.168.17.220 * active connected 9 minutes
Command: "show controller"
Cluster Name : techpubs
Cluster HA Status : paired
~~~~~~~~~~~~~~~~~~~ Nodes ~~~~~~~~~~~~~~~~~~~
# IP @ State Status Uptime
-|--------------|-|------|---------|---------|
1 192.168.17.220 * active connected 9 minutes
^C
Interrupt.
controller-1>

whoami Command

Command Syntax
whoami

Command Mode
Login mode

Command Description
Use the whoami command to display information about the user account currently logged into the controller.

Command Examples
controller-1> whoami
Id : admin
Groups : admin
Login : 2014-06-06 10:37:51.428000 UTC
Auth ip : 192.168.17.1
controller-1>

28 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Chapter 3: Enable Mode Commands

This chapter describes the following commands that you can enter from Enable mode.
• boot: Configure boot details
• clear: Clear debug counters
• compare: Compare running-configs
• configure: Enter configure mode
• connect: Connect to switch
• copy: Copy to/from running-config
• delete: Delete identified object
• deploy: Deploy vSphere gui-plugin
• reset: Reset current user password
• show: Show various information
• support: Create a suport bundle
• sync: Sync between config and identified operational state
• system: System and switch operations (reload, reset, etc)
• test: Start test
• upgrade: Upgrade controller/cluster

boot Command

Command Syntax
boot {factory-default | partition {{1 | 2} | alternate | reset }}

Command Mode
Enable mode

Command Description
Use the boot command to reboot the controller from one of the two partitions or from the factory-default image. To view
the current contents of the partitions, use the show boot partition command. To restore the controller to its initial
configuration, use the boot factory-default command.

Next Keyword Descriptions

factory-default: This keyword copies an original image into the alternate partition and then reboot the system into that
alternate partition. Boot from the factory-default image to restore the controller to its initial configuration. The rebooted
controller is then restored to a factory-default state. Logs are retained.
When the controller is part of a high-availability cluster, this option removes the controller from the cluster. This option
copies the original software into the alternate partition and then reboots using the alternate partition. The rebooted
controller is then brought back to a factory-default state. Logs are retained.
partition 1 | 2: Boot from the specified partition.
alternate: Boot from the alternate partition. The alternate partition is the partition that is not currently the active partition.

Command Examples
controller-1(config)#
boot factory default:
proceed ("yes" or "y"
boot factory default:
boot factory-default
alternate partition will be overwritten
to continue): yes
copying image into alternate partition

Big Switch Networks Confidential © Big Switch Networks 29

Big Cloud Fabric CLI Reference Guide

clear bgp neighbors all

Command Syntax
clear bgp neighbors all

Command Mode
Enable mode

Command Description
Use the clear bgp neighbors all command to reset the current BGP sessions.

clear debug counters Command

Command Syntax
clear debug counters [<modulename> [<events>]]

Command Mode
Enable mode

Command Description
Use the clear command to reset all the debug counters or specific counters based on the BCF controller software module
name.

Next Keyword Descriptions

<modulename>: Use one of the following optional parameters to clear the counters for a specific module:
• ApplicationManager
• ControllerCounters
• EndpointManager
• FabricManager
• ForwardingDebugCounters
• ISyncService
• OFSwitchManager
• RoleManager
• StatsCollectorServiceImpl
• VirtualRoutingManager

<events>: Use one of the following optional parameters to clear the counters for a specific event:
• number-of-completed-events-de-queued
• number-of-completed-events-queued
• number-of-events-de-queued
• number-of-events-discarded
• number-of-events-processed
• number-of-events-processed-in-active-state
• number-of-events-processed-in-standby-state
• number-of-events-queued
• number-of-packetIn-ignore
• number-of-role-change-to-primary-processed
• number-of-role-change-to-standby-processed

30 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• number-of-sync-updates-processed
• number-of-transactions-committed

Command Examples
The following example clears the debug counters for the ApplicationManager module.
controller-1# clear debug counters ApplicationManager
controller-1#

clear error-disabled Command

Command Syntax
clear error-disabled switch <switch> interface <interface>

Command Mode
Enable mode

Command Description
Use the clear error-disabled command to re-enable a switch interface that has been disabled by BPDU Guard after a BPDU
was received on an interface that should not be receiving BPDUs. This error can be caused by connecting a leaf switch
interface to a spanning tree interface.
A fabric interface will be error disabled if it receives a Spanning tree BPDU. When you clear the error disabled status for an
interface, the system also tries to bring the port back up. However, you must first correct the underlying misconfiguration.
Otherwise, after the interface is brought back up and another Spanning tree BPDU is received on the port, it will be error
disabled again.

Next Keyword Descriptions

switch <switch>: Replace <switch> with the name of the switch with an interface disabled by BPDU Guard.
interface <interface>: Replace <switch> with the name of the disabled interface to clear.

Command Examples:
The following command clears the error disabled status for the given switch-interface if it is currently error disabled and
attempts to bring it back up.
controller-1# clear error-disabled switch leaf0 interface ethernet1
controller-1#

The following command clears the error disabled status for all interfaces on the given switch if they are currently error
disabled and attempts to bring them back up.
controller-1# clear error-disabled switch leaf0
controller-1#

clear endpoint Command

Command Syntax
clear endpoint {all | tenant <tenant-name> {all | segment <segment-name> {all | mac <mac>}}}

Command Mode
Enable mode

Big Switch Networks Confidential © Big Switch Networks 31

Big Cloud Fabric CLI Reference Guide

Command Description
Use the clear endpoint command to clear learned endpoints for a specific tenant, for a specific segment within a tenant, or
for the endpoint associated with a specific MAC address. This command also clears any endpoint that was blocked by the
controller because it was flapping. Flapping means the interface where the endpoint is seen by the controller changes more
frequently than is allowed by the system threshold, which is 10 times in 30 seconds.

Next Keyword Descriptions

all | tenant <tenant-name>: Use the tenant keyword followed by the name of the tenant or use the all keyword to include
all tenants.
all | segment <segment-name>: Use the segment keyword followed by the name of the segment or use the all keyword to
include all segments.
all | mac <mac>: Use the mac keyword followed by the MAC address of the endpoint or use the all keyword to include all
MAC addresses.

Command Examples
The following command clears all learned endpoints associated with the web segment in the Red tenant.
controller-1# clear endpoint tenant Red segment R-Web mac 00:11:22:33:44:55
controller-1#

clear interface-group
clear interface-group {<interface-group-name> | all} counters

Command Mode
Enable mode

Command Description
Use the clear interface-group command to clear the counters for the specified interface group or for all interface groups.

Next Keyword Descriptions

<interface-group-name> | all: Enter the name of the interface group or use the all keyword to clear counters for all the
interface groups.
counters: Clear the counters for the interface group or for all interface groups.

clear multicast-group

Command Syntax
clear multicast-group {all | tenant <tenant-name> {all | segment <Segment Name> {all | group <Group>}}}

Command Mode
Enable mode

Command Description
Use the clear multicast-group command to remove the specified multicast groups.

Next Keyword Descriptions

all | tenant <tenant-name>: Clear the multicast groups for all tenants or for the specified tenant.

32 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

all | segment <Segment Name>: Clear the multicast groups for the specified tenant for all segments or for the specified
segment.
all | group <group>: Clear all the multicast groups for the specified tenant and segment or for the address of the specific
multicast address.

clear nsx Command

Command Syntax
clear nsx <nsx-instance> plugin-error

Command Mode
Enable mode

Command Description
Use the clear nsx command to clear the counters for a specific instance of NSX. .

clear segment Command

Command Syntax
clear segment {<switch-name> | all} {interface <if-name> | all} counters

Command Mode
Enable mode

Command Description
Use the clear segment command to clear the counters for a specific segment or all segments.

Next Keyword Descriptions

All: Clear all segments.
<Segment Name>: Clear the specified segment.

Command Examples
The following command clears the counters for the R-Web segment:
controller-1# clear segment R-Web counters

clear session Command

Command Syntax
clear session {session-id <id> | user {admin | <user>)

Command Mode
Enable mode

Command Description
Use the clear session command to clear the specified sessions or all sessions associated with the specified user.

Big Switch Networks Confidential © Big Switch Networks 33

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

session-id <session-id>: Replace <session-id> with the identifier for the session to clear. Use the show session command to
display the active session identifiers.
admin: Clear session history for the admin user.
user <user-name>}: Replace <user-name> with the user name associated with the sessions to clear. Use the show session
command to display accounts with active sessions.

clear sflow Command

Command Syntax
clear sflow switch <switch-name> [{collectors | interfaces}]

Command Mode
Enable mode

Command Description
Use the clear sflow command to clear the sFlow collectors or interfaces on the specified switch.

Next Keyword Descriptions

switch <switch-name>: Replace <switch-name> with the name of the switch where the sFlow collectors or interfaces will be
cleared.
collectors: Clear the counters on the specified switch for sFlow collectors.
collectors: Clear the counters on the specified switch for sFlow interfaces.

clear switch Command

Command Syntax
clear switch {<switch-name> | all} { agent-counters | cpu-queue | pimu-counters }

clear switch {<switch-name> | all} {interface <if-name> | all} { counters | queue }

Command Mode
Enable mode

Command Description
Use the clear switch command to clear the counters for a specific switch or all switches, for a specific interface, or for all
interfaces.

Next Keyword Descriptions

<switch-name> | all: Specify the switch or use the all keyword for all switches.
agent-counters: Clear the agent counters for the specified switch.
cpu-queue: Clear the CPU queue counters for the specified switch.
pimu-counters: Clear the PIMU counters for the specified switch.
interface <if-name> | all: Specify the interface or use the all keyword for all interfaces.
counters: Clear the counters for the specified switch and interface.

34 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

queue: Clear the queue counters for the specified switch and interface.

clear tenant Command

Command Syntax
clear tenant {<tenant-name> | system | all } [segment {<segment-name> | all ]
{bgp neighbor {name <neighbor-name> | ip <neighbor-ip> | all } [soft [in | out] |

counters |

logical-router {policy-counter {1 | all} | policy-log }}

Command Mode
Enable mode

Command Description
Use the clear tenant counters command to clear the counters for the specified tenant or all tenants or for the specified
segment or all segments. Use the clear tenant bgp command to clear BGP session information for a specific neighbor or all
neighbors. Use the clear tenant logical-router to clear the counters or policy logs for the specified tenant or for all tenants.

Next Keyword Descriptions

tenant <tenant-name> | all: Specify the tenant for which you want to clear history, or use the all keyword for all tenants.
segment <segment-name> | all: Specify the segment for which you want to clear history, or use the all keyword for all
segments.
counters: Clear counters for the specified tenants and segments.
logical-router: Clear logical router history for the specified tenant. This keyword requires one of the following options:
• policy-counter 1 | all: Specify 1 to clear the most recent counters or all to clear all.
• policy-log: Clear the policy log on the logical router for the specified tenant.

clear test path Command

Command Syntax
clear test path { <test-name> | all }

Command Mode
Enable mode

Command Description
Use the clear test path command to clear the statistics associated with a specified test path instance or all test path
instances. Use the test path command to define one or more instances of a test path. Use the show test path command to
view the currently defined instances.

Next Keyword Descriptions

<test-name> | all: Specify the name of the test instance to clear or use the keyword all to clear all tests.

Command Examples
The following example clears the statistics associated with the test1 instance.
controller-1# clear test path test1
controller-1#

Big Switch Networks Confidential © Big Switch Networks 35

Big Cloud Fabric CLI Reference Guide

clear vcenter-network-config Command

Command Syntax
clear vcenter-network-config <vcenter-name>

Command Mode
Enable mode

Command Description
Use the clear command to clear the BCF network configuration for the specified vCenter.

Command Description
<vcenter-name>: Identify the vCenter for which you want to clear the BCF network configuration.

compare Command

Command Syntax
compare <source> <dest>

Command Mode
Enable mode

Command Description
Use the compare command to identify any differences between running-config files in different locations. For example, you
can compare the running-config on the current controller to the running-config on a remote server before replacing the
active running-config.

Next Keyword Descriptions

<source>: First running-config file to compare.
<dest>: Second running-config file to compare.
Replace <source> or <dest> with one of the following:
• http://: Compare with a running-config on an HTTP server
• snapshot://: Compare saved running-config
• running-config: Compare running-config
• scp://: Compare source file available on a remote server
• file://<filename> in the user file repository

Command Examples
The following command compares the contents of the running-config in the controller repository with the active running-
config.
controller-1# compare running-config snapshot://june11
2,3c2,7
< ! Big Cloud Fabric Appliance 2.0.11-SNAPSHOT (bcf_master #2051)
< ! Current Time: 2014-06-11.05:42:50
> ! Saved-Config june11
> ! Create Time: Wed Jun 11 05:42:29 2014
> ! Saved-Config version: 1.0
> ! Version: 2.0.11-SNAPSHOT
> ! Appliance: bcf_master
> ! Build-Number 2051
9,11d12
< ! aaa

36 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

< aaa accounting exec default start-stop local

controller-1#

configure Command

Command Syntax
configure [terminal]

Command Mode
Enable mode

Command Description
Use the configure command to change to config mode and to access the commands available from config mode.

Next Keyword Descriptions

terminal: Optional keyword to use when running an automated script that includes this keyword.

Command Examples
The following command enables config mode.
controller-1# config
controller-1(config)#

connect Command

Command Syntax
connect switch <switch-name>

Command Mode
Enable mode

Command Description
Use the connect command to open an SSH session to a fabric switch that is connected to the controller. This changes the
CLI prompt to the Switch Light OS CLI, which allows you to enter a subset of commands accepted by the switch. These
commands might be useful for troubleshooting or administering the switch.

Next Keyword Descriptions

<switch-name>: Identify the name of the switch with which to open the SSH session. Use the switch name that is registered
on the controller.

Command Examples
The following command connects the CLI to switch leaf-1a.
controller-1# connect switch leaf-1a

copy Command

Command Syntax
copy <source> <dest>

Big Switch Networks Confidential © Big Switch Networks 37

Big Cloud Fabric CLI Reference Guide

Command Mode
Enable mode

Command Description
Use the copy command to copy a running-config, upgrade image, or other files. You can copy between locations on the
controller or use the scp:// option to copy between locations on the local controller and a remote server.

Note: Copying a configuration file to the running-config does not override the current node IP address.

Next Keyword Descriptions

<source>: Source location of the file to copy.
<dest>: Destination location of the file that is being copied.
Replace <source> or <dest> with one of the following keywords:
• csr://<controller-cert>| <switch-cert>: (Source only) Replace <controller-cert> with the name and location of the
controller certificate signing request (CSR) on the controller or replace <switch-cert> with the name and location of the
switch CSR. For the destination, use scp://<CA-URL>
• file://<filename>: User-generated file in the local controller user file repository.
• snapshot://<config-name>: Running-config file in the local controller running-config file repository.
• http://: HTTP URL including path and filename.
• https://: HTTPS URL including path and filename.
• running-config : Active running-config on the local controller.
• scp://<user>@<host>:path: Remote server filename, path, and user name with access permissions to the file. The
remote system prompts for a password if required.
When scp:// is used to specify the destination with a source defined by the csr keyword, use the URL to which the CSR
should be sent for signing. When used as the source for importing signed certificates from the CSR to the controller,
use the URL for the CA root certificate, the Active or Standby controller certificate, or individual switch certificates.
• support://<support-file>>: Replace <support-file> with the name of the support file. For example: support://floodlight-
support--controller-1--2015-07-02--16-00-17--UTC--w1hfSQ.tar.gz.

Command Examples
The following command copies the active running-config of the local controller to the saved-config file in the local
controller running-config file repository.
controller-1# copy running-config snapshot://saved-config

The following command overwrites the active running-config with the contents of the saved-config file from the local
controller running-config file repository. This command replaces the contents of the active running-config with the contents
of the specified file.
controller-1# copy snapshot://saved-config running-config

The following command appends the commands in a file on an external server to the active running-config on the
controller. This command overwrites any duplicated commands in the current running-config file, but other commands are
not affected.
controller-1# copy scp://[email protected]:saved-config running-config

The following command copies the saved-config.txt file in the running-config repository to an external server.
controller-1# copy snapshot://saved-config scp://[email protected]:saved-config

The following command copies the CSR for a fabric switch with MAC address 70-72-cf-ae-b6-34 to a CA from the Active
controller. This example copies the CSR for a switch. A similar command is used for copying the Active and Standby
controller CSRs.

38 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config)# copy csr://70-72-cf-ae-b6-34.switch.cluster scp://[email protected]:/root/openssl-

ca/70-72-cf-ae-b6-34.switch.cluster.csr

The following command copies a signed certificate from the CA to the Active controller. This example imports a signed
switch certificate to the Active controller. A similar command is used for importing the CA root certificate and the Active
and Standby controller certificates.
controller-1(config)# copy scp://[email protected]:/root/openssl-ca/70-72-cf-ae-b6-34.switch.cluster.pem
cert://70-72-cf-ae-b6-34.switch.cluster

delete Command

Command Syntax
delete {cert <cert> |dump {core-dump <dump-id> | heap-dump <dump-id>} | file <file-name> | image <image-
id> |snapshot <snapshot-name> | support {<bundle> | all-forced }}

Command Mode
Enable mode

Command Description
Use the delete command to remove the designated files from the local controller file repository.

Next Keyword Descriptions

cert <cert>: Delete the specified certificate from the Active controller repository. To view the name of the certificate use
the show secure control plane command.
dump: Delete the specified dump file.
core-dump <dump-id>: Replace <dump-id> with the system-assigned identifier of the core dump.
heap-dump <dump-id>: Replace <dump-id> with the system-assigned identifier of the heap dump.
image <image-id>: Replace <image-id> with the image identifier of the image file to delete.
file <file-name>: Replace <file-name> with the filename of the user-generated file to delete.
snapshot <snapshot-name>: Replace <snapshot-name> with the name of the saved running-config file to delete.
support {<bundle> | all-forced}: Replace <bundle> with the bundle identifier of the support bundle to delete. Use the all-
forced keyword to remove all support bundles.

Command Examples
controller-1# show file
# Name Size Created
-|-----|----|------------------------|
1 file1 839 Fri Jun 6 19:32:42 2014
controller-1# delete file file1
controller-1# show file
None.

deploy vsphere gui-plugin Command

Command Syntax
deploy vsphere gui-plugin <vCenter name> <vCenter user> [<contact email address>]

Big Switch Networks Confidential © Big Switch Networks 39

Big Cloud Fabric CLI Reference Guide

Command Mode
Enable mode

Command Description
Use the deploy command to implement the Big Cloud vSphere plugin, which allows the VMware administrator to configure
Big Cloud Fabric from the vCenter interface.

Next Keyword Descriptions

<vCenter name>: Specify the name of the vCenter instance, as configured on the BCF controller.
<vCenter user> Specify the name of the vCenter user account.
<contact email address>: Specify the e-mail address of the vCenter contact.

Command Examples
The following command enables the Big Cloud Fabric vSphere plugin instance vcenter-1, using access privileges provided by
the vCenter user account, vcenter-admin.
controller-1# deploy vsphere gui-plugin vcenter-1 vcenter-admin
controller-1#

reset user-password Command

Command Syntax
reset user-password

Command Mode
Config mode

Command Description
Use the reset user-password command to reset the password for the current user account. When you enter this command,
you are prompted for the existing password and then prompted for the new password.

Command Examples
controller-1(config)# reset user-password
Changing password for: admin
Current password:
New password:
Re-enter:
controller-1(config)#

show Command

Command Syntax
show <show-command>

Command Mode
Enable mode

40 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the show command to display information about the Big Cloud Fabric. The show commands available only from enable
mode are a subset of the commands described in Chapter 4, “show Commands.”

support switch Command

Command Syntax
support switch <switch-name> scp://<password>@<dest>:<core-file-name>

Command Mode
Enable mode

Command Description
Use the support switch command to SCP a core file from the switch to a remote location.

Next Keyword Descriptions

switch <switch-name>: Identify the switch with a core file that you want to copy to a remote destination.
scp:// Copy the core file using this keyword.
<username>@<dest>: Replace <username> with a user account having write access on the remote server. Follow the at
sign (@) and replace <dest> with the IP address of the remote server.
:<core-file-name>: Enter a colon (:) followed by a filename to which you want to write the core file at the remote server.

Command Examples
The following example copies the core from leaf1-a to the file named core-switch-leaf1-a on the remote server 10.8.67.3.
controller-1# support switch leaf1-a scp://[email protected]:core-switch-leaf1-a
Collecting core
Core collected: 13207 bytes
[email protected]'s password:
tmpMLPb_l 100% 13KB 12.9KB/s 00:00

sync Command

Command Syntax
sync ntp [<ntp-server>]
sync vcenter <vcenter> [network]

Command Mode
Enable mode

Command Description
Use the sync command to synchronize the BCF controller with an external system. Use the sync ntp command to
synchronize the system time using NTP immediately without waiting for an NTP time sync. Note that this should be
required only under specific circumstances, such as when establishing an initial time reference when NTP servers are
reconfigured.
Use the sync vcenter command to cause an immediate update from vCenter to the BCF controller. When integrated with
vCenter, this updates the Big Cloud Fabric with changes to VLANs or VMs made in vCenter since the previous update.

Big Switch Networks Confidential © Big Switch Networks 41

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

ntp <ntp-server>: Request a one-time NTP sync with an optionally specified NTP server or with the configured server by
default . Optionally, replace <ntp-server> with the identifier of the NTP server using the IP address in dotted decimal format
(nnn.nnn.nnn.nnn), or the fully qualified domain name. If the NTP server is not specified, the NTP sync is performed with
the configured server.
vcenter <vcenter>: Replace <vcenter> with the identifier of the vCenter server in dotted-decimal-format
(nnn.nnn.nnn.nnn), or the fully qualified domain name. This command causes an immediate sync, which is required when
the vCenter automation-level is set to on-demand. This command is ignored when the automation-level is set to none.
network: Identify the VLAN used to connect the BCF controller to vCenter.

system beacon switch Command

Command Syntax
system beacon switch {<switch-mac> | <switch-ip> | <switch-name>} [timeout <timeout>]

Command Mode
Enable mode

Command Description
Use the system beacon switch command to flash the LEDs on the specified switch for a period of 30 seconds.

Next Keyword Descriptions

<switch-mac> | <switch-ip | <switch-name>: Identify the switch using its MAC address, IP address, or name. The MAC
address is six hexadecimal digits separated by colons (:), for example: 00:50:56:ad:fe:bb, 00:1b:a9:3f:2e:6e. The IP address
is in dotted-decimal format, for example: 192.168.17.1. The switch name is the name configured on the BCF controller.
timeout: Specify the number of seconds to wait without a reply before terminating the command.

system config-push Command

Command Syntax
system {config-push {switch {<ip-address> | <mac-address> | <Switch Name>}} | ping {switch {<ip-address>
| <mac-address> | <Switch Name>}} [timeout <timeout>]

Command Mode
Enable mode

Command Description
Use the system config-push command to refresh the configuration of the specified switch.

Next Keyword Descriptions

<switch-mac> | <switch-ip | <switch-name>: Identify the switch using its MAC address, IP address, or name. The MAC
address is six hexadecimal digits separated by colons (:), for example: 00:50:56:ad:fe:bb, 00:1b:a9:3f:2e:6e. The IP address
is in dotted-decimal format, for example: 192.168.17.1. The switch name is the name configured on the BCF controller.
timeout: Specify the number of seconds to wait without a reply before terminating the command.

42 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

system failover Command

Command Syntax
system failover [skip-initial-sync-check] [<node-id>]

Command Mode
Enable mode

Command Description
Use the system failover command to fail over the Active controller to the Standby controller. You can enter the failover
command on either the Active or Standby controller. With some earlier BCF versions, the failover command must be
entered on the Standby controller.
To fail over immediately without performing the normal synchronization check that occurs before failover, use the skip-
initial-sync-check keyword.
By default, the failover command changes the role of the available Standby controller with the highest node ID to Active. To
fail over to a specific controller, replace <node-id> with the node ID of the Standby controller. If you specify the node ID of
the Active controller or a Standby controller that is not reachable, the system displays an error message. In the current
release, a single Standby controller is supported.

system install switch Command

Command Syntax
system install {switch {<switch-name> | <ip-address> | <mac-address> }
{onie loader | cpld loader | loader cpld} [reboot] [timeout <seconds>]

Command Mode
Enable mode

Command Description
Use the system install switch command to upgrade the CPLD or ONIE firmware images on the specified switch, using the
current firmware images. Use this command without the reboot option to configure the switch to upgrade its firmware the
next time it restarts. Use this command with the reboot option to reboot the switch and perform the firmware upgrade
immediately. You can also use the switch IPv6 address, which can be obtained using the show switch <switch-name>
zerotouch command.

Note: You cannot upgrade ONIE and CPLD at the same time. If both firmware images must be updated, enter the system
install command for each image, wait for the switch to reboot, and then upgrade the other image. Upgrading the ONIE
before the CPLD is recommended.

Next keyword Descriptions

switch <switch-name> | ip-address> | <mac-address> : Identify the switch to upgrade using the switch name, the IP
address, or the MAC address.
cpld: Upgrade the CPLD on the switch.
loader: Use this option to upgrade the loader on the specified switch.
onie: Upgrade the ONIE firmware image. It is recommended to run this option before installing the CPLD. This option re-
runs the ONIE installer and lets the controller re-image the switch with the current Switch Light image.
reboot: Restart the switch and perform the firmware upgrade immediately.
timeout <seconds>: Specify the number of seconds to wait without a reply before terminating the command.

Big Switch Networks Confidential © Big Switch Networks 43

Big Cloud Fabric CLI Reference Guide

Command Examples
The following command configures switch leaf1-a to restart and install the ONIE firmware:
controller-1# system install switch leaf1-a onie reboot
system switch install: install may cause service interruption
system switch install ("y" or "yes" to continue): y

The following command configures switch leaf1-a to restart and install the CPLD firmware:
controller-1# system install switch leaf1-a cpld reboot

The following command configures switch leaf1-a to restart and upgrade the loader and CPLD firmware:
controller-1# system install switch leaf1-b loader cpld reboot

The following commands display the IPv6 address of switch leaf1-b and then uses the IPv6 address to perform the upgrade.
controller-1# show switch leaf1-b zerotouch
Device : 70:72:cf:bc:c5:0e (EdgeCore)
Zerotouch state : online
Name : leaf1-b
Reload pending : False
Platform : powerpc-accton-as5710-54x-r0
Serial number : 571054X1420006
Ip address : fe80::7272:cfff:febc:c50e%2
Dpid : leaf1-b
Last update : 2015-10-22 17:24:17.517000 UTC
Controller address : fe80::5e16:c7ff:fe00:2dba%ma1
controller-1# config
controller-1(config)# system install switch fe80::7272:cfff:febc:c50e%2 loader reboot
system switch install: install may cause service interruption
system switch install ("y" or "yes" to continue): yes
controller-1(config)#

system ping switch Command

Command Syntax
ping switch {<ip-address> | <switch-name> | <mac-address>} [timeout <timeout>]

Command Mode
Enable mode

Command Description
Use the system ping command to test connectivity from the controller to the specified switch, using the destination IPv4 or
v6 address, switch name, or MAC address.

Next Keyword Descriptions

<ip-address>: Identify the IP address of the switch.
<switch-name>: Identify the switch name of the switch.
<mac-address>: Identify the MAC address of the switch.
timeout <timeout>: Specify the number of seconds to wait before timing out the ping command.

system reboot Command

Command Syntax
system reboot {controller | {switch {<switch-mac> | <switch-ip | <switch-name>}}
[timeout <timeout>] [delay <delay>]}}

44 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Enable mode

Command Description
Use the system reboot command to restart the controller or the specified fabric switch.

Next Keyword Descriptions

controller: Restart the controller.
switch: Restart the specified switch. Identify the switch using the MAC address, IP v4 or v6 address, or name.
<switch-mac>: The MAC address is six hexadecimal digits separated by colons (:), for example: 00:50:56:ad:fe:bb,
00:1b:a9:3f:2e:6e.
<switch-ip>: The IP v4 address is in dotted-decimal format, for example: 192.168.17.1. The IPv6 address is in abbreviated
IPv6 address format, which can be seen by entering the show switch all zerotouch command.
<switch-name>: The switch name is the name configured on the BCF controller.
timeout: Specify the number of seconds to wait without a reply before terminating the command.
delay: Specify the number of seconds to wait before beginning the switch reboot.

Command Examples
The following command restarts the controller.
controller-1# system reboot controller
controller-1#

The following command restarts the switch with the IP address 192.168.17.1.
controller-1# system reboot switch 192.168.17.1
controller-1#

system regenerate Command

Command Syntax
system regenerate

Command Mode
Login mode

Command Description
Use the system regenerate command to create a new certificate signing request (CSR) for the current controller. This
operation is required if you need to change the trusted CA for the fabric.

system reinstall switch Command

Command Syntax
system reinstall switch {<switch-name> | <ip-address> | <mac-address> } [ reboot [ factory-default ] |
factory-default | timeout ]

Big Switch Networks Confidential © Big Switch Networks 45

Big Cloud Fabric CLI Reference Guide

Command Mode
Enable mode

Command Description
Use the system reinstall switch command to reinstall the Switch Light OS on the specified switch.

Next Keyword Descriptions

<switch-name> | <ip-address> | <mac-address>: Identify the switch to reinstall.
reboot: Reboot the switch after reinstalling the Switch Light OS.
factory-default: Reinstall or reboot the switch from the factory default image.
timeout: Specify the number of seconds to wait without a reply before terminating the command.

Command Examples
The following command reinstalls switch leaf1a and reboots the switch from the factory-default configuration.
controller-1# system reinstall switch leaf1a reboot factory-default

system reload controller Command

Command Syntax
system reload controller

Command Mode
Enable mode

Command Description
Use the system reload command to restart the controller VM. On the BCF controller hardware appliance, this command
only reboots the controller VM.

Command Examples
The following command restarts the controller VM on a BCF controller hardware appliance.
controller-1# system reload controller

system remove-node Command

Command Syntax
system remove-node {<node-id> | <node-ip-address>}

Command Mode
Enable mode

Command Description
Use the system remove-node command to remove a controller node from the cluster. Before removing the node, shut
down the controller using the system shutdown controller command. Otherwise, if it remains active, the removed node
automatically rejoins the cluster.
The following is the result of entering the system remove-node command:

46 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• Standby node no longer appears in the output of the show controller command on the Active node.
• Switches remain connected to the remaining (Active) node.
• Standby node remains running in a separate cluster.

Note: Enter the boot factory-default command on the Standby node to restore the node to factory default settings.

Next Keyword Descriptions

<node-id>: The identifier of the node to remove.
<node-ip-address>: The IP address of the node to remove in dotted-decimal format (for example 192.168.17.2).

Command Examples
The following command removes the node with the IP address 192.168.17.2 from the cluster.
controller-1# system remove-node 192.168.17.2

system reset-connection switch Command

Command Syntax
system reset-connection switch {<switch-mac> | <switch-ip> | all}

Command Mode
Enable mode

Command Description
Use the system reset-connection command to reset the connection between the controller and the specified switch or all
switches.

Next Keyword Descriptions

all: Reset the connection between the controller and all switches in the fabric.
switch-mac Replace <switch-mac> with the MAC address of the switch that will have its connection to the controller reset.
The MAC address is a series of six hexadecimal digits separated by colons (:). For example: 00:50:56:ad:fe:bb.
switch-name <switch-name>: Replace <switch-name> with the alias of the switch that will have its connection to the
controller reset. The switch alias is configured using the switch command on the controller.

Command Examples
The following command resets the connection between the controller and the switch with the IP address 192.168.17.1.
controller-1# system reset-connection switch 192.168.17.1

system shutdown controller Command

Command Syntax
system shutdown controller

Command Mode
Enable mode

Big Switch Networks Confidential © Big Switch Networks 47

Big Cloud Fabric CLI Reference Guide

Command Description
Use the system shutdown command to shut down the controller VM. On a hardware appliance, this command turns off the
power to the server hardware.

Command Examples
The following command turns off the power to the BCF hardware appliance server.
controller-1# system shutdown controller

test path Command

Command Syntax
To define a Fabric View test path, save it, and run immediately, or run Controller View immediately without saving:
test path src-tenant <src-tenant-name> [src-segment <src-segment-name>] src-ip <src-endpoint-ip> dst-ip
<dst-ip> [{receiver-ip <host-ip> | receiver-segment <host-segment>}]

[ip-proto {{udp | tcp} src-l4-port <port> | any} dst-l4-port <port> | icmp}] {fabric-view [test-name
<name> | controller-view [detail]}

To run an existing test path in Fabric View or Controller View:

test path test-name <name> {controller-view [detail] | fabric-view [timeout] [inject-from-controller
[frame-size <bytes>]]}

Command Mode
Enable mode

Command Description
Use the test path command to determine if the controller is correctly programmed to forward packets from a given source
endpoint to the specified destination. Use this command to verify that you have correctly programmed the default routes
and other forwarding configuration required to establish paths in the actual fabric. The command supports two main views:
Controller View , which tests the path from the controller viewpoint, and Fabric View, which tests the actual path between
known endpoints. IPv6 based-configurations and IPv6 endpoint learning are not permitted in ipv4-only mode.

Note: To see changes in topology that occur after entering the test path command, wait 10 seconds or more. To see any
changes that occurred less than 10 seconds before the test expiration, re-enter the command.

You can use this feature in two ways:

• Define the test path parameters, specify controller-view and run immediately without saving. This option is for ad hoc
testing to verify your parameters.
• Define the test path parameters, specify fabric-view, assign a name, save and run immediately. This option lets you run
the saved test either in Controller View or Fabric View at any time.

To run a previously configured test, use the test-path test-name command, specify the name of the test, and use the
controller-view or fabric-view keyword.
For virtual switches in an OpenStack environment, you can inject ICMP test packets from the controller. For virtual
switches, the controller can automatically generate the test traffic. For physical switches, generate traffic of the appropriate
type between the specified endpoints. If you start traffic generation after starting the test, set a timeout that is long enough
for you to generate traffic and inject it on the defined path.

48 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

Use one of the following required keywords to specify the source endpoint for the path to be tested:
• src-mac: Replace <src-mac> with the MAC address of the source endpoint.
• src-ip: Replace <src-ip> with the IP address of the source endpoint.
• src-name: Replace <src-name> with the name of the source endpoint (as defined using the endpoint command).
• (Required) Identify the source tenant and segment by using the following keywords:
• src-tenant: Replace <src-tenant> with the name of the tenant where the test path originates.
• src-segment: Replace <src-segment> with the name of the source segment.

Use one of the following required keywords to specify the destination of the path to be tested:
• dst-mac: Replace <dst-mac> with the MAC address of the source endpoint.
• dst-ip: Replace <dst-ip> with the IP address of the source endpoint.
• dst-name: Replace <dst-name> with the name of the source endpoint (as defined using the endpoint command).

Optionally, identify the protocol to use for the test by using the following keywords:
• ip-protocol: Follow this required keyword with the protocol to use for the test.
• icmp: Test the path with ICMP traffic.
• tcp src-l4-port <src-l4-port> dst-l4-port <dst-l4-port>: Test the path by replacing <src-l4-port> and <dst-l4-port> with
the TCP protocol port numbers for the application you want to test.
• udp src-l4-port <src-l4-port> dst-l4-port <dst-l4-port>: Test the path by replacing <src-l4-port> and <dst-l4-port> with
the UDP protocol port numbers for the application you want to test.

Identify the type of test with one of the following required parameters:
• controller-view: This provides the path from the standpoint of the controller. The display includes a logical view and a
physical view. The logical view uses the logical object names defined on the controller, such as tenant and logical
segment names. The physical view uses the IP addresses and MAC addresses of the source and destination endpoints
and of each hop on the path.
• fabric-view test-name <test-name>: Fabric View simulates the effect of injecting an entry for a given route into the
TCAM table on the controller. The TCAM table gives each switch in the path directions about how to handle the traffic.
Replace <test-name> with the name of the test instance.

The following are optional keywords that you can use with the fabric-view option:
• [timeout <timeout>]: Specify a timeout, in seconds, for the TCAM entry. If you are manually injecting the test traffic,
the timeout should give you sufficient time to generate the traffic.
• inject-from-controller: For virtual switches, inject ICMP packets from the controller into the specified path.

Command Examples
The following command tests the path from endpoint bm1. The destination is an unknown IP address on an unknown
destination network. The default routes for the intervening logical interfaces in the fabric are configured to send packets for
unknown destination networks to the external segment.
controller-1(config)# test path src-tenant tenant-a src-name bm1 dst-ip 50.0.0.1 ip-protocol icmp test-
name test1 controller-view

The fabric-view option simulates the injection of a route into the TCAM table of a switch. The command can include a
timeout after which the entry is aged out. After entering this command and before the timeout expires, inject the specified
type of traffic into the path being tested.
controller-1(config)# test path src-tenant tenant-a src-name bm1 dst-ip 50.0.0.1 ip-protocol icmp test-
name test2 fabric-view timeout 60

Big Switch Networks Confidential © Big Switch Networks 49

Big Cloud Fabric CLI Reference Guide

For virtual switches, to inject ICMP traffic from the controller for testing the specified path, append the inject-from-
controller keyword to the end of the command, as in the following example:
controller-1(config)# test path src-tenant tenant-a src-name bm1 dst-ip 50.0.0.1 ip-protocol icmp test-
name test3 fabric-view timeout 60 inject-from-controller

To re-run a previously defined test, use an existing test name either with the same view option or the other view, as in the
following example. This command displays the controller view, with details, for test3.
controller-1(config)# test path test3 controller-view details

To observe the test results, enter the show test path command, as in the following example. Use the all keyword to display
the results of all tests.
controller-1# show test path test1

upgrade Command

Command Syntax
upgrade {launch [controller-only] [switch-timeout <switch-timeout>] [cold-start ]
[pause <minutes>] | pre-launch-check | stage [<image-id>]}

Command Mode
Enable mode

Command Description
Use the upgrade command to manage the upgrade process. To start the first step in the process, use the upgrade stage
command. The controller can be left in the staged state until a maintenance window is available. If necessary, additional
upgrade stage requests can be issued if a newer upgrade image becomes available.

Note: Do not use the serial interface for performing a controller upgrade.

To complete the upgrade, use the upgrade launch command at a time when the network is not too busy with critical traffic.

Caution: Do not attempt to launch or stage another upgrade process until the current process is either completed or times
out.

The upgrade process includes rebooting of both controllers in the cluster, rebooting fabric switches, and upgrading the
switches. When the fabric is implemented according the recommended high-availability topology, the upgrade process
does not affect packet forwarding. The upgrade affects one half of the HA fabric into halves, and operations are then
shifted to the upgraded half. The second half is then upgraded and the fabric is reunified with Active and Standby
controllers. If the recommended HA topology is not available, the fabric cannot be divided without loss of operation, and
forwarding is suspended until the upgrade is completed.
Use the show upgrade status command to display the current upgrade status. Use the show boot partition command to list
the available partitions, along with information about the controller versions installed on each boot partition, which
identifies the partition to use for booting.
To copy the upgrade image to the controller, use the copy command with the image:// destination. Use scp:// to copy from
a remote server as the source. To view the current known upgrade images use the show upgrade image, or the show image
command.
Enter the upgrade launch pause <minutes> command on both the Active and Standby controllers to pause the upgrade
after the first phase is completed. This lets you verify the new version and roll back to an earlier version or continue and
complete the upgrade. The upgrade pauses after the original Active and the Phase 1 switches are upgraded for the specified

50 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

number of minutes. The new Active controller remains in Upgrade Pause state for the specified duration, where you can
enter the following commands:
• upgrade pause exit command to continue the upgrade
• upgrade pause revert to roll back to the previous version
• upgrade pause extend <minutes> to extend the Upgrade Pause state.

Next Keyword Descriptions

controller-only: Upgrade the controller only and do not change the images assigned to the switches. When connected
switches restart, they automatically obtain the current image from the controller.
launch: Complete the upgrade process by rebooting the controller from the alternate partition and by transferring state and
configuration information from the controller to the upgraded controller and its running-config. This keyword manages the
transition from the current version to the next version, which may include rebooting all controllers in the cluster, rebooting
all switches, and upgrading the switches. When possible, the upgrade process prevents loss of packet forwarding by
upgrading a high-availability configuration in two phases. The first half is upgraded, operations are shifted to the upgraded
half, and the second half is then upgraded. In the absence of a high-availability configuration, forwarding is suspended until
the upgrade is completed. You can use this command with the following options:
• switch-timeout: Optionally, specify the number of seconds to wait before terminating the command to a switch during
upgrade.
• cold-start: The operational state from the previous cluster is ignored and traffic flow is interrupted as the new cluster
learns the topology. This option also does not manage the installation of new switch software. After the new cluster
stabilizes, the switches may need further attention.
pause: The upgrade pauses for the minutes specified, after completing the upgrade of the Phase 1 switches. During the
pause, you can perform a health check on the new Active controller and enter any of the following commands on the new
Active controller.

Note: The pause keyword is not supported for upgrading to Release 4.2.x from earlier versions.

• extend: After the upgrade entering the upgrade pause stage, enter the extend command on new active controller to
extend the pause for the period specified for the current time.
• exit: After the upgrade enters the upgrade pause stage, enter the exit command on the new Active controller to bring
the system out of pause and continue the upgrade process.
• revert: After the upgrade enters the upgrade pause stage, enter the revert command on the new Active controller to
abort the upgrade and revert to the previous version.
pre-launch-check: Identifies the status of the controller in regard to readiness for upgrade.
stage: Prepares the platform for the upgrade ahead of the actual upgrade process by copying the upgrade image to the
alternate partition on the controller.

Command Examples
The following command stages the image in the default partition for upgrading the controller.
controller-1# upgrade stage

The following command launches the controller upgrade process.

controller-1# upgrade launch

The following command launches the controller upgrade process with the pause option.
controller-1# upgrade launch pause

To identy the system in upgrade pause, use the following command on the new Active controller.
UPGRADE controller-1# show upgrade progress
Upgrade new/active: state: Local: phase-1-migrate-traffic-and-services Remote: phase-1-migrate-
traffic-and-services Paused until: 2017-07-03 18:08:22 UTC (04:37 left)

Big Switch Networks Confidential © Big Switch Networks 51

Big Cloud Fabric CLI Reference Guide

UPGRADE controller-1#

The following command ends the pause and continues the upgrade:
UPGRADE controller-1# upgrade pause exit

The following command extends the current upgrade pause for five minutes.
UPGRADE controller-1# upgrade pause extend 5

The following command reverts to the previous version:

UPGRADE controller-1# upgrade pause revert

52 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Chapter 4: Configure Mode Commands

This section describes the following commands, which you can enter from config mode.
• aaa: Configure accounting parameters
• banner: Set pre-login banner message
• controller: Configure controller cluster
• crypto: Configure cryptographic settings for services
• end: End configuration submode
• fabric: Configure fabric global setting
• group: Enter group submode, configure group details. The group name can either be read-only: or must conform to
tenant.<tenant_name>.admin convention.
• interface-group: Enter interface-group submode, configure interface-group details
• local: Local Node Configuration
• logging: Specify remote syslog servers
• mac-classify-pool: Configure the attachment point pool for MAC based classification
• nat-pool: Configure a pool of switches providing NAT for the fabric
• nsx: Enter NSX config submode.
• ntp: Configure NTP parameters
• orchestrator: Configure Orchestrator
• nutanix-prism: Enter Nutanix Prism config submode
• radius: Set RADIUS defaults, server IP address(es), timeout and keys
• secure: Configure secure conrol plane
• sflow: Enter sflow submode, configure sflow session
• snmp-server: Configure snmp-server properties
• span-fabric: Enter span-fabric submode, configure span-fabric session details
• span-local: Enter span-local submode, configure span-local session details
• storm-control-profile: Enter storm-control-profile submode, configure profile details
• switch: Enter switch submode, configure switch details
• tacacs: Set TACACS defaults, server IP address(es), timeouts and keys
• tenant: Create a tenant and enter tenant submode
• user: Enter user submode, configure user details
• vcenter: Enter vCenter config submode
• version: Move to a specific version of command syntax
• vxlan-termination: Enter vxlan-termination submode to configure VXLAN parameters

aaa accounting command

Command Syntax
aaa accounting exec default start-stop {local | group {tacacs+ | radius} | local group {tacacs+ |
radius} | group {tacacs+ | radius} local }

Command Mode
Config mode

Command Description
Use the aaa accounting command to configure the controller to report accounting statistics to an AAA server, such as
TACACS+ or RADIUS. You can configuring accounting based on information from the local database on the controller, or
using a remote group on a TACACS+ or RADIUS server, or both. When using both, the first method listed in the command is
primary and the second method is used only when the first method fails.

Big Switch Networks Confidential © Big Switch Networks 53

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

exec default : Configure accounting via the default channel
start-stop: start or stop accounting, using the local database or the specified groups on a TACACS+ server.
local: Use the local database on the controller.
group: Use a group credential from a remote AAA server.
tacacs+: Use a TACACS+ server.
radius: Use a RADIUS server.

aaa authentication command

Command Syntax
aaa authentication login default {local | group {tacacs+ | radius} | local group {tacacs+ | radius} |
group {tacacs+ | radius} local }

Command Mode
Config mode

Command Description
Use the aaa authentication command to configure the controller to authenticate using the local database or group
credentials on a remote AAA server.

Next Keyword Descriptions

login default : Configure authentication via the default channel.
local: Use the local database on the controller.
group: Use a group credential from a remote AAA server.
tacacs+: Use a TACACS+ server.
radius: Use a RADIUS server.

Note: When using RADIUS as the AAA server protocol, be aware that authentication and authorization are not separated.
Be careful when authorizing a user account using a remote RADIUS server to use the correct password that is configured for
the account on the remote server. Otherwise, authentication will fail even if a local user account is configured for fallback
authentication.

aaa authorization command

Command Syntax
[no] aaa authorization exec default {local group { radius | tacacs+ } |
{group {radius | tacacs+} local} |

[no] aaa authorization role default {admin | <group>

Command Mode
Config mode

Command Description
Use the aaa authorization exec default command to configure the permissions provided to the current user after
authentication is successful. The user inherits the permissions assigned to any group to which the account belongs. In the

54 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

current release of BCF, only two groups are supported: admin, which provides access to all commands, and read-only,
which provides access only to monitoring commands, such as show commands.
You can configure a primary method of authorization which is applied first and a fallback method, which is applied only if
the first method is not successful.

Note: Remote authorization falls back to local only if remote authorization fails as a result of the remote AAA server being
unreachable.

Use the aaa authorization role default command to assign a default role to the current account. The default group is used if
authentication is successful on a remote server but no role is specifically assigned. This command does not apply to local
authorization or authentication. If a local user is not associated with a group on the controller, login is not allowed.

Note: Use the authorization role default admin command carefully because the effect is to provide every user account that
authenticates successfully with admin-level privileges, unless the user account is specifically assigned to a different group.

Next Keyword Descriptions

exec default: Configure the default authorization assigned to the current user.
local: Use the local database on the controller for authorization.
group: Use a group credential from a remote AAA server for authorization.
tacacs+: Use a TACACS+ server.
radius: Use a RADIUS server.
role default admin | <group>: Assign a default role (read-only or admin) to the current account or the specified group. This
takes effecct after authentication is successful on a remote AAA server if no role is specifically assigned.

Command Examples
The following command enables primary authorization from the local database on the controller and back up authorization
if the credentials entered during authentication do not match an entry in the local database.
controller-1(config)# aaa authorization exec default local group radius

The following command enables authorization on a remote RADIUS server with fallback to local authorization if the remote
server is unavailable.
controller-1(confg)# aaa authorization exec default group radius local

The following command enables authohrization on a remote TACACS+ server and then falls back to local authorization if the
remote server is unavailable.
controller-1(confg)# aaa authorization exec default group tacacs local

The following command provides read-only permission to any user who is authenticated by a remote server but does not
have a BSN-User-Role defined.
controller-1(confg)# aaa authorization role default read-only

This command does not apply to local authentication or authorization. If a local user is not associated with a group on the
controller, login is not allowed.

Note: When using RADIUS as the AAA server protocol, be aware that authentication and authorization are not separated.
Be careful when authorizing a user account using a remote RADIUS server to configure the correct password for the account
on the remote server. Otherwise, authentication will fail even if a local user account is configured for fallback
authentication.

Big Switch Networks Confidential © Big Switch Networks 55

Big Cloud Fabric CLI Reference Guide

aaa concurrent-limit Command

Command Syntax
[no] aaa concurrent-limit <integer> | session-expiration <minutes>

Command Mode
Config mode

Command Description
Use the aaa concurrent-limit command to limite the number of concurrent sessions that can be active for each user
account.
This limit applies to sessions established through the GUI, CLI, or REST API, whether directed to the Active or Standby
controller or to the cluster virtual IP address..
Note: All users should make sure to log out when finished to avoid access being blocked. If the number of existing sessions
is equal to the limit configured, then no new sessions are allowed.

Next Keyword Descriptions

<integer>: Replace <integer> with the maxiumum concurrent sessions that can be active for a user. Reducing this value
closes the oldest used sessions if there are more active sessions than the configured limit.
<minutes>: Replace <minutes> with the number of minutes after which the session times out and reauthentication is
required.

Command Examples
For example, the following command limits the number of concurrent sessions to 5.
controller-1(config)# aaa concurrent-limit 5

This causes the sixth session connection attempt to fail. If more than five sessions are already configured, the oldest excess
sessions are closed.

banner command

Command Syntax
[no] banner <login-banner>

Command Mode
Config mode

Command Description
Use the banner command to configure the banner to be displayed before login.

Next Keyword Descriptions

login-banner: Alphanumeric text, enclosed in quotes, to use for the login banner.

Command Examples
controller-1(config)# banner "BCF controller"
controller-1(config)#

56 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller command

Command Syntax
controller

Command Mode
Config mode

Command Description
Use the controller command to enter config-controller submode and to access the commands available from that submode.
Use the config-controller submode commands for managing the configuration of the local controller node.

Command Examples
controller-1(config)# controller
controller-1(config-controller)#

config-controller Submode Commands

The following commands are available in this submode:
• access-control: Configure access control of the controller
• certificate: Configure cluster certificate
• cluster-name: Configure cluster name
• description: Configure cluster description
• private-key: Configure cluster private-key
• virtual-ip: Configure management virtual IP

controller
access-control Command

Command Syntax
access-control

Command Mode
config-controller submode

Command Description
Use the access-control command to enter config-controller-access submode, where you can enable or disable firewall rules
for administrative access to the controller.

Command Examples
controller-1(config-controller)# access-control
controller-1(config-controller-access)#

config-controller-access Submode Commands

A single command is available in this submode.

Big Switch Networks Confidential © Big Switch Networks 57

Big Cloud Fabric CLI Reference Guide

controller/access-control
access-list Command

Command Syntax
access-list { api | gui | ns-api | ssh | snmp | vce-api }

Command Mode
config-controller-access submode

Command Description
Use the access-list command to identify the protocol for which to control access to the controller and to enter config-
controller-access-list submode, where you can identify one or more subnetworks from which access is permitted.

Next Keyword Descriptions

api: Use this keyword to enter the config-controller-access-list submode for REST/API access to the controller. The default
access list is 0.0.0.0/0, which allows access from any subnetwork unless an ACL is configured to allow access only from
specific subnets.
gui: Use this keyword to enter the config-controller-access-list submode for web-based GUI access to the controller. The
default access list is 0.0.0.0/0, which allows access from any subnetwork unless an ACL is configured to allow access only
from specific subnets.
ns-api: Use this keyword to enter the config-controller-access-list submode for OpenStack communication endpoint access
to the controller. The default access list is 0.0.0.0/0, which allows access from any subnetwork unless an ACL is configured
to allow access only from specific subnets.
ssh: Use this keyword to enter the config-controller-access-list submode for SSH access to the controller. The default access
list is 0.0.0.0/0, which allows access from any subnetwork unless an ACL is configured to allow access only from specific
subnets.
snmp: Use this keyword to enter the config-controller-access-list submode for SNMP access to the controller. The default
access list is empty, which means that no access is permitted.
vce-api: Use this keyword to enter the config-controller-access-list submode for VCE-API access to the controller. The
default access list is empty, which means that no access is permitted.

Command Examples
The following command enters config-access-list submode for configuring SNMP protocol access to the controller:
controller-1(config-controller-access)# access-list snmp
controller-1(config-controller-access-list)#

config-controller-access-list Submode Commands

controller/access-control/access-list
<rule-number> Command

Command Syntax
<rule-number> permit from <source-ip-cidr>

Command Mode
config-controller-access-list submode

58 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Enter an access control rule number followed by the permit from keywords and the subnetwork from which access is
allowed for the current access list protocol.

Caution: Be careful when configuring firewall rules for the SSH protocol, which by default is permitted from all
subnetworks. After restricting the IP address to a specific subnetwork, access is then denied from all other subnetworks. If
connectivity from the specified subnetwork is interrupted, the only method of accessing the controller is through the local
console. This also applies to the recovery user account.

Next Keyword Descriptions

permit: Allow access to the specified IP addresses
from <source-ip-cidr>: Replace <source-ip-cidr> with the subnetwork in dotted-decimal format followed by a slash and the
number of bits in the subnet mask (nnn.nnn.nnn.nnn/nn].

Command Examples
The following commands allow SNMP access to the controller from any host on the subnet 192.168.17.0.
controller-1(config-controller-access)# access-list snmp
controller-1(config-controller-access-list)# 10 permit from 192.168.17.0/24
controller-1(config-controller-access-list)#

controller
certificate Command

Command Syntaxaccfabric
[no] certificate <name>

Command Mode
config-controller submode

Command Description
Use the certificate command to identify the certificate for the controller.

Next Keyword Descriptions

<name>: The name of the controller certificate

controller
cluster-name Command

Command Syntaxaccfabric
[no] cluster-name <name>

Command Mode
config-controller submode

Command Description
Use the cluster-name command to identify the cluster.

Big Switch Networks Confidential © Big Switch Networks 59

Big Cloud Fabric CLI Reference Guide

Command Examples
The following command identifies the current cluster as mycluster.
controller-1(config-controller)# cluster-name mycluster

controller
description Command

Command Syntax
[no] description <description>

Command Mode
config-controller submode

Command Description
Provide a text description, enclosed in quotes, to describe the cluster.

Next Keyword Descriptions

<description>: Alphanumeric text, enclosed in quotes, that describes the controller.

Command Examples
controller-1(config-controller)# description “Techpubs test controller”
controller-1(config-controller)#

controller
private-key Command

Command Syntax
[no] private-key <private-key>

Command Mode
config-controller submode

Command Description
Use the private-key command to configure the private key for the cluster.

Next Keyword Descriptions

<private-key>: Configure the private key for the cluster.

controller
virtual-ip Command

Command Syntax
virtual-ip <ipv4-address>
no virtual-ip [<ipv4-address>]

Command Mode
config-controller submode

60 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the virtual-ip command to define a virtual IP address for the management interface of each controller node in the
cluster. The virtual IP is used by management clients to access the controller. By default, no virtual IP address is configured.
The specified virtual IP address must be in the same subnetwork as the controller node IP address. If the virtual IP is
configured, it is used only for administrative (management plane) access to the controller, not for switch (control plane)
connectivity to the controller. Fabric switches connect using the actual IP address of each controller node.

Note: Use a unique IP address for the virtual IP address of the cluster.

If you use the IP address of the Standby controller by mistake, the controller nodes will disconnect from each other and
both will become active, creating a split-brain condition. If this happens, assign a unique virtual IP address to the cluster and
the cluster will recover.

Next Keyword Descriptions

ipv4-address: Virtual IP address to assign to the cluster management interface in dotted decimal format (nnn.nnn.nnn.nnn).

Command Examples
controller-1(config-controller)# virtual-ip 192.168.17.100
controller-1(config-controller)#

crypto Command

Command Syntax
crypto

Command Mode
Config mode

Command Description
Use the crypto command to enter config-crypto submode where you can configure settings for HTTP and SSH.

config crypto Submode Commands

The following commands are available in this submode.
• http: Enter config-crypto-http submode where you can configure settings for HTTP.
• ssh: Enter config-crypto-ssh submode where you can configure settings for SSH.

crypto
http Command

Command Syntax
http

Command Mode
Config-crypto mode

Command Description
Use the http command to enter config-crypto-http submode where you can configure settings for HTTP.

Big Switch Networks Confidential © Big Switch Networks 61

Big Cloud Fabric CLI Reference Guide

config crypto-http Submode Commands

The following commands are available in this submode.
• cipher: Configure list of enabled HTTPS ciphers
• protocol: Configure list of enabled HTTPS SSL protocols

config-crypto-http
cipher Command

Command Syntax
[no] cipher cipher <Index Number>
{DHE-RSA-AES256-SHA256 | ECDHE-ECDSA-AES128-SHA |
ECDH-ECDSA-AES128-SHA256 | ECDH-RSA-AES256-SHA |
ECDH-ECDSA-AES256-SHA | DHE-DSS-AES256-GCM-SHA384 |
SRP-DSS-AES-256-CBC-SHA |
SRP-DSS-3DES-EDE-CBC-SHA | SRP-AES-128-CBC-SHA |
ECDH-RSA-AES128-SHA256 | DHE-RSA-CAMELLIA256-SHA |
DH-DSS-DES-CBC3-SHA | ECDH-RSA-RC4-SHA |
DH-RSA-AES128-SHA256 | SRP-RSA-AES-256-CBC-SHA |
DHE-RSA-CAMELLIA128-SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 |
ECDHE-ECDSA-RC4-SHA | DH-RSA-CAMELLIA128-SHA |
PSK-3DES-EDE-CBC-SHA | ECDHE-RSA-AES128-SHA |
DH-DSS-AES256-GCM-SHA384 | DH-RSA-AES256-SHA256 |
SRP-RSA-3DES-EDE-CBC-SHA | ECDHE-RSA-AES256-SHA |
AES256-SHA256 | SEED-SHA | CAMELLIA256-SHA |
DHE-DSS-AES256-SHA256 | ECDHE-RSA-DES-CBC3-SHA |
ECDHE-RSA-AES256-SHA384 |
ECDHE-ECDSA-AES128-SHA256 |
ECDH-ECDSA-AES128-GCM-SHA256 |
ECDHE-ECDSA-DES-CBC3-SHA | DH-RSA-AES128-SHA |
SRP-3DES-EDE-CBC-SHA | PSK-AES128-CBC-SHA |
DH-RSA-AES128-GCM-SHA256 |
ECDHE-ECDSA-AES256-SHA384 | DH-DSS-AES128-SHA |
DHE-RSA-AES256-GCM-SHA384 | DHE-RSA-AES128-SHA |
ECDH-RSA-AES128-SHA | DH-DSS-CAMELLIA256-SHA |
RC4-MD5 | DHE-DSS-AES128-GCM-SHA256 |
SRP-AES-256-CBC-SHA | DH-DSS-AES256-SHA256 |
DH-DSS-AES128-SHA256 | DHE-RSA-SEED-SHA |
ECDHE-RSA-AES128-GCM-SHA256 |
ECDH-ECDSA-AES256-SHA384 | DHE-RSA-AES128-SHA256 |
ECDH-ECDSA-AES256-GCM-SHA384 | DHE-RSA-AES256-SHA |
DHE-DSS-AES256-SHA | ECDH-RSA-AES256-GCM-SHA384 |
ECDH-RSA-DES-CBC3-SHA | ECDHE-ECDSA-AES256-SHA |
AES128-SHA | ECDHE-RSA-AES256-GCM-SHA384 |
DH-DSS-AES128-GCM-SHA256 | AES128-SHA256 |
ECDHE-ECDSA-AES128-GCM-SHA256 | DH-RSA-SEED-SHA |
DES-CBC3-SHA | DHE-DSS-CAMELLIA256-SHA |
ECDH-ECDSA-AES128-SHA | ECDH-ECDSA-RC4-SHA |
DHE-RSA-AES128-GCM-SHA256 | AES128-GCM-SHA256 |
DHE-DSS-AES128-SHA256 | DHE-DSS-AES128-SHA |
DH-RSA-CAMELLIA256-SHA | DHE-DSS-SEED-SHA |
EDH-DSS-DES-CBC3-SHA | CAMELLIA128-SHA |
DH-RSA-AES256-GCM-SHA384 | PSK-RC4-SHA |
SRP-RSA-AES-128-CBC-SHA | EDH-RSA-DES-CBC3-SHA |
RC4-SHA | SRP-DSS-AES-128-CBC-SHA |
DHE-DSS-CAMELLIA128-SHA | ECDHE-RSA-AES128-SHA256 |
ECDH-RSA-AES128-GCM-SHA256 |
ECDH-ECDSA-DES-CBC3-SHA | PSK-AES256-CBC-SHA |
DH-DSS-CAMELLIA128-SHA | DH-DSS-SEED-SHA |
AES256-SHA | ECDH-RSA-AES256-SHA384 |
DH-RSA-AES256-SHA | DH-RSA-DES-CBC3-SHA |
AES256-GCM-SHA384 | ECDHE-RSA-RC4-SHA |
DH-DSS-AES256-SHA}

62 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Config-crypto-http mode

Command Description
Use the cipher command to configure a list of enabled HTTPS ciphers that are enabled by appending a new cipher to the
current ciphers list. If a previously specified cipher is specified, it is ignored. Use the no version of any command to remove
the specific cipher. Use the no cipher command to restore the list to the default value.

config-crypto-http
protocol Command

Command Syntax
[no] protocol <Index Number>
{TLSv1.1 | TLSv1 | TLSv1.2 | SSLv3 | SSLv2}

Command Mode
Config-crypto-http mode

Command Description
Use the protocol command to configure a list of enabled HTTPS SSL protocols. Configure the list of enabled SSL protocols for
HTTPS by appending a new protocol to the list. If a previously specified protocol is specified, it is ignored. Use the no version
of any command to remove the specific protocol. Use the no protocol command to restore the list to the default value.

crypto
ssh Command

Command Syntax
ssh

Command Mode
Config-crypto mode

Command Description
Use the ssh command to enter config-crypto-ssh submode where you can configure cipher and MAC settings for SSH.

config crypto-ssh Submode Commands

The following commands are available in this submode.
• cipher: Configure list of enabled ciphers
• mac: Configure list of enabled MAC algorithms

config-crypto-ssh
cipher Command
[no] cipher <Index Number>
{arcfour | aes256-ctr | arcfour128 |
[email protected] | blowfish-cbc |
3des-cbc | [email protected] | aes256-cbc |
arcfour256 | cast128-cbc | aes128-ctr |
[email protected] | aes192-cbc |
aes128-cbc | [email protected] | aes192-ctr}

Big Switch Networks Confidential © Big Switch Networks 63

Big Cloud Fabric CLI Reference Guide

Command Mode
Configinterfa -crypto-ssh mode

Command Description
Use the cipher command to configure the list of ciphers that are enabled by appending a new cipher to the current ciphers
list. If a previously specified cipher is specified, it is ignored. Use the no version of any command to remove the specific
cipher. Use the no cipher command to restore the list to the default value.

Next Keyword Descriptions:

Index Number: Integer
FunctionalC1(config-crypto-ssh)# help protocol
Error: No applicable command: protocol
FunctionalC1(config-crypto-ssh)# help mac

config-crypto-ssh
mac Command
mac <Index Number>
{[email protected] |
[email protected] |
[email protected] | hmac-sha2-512 |
hmac-md5-96 | [email protected] |
[email protected] |
[email protected] |
[email protected] | hmac-sha2-256 |
hmac-ripemd160 | [email protected] | hmac-sha1-96 |
[email protected] | hmac-md5 |
[email protected] | hmac-sha1 |
[email protected] | [email protected]}

Command Mode
Config -crypto-ssh mode

Command Description
Use the mac command to configure the list of enabled data integrity (MAC) algorithms by appending a new algorithm to the
list. If a previously specified algorithm is specified, it is ignored. Use the no version of this command with any keyword to
remove the specific algorithm. Use the no mac command to restore the list to the default value.

Next Keyword Descriptions

Index Number: Integer

end Command

Command Syntax
end

Command Mode
Config mode

Command Description
Use the end command to return directly to enable mode regardless of the mode or submode from where it is entered.

64 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config-controller)# end
controller-1#

fabric Command

Command Syntax
fabric

Command Mode
Config mode

Command Description
Use the fabric command to enable the config-fabric submode, which lets you configure fabric-wide settings, including
endpoint-flap-protection, GTP hashing, IPAM, QoS, and VLAN mapping

Command Examples
controller-1(config)# fabric
controller-1(config-fabric)#

config-fabric Submode Commands

The following commands are available in this submode.
• endpoint-flap-protection: Enable endpoint flap protection
• forwarding-mode: Configure fabric forwarding mode
• gtp-hash: Enable hashing of GTP-U packets based on TEID field
• ipam: Configure IP Address Management
• pod-role: Configure fabric pod role
• qos: Configure QoS global setting
• switch-bandwidth-mode: Configure fabric switch bandwidth mode
• vlan-mapping: Configure fabric VLAN mapping

fabric
endpoint-flap-protection Command

Command Syntax
[no] endpoint-flap-protection

Command Mode
config-fabric submode

Command Description
An endpoint is blocked by the controller when it is flapping. Flapping means the interface where the endpoint is seen by the
controller changes more frequently than is allowed by the system threshold, which is 10 times in 30 seconds. To enable or
disable endpoint blocking, use the endpoint flap protection command from config-fabric submode. Endpoint flap protection
is disabled by default.

Big Switch Networks Confidential © Big Switch Networks 65

Big Cloud Fabric CLI Reference Guide

Command Examples
The following commands enable blocking an endpoint if an endpoint interface changes more than 10 times in 30 seconds.
controller-1(config)# fabric
controller-1(config-fabric)# endpoint-flap-protection

fabric
forwarding-mode Command

Command Syntax
[no] forwarding-mode {default | high-bandwidth | high-bandwidth-spine | high-scale }

Command Mode
config-fabric submode

Command Description:
Use the forwarding-mode command to configure the type of switches (T2, T2+ or Tomahawk ASICs) used for spine and leaf
switches in the fabric. In BCF Release 4.2.0 and later, all forwarding modes and all switch types support both IPv4 and IPv6.
For a list of supported switches based on each of these ASICs, refer to the Big Cloud Fabric Hardware Compatibility List. For
details about how the forwarding mode affects fabric scale limits, refer to the Big Cloud Fabric Verified Scale document.

Next Keyword Descriptions

default: Supports Trident 2 (T2), Trident 2+ (T2+) switches as spine switches and T2 and T2+ switches as leaf switches.
high-bandwidth-spine: Supports using T2, T2+, or Tomahawk switches as spine switches, and only T2 and T2+ switches as
leaf switches.
forwarding-mode high-bandwidth: Supports using T2, T2+, or Tomahawk switches as spine switches, and Tomahawk, T2,
and T2+ switches as leaf switches.
forwarding-mode high-scale: Supports using only T2+ leaf or spine switches.

Command Examples:
The following command configures the forwarding mode to the default, which supports T2 and later switches as leaf or
spine switches.
controller-1(config-fabric)# forwarding-mode default

fabric
gtp hash Command

Command Syntax
[no] gtp-hash

Command Mode
config-fabric submode

Command Description
Use the gtp-hash command to enable hashing of GTP-U traffic based on the TEID field in the packet. UDP packets destined
to port 2152 are classified as GTP-U traffic.

66 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Note: Usiing the gtp-hash command disables default symmetric load balancing.

Command Examples
The following command enables hashing of GTP-U packets based on TEID field.
controller-1(config-fabric)# gtp-hash

The following command disables hashing of GTP-U packets.

controller-1(config-fabric)# no gtp-hash

fabric
ipam switch Command

Command Syntax
ipam switch

Command Mode
config-fabric mode

Command Description
Use the ipam switch command to enter config-fabric-ipam-switch submode, where you can configure IP addresses for use
by fabric switches when communicating with external NTP, SNMP, and syslog servers.

Command Examples
controller-1(config-fabric)# ipam switch
controller-1(config-fabric-ipam-switch)#

config-fabric-ipam-switch Submode Commands

The following commands are available in this submode.
• allocate Enable ipam switch ip address allocation
• dns-server Configure dns server
• gateway Configure gateway ip address
• ip-range Configure ip address range for switch allocation

fabric/ipam switch
allocate Command

Command Syntax
[no] allocate

Command Mode
config fabric-switch mode

Command Description
Use the allocate command in config-fabric-ipam-switch mode to enable IP v4 address allocation to switches for
communicating with external servers.

Big Switch Networks Confidential © Big Switch Networks 67

Big Cloud Fabric CLI Reference Guide

Command Examples
The following commands enable IP v4 address allocation to switches for communicating with external servers.
controller-1(config-fabric)# ipam switch
controller-1(config-fabric-ipam-switch)# allocate

fabric/ipam switch
dns-server Command

Command Syntax
[no] dns-server <dns-ip>

Command Mode
config-fabric-ipam-switch mode

Command Description
Use the dns-server command in config-fabric-ipam-switch mode to identify a DNS server for use by fabric switches when
communicating with external servers.

Next Keyword Descriptions

<dns-ip>: Replace <dns-ip> with the IP address of the DNS server for use by fabric switches when communicating with
external servers.

Command Examples
The following commands identify the DNS server for use by fabric switches when communicating with external servers.
controller-1(config-fabric)# ipam switch
controller-1(config-fabric-ipam-switch)# dns-server 192.168.17.100

fabric/ipam switch
gateway Command

Command Syntax
[no] gateway <gateway-ip>

Command Mode
config-fabric-ipam-switch mode

Command Description
Use the gateway command in config-fabric-ipam-switch mode to identify a default router for use by fabric switches when
communicating with external servers.

Next Keyword Descriptions

<gateway-ip>: Replace <gateway-ip> with the IP address of the default router for use by fabric switches when
communicating with external servers.

Command Examples
The following commands identify the default gateway for use by fabric switches when communicating with external
servers.

68 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config-fabric)# ipam switch

controller-1(config-fabric-ipam-switch)# gateway 192.168.17.101

fabric/ipam switch
ip-range Command

Command Syntax
ip-range <start-ip> <end-ip> subnet-mask-length <nn>

Command Mode
config-fabric-ipam-switch mode

Command Description
Use the ip-range command in config-fabric-ipam-switch mode to identify a range of IPv4 addresses for use by fabric
switches when communicating with external servers.

Next Keyword Descriptions

<start-ip>: Replace<start-ip> with the start of the IP v4 address range in dotted-decimal format (nnn.nnn.nnn.nnn).
<end-ip>: Replace<end-ip> with the end of the IP v4 address range in dotted-decimal format (nnn.nnn.nnn.nnn).
subnet-mask-length <nn>>: Replace <nn> with the number of bits in the subnet mask.

Command Examples
The following command assigns the range of IP addresses from 192.168.1.100 through 192.168.1.200 to the pool used to
assign IPv4 addresses to the fabric switches:
controller-1(config-fabric-ipam-switch)# ip-range 192.168.1.100 192.168.1.200 subnet-mask-length 24

fabric
pod-role Command

Command Syntax
pod-role {spine | leaf}

Command Mode
config-fabric mode

Command Description
Use the pod-role command to configure the role of the BCF pod when connecting to other pods. If the pod role is set to
spine the switch can connect with up to eight other pods. Setting the pod role to leaf allows a single connection. A leaf pod
can connect to only one other leaf or spine pod.

Next Keyword Descriptions

leaf: Set the pod role to leaf.
spine: set the pod role to spine.

Command Examples
To configure the pod role to spine, enter the following command:
controller-1(config-fabric)# pod-role spine

Big Switch Networks Confidential © Big Switch Networks 69

Big Cloud Fabric CLI Reference Guide

To configure the pod role to leaf, enter the following command:

controller-1(config-fabric)# pod-role leaf

fabric
qos Command

Command Syntax
[no] qos

Command Mode
config-fabric mode

Command Description
Use the qos command to enter fabric-qos submode, where you can enable QoS and assign weights to the QoS traffic
classes. To determine if QoS is enabled, use the show fabric command.

Command Examples
controller-1(config-fabric)# qos
controller-1(config-fabric-qos)#

config-fabric-qos Submode Commands

The following commands are available in this submode.
• active: Activate or deactivate fabric wide QoS
• apply: Apply a queuing profile
• classification-profile: Create a QoS classification profile
• mode: Configure QoS mode
• pfc: Enable DCBX PFC TLV with default CoS value
• queuing-profile: Create a queuing profile

fabric/qos
active Command

Command Syntax
[no] active

Command Mode
config-fabric-qos mode

Command Description
Use the active command to enable quality of service (QoS) on a fabric-wide basis. To determine if QoS is enabled, use the
show fabric command.

Command Examples
The following commands enable QoS on a fabric-wide basis:
controller-1(config-fabric)# qos
controller-1(config-fabric-qos)# active

70 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

The following commands disable QoS on a fabric-wide basis:

controller-1(config-fabric)# qos
controller-1(config-fabric-qos)# no active

fabric/qos
apply Command

Command Syntax
[no] apply queuing-profile <profile-name>

Command Mode
config-fabric-qos mode

Command Description
Use the apply command to activate the specified queuing profile.

Next Keyword Descriptions

<profile-name>: Replace with the identifier assigned to the queueing profile you wish to apply.

fabric/qos
classification-profile Command

Command Syntax
[no] classification-profile <profile-name>

Command Mode
config-fabric-qos classification submode

Command Description
Use the classification-profile command to identify the name of the profile and enter the config-fabric-qos-classification
submode.

config-fabric-qos-classification Submode Commands

A single command is available in this submode.

fabric/qos/classification-profile
traffic-class Command

Command Syntax
[no] traffic-class {traffic-class-0 | traffic-class-1 | traffic-class-2 | traffic-class-3}

Command Mode
config-fabric-qos-classification mode

Command Description
Use the traffic-class command to enter the config-fabric-qos-classification-tc submode, where you can identify the DSCP
values in traffic to be allocated to the associated queue.

Big Switch Networks Confidential © Big Switch Networks 71

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions:

traffic-class-0: QoS traffic Class 0
traffic-class-1: QoS traffic Class 1
traffic-class-2: QoS traffic Class 2
traffic-class-3: QoS traffic Class 3

config-fabric-qos-classification-tc Submode Commands

A single command is available in this submode.

Fabric/qos/classification-profile/traffic-class
dscp Command

Command Syntax
[no] dscp {af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1
| cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef}

Command Mode
config-fabric-qos-classification-tc submode

Command Description
Use the dscp command to identify the DSCP values in traffic to be allocated to the associated queue.

Next Keyword Descriptions

af11: (001010), decimal value 10
af12: (001100), decimal value 12
af13: (001110), decimal value 14
af21: (010010), decimal value 18
af22: (010100), decimal value 20
af23: (010110), decimal value 22
af31: (011010), decimal value 26
af32: (011100), decimal value 28
af33: (011110), decimal value 30
af41: (100010), decimal value 34
af42: (100100), decimal value 36
af43: (100110), decimal value 38
be: (000000), decimal value 0
cs1: (001000), decimal value 8
cs2: (010000), decimal value 16
cs3: (011000), decimal value 24
cs4: (100000), decimal value 32
cs5: (101000), decimal value 40

72 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

cs6: (110000), decimal value 48

cs7: (111000), decimal value 56
ef: (101110), decimal value 46

fabric qos
mode Command

Command Syntax
[no] mode segment | dscp {classification-profile <Classification profile name>}

Next Keyword Descriptions:

dscp: Configure DSCP-based QoS. One or more DSCP values is assigned to each traffic class and traffic with the specified
value is assigned to the queue associated with the traffic class.
segment: Configure segment-based QoS. The traffic class is assigned to a segment and all the traffic identified by the
segment membership rule is directed to the associated queue

Command Mode
config-fabric-qos mode

Command Description
Use the mode command to configure the QOS mode to be segment-based or DSCP-based. In segment-based mode, a traffic
class is assigned to a segment and all the traffic identified by the segment membership rule is directed to the associated
queue. In DSCP mode, one or more DSCP values is assigned to each traffic class and traffic with the specified value is
assigned to the queue associated with the traffic class.

fabric/qos
pfc Command

Command Syntax
pfc

Command Mode
config-fabric-qos mode

Command Description
Use the pfc command to enter the config-fabric-qos-pfc submode, where you can change fabric-wide PFC configuration.

config-fabric-qos-pfc Submode Commands

A single command is available in this submode.

fabric/qos/pfc
iscsi-tlv Command

Command Syntax
iscsi-tlv

Big Switch Networks Confidential © Big Switch Networks 73

Big Cloud Fabric CLI Reference Guide

Command Mode
config-fabric-qos-pfc mode

Command Description
Use the iscsi-tlv command to enable PFC pause on Queue 4, which provides a “lossless” queue for connecting to storage
devices. The TLV supported is Application = iSCSI. After PFC is enabled, when any BCF segment is connected to a storage
device that completes the PFC negotiation, all traffic from that segment with .1p value=4 is allocated to Queue 4 on the Big
Cloud Fabric.
Traffic assigned to Queue 4 is given the highest priority, but the queue is limited by the weight and percentage of the
available bandwidth configured on the BCF controller (by default 5%). If the switch cannot receive traffic at the rate it is
being transmitted, the switch will send a PFC pause request to the transmitting device, which causes traffic transmission to
be paused for the specified interval.

Command Examples
To enable the iscsi TLV on Queue 4 for the entire fabric, enter the following command:
controller-1(config-fabric-qos-pfc)# iscsi-tlv

fabric/qos
queuing-profile Command

Command Syntax
queuing-profile <profile-name>

Command Mode
config-fabric-qos mode

Command Description
Use the queuing-profile command to identify the profile and enter config-fabric-qos-queuing submode, where you can
allocate a weight to a traffic class.

Next Keyword Descriptions

<profile-name>: Identify the name of the queuing profile.

Command Examples
To define a queuing-profile named my-profile, enter the following command:
controller-1(config-fabric-qos)# queuing-profile my-profile
controller-1(config-fabric-qos-queuing)#

config-fabric-qos-queuing Submode Commands

A single command is available in this submode.

fabric/qos/queuing-profile
traffic-class Command

Command Syntax
[no] traffic-class <class> weight <integer>

74 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
config-fabric-qos-queuing submode

Command Description
Use the traffic-class command to configure the weight for each QOS traffic-class.

Next Keyword Descriptions

<class>: Identify the traffic class using one of the following values:
• traffic-class-0: Assign a weight to traffic class 0.
• traffic-class-1: Assign a weight to traffic class 1.
• traffic-class-2: Assign a weight to traffic class 2.
• traffic-class-3: Assign a weight to traffic class 3.
• traffic-class-pfc: Assign a weight to the PFC traffic class.
• traffic-class-span-fabric: Assign a weight to the SPAN fabric traffic class.

<integer>: Assign a weight to the traffic class. The range is from 1 to 100. The percentage of traffic allocated to each queue
is determined by the relative weight assigned to each associated traffic class.

Command Examples
Assign a weight of 20 to traffic-class 1.
traffic-class traffic-class-1 weight 20

fabric
switch-bandwidth-mode Command

Command Syntax
switch-bandwidth-mode { 40g | 100g | switch-default }

Command Mode
config-fabric mode

Command Description
Use the switch-bandwidth-mode command to set the bandwidth mode, which affects the bandwidth supported on
switches, such as the S4148F/T, that support either 40G or 100G bandwidth speeds. Refer to the Big Cloud Fabric Hardware
Guide for a list of the interfaces affected and the bandwidth options provided for each interface in the different modes.

Next Keyword Descriptions

40g: Sets the switch-bandwidth mode to 40G, which means that the affected interfaces support only 40G optics and cables.
100g: Sets the switch-bandwidth mode to 100G, which means that the affected interfaces support either 40G or 100G
optics and cables.
Switch-default: Sets the switch-bandwidth mode to the default setting.

fabric
vlan-mapping Command

Command Syntax
vlan-mapping {global | default}

Big Switch Networks Confidential © Big Switch Networks 75

Big Cloud Fabric CLI Reference Guide

Command Mode
config-fabric mode

Command Description
Use the vlan-mapping command to change the VLAN mapping mode or to restore it to the default. In global VLAN mapping
mode, a single untagged segment applies to the entire fabric and all ports belong to all segments.

Note: This command applies only to the P –Fabric edition of the Big Cloud fabric and not to the P+V Fabric.

The default VLAN mapping lets you specify the VLAN mapping on a per interface level. The global VLAN mapping lets you
specify fabric-wide VLAN mapping. To change to a different VLAN mapping mode, you must first remove any VLAN
membership rules that have already been configured in the current mode (using the member command in config-tenant-
seg submode).

The vlan-mapping global command changes the syntax of the member command in config-tenant-seg submode, as follows:
member vlan <vlan-number>

The vlan-mapping default command restores the default configuration.

Note: Restoring a configuration snapshot with a different vlan-mapping mode is not supported. The vlan-mapping mode in
the configuration snapshot that is being restored must be the same as the vlan-mapping mode in the existing configuration.

Next Keyword Descriptions

global: Use this keyword to allow 4K segments to be configured on each and every port or interface-group in the fabric. This
option consumes up to 4K on the vlan_xlate table in each switch. This applies on all interface-groups and all interfaces on all
switches. In global VLAN mapping mode, a single untagged segment applies to the entire fabric and all ports must belong to
all segments.
default: Use this option to restore the VLAN mapping mode to the default.

Command Examples
To enable global VLAN mapping, enter the following command in config-fabric mode:
controller-1(config-fabric)# vlan-mapping global

To restore the default VLAN mapping, enter the following command in config-fabric mode:
controller-1(config-fabric)# vlan-mapping default

group Command

Command Syntax
[no] group { admin | read-only }

[no] group tenant.<tenant>.<group>

Command Mode
Config mode

Command Description
Use the group command to access the config-group submode, where you can associate user accounts with the admin or
read-only group. Use this submode to associate previously configured user accounts with the group. User accounts assigned
to a group inherit the access privileges defined for the group. The current release supports full administrative privileges for

76 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

users associated with the preconfigured admin group and read-only privileges for users associated with the read-only
group.

Next Keyword Descriptions

admin: The default admin group, which provides full access and configuration privileges to user accounts associated with it.

Note: The admin group is spelled with a lower-case a, and the group name is case-sensitive.

read-only: The default read-only group, which provides read-only access, such as most show commands, to user accounts
associated with it.
tenant. <tenant>.<group>: Use this keyword to define a group for a specific tenant. Replace <tenant> with the name of the
BCF tenant and <group> with the name of the group you want to create for the tenant. A user account associated with this
group obtains admin-level or read-only privileges depending on whether the account is also associated with the read-only
or admin group.

Command Examples
The following command enters config-group submode for the default group admin.
controller-1(config)# group admin
controller-1(config-group)#

The following command enters config-group submode for the read-only group.
controller-1(config)# group read-only
controller-1(config-group)#

The following command enters config-group submode for the admin group for tenant test.
controller-1(config)# group tenant.test.admin
controller-1(config-group)#

config-group Submode Commands

There is a single command available in this submode.

group
associate Command

Command Syntax
[no] associate user <user-name>

Command Mode
config-group mode

Command Description
Use the associate command to assign users to the admin or read-only group. The admin group provides administrator-level
privileges, which lets associated users enter commands from all modes and submodes . User accounts associated with the
read-only group can monitor fabric configuration and operation, but they cannot make any changes.

Big Switch Networks Confidential © Big Switch Networks 77

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

user <user-name>: Associate a user account with the current group (admin or read-only). Define the user account with the
user command.

Command Examples
The following command associates the user bob with the admin group.
controller-1(config)# group admin
controller-1(config-group)# associate user bob

controller-1(config)# group read-only

controller-1(config-group)# associate user john

The show group or show user commands display the current configuration for groups and users, as in the following
example:
controller-1> show group
# Group name User(s)
-|----------|---------|
1 admin admin
2 read-only bob, john

controller-1>

interface-group Command

Command Syntax
[no] interface-group <interface-roup>

Command Mode
Config mode

Command Description
Use the interface-group command to enter config-interface-group submode, from where you can configure the interface-
group members and mode. Interface groups can only be defined on edge interfaces on leaf switches connected to
endpoints (hosts or servers).

Next Keyword Descriptions

<interface-group>: Replace <interface-group> with the name of the interface group.

Command Examples
controller-1(config)# interface-group pg1
controller-1(config-interface-group)#

config-interface-group Submode Commands

The following commands are available in this submode.
• backup-member: Associate switch interface with this interface-group as a backup member
• backup-mode: Configure backup-mode for interface-group
• description: Configure the description of this interface-group
• member: Associate a chassis-mac with this interface-group as a member
• mode: Configure mode for interface-group
• origination: Configure the Origination of this interface-group
• preempt: Configure the backup member preemption for the interface-group

78 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• shutdown: Configure administrative status of interface gorup

interface-group
backup-member Command

Command Syntax
[no] backup-member {switch <switch-name> interface <interface-name>}

Command Mode
config-interface-group submode

Command Description
Use the backup-member command to assign backup members to a primary-backup interface group, which is assigned to
standby state and becomes active only if all the primary members fail. Use the mode command to define an interface group
in primary-backup mode. Use the member command to assign the primary members to the primary-backup interface
group.

Next Keyword Descriptions

switch <switch-name>: Replace <switch-name> with the name of the switch having an interface to be included in the
interface group.
interface <interface-name>: Replace <interface-name> with the name of the interface to include in the interface group.

Command Examples
The following command assigns ethernet2 on switch leaf2a to interface group pg3 and defines the mode as primary-
backup:
controller-1(config)# interface-group pg3
controller-1(config-interface-group)# backup-member switch leaf2a interface ethernet2

interface-group
backup-mode Command

Command Syntax
[no] backup-mode {lacp | static | inter-pod}

Command Mode
config-interface-group submode

Command Description
Use the backup-mode command to specify how the link aggregation group is formed for the backup members in an
primary-backup interface group. A primary-backup interface group is composed of active members, which forward traffic,
and backup members, which remain in standby mode and do not forward traffic. The backup members become active only
when all the members in the active group become unavailable.

Next Keyword Descriptions:

• inter-pod:
• lacp:
• static:

Big Switch Networks Confidential © Big Switch Networks 79

Big Cloud Fabric CLI Reference Guide

inter-pod: Use the inter-pod mode to create an interface group for interconnecting Big Cloud Fabric pods. When the pod-
mode is configured as leaf mode, which is the default, a single interface group in inter-pod mode can be configured in each
fabric. When the pode mode is changed to spine mode (using the pod-role command in config-fabric submode), up to eight
remote BCF pods (in leaf pod mode) can be connected to the local pod in spine pod mode.
lacp: Use this mode if the server connected to the interfaces within the interface group supports LACP. Interfaces are
dynamically aggregated into a LAG when traffic appears on the interfaces within the interface group.
static: Configure mode as static if a server has multiple network interfaces but does not support LACP. Interfaces are
statically aggregated into a link aggregation group (LAG).

Command Examples
The following command assigns the lacp mode to the backup mode:
controller-1(config-interface-group)# backup-mode lacp

interface-group
description Command

Command Syntax
[no] description <description>

Command Mode
config-interface-group submode

Command Description
Use the description command to associate a text description, enclosed in quotes, with the interface group.

Next Keyword Descriptions

<description>: Alphanumeric text description, enclosed in quotes, to associate with the interface group.

Command Examples
The following command assigns ethernet1 on switch leaf1a and ethernet1 on leaf1b to interface group pg1:
controller-1(config)# interface-group pg1
controller-1(config-interface-group)# description “Interface group in rack 1 for use in Web tier”

interface-group
member Command

Command Syntax
[no] member {{switch <switch-name> interface <interface-name>} | {chassis-mac <chassis-mac>} | {host
interface <interface-name>}}

Command Mode
config-interface-group submode

Command Description
Use the member command to identify the interface and switch to include in an interface group. Enter the command once
for each interface to add to the interface group.

80 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Interface groups can be defined only on the edge interfaces of leaf switches within the same leaf group and rack.

Next Keyword Descriptions

switch <switch-name>: Replace <switch-name> with the name of the switch having an interface to be included in the
interface group.
interface <interface-name>: Replace <interface-name> with the name of the interface to include in the interface group.
host: Identify the host, such as an ESX server, and add the links to the host into the interface group. This member type is
typically used with vCenter integration.
chassis-MAC: A single MAC address is used to identify the chassis, and the links connected to the chassis are automatically
added to the interface group. This is typically used to bundle multiple links to a blade server as a LAG.

Command Examples
The following command assigns ethernet1 on switch leaf1a and ethernet1 on leaf1b to interface group pg1:
controller-1(config)# interface-group pg1
controller-1(config-interface-group)# member switch leaf1a interface ethernet1
controller-1(config-interface-group)# member switch leaf1b interface ethernet1

interface-group
mode Command

Command Syntax
[no] mode {cdp | inter-pod | lacp | lacp-fallback-individual | span-fabric | static } [origination]

Command Mode
Interface-group submode

Command Description
Use the mode command to specify the interface group as static or lacp. Use LACP mode for multiple interfaces connected
to a server that supports Link Access Control Protocol (LACP).
By default, an interface group is in static mode, which indicates that interfaces are not grouped by a protocol, such as LACP,
with the other end of the link. In lacp mode, the configured member interface is grouped at runtime after negotiating LACP
with the other end of the link. LACP is a link-level protocol that is run on each member of the interface group. Only if LACP
converges on an interface, it is added to the group at runtime. Otherwise, the interface remains in a logical down state and
forwarding of data packets is disabled on that interface.

Note: The non-configurable LACP default value for active/passive is active, and for the fast/slow rate (short/long rate), the
setting is fast. The fast setting means that the LACP PDU is sent every one second. Earlier versions of Big Cloud Fabric used
an LACP timer set to fast (every 30 seconds).

It is recommended to configure the corresponding LACP configuration on the host with an up-delay of 5 seconds.
On Ubuntu systems, configure /etc/network/interfaces. Under the bond interface configuration section, add the following
command:
bond-updelay 5000

On Centos systems, configure /etc/sysconfig/network-scripts. Add the following command for the bond interface:
BONDING_OPTS=updelay=5000

Big Switch Networks Confidential © Big Switch Networks 81

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

inter-pod: Use the inter-pod mode to create an interface group for interconnecting Big Cloud Fabric pods. When the pod-
mode is configured as leaf mode, which is the default, a single interface group in inter-pod mode can be configured in each
fabric. When the pode mode is changed to spine mode (using the pod-role command in config-fabric submode), up to eight
remote BCF pods (in leaf pod mode) can be connected to the local pod in spine pod mode.

Note: Layer 2 connectivity between separate fabrics (pods) is supported only in a P-Fabric.

lacp: Use this mode if the server connected to the interfaces within the interface group supports LACP. Interfaces are
dynamically aggregated into a LAG when traffic appears on the interfaces within the interface group.
lacp-fallback-individual: Use this mode to allow an interface to be included in two different segments. One segment is
connected to a PXE server, allowing servers on the segment to PXE boot. The other is a normal segment providing
connectivity to the tenant. The members of the interface group defined using this mode operate in two modes:
• LACP: When LACP packets are seen from the peer, the normal LACP LAG behavior occurs. All the normal segment
membership rules corresponding to the interface group apply.
• Fallback-individual LAG mode: Each interface is included in an individual edge-port LAG, which is included in the
membership of a segment that is also used for PXE boot.

origination: Used by the system to identify interface groups created through vCenter integration.
span-fabric: Use this mode with an interface group to be used as the destination for a Fabric SPAN session, configured using
the span-fabric command.
static: Configure mode as static if a server has multiple network interfaces but does not support LACP. Interfaces are
statically aggregated into a link aggregation group (LAG).

Command Examples
The following command configures the mode used by interface group pg1 as LACP:
controller-1(config)# interface-group pg1
controller-1(config-interface-group)# mode lacp

The following example configures two interfaces as PXE-boot enabled within interface group pg2, which is configured using
lacp-fallback-individual mode..
controller-1(config)# interface-group pg2
controller-1(config-interface-group)# mode lacp-fallback-individual
controller-1(config-interface-group)# member switch leaf2a interface ethernet1
controller-1(config-interface-group)# member switch leaf2b interface ethernet1

interface-group
preempt Command

Command Syntax
[no] preempt

Command Mode
Interface-group submode

Command Description
Use the preempt command for a primary-backup interface group to cause the original active members to preempt
forwarding from the backup members after failover has occurred, as soon as any member of the active group becomes
available. A 10-second timer delays preemption to prevent repeated failover when the active links are unstable.

82 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
Enable preemption for the current interface group.
controller-1(config-interface-group)# preempt

Disable preemption for the current interface group.

controller-1(config-interface-group)# no preempt

interface-group
shutdown Command

Command Syntax
[no] shutdown

Command Mode
Interface-group submode

Command Description
Use the shutdown command to administratively shut down the current interface group. To enable an interface group that
was administratively shut down, enter the no form of the command.

local node Command

Command Syntax
local node

Command Mode
Config mode

Command Description
Use the local node command to enter config-local submode, which lets you enter commands to configure the configuration
of the local controller node.

Command Examples
controller-1(config)# local node
controller-1(config-local)#

config-local-node Submode Commands

The following commands are available in this submode.
• hostname: Configure hostname for this host
• interface: Configure controller network interface
• snmp-server: Configure the SNMPv3 engineID for the controller

local-node
hostname Command

Command Syntax
hostname <hostname>

Big Switch Networks Confidential © Big Switch Networks 83

Big Cloud Fabric CLI Reference Guide

Command Mode
config-local submode

Command Description
Use the hostname command to change the hostname of the controller node.

Next Keyword Descriptions

<hostname>: Alphanumeric string, no longer than 63 characters, which can contain hyphens (-), but not for the first
character. No periods or domain names should be included.

Command Examples
controller-1(config)# local node
controller-1(config-local)# hostname controller-2
controller-2(config-local)#

local-node
interface Command

Command Syntax
interface {ethernet0 | <interface-name>}

Command Mode
config-local submode

Command Description
Use the interface command to enter local-node interface submode, from where you can configure settings that apply to the
controller node interface.

Next Keyword Descriptions

management: Default management interface on the local node.

Command Examples
controller-1(config-local)# interface management
controller-1(config-local-if)#

config-local-if Submode Commands

The following commands are available in this submode.
• ipv4: Configure IPv4 for the management interface
• ipv6: Configure IPv6 for the management interface

local-node/interface
ipv4 Command

Command Syntax
ipv4

Command Mode
config-local-if submode

84 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the ipv4 command to enter config-local-if-ipv4 submode, where you can complete the IPv4 configuration for the
controller management interface.

Command Examples
controller-1(config-local-if)# ipv4
controller-1(config-local-if-ipv4)#

config-local-if-ipv4 submode commands

The following commands are available in this submode.
• dns: Configure the DNS search path
• ip: Configure an IP address for the management interface

local-node/interface/ipv4
dns Command

Command Syntax
[no] dns search <dns-search-path>
[no] dns server <dns-server>

Command Mode
config-local-if-ipv4 submode

Command Description
Use the dns search command to set the default DNS search path used for name resolution. Use the dns server command to
set the IP address of the DNS server to be used for name resolution on the specified interface on the local controller node.
You can define multiple DNS servers and search paths for the controller as follows:
• Maximum number of DNS search paths: 6 (six)
• Maximum number of DNS servers: 3 (three)

Next Keyword Descriptions

<dns-search-path>: Domain name of the switched fabric network
<dns-server>: IP address of the domain name server

Command Examples
controller-1(config-local-if-ipv4)# dns search myexample.com
controller-1(config-local-if-ipv4)# dns server 192.168.17.1

local-node/interface/ipv4
ip Command

Command Syntax
[no] ip <ip-address/<cidr> [gateway <gateway>]

Command Mode
config-local-if-ipv4 submode

Big Switch Networks Confidential © Big Switch Networks 85

Big Cloud Fabric CLI Reference Guide

Command Description
Use the IP command to identify the IP address and subnet mask and to identify the default gateway for the controller
management interface.
Note: You can configure only one unique default gateway, which must be in the same subnet as the controller IP address
for routing to work correctly. You should specify the same default gateway for each IP address you configure. If you change
the controller to a different subnet, make the change connected by the serial console to avoid loss of connectivity.
Alternatively, first change the IP address to the new subnet, establish a SSH session to the new IP address, and then change
the gateway to the new subnet.

Next Keyword Desriptions

Ip <Ip-address</<cidr>: Replace <ip-address> with the IPv4 (dotted-decimal) address to assign to the controller
management interfade and the number of bytes in the subnet mask preceded by a forward slash (/).
gateway <gateway>: Replace <gateway> with the IP address of the default gateway for the controller management
network.

Command Examples
The following command assigns the IP address 192.168.1.101 with a 24-bit subnet mask to the controller management
interface.
controller-1(config-local-if-ipv4)# 192.168.1.101/24

The following command assigns the IP address 192.168.1.1 for the default gateway in the controller management network.
controller-1(config-local-if-ipv4)# 192.168.1.1

local-node/interface
ipv6 Command

Command Syntax
ipv6

Command Mode
config-local-if submode

Command Description
Use the ipv6 command to enter config-local-if-ipv6 submode, where you can complete the IPv6 configuration for the
controller management interface.

Command Examples
controller-1(config-local-if)# ipv6
controller-1(config-local-if-ipv6)#

config-local-if-ipv6 submode commands

The following commands are available in this submode.
• dns: Configure the DNS search path
• ip: Configure an IP address for the management interface
• method: Configure the method of IPv6 configuration for the management interface

86 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

local-node/interface/ipv6
dns Command

Command Syntax
[no] dns search <dns-search-path>
[no] dns server <dns-server>

Command Mode
config-local-if-ipv6 submode

Command Description
Use the dns search command to manually set the default DNS search path used for name resolution. To configure IPv6
options manually, you must enter the method manual command. Use the dns server command to set the IP address of the
DNS server to be used for name resolution on the specified interface on the local controller node. You can define multiple
DNS servers and search paths for the controller as follows:
• Maximum number of DNS search paths: 6 (six)
• Maximum number of DNS servers: 3 (three)

Next Keyword Descriptions

<dns-search-path>: Domain name of the switched fabric network
<dns-server>: IP address of the domain name server

Command Examples
controller-1 (config-local)# interface eth0
controller-1 (config-local-if)# ipv6
controller-1 (config-local-if-ipv6) method manual
controller-1 (config-local-if-ipv6) dns search mydomain.com
controller-1 (config-local-if-ipv6) dns server fd00::1002/64

local-node/interface/ipv6
ip Command

Command Syntax
[no] ip <ip-address/<cidr> [gateway <gateway>]

Command Mode
config-local-if-ipv6 submode

Command Description
Use the IP command to manually identify the IP address and subnet mask and to identify the default gateway for the
controller management interface. To configure IPv6 options manually, you must enter the method manual command.

Next Keyword Desriptions

Ip <Ip-address</<cidr>: Replace <ip-address> with the IPv4 (dotted-decimal) address to assign to the controller
management interfade and the number of bytes in the subnet mask preceded by a forward slash (/).
gateway <gateway>: Replace <gateway> with the IP address of the default gateway for the controller management
network.

Big Switch Networks Confidential © Big Switch Networks 87

Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1 (config-local)# interface eth0
controller-1 (config-local-if)# ipv6
controller-1 (config-local-if-ipv6) method manual
controller-1 (config-local-if-ipv6)# ip fd00::1001/64 gateway fd00::1

Note: You can configure only one unique default gateway, which must be in the same subnet as the controller IP address
for routing to work correctly. You should specify the same default gateway for each IP address you configure. If you change
the controller to a different subnet, make the change connected by the serial console to avoid loss of connectivity.
Alternatively, first change the IP address to the new subnet, establish a SSH session to the new IP address, and then change
the gateway to the new subnet.

local-node/interface/ipv6
method Command

Command Syntax
method { auto | manual }

Command Mode
config-local-if-ipv6 submode

Command Description
Use the method command to specify how the controller gets its IPv6 configuration. The auto option causes the controller to
get the IPv6 configuration from a Stateless Autoconfiguration (SLAAC) server. The manual option lets you perform static
configuration. If you configure both auto and manual, the manual configuration is used if a SLAAC server is not available.

local-node
snmp-server Command

Command Syntax
snmp-server engine-id <string>

Command Mode
config-local submode

Command Description
Use the snmp-server command to configure an engine-id string for the BCF controller.
In SNMPv3, an agent (SNMP server) is identified by an engineID, which helps prevent unauthorized SNMPv3 messages, such
as traps, from being accepted or traps being intercepted by unauthorized receivers. The engineID of the SNMP agent is
required when configuring an SNMPv3 trap receiver to receive messages from an agent, including a BCF controller or fabric
switch.
In BCF, the engineID is autogenerated for the fabric switches. The engineID of the BCF controller is configured for the local
node and this configuration must be entered separately on the Active and Standby controllers. It is recommended to
configure a different engineID for each controller.
Note: The engine-id configuration is not included when applying a saved running-config to the controller. The engine-id
configuration must be reapplied using the snmp-server engine-id command.

88 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

engine-id <engine-id>: Configure the engineID used by the controller when operating in SNMPv3 mode. This is a text string,
up to 27 text characters, that is used to generate an ID in the format 0x80001f8804 + <hex string>, where <hex string> is the
hexadecimal value of the text string used to define the engine-id.

Command Examples
The following commands configure the engine-id controller-1_EngineID.
controller-1(config)# local node
controller-1(config-local)# snmp-server engine-id controller-1_EngineID

logging remote Command

Command Syntax
[no] logging {remote <server> [<port>] [info | notice | err | alert | crit | emerg | debug | warning]

Command Mode
Config mode

Command Description
Use the logging remote command to identify the IP address and port number of the syslog server, to which syslog messages
are sent. You must use the logging remote command to enable remote logging.

Next Keyword Descriptions

<server>: The IP address of the server to which to send syslog messages. You can also use the fully-qualified domain name if
DNS service is available on the management network.
<port>: Optionally use the UDP port number for the remote syslog server. If not specified, the default syslog UDP port is
used (port 514).
info | notice | err | alert | crit | emerg | debug | warning: Set the logging level for the specified server. The following
summarizes the effect of setting each level:
• alert:Immediate action needed (1). Controller level error
• crit: Critical conditions (2). Controller level error
• debug: Debugging messages (7)
• emerg: System is unusable (0). Controller level error
• err: Error conditions (3)
• info : Normal informational messages (6)
• notice : Normal but significant conditions (5). Controller level info
• warning: Warning conditions (4)

Command Examples
The following command identifies the syslog server at 192.168.17.1 using port 514.
controller-1(config)# logging remote 192.168.17.1 514

logging switch-remote Command

Command Syntax
[no] logging switch-remote

Big Switch Networks Confidential © Big Switch Networks 89

Big Cloud Fabric CLI Reference Guide

Command Mode
Config mode

Command Description
Use the logging switch-remote command to enable sending logs from fabric switches directly to the syslog server, bypassing
the controller.

Command Examples
The following command send logs from fabric switches directly to the syslog server, bypassing the controller.
controller-1(config-fabric)# logging switch-remote
controller-1(config-fabric)#

Note: when this option is enabled, switch logs will not be available for analysis on the controller or with BCF Analytics.

mac-classify-pool Command

Command Syntax
[no] mac-classify-pool

Command Mode
Config mode

Command Description
Use the mac-classify-pool command to enter config-mac-classify-pool submode, where you can define a pool of interfaces
or interface groups to be made available for dynamic assignment when a specified MAC address is seen on the interface or
interface group.

Command Examples
controller-1(config)# mac-classify-pool
controller-1(config-mac-classify-pool)#

config-mac-pool Submode Commands

A single command is available in this submode.

mac-classify-pool
member Command

Command Syntax
[no] member {interface-group <group-name>} | {switch <switch-name> interface <interface-name>}

Command Mode
Config mode

Command Description
Use the member command to add interfaces or interface groups to the MAC classification pool. When the MAC address of
an endpoint is known, you can dynamically assign the interface where the MAC appears to a specific segment. This feature

90 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

can be used only with untagged VLAN traffic. After defining the members of the MAC classification pool, configure a MAC
membership rule to specify the MAC addresses.
When any of the specified MAC addresses are seen on a member of the MAC classification pool, the interface or interface
group is added to the segment where the MAC membership rule was defined. . When the endpoint with the specified MAC
address ages out from the endpoints table after 5 minutes of activity, the interface that was assigned to the segment is
returned to the classification pool.
If a MAC address appears on a member of the classification pool but is not defined by a MAC-based membership rule, the
MAC is added to Ignored Hosts list, which can be seen by entering the show mac-membership ignored-endpoint.

Next Keyword Descriptions

switch <switch-name>: Replace <switch-name> with the name of the switch having an interface to be included in the MAC
classification pool.
interface <interface-name>: Replace <interface-name> with the name of the interface to include in the interface group.

Command Examples
The following commands assign the interface groups pg1 and pg2 to the MAC classification pool
controller-1 (config-macpool)#
controller-1 (config-macpool)# member interface-group pg1 vlan untagged
controller-1 (config-macpool)# member interface-group pg2 vlan untagged

The following command adds adds the available switch interfaces to the MAC classify pool:
controller-1 (config-macpool)# member switch any interface any vlan untagged

nat-pool Command

Command Syntax
nat-pool

Command Mode
Config mode

Command Description
Use the nat-pool command from config mode to enter config-nat-pool submode, where you can allocate a vSwitch to the
fabric-wide pool of vSwitches. The nat-profile command is used in config-tenant-lrouter submode to configure the specific
settings for network address translation (NAT) and port address translation (PAT).

Command Examples
controller-1(config)# nat-pool
controller-1(config-nat-pool)#

config-nat-pool Submode Commands

A single command is available in this submode.

nat-pool
nat-switch Command

Command Syntax
nat-switch <vswitch-name>

Big Switch Networks Confidential © Big Switch Networks 91

Big Cloud Fabric CLI Reference Guide

Command Mode
Config-nat-pool mode

Command Description
Use the nat-switch command to allocate a vSwitch to the fabric-wide pool of vSwitches.

Command Examples
controller-1(config)# nat-pool
controller-1(config-nat-pool)#nat-switch vswitch1

ntp Command

Command Syntax
[no} ntp {server <ntp-server> | time-zone <time-zone>}

Command Mode
Config mode

Command Description
Use the ntp command from config mode to identify the NTP server and set the current time zone. You can also use the NTP
command to request a one-time NTP sync from the specified NTP server or the default configured server.

Note: The hypervisor and the virtual machine running the controller should use the same time zone, whether UTC or the
local time zone. Using different time zones may cause issues, such as problems with log files.

Next Keyword Descriptions

server: Identify the NTP server IP address in dotted decimal format (nnn.nnn.nnn.nnn).
time-zone: Specify the time zone. Valid values are listed at www.iana.org/time-zones

Command Examples
The following command specifies 192.168.17.1 as the NTP server:
controller-1(config)# ntp server 192.168.17.1

ntp controller-source Command

Command Syntax
[no] ntp controller-source

Command Mode
Config mode

Command Description
Use the ntp controller-source command to configure the BCF controller as an NTP server for physical switches (pSwitches)
that are connected to the controller.

92 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

nsx Command

Command Syntax
[no] nsx <nsx-name> [type nsx]

Command Mode
Config mode

Command Description
Use the nsx command to enter the config-nsx submode, where you can integrate an an instance of vSphere NSX.

Next Keyword Descriptions

<nsx-name>: Enter a name for the orchestration instance.
type nsx: Identify the orchestration type as NSX.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)#

config-nsx Submode Commands

The following commands are available in this submode.
• hardware-vtep: Enter NSX hardware vtep configuration submode
• nsx-manager-hashed-password:Set the vCenter NSX manager password (to log into NSX)
• nsx-manager-host-name: Set the NSX manager host name
• nsx-manager-password: Set the vCenter NSX manager password (to log into NSX manager)
• nsx-manager-user-name: Set the vCenter NSX manager user name (to log into NSX manager)
• vcenter-name: Set the vcenter name

config-nsx/hardware-vtep Command

Command Syntax
[no] hardware-vtep

Command Mode
Config-nsx mode

Command Description
Use the hardware-vtep command to enter config-nsx-nvtep submode.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)# hardware-vtep
controller-1(config-nsx-nvtep)#

config-nsx-nvtep Submode Commands

The following commands are available in this submode.

Big Switch Networks Confidential © Big Switch Networks 93

Big Cloud Fabric CLI Reference Guide

• active: Activate or deactivate NSX hardware VTEP integration

• attachment-point: Configure attachment point
• nsx-controller-ip: Configure NSX controller IP
• nsx-hardware-vtep-tenant: Configure tenant for NSX hardware VTEP integration
• port: Configure NSX listening TCP port

config/nsx/hardware-vtep
active Command

Command Syntax
[no] active

Command Mode
Config-nsx-nvtep mode

Command Description
Use the active command to activate the current NSX integration instance. Use the no version of the command to deactivate
the instance.

Command Examples
The following command activates the current NSX integration instance.
controller-1(config-nsx-nvtep)#
controller-1(config-nsx-nvtep)# active

The following command disables the current NSX integration instance.

controller-1(config-nsx-nvtep)# no active
controller-1(config-nsx-nvtep)#

config/nsx/hardware-vtep
attachment-point Command

Command Syntax
attachment-point

Command Mode
config-nsx-nvtep mode

Command Description
Use the attachment-point command to enter the config-nsx-intf submode, where you can identify the interface group used
to integrate the current NSX instance.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)# attachment-point
controller-1(config-nsx-intf)#

config-nsx-nvtep-intf Submode Commands

A single command is available in this submode.

94 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

config/nsx/hardware-vtep/attachment-point
attached-interface Command

Command Syntax
[no] attached-interface <if-group-name>

Command Mode
config-nsx-nvtep-intf mode

Command Description
Use the attached-interface command to identify the interface-group that connects the NSX instance to the Big Cloud Fabric.

Next Keyword Descriptions

<if-group-name>: Enter the name of an existing BCF interface-group.

Command Examples
controller-1(config-nsx-nvtep)# attachment-point
controller-1(config-nsx-nvtep-intf)# attached-interface myinterfacegroup1
controller-1(config-nsx-nvtep-intf)#

config/nsx/hardware-vtep
nsx-controller-ip Command

Command Syntax
[no] nsx-controller-ip <ip-address>

Command Mode
config-nsx-nvtep mode

Command Description
Use the nsx-controller-ip command to configure an IP address for the current NSX instance.

Next Keyword Descriptions

<ip-address>: Enter the IP address for the current NSX instance.

Command Examples
controller-1(config-nsx-nvtep)# nsx-controller-ip 10.10.6.1
controller-1(config-nsx-nvtep)#

config/nsx/hardware-vtep
nsx-hardware-vtep-tenant Command

Command Syntax
[no] nsx-hardware-vtep-tenant <tenant>

Command Mode
config-nsx-nvtep mode

Big Switch Networks Confidential © Big Switch Networks 95

Big Cloud Fabric CLI Reference Guide

Command Description
Use the nsx-hardware-vtep-tenant command to configure a tenant for the current nsx instance.

Next Keyword Descriptions

<tenant>: Enter a tenant name for the current nsx instance.

Command Examples
controller-1(config-nsx-nvtep)# nsx-hardware-vtep-tenant mytenant
controller-1(config-nsx-nvtep)#

config/nsx/hardware-vtep
port Command

Command Syntax
[no] port <port-num>

Command Mode
config-nsx-nvtep mode

Command Description
Use the port command to identify the TCP port number to use for communications between the current NSX instance and
the BCF controller.

Next Keyword Descriptions

<port-num>: Enter the TCP port number to use for communications between the current NSX instance and the BCF
controller. The default port number is 6640.

Command Examples
controller-1(config-nsx-nvtep)# port 6650
controller-1(config-nsx-nvtep)#

config-nsx
nsx-manager-hashed-password Command

Command Syntax
[no] nsx-manager-hashed-password

Command Mode
Config-nsx mode

Command Description
Use the nsx-manager-hashed-password to set the vCenter NSX manager password to log into NSX.

config-nsx
nsx-manager-host-name Command

Command Syntax
[no] nsx-manager-host-name

96 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Config-nsx mode

Command Description
Use the nsx-manager-host-name command to set the NSX manager host name.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)# nsx-manager-host-name myhost

config-nsx
nsx-manager-password Command

Command Syntax
[no] nsx-manager-password

Command Mode
Config-nsx mode

Command Description
Use the nsx-manager-password to set the vCenter NSX manager password to log into NSX manager.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)#

config-nsx
nsx-manager-user-name Command

Command Syntax
[no] nsx-manager-user-name

Command Mode
Config-nsx mode

Command Description
Use the nsx-manager-user-name to set the vCenter NSX manager user name to log into NSX manager.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)# nsx-manager-user-name user1

config-nsx
vcenter-name Command

Command Syntax
[no] vcenter-name

Big Switch Networks Confidential © Big Switch Networks 97

Big Cloud Fabric CLI Reference Guide

Command Mode
Config-nsx mode

Command Description
Use the vcenter-name command to set the vcenter name.

Command Examples
controller-1(config)# nsx mynsx1 type nsx
controller-1(config-nsx)# vcenter-name myvcenter1

nutanix-prism Command

Command Syntax
[no] nutanix-prism <name>

Command Mode
Config mode

Command Description
Use the Nutanix-prism command to identify an instance of Nutanix Prism for integration with BCF and enter the config-
nutanix-prism submode, which provides configuration options that apply to the specific instance.

Command Examples
controller-1(config)# nutanix-prism mynutanix
controller-1(config-nutanix-prism)#

config
nutanix-prism Submode Commands
The following commands are available in this submode.
• automation-level Configure BCF configuration automation
• exclude Specify Nutanix management network vlan
• hashed-password Set the Nutanix Prism password (to log into Prism)
• host-name Set the Nutanix prism server host name
• maintenance Disconnect Nutanix Prism server & maintain last synced configuration from Nutanix Prism
server
• manage-segment-for-vlan Specify tenant and segment for Nutanix vlan
• manage-segment-for-vlan-range Specify tenant for nutanix vlan range
• password Set the Nutanix Prism password (to log into Prism service)
• preserve-bcf-config Preserve network configuration for Nutanix Prism Server when it is removed using "no
nutanix-prism" command
• user-name Set the Nutanix Prism server user name (to log into Prism service)

config-nutanix-prism
automation-level Command

98 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Syntax
[no] automation-level {full | none}

Command Mode
Config-nutanix-prism mode

Command Description
Use the automation-level command to set the automation level when importing configuration from the current Nutanix
Prism instance.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# automation-level {full | none}

config-nutanix-prism
exclude Command

Command Syntax
[no] exclude

Command Mode
Config-nutanix-prism mode

Command Description
Use the exclude command to specify the Nutanix management network vlan.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# exclude

config-nutanix-prism
hashed-password Command

Command Syntax
[no] hashed-password

Command Mode
Config-nutanix-prism mode

Command Description
Use the <<>> command to set the Nutanix Prism password to log into Prism.

Big Switch Networks Confidential © Big Switch Networks 99

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# hashed-password

config-nutanix-prism
host-name Command

Command Syntax
[no] host-name

Command Mode
Config-nutanix-prism mode

Command Description
Use the host-name command to set the Nutanix prism server host name.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# host-name

config-nutanix-prism
maintenance Command

Command Syntax
[no] maintenance

Command Mode
Config-nutanix-prism mode

Command Description
Use the maintenance command to disconnect Nutanix Prism server & maintain last synced configuration from Nutanix
Prism server

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# maintenance

config-nutanix-prism
manage-segment-for-vlan Command

100 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Syntax
[no] manage-segment-for-vlan

Command Mode
Config-nutanix-prism mode

Command Description
Use the manage-segment-for-vlan command to specify tenant and segment for Nutanix vlan.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# manage-segment-for-vlan

config-nutanix-prism
manage-segment-for-vlan-rangeCommand

Command Syntax
[no] manage-segment-for-vlan-range password

Command Mode
Config-nutanix-prism mode

Command Description
Use the manage-segment-for-vlan-range password command to specify tenant for nutanix vlan range.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# manage-segment-for-vlan-range

config-nutanix-prism
password Command

Command Syntax
[no] password

Command Mode
Config-nutanix-prism mode

Command Description
Use the password command to set the Nutanix Prism password to log into Prism service.

Next Keyword Descriptions

Big Switch Networks Confidential © Big Switch Networks 101

Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config-nutanix-prism)# password

config-nutanix-prism
preserve-bcf-config Command

Command Syntax
[no] preserve-bcf-config

Command Mode
Config-nutanix-prism mode

Command Description
Use the preserve-bcf-config command to preserve network configuration for Nutanix Prism Server when it is removed using
"no nutanix-prism" command.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# preserve-bcf-config

config-nutanix-prism
user-name Command

Command Syntax
[no] user-name

Command Mode
Config-nutanix-prism mode

Command Description
Use the user-name command to set the Nutanix Prism server user name to log into Prism service.

Next Keyword Descriptions

Command Examples
controller-1(config-nutanix-prism)# user-name

radius Command

Command Syntax
[no] radius acct-port [<acct-port>]
[no] radius auth-port [<auth-port>]
[no] radius auth-protocol [{pap | eap-ttls}]
[no] radius ca-cert [<ca-cert>]

102 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

[no] radius server {timeout <timeout> | key {<plaintext> | 0 <plaintext> | 7 <secret>}}

[no] radius server host <server-address> [key {{<plaintext>} | 0 {<plaintext>} | 7 {<secret>}}]

Command Mode
Config mode

Command Description
Use the radius command to configure server and protocol parameters for RADIUS. Specify remote RADIUS servers, along
with protocol timeouts and security settings.
RADIUS specific configuration here is enabled by a corresponding aaa command to enable authentication, authorization, or
accounting using the RADIUS protocol.

Next Keyword Descriptions

acct-port: Identify the port to be used for RADIUS accounting.
auth-port: Identify the port to be used for RADIUS authentication.
auth-protocol pap | eap-ttls: Identify the authentication protocol
ca-cert <cert>: Identify the certificate authority certificate to be used by the RADIUS server.
server host | key | timeout: Identify the RADIUS server host, password, or timeout.
<server-address>: AAA server IP address, or hostname if DNS is available
key : Use with <plaintext> or <secret> option to validate session with TACACS server
<plaintext>: Alphanumeric characters to validate session with TACACS server
0 [<plaintext>]: Use a plaintext password for authentication.
7 [<secret>]: <Use an encrypted password for authentication.

Command Examples
The following command configures the global RADIUS protocol timeout to 20 seconds.
controller-1(config)# radius server timeout 20

The following command return the RADIUS protocol timeout to the default value.
controller-1(config)#no radius server timeout

The following command configures a RADIUS server with the specified IP address.
controller-1(config)# radius server host 192.168.1.1

The following command deletes the specified RADIUS server,

controller-1(config)# no radius server host 192.168.1.1

secure control plane Command

Command Syntax
secure control plane { off | provision | lockdown } [force]

Command Mode
Config mode

Big Switch Networks Confidential © Big Switch Networks 103

Big Cloud Fabric CLI Reference Guide

Command Description
Use the secure control plane command to change the controller control plane mode. When in provisioning mode, a new
switch can connected to the controllers after a signed switch certificate for the switch has been imported to the controller
from a trusted CA. In lockdown mode, no physical or virtual switches can be added to the fabric.
A certificate signing request (CSR) is automatically generated by each physical switch connected to a controller in
provisioning mode. To copy the CSR to the CA and to import signed certificates to the controller, use the copy command. To
add virtual switches to the fabric, manually configure the certificate on each virtual switch.
To register a CA as a trusted CA, import the CA root certificate using the secure control plane ca command. To view the
current control plane status, including the names of CSRs and certificates, enter the show secure control plane command.

Next Keyword Descriptions

off: Disable secure control plane.
provision: Enable secure control plane provisioning mode. In this mode, a certificate signing request is generated for each
new switch connected to the controller. In this mode, signed certificates for the controller and fabric switches can be
imported to the primary controller.
lockdown: Enable secure control plane lockdown mode. In this mode, no switches can connect to the controller unless they
already have a certificate installed that has been signed by a CA trusted by the controller.
force: Complete the operation without waiting for a confirmation prompt or error message.

Command Examples
The following command moves the controller to provisioning mode, where new switches can connect to the controllers and
be added to the fabric.
controller-1(config)# secure control plane provision
controller-1(config)#

The following command moves the controller to lockdown mode, where no physical or virtual switches can connect to the
controllers:
controller-1(config)# secure control plane lockdown
controller-1(config)#

secure control plane ca Command

Command Syntax
secure control plane ca <cert>:

Command Mode
Config mode

Command Description
Use the secure control plane ca command on the Active controller to import the certificate authority (CA) root certificate,
which registers the CA as a trusted CA on the controller. This trust relationship is synchronized from the Active controller to
the Standby controller and the connected fabric switches.

Command Examples
controller-1(config)# secure control plane ca cacert-example
controller-1(config)#

104 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

sflow Command

Command Syntax
sflow

Command Mode
Config mode

Command Description
Use the sflow command to enter config-sflow submode, where you can configure sFlow settings for the BCF controller,
which acts as an agent reporting to an sFlow client, called a collector.

Command Examples
controller-1(config)# sflow
controller-1(config-sflow)#

config-sflow Submode Commands

The following commands are available in this submode.
• active: Activate this sflow session
• collector: Configure sflow collector information
• counter-interval: Configure interface counter polling interval in seconds
• header-size: Configure max header size from sampled packet
• sample-rate: Configure sampling rate (1 per number specified)

sflow
active Command

Command Syntax
[no] active

Command Mode
config-sflow mode

Command Description
Use the active command to activate sFlow. Use the no active command to deactivate sflow.

Command Examples
The following command enables sFlow reporting from the fabric to any configured sFlow collectors:
controller-1(config-sflow)# active

The following command disables sFlow reporting for the fabric:

controller-1(config-sflow)# no active

sflow
collector Command

Command Syntax
[no] collector <ip-address> [port <port>] agent-ip tenant <tenant-name> interface segment <segment-name>

Big Switch Networks Confidential © Big Switch Networks 105

Big Cloud Fabric CLI Reference Guide

Command Mode
config-sflow mode

Command Description
Use the collector command to configure the sFlow collector IP address and port number.
Next Keyword Descriptions
<ip-addr>: The IP address of the sFlow collector. Enter multiple commands to configure up to four sFlow collectors. If the
sFlow collector is on a device external to the Big Cloud Fabric, a static route to the collector must be configured on the
external tenant logical router. The IP address can be an IPv4 or IPv6 address.
port <port>: Optionally, enter the UDP port number used by the controller to communicate with the sFlow collector. The
default value is 6343.
agent-ip: Identify the Big Cloud Fabric segment that is the source of the sFlow packets. The sFlow agent must be a known
segment in a known tenant, with a valid IP address assigned to the segment interface and with a known path to the sFlow
collector. The sFlow agent IP address can be an IPv4 or IPv6 address.
tenant <tenant-name>: Identify the tenant where the source agent endpoint is attached.
interface segment <segment-name>: Identify the segment where the source agent endpoint is attached.

Command Examples
The following command enables sFlow reporting from the fabric to the sFlow collector with IP address 192.168.1.201 at the
default port 6343:
controller-1(config-sflow)# collector 192.168.1.201

sflow
counter-interval Command

Command Syntax
[no] counter-interval <counter-interval>

Command Mode
Config-sflow mode

Command Description
Use the counter-interval command to configure the number of seconds between updates sent to the sFlow collector by the
controller.
Next Keyword Descriptions
<counter-interval>: The number of seconds in the interval between messages sent to the sFlow collector. The default value
is 20 seconds.

Command Examples
The following command sets the interval between messages sent to the sFlow collector to 30 seconds.
controller-1(config-sflow)# counter-interval 30

106 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

sflow
header-size Command

Command Syntax
[no] header-size <max-header-size>

Command Mode
Config-sflow mode

Command Description
Use the header-size command to configure the max header size that the controller can use to send messages to an sFlow
collector.
Next Keyword Descriptions
<max-header-size>: The maximum number of bytes in the sFlow header that the controller can use to send messages to an
sFlow collector. The default value is 128 bytes.

Command Examples
The following command sets the maximum sFlow header size to 256 bytes.
controller-1(config-sflow)# header-size 256

sflow
sample-rate Command

Command Syntax
[no] sample-rate <sample-rate>

Command Mode
Config-sflow mode

Command Description
Use the sample-rate command to configure the sampling rate for sending sFlow packets to the sFlow collector.
Next Keyword Descriptions
<sample-rate>: Send one sFlow packet to the collector out of the number of packets specified by <sample-rate>. The
default value is to sample 1 packet out of every 10,000 packets.

Note: The maximum number of packets per second due to rate limits in the switch architecture is 100.

Command Examples
The following command sets the sFlow sample rate to sample 1 packet out of every 1,000 packets.
controller-1(config-sflow)# sample-rate 1000

snmp-server Command

Command Syntax
snmp-server {community ro <community> | location <location> | contact <contact>}
[no] snmp-server {community ro [<community>] | location [<location>] | contact [<contact>]}

Big Switch Networks Confidential © Big Switch Networks 107

Big Cloud Fabric CLI Reference Guide

Command Mode
Config mode

Command Description
Use the snmp-server command to configure the SNMP community string, location, and contact.

Next Keyword Descriptions

community: Configure the community string for simple read-only SNMP client authentication. Reset the community string
(default empty) with the no version of this command.
contact: Configure the administrative contact record (the SNMP sysContact MIB) for this device. Reset the contact
information to system defaults with the no version of this command.
location: Configure the controller location via the sysLocation SNMP MIB. Reset the location to the system default with the
no version of this command.

Command Examples
The following command sets the community string to MY-SNMP:
controller-1(config)snmp-server community ro MY-SNMP

The following command sets the server location reported during SNMP queries.
controller-1(config) snmp-server location snmp.example.com

The following command sets the administrative contact reported during SNMP queries.
controller-1(config) snmp-server contact [email protected]

snmp-server enable traps Command

Command Syntax
[no] snmp-server enable traps

Command Mode
Config mode

Command Description
Use the snmp enable traps command to enable the controller to send SNMP traps. SNMP read-only access is supported.,
but write access is not supported.

Command Examples
controller-1(config)snmp-server enable traps

snmp-server host Command

Command Syntax
[no] snmp-server host <ipaddr> [udp-port <udp-port>]

Command Mode
Config mode

108 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the snmp-server host command to specify the host and port information to which to send SNMP traps. If the UDP port
is not specified, the default UDP port for SNMP traps is used (port 162).

Next Keyword Descriptions

<ipaddr> : IP address of the SNMP trap receiver.
udp-port <udp-port>: Port number for the SNMP trap receiver. If the UDP port is not specified, the default UDP port for
SNMP traps is used (port 162).

Command Examples
The following command identifies the SNMP trap receiver at the IP address 192.168.1.20 and UDP port 200.
controller-1(config)snmp-server host 192.168.2.40 udp-port 200

snmp-server switch trap Command

Command Syntax
[no] snmp-server switch trap {auth-fail | cpu-load <cpu-load> [ 5min <cpu-load5> | 15min <cpu-load15> ]
| percent-idle <percent-idle> | percent-utilization <percent-util> | mem-free <mem-free> | psu-status
<psu-status> | fan-status <fan-status> | link-status <link-status> }

Command Mode
Config mode

Command Description
Use the snmp-server switch trap command to identify the threshold setting for CPU and memory utilization. When the
thresholds are exceeded, the switch sends a trap to the controller. This configuration is pushed to the switches through
ZTN.

Next Keyword Descriptions

auth-fail: SNMP trap on a SNMP authentication failure.
cpu-load: <cpu-load> 5min | 15min: The CPU load at which to send SNMP traps, using a 1 minute average. Replace <cpu-
load> with the threshold for CPU utilization. Use the 5min or 15min keyword to change the System load average.
fan-status: SNMP trap on fan status change. Sends a trap when the fan status changes. Set the interval for monitoring
between 10 and 100,000 seconds.
link-status: SNMP trap on link status change. Sends a trap when the status of a link changes. Set the interval for monitoring
between 1 and 100,000 seconds.
mem-free: Memory remaining in bytes. Replace <mem-free> with the threshold (in bytes) for memory utilization.
percent-idle: Trap when percent idle falls below the configured threshold. The mointoring interval is 10 seconds and is not
configurable.
percent-utilization: Trap when percent utilization rises above the configured threshold. The mointoring interval is 10
seconds and is not configurable.
psu-status: SNMP trap on PSU status change. Generate a trap when PSU status changes. Set the interval for monitoring
between 10 and 100,000 seconds.
thermal: SNMP trap for termperature change.

Big Switch Networks Confidential © Big Switch Networks 109

Big Cloud Fabric CLI Reference Guide

Command Examples
The following commands specify a threshold of 50% for CPU utilization and 50% for memory utilization.
controller-1(config)# snmp-server switch trap cpu-load 50
controller-1(config)# snmp-server switch trap mem-free 50
controller-1(config)#

snmp-server trap Command

Command Syntax
[no] snmp-server trap disk-percent <integer>

Command Mode
Config mode

Command Description
Use the snmp-server trap command to enable a trap to be sent when the disk usage of the Active controller exceeds the
specified percentage.

Next Keyword Descriptions

disk-percent <integer>: Replace <integer> with a number (1-100) to indicate the percentage of disk usage on the Active
controller that triggers a trap when it is exceeded.

snmp-server user Command

Command Syntax
[no] snmp-server user <name> {
auth [0] <cleartext passphrase> |
7 <auth-passphrase>}} [priv {aes | des} {[0] <cleartext passphrase> | 7 <priv-passphrase>}]

Command Mode
Config mode

Command Description
Use the snmp user command to create a user account for SNMP v3 access. When running snmpwalk (snmpget,
snmpgetnext, snmpbulkget) from a shell, passphrases should be enclosed in single quotes. Entering the passphrase with
double quotes (" "), may result in an error.

Next Keyword Descriptions

auth | auth 0 | auth 7: Use a plaintext passphrase or a type 7 encoded passphrase.
<cleartext-passphrase>: A cleartext passphrase from 8 to 64 alphanumeric characters including dash ("-" and space). A dash
or whitespace is not allowed at the beginning or end of the passphrase. Other special characters are not allowed.
<private-passphrase>: A type 0 encoded passphrase from 8 to 64 alphanumeric characters including dash ("-") and space. A
dash or whitespace is not allowed at the beginning or end of the passphrase. Other special characters are not allowed
<type-7-passphrase>: A type 7 encoded passphrase from 8 to 128 alphanumeric characters including dash ("-") and space.
The maximum text string length that can be used with a Type 7 encoder, which can be found online, is 64. A dash or
whitespace is not allowed at the beginning or end of the passphrase. Other special characters are not allowed.

110 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

priv {aes | des}: Optional keyword to perform Advanced Encryption Standard (AES) or Data Encryption Standard (DES)
encryption of the following passphrase, which is used as an encryption key to encrypt the SNMP messages between the
SNMP agent and the manager.
user <username>: Up to 32 alphanumeric characters including dash (“-“) and underscore (“_”) but no spaces. After you
configure the username with a plaintext passphrase, the output from the show snmp-server command displays the
passphrase as a Type7 encoded strings.

Command Examples
In the following example the snmp_1 user is configured for authentication (authNoPriv) with the plaintext password
authauth1.
controller-1(config)# snmp-server user snmp_1 auth authauth1

In the following example, the snmp-2 user is configured for authentication (authNoPriv) with the plaintext password
authauth1.
controller-1(config)# snmp-server user snmp-2 auth 0 authauth2

In the following example, the snmp11 user is configured for authentication and DES encryption (authpriv) with the auth
password authauth11 and the encryption key privpriv11.
controller-1(config)# snmp-server user snmp11 auth 0 authauth11 priv des 0 privpriv11

In the following example, the snmp21 user is configured for authentication and AES encryption (authpriv) with the auth
password authauth21 and the encryption key privpriv21.
controller-1(config)# snmp-server user snmp21 auth 0 authauth21 priv aes 0 privpriv21

The following are examples of Type7 encoded passphrases:

controller-1(config)# snmp-server user snmp1 auth 7 0207114f03071a35441f
controller-1(config)# snmp-server user snmp20 auth 7 0207114f03071a35441c59 priv des 7
021616521d161d285a1c59
controller-1(config)# snmp-server user snmp30 auth 7 0207114f03071a35441d59 priv aes 7
021616521d161d285a1d59

span-fabric Command

Command Syntax
[no] span-fabric <name>

Command Mode
Config mode

Command Description
Use the span-fabric command to create a new fabric SPAN session and enter config-span-fabric mode, where you can
define filters to select the traffic to copy and activate or deactivate the session.

Command Examples
controller-1(config)# span-fabric myfspan
controller-1(config-span-fabric)#

config-span-fabric Submode Commands

The following commands are available in this submode.
• active: Activate this span-fabric session

Big Switch Networks Confidential © Big Switch Networks 111

Big Cloud Fabric CLI Reference Guide

• destination: Associate a destination interface-group with this span-fabric session

• filter: Enter the filter sub-mode for this span-fabric session
• priority: Priority for this span-fabric session between 1 and 100

span-fabric
active Command

Command Syntax
[no] active

Command Mode
Config-span-fabric mode

Command Description
Use the active command to activate a fabric SPAN session. Use the no version of this command to deactivate a currently
active session. Up to three fabric SPAN sessions can be active concurrently. Up to four SPAN sessions, including both local
SPAN and fabric SPAN, can be active at the same time.

Command Examples
controller-1(config)# span-fabric myfspan
controller-1(config-span-fabric)# active

span-fabric
destination Command

Command Syntax
[no] destination interface-group <interface-group-name>

Command Mode
Config-span-fabric mode

Command Description
Use the destination command to associate a destination interface-group with this span-fabric session.

Next Keyword Descriptions

interface-group <interface-group-name>: Replace <interface-group-name> with the name of the interface group configured
on the BCF controller. An interface group must be defined for the fabric SPAN session, using the span-fabric mode, even if
you want only a single interface for the session.

Command Examples
controller-1(config)# span-fabric myfspan
controller-1(config-span-fabric)# destination fspan-pg1>

span-fabric
filter Command

Command Syntax
[no] filter

112 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Config-span-fabric mode

Command Description
Use the filter command to enter the filter submode, where you can define the criteria for selecting the traffic to copy for
this span-fabric session.

Command Examples
controller-1(config)# span-fabric myfspan
controller-1(config-span-fabric)# filter
controller-1(config-span-fabric-filter)#

span-fabric-filter Submode Commands

A single command is available in this submode.

span-fabric-filter
<rule-number> Command

Command Syntax
[no] <rule-number> { dst-ip-cidr | ether-type <ether> | ip-dscp | ip-ecn |
proto { icmp | tcp [dst-transport-port <port> | src-transport-port <port> | udp [dst-transport-port
<port> | src-transport-port <port> } |
interface-group { <group> | any } | src-ip-cidr | switch { <switch> | any-leaf} [ interface {<interface|
any-edge } | tenant <tenant> segment <segment>}

Command Mode
Config-span-fabric-filter mode

Command Description
Enter a rule number followed by the match criteria for selecting the traffic to copy to the Fabric SPAN destination defined
for the current Fabric SPAN session.

Next Keyword Descriptions

dst-ip-cidr: Destination IP subnet mask of the traffic to be copied, in dotted-decimal format (nnn.nnn.nnn.nnn).
ether-type <ether>: Replace <ether> with the Ethernet type of the interesting traffic.

Note: The following filtering options are not compatible with IPv6, ether-type 34525 (0x86DD), and no validation errors are
reported: dst-ip-cidr, ip-dscp, ip-ecn, proto, icmp, tcp, and udp.

icmp: Use with proto keyword to copy ICMP traffic.

interface <if-name> | any-edge: Replace <if-name> with the name of the interface from which to copy the traffic or use the
any-edge keyword to copy the specified traffic from all fabric interfaces.
ip-dinterface-group <group>: Replace <group> to identify the destination interface group of the traffic to copy.
ip-dscp <dscp>: Replace <dscp> with the numeric identifier of the QoS DSCP priority of the traffic to copy.
ip-ecn: Explicit congestion notification (ECN) uses the two least significant (right-most) bits of the DiffServ field in the IP
packet.
interface-group: match on a interface-group for a Fabric SPAN session. Name of the interface group whose traffic needs to
be copied to the Fabric SPAN destination.

Big Switch Networks Confidential © Big Switch Networks 113

Big Cloud Fabric CLI Reference Guide

proto: Specify the Layer 4 protocol used by the traffic to copy.

segment <segment>: Replace <segment> with the segment from which to copy the traffic.
src-ip-cidr: Source IP subnet mask of the traffic to be copied, in dotted-decimal format (nnn.nnn.nnn.nnn).
src-transport-port <port>: Use with the tcp or udp keyword and replace <port> with the port number of the traffic to copy.
switch <switch-name> | any-leaf : Replace <switch-name> with the name of the switch containing the interface from which
the copy should be copied, or use the any-leaf keyword to copy the specified traffic from all fabric leaf switches.
tcp: Copy TCP traffic.
tenant <tenant>: Replace <tenant> with the name of the tenant containing the segment from which to copy traffic.
udp: Copy UDP traffic.

priority Command

Command Syntax
[no] priority

Command Mode
Config-span-fabric mode

Command Description
Use the priority command to set a priority for this fabric SPAN session between 1 and 100. When filters used by
concurrently active SPAN sessions select the same traffic, the overlapping traffic is copied only for the session with the
lower priority.

span-local Command

config-span-local Submode Commands

The following commands are available in this submode.
• active: Activate this local span fabric session
• destination: Associate a destination interface-group with this local span fabric session
• filter: Enter the filter sub-mode for this local span fabric session
• priority: Priority for this local span fabric session between 1 and 100

span-local
active Command

Command Syntax
[no] active

Command Mode
Config-span-local mode

Command Description
Use the active command to activate a local SPAN session. Use the no version of this command to deactivate a currently
active session. Up to four SPAN sessions, including both local SPAN and fabric SPAN, can be active at the same time.

114 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config)# span-local myspan
controller-1(config-span-local)# active

span-local
destination Command

Command Syntax
[no] destination switch {<switch-name> | any | any-leaf | any-spine } interface <interface-name>

Command Mode
Config-span-local mode

Command Description
Use the destination command to identify the interface to which to copy the traffic selected for the current local span
session. Multiple destinations are allowed for a single span-local session but only the first destination port defined receives
traffic. Multiple destination ports in one session act like a LAG. If the port receiving traffic becomes unavailable, traffic is
forwarded to the remaining destination port.

Note: The span-local feature copies only ingress traffic that matches the specified criteria on the selected switch.

Next Keyword Descriptions

switch <switch-name> Replace <switch-name> with the name of the destination switch
any: use the any keyword to copy the traffic to the specified interface on any switch.
any-leaf: use the any-leaf keyword to copy the traffic to the specified interface on any leaf switch.
any-spine: use the any-spine keyword to copy the traffic to the specified interface on any spine switch.
interface <interface-name>: Replace <interface-name> with the name of the interface to which to copy the selected traffic.
The destination interface should be on the same switch as one of the source interfaces in the session. The destination
cannot be one of the source interfaces itself.

Note: destination ports are shut down when incompatible with SPAN.

If you set a span-local session destination on incompatible ports, such as a link between a leaf switch and a spine switch or a
link connecting a leaf switch and a virtual-switch, unexpected LLDP messages are received and the ports are shut down. To
fix this problem, complete the following steps:
1. Fix the span-local session configuration to use valid destination ports.
2. Enter the shutdown command on the affected ports.
3. Re-enable the affected ports by entering the no shutdown command.

Command Examples
controller-1(config)# span-local myspan
controller-1(config-span-local)# destination switch leaf1a interface ethernet10

span-local
filter Command

Command Syntax
[no] filter

Big Switch Networks Confidential © Big Switch Networks 115

Big Cloud Fabric CLI Reference Guide

Command Mode
Config-span-local mode

Command Description
Use the filter command to enter the filter submode, where you can define the criteria for selecting the traffic to copy for
this span-local session.

Command Examples
controller-1(config)# span-local myspan
controller-1(config-span-local)# filter
controller-1(config-span-local-filter)#

span-local-filters Submode Commands

A single command is available in this submode.

span-local-filters
<rule-number> Command

Command Syntax
[no] <rule-number> { dst-ip-cidr | ether-type <ether> | ip-dscp | ip-ecn |
proto { icmp | tcp [dst-transport-port <port> | src-transport-port <port> | udp [dst-transport-port
<port> | src-transport-port <port> } |
interface-group { <group> | any } | src-ip-cidr | switch { <switch> | any-leaf} [ interface {<interface|
any-edge } | tenant <tenant> segment <segment>}

Command Mode
Config-span-local mode

Command Description
Enter a rule number followed by the match criteria for selecting the traffic to copy to the Local SPAN destination defined for
the current Local SPAN session. A filter specification must include the switch and interface name. Optionally, it can also
include a tenant, segment name and packet match criteria. These additional criteria can be specified only if the direction of
the source specification is ingress.

Next Keyword Descriptions

switch <switch-name> | any: Copy traffic from the specified switch or use the any keyword to copy traffic from all switches.
any-leaf: use the any-leaf keyword to copy the traffic to the specified interface on any leaf switch.
any-spine: use the any-spine keyword to copy the traffic to the specified interface on any spine switch.
interface <interface-name> | any: Copy traffic from the specified interface or use the any keyword to copy traffic from all
interfaces.
interface-group <interface-group-name> | any: Copy traffic from the specified interface group or use the any keyword to
copy traffic from all interface groups.
switch: Configure a source specification for the local SPAN session.
interface <if-name>: Replace <if-name> with the name of the interface on the source switch from which the packets should
be mirrored.

116 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

[<pkt-match-criteria>]: Optionally, replace <pkt-match-criteria> with any of the following optional keywords to identify the
interesting traffic. If the filter criteria are not used, all traffic is copied.
tenant <tenant>: Replace <tenant> with the name of the tenant where the interesting traffic originates.
segment <segment>: Replace <segment> with the name of the segment where the interesting traffic originates.
ether-type <ether>: Replace <ether> with the Ethernet type of the interesting traffic.

Note: The following filtering options are not compatible with IPv6, ether-type 34525 (0x86DD), and no validation errors are
reported: dst-ip-cidr, ip-dscp, ip-ecn, proto, icmp, tcp, and udp.

icmp: Use with proto keyword to copy ICMP traffic.

interface <if-name> | any-edge: Replace <if-name> with the name of the interface from which to copy the traffic or use the
any-edge keyword to copy the specified traffic from all fabric interfaces.
ip-dinterface-group <group>: Replace <group> to identify the destination interface group of the traffic to copy.
ip-dscp <dscp>: Replace <dscp> with the numeric identifier of the QoS DSCP priority of the traffic to copy.
ip-ecn: Explicit congestion notification (ECN) uses the two least significant (right-most) bits of the DiffServ field in the IP
packet.
interface-group: match on a interface-group for a Fabric SPAN session. Name of the interface group whose traffic needs to
be copied to the Fabric SPAN destination.
proto: Specify the Layer 4 protocol used by the traffic to copy.
segment <segment>: Replace <segment> with the segment from which to copy the traffic.
src-ip-cidr: Source IP subnet mask of the traffic to be copied, in dotted-decimal format (nnn.nnn.nnn.nnn).
src-transport-port <port>: Use with the tcp or udp keyword and replace <port> with the port number of the traffic to copy.
switch <switch-name> | any-leaf : Replace <switch-name> with the name of the switch containing the interface from which
the copy should be copied, or use the any-leaf keyword to copy the specified traffic from all fabric leaf switches.
tcp: Copy TCP traffic.
tenant <tenant>: Replace <tenant> with the name of the tenant containing the segment from which to copy traffic.
udp: Copy UDP traffic.
ingress | egress | both: Copy only ingress traffic, egress traffic or both. if this option is specified, then the only additional
filter criteria supported in the rule is switch-interface.

priority Command

Command Syntax
[no] priority

Command Mode
Config-span-local mode

Command Description
Use the priority command to set a priority for this local SPAN session between 1 and 100. When filters used by concurrently
active SPAN sessions select the same traffic, the overlapping traffic is copied only for the session with the lower priority.

Big Switch Networks Confidential © Big Switch Networks 117

Big Cloud Fabric CLI Reference Guide

storm-control-profile Command

Command Syntax
[no] storm-control-profile <profile>

Command Mode
config mode

Command Description
Use the storm-control-profile command to define a Storm Control profile and enter the config-storm-control-profile
submode, where you can define the limits for different types of traffic.

Next Keyword Descriptions

<profile>: Define the name of the profile to be used for setting the limits for different types of traffic.

Command Examples
The following command defines the Storm Control profile strmcntrl:
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile)

config-storm-control-profile Submode Commands

The following commands are available in this submode.
• broadcast-rate: Broadcast-rate setting for the storm-control profile
• known-multicast-rate: Known-multicast-rate setting for the storm-control-profile
• unknown-multicast-rate: Unknown-multicast-rate setting for the storm-control-profile
• unknown-unicast-rate: Unknown-unicast rate setting for the storm-control-profile

broadcast-rate

Command Syntax
[no] broadcast-rate <max-util-percent>

Next Keyword Descriptions:

<max-util-percent>: Enter an integer between 0 and 100 to specify the maximum percentage of the available bandwidth
that can be used by broadcast traffic. A value of 0 disables the threshold and no limit is placed on the percentage of the
bandwidth that can be utilized by the specific traffic type.

Command Examples
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile) broadcast-rate 10

This command limits broadcast traffic to 10% of the available bandwidth on any interface or switch where the profile is
applied (using the storm-control command in config-switch or config-switch-if submode.

known-multicast-rate

Command Syntax
[no] known-multicast-rate<max-util-percent>

118 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
config-storm-control-profile submode

Next Keyword Descriptions:

<max-util-percent>: Enter an integer between 0 and 100 to specify the maximum percentage of the available bandwidth
that can be used by known multicast traffic.

Command Examples
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile) known-multicast-rate 10

This command limits known multicast traffic to 10% of the available bandwidth on any interface or switch where the profile
is applied (using the storm-control command in config-switch or config-switch-if submode.

unknown-multicast-rate

Command Syntax
[no] unknown-multicast-rate<max-util-percent>

Command Mode
config-storm-control-profile submode

Next Keyword Descriptions:

<max-util-percent>: Enter an integer between 0 and 100 to specify the maximum percentage of the available bandwidth
that can be used by unknown multicast traffic.

Command Examples
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile) unknown-multicast-rate 10

This command limits unknown multicast traffic to 10% of the available bandwidth on any interface or switch where the
profile is applied (using the storm-control command in config-switch or config-switch-if submode.

unknown-unicast-rate

Command Syntax
[no] unknown-unicast-rate<max-util-percent>

Command Mode
config-storm-control-profile submode

Next Keyword Descriptions:

<max-util-percent>: Enter an integer between 0 and 100 to specify the maximum percentage of the available bandwidth
that can be used by unknown unicast traffic.

Command Examples
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile) unknown-unicast-rate 10

This command limits unknown unicast traffic to 10% of the available bandwidth on any interface or switch where the profile
is applied (using the storm-control command in config-switch or config-switch-if submode.

Big Switch Networks Confidential © Big Switch Networks 119

Big Cloud Fabric CLI Reference Guide

switch Command

Command Syntax
[no] switch <name>

Command Mode
Config mode

Command Description
Use the switch command to name a switch and enter config-switch submode, where you can associate a MAC address with
the switch name and configure the fabric role and the leaf group to which the switch belongs.

Next Keyword Descriptions

name: Alphanumeric characters providing a unique name for the switch.

Command Examples
controller-1(config)# switch leaf1a
controller-1(config-switch)#

config-switch Submode Commands

The following commands are available in this submode.
• description: Configure the description for this switch
• fabric-role: Configure fabric role for switch name
• interface: Enter switch-if submode, configure switch interface
• leaf-group: Configure leaf group for switch name
• mac: Configure MAC address for switch name
• shutdown: Configure administrative status of switch
• storm-control: Configure storm-control for a switch

switch
description Command

Command Syntax
[no] description <text>

Command Mode
config-switch submode

Command Description
Use the description command to provide a text string to explain the function of each switch.

switch
fabric-role Command

Command Syntax
[no] fabric-role {spine | leaf}

120 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
config-switch submode

Command Description
Use the fabric-role command to assign a new switch before it is added to the fabric a role as leaf or spine.

Next Keyword Descriptions

spine: Use this keyword to define the switch role as a spine switch, which has connections only to leaf switches.
leaf: Use this keyword to define the switch role as a leaf switch, which can be connected to spine switches, other leaf
switches, or to hosts and servers.

Note: For connected switches, first shut down the switch before changing its fabric role.

Command Examples
The following command configures the fabric role of the current switch as a spine switch:
controller-1(config-switch)# fabric-role spine

The following command configures the fabric role of the current switch as a leaf switch:
controller-1(config-switch)# fabric-role leaf

switch
interface Command

Command Syntax
[no] interface <name>

Command Mode
config-switch submode

Command Description
Use the interface command to enter switch-if submode and administratively shutdown or enable the interface, which is
enabled by default.

Next Keyword Descriptions

<name>: The name of the interface to shut down or enable.

Command Examples
The following command enables switch-if submode for ethernet1:
controller-1(config-switch)# interface ethernet1
controller-1(config-switch-if)#

config-switch-if submode Commands

The following commands are available in this submode.
• autoneg: Configure autoneg property of interface
• bpdu-guard-disable: Configure BPDU-Guard Disable property of interface
• breakout: Configure breakout property of interface
• description: Configure the description of this interface

Big Switch Networks Confidential © Big Switch Networks 121

Big Cloud Fabric CLI Reference Guide

• forward-error-correction: Configure forward error correction on the current interface

• shutdown: Configure administrative status of interface
• storm-control: Configure storm-control for an interface

switch-if
autoneg command

Command Syntax
[no] autoneg {default | disable | enable}

Command Mode
Config-switch-if submode

Command Description
Use the autoneg command to configure autonegotation for the current interface.

Next Keyword Descriptions

default: Reset autonegotation to the default setting.
disable: Disable autonegotation on the current interface.
enable: Enable autonegotation on the current interface.

switch-if
bpdu-guard-disable command

Command Syntax
[no] bpdu-guard-disable

Command Mode
Config-switch-if submode

Command Description
To allow an interface to accept STP BPDUs, enter the bpdu-guard-disable command from config-switch-if-submode. The
option to disable BPDU Guard applies only to physical leaf edge ports. Virtual switches always have BPDU Guard enabled.
You can disable STP BPDU guard on physical leaf ports on a per port basis. When STP BPDU Guard is disabled, BPDU packets
received on an interface are forwarded within the same segment where the BPDUs were received.

Note: If BPDU Guard is disabled on fabric edge interfaces, then traffic loss may occur during fabric upgrade. During upgrade
or peer leaf reboot the interfaces on the leaf switch where BPDU Guard is disabled are shut down by the controller.

With STP, Rapid STP (RSTP), and Multiple STP (MSTP), BPDUs are received as untagged packets even if the interfaces are
trunk ports and included in one or more VLANs. When BPDU Guard is disabled on an interface so that STP BPDUs can be
forwarded, the interface should be included in a member rule for the segment with an untagged VLAN as well as for any
VLANs configured on the interface.

Example 1: BPDU Disabled with STP, RSTP, and MSTP

! tenant
tenant BPDU
segment segBpdu

122 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

member interface-group arista1-leaf1 vlan untagged

member interface-group arista2-leaf2 vlan untagged
member switch leaf1-b interface ethernet30 vlan untagged
member switch leaf2-b interface ethernet30 vlan untagged
segment segVlan3900
member interface-group arista1-leaf1 vlan 3900
member interface-group arista2-leaf2 vlan 3900
member switch leaf1-b interface ethernet30 vlan 3900
member switch leaf2-b interface ethernet30 vlan 3900

With Per VLAN STP (PVST/PVST+), BPDUs are transmitted as tagged packets. Therefore, the membership rule for the
affected segment only needs to include the required VLAN to allow the BPDUs to be forwarded (see Example 2).

Example 2: BPDU Disabled with PVSTP/PVSTP+

! tenant
tenant BPDU
segment segVlan3900
member interface-group arista1-leaf1 vlan 3900
member interface-group arista2-leaf2 vlan 3900
member switch leaf1-b interface ethernet30 vlan 3900
member switch leaf2-b interface ethernet30 vlan 3900

To re-enable BPDU Guard on an interface where it has been disabled, enter the no version of the command.

Command Examples
bcf-controiller1(config)# switch leaf-1-a
bcf-controiller1(config-switch)# interface ethernet1
bcf-controiller1(config-switch-if)# bpdu-guard-disable

After entering this command, BPDU packets received on the port are flooded to any VLAN configured on the interface.
The following command re-enables BPDU Guard on the current interface:
bcf-controiller1(config-switch-if)# no bpdu-guard-disable

After entering this command, when an STP BPDU packet is received, it is directed to the CPU and forwarded to the
controller, which then shuts down the port.

switch-if
breakout Command

Command Syntax
[no] breakout

Command Mode
config-switch-if submode

Command Description
Breakout (splitter) cables are supported by Big Cloud Fabric to allow splitting a single 40-GbE port into four individual 10-
GbE interfaces. For information about the splitter cables supported in the current version of Big Cloud Fabric, refer to the
Big Cloud Fabric Hardware Compatibility List. With the supported splitter cables autodetection occurs when the cable is
inserted and no further configuration is required.
If using a breakout cable that cannot be autodetected, use the breakout command . When you enter this command from
the config-switch-if submode for a specific interface, that interface is configured to support a breakout or splitter cable
without autodetection. If the cable is already inserted, the interfaces become available and can be seen with the show
switch interface command. If the splitter cable is not inserted, the ports become available immediately after inserting the
cable.

Big Switch Networks Confidential © Big Switch Networks 123

Big Cloud Fabric CLI Reference Guide

Command Examples
The following command enables breakout support on the ethernet17 interface on leaf0a.
(config)# switch dell-leaf1-b
(config-switch)# interface ethernet17
(config-switch-interface)# breakout

The show running-config command displays the configuration, as in the following example:
! switch
switch dell-leaf1-b
interface ethernet17
breakout

The show switch interface command displays the interface configuration for the switch, as in the
following example:

controller-1(config)# show switch dell-leaf1-b interface ethernet17/1

# Switch IF Name IF Type IF State IF Down Reason LACP State Curr Features
-|------------|------------|-------|--------|--------------|----------|-------------|
1 dell-leaf1-b ethernet17/1 unknown down Link Down inactive 10gb-fd

Breakout ports are indicated by a slash and the sequence number after the interface name, such as ethernet17/1. This
example shows information about a specific breakout port. If you enter this command without specifying the interface,
information about all the interfaces on the switch is displayed.
The show switch interface all properties command, displays information about the breakout capabilities of each interface,
as in the following example:
controller-1(config)# show switch spine0 interface all properties
# Switch IF Name MAC Address Config State Adv. Features Curr Features Supported Features peer features
--|------|-----------|-----------------|------|-----|--------------|--------------|-----------------------------|-------------|
1 spine0 ethernet1 5c:16:c7:1f:b9:48 up down 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable
2 spine0 ethernet2 5c:16:c7:1f:b9:49 up up 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable
3 spine0 ethernet3 5c:16:c7:1f:b9:4a up down 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable

switch-if
description command

Command Syntax
[no] description <text>

Command Mode
Config-switch-if submode

Command Description
Use the description command to associate a text description with the current interface.

Next Keyword Descriptions

<text>: Replace <text> with an alphanumeric string to document the usage or other properties of the current interface.

switch-if
forward-error-correction command

Command Syntax
[no] forward-error-correction {default | disable | enable}

124 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Config-switch-if submode

Command Description
Use the forward-error-correction command to configure forward error correction on the current interface.

Next Keyword Descriptions

default: Reset forward error correction to the default setting.
disable: Disable forward error correction on the current interface.
enable: Enable forward error correction on the current interface.

switch-if
shutdown command

Command Syntax
[no] shutdown

Command Mode
Config-switch-if submode

Command Description
Use the shutdown command to place the interface in an administratively down state. Use the no shutdown command to
enable an administratively down interface.

switch-if
storm-control Command

Command Syntax
[no] storm-control <profile>

Command Mode
config-switch-if submode

Command Description
Use the storm-control command to apply a Storm Control profile to the current interface. Define a Storm Control profile by
using the storm-control-profile command in config-switch submode. The Storm Control profile lets you limit the following
types of traffic to a percentage of the available bandwidth:
• broadcast-rate
• known-multicast-rate
• unknown-multicast-rate
• unknown-unicast-rate

Next Keyword Descriptions

<profile>: Identify the name of the profile, defined using the storm-control-profile command in config-switch submode

Command Examples
The following commands define a Storm Control profile and apply the profile to interface ethernet24:

Big Switch Networks Confidential © Big Switch Networks 125

Big Cloud Fabric CLI Reference Guide

controller-1(config)# storm-control-profile strmcntrl

controller-1(config-storm-control-profile)# broadcast-rate 10
This profile limits broadcast traffic to 10% of the available bandwidth on any interface where the profile is applied.
To apply the profile to a specific switch interface, enter the storm-control command followed by the profile name, as in
the following example:
controller-1(config)# switch leaf2-a
controller-1(config-switch)# interface ethernet24
controller-1(config-switch-if)# storm-control strmcntrl

Note: A Storm Control profile applied in config-switch-if submode takes precedence over a profile applied in config-switch
submode.

switch-if
shutdown Command

Command Syntax
[no] shutdown

Command Mode
config-switch-if submode

Command Description
Use the shutdown command to administratively shutdown the current switch interface. Use the no shutdown command to
enable an interface that was previously administratively shutdown.

Command Examples
The following command disables interface ethernet1:
controller-1(config-switch)# interface ethernet1
controller-1(config-switch-if)# shutdown

The following command enables interface ethernet1:

controller-1(config-switch)# interface ethernet1
controller-1(config-switch-if)# no shutdown

switch
leaf-group Command

Command Syntax
[no] leaf-group <leaf-group>

Command Mode
config-switch submode

Command Description
Use the leaf-group command to assign the current switch to a leaf group. Two switches in the same rack can be configured
as a leaf group for high availability and performance. Only interfaces on switches assigned to the same leaf group can be
included in a single interface group.

126 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

<leaf-group>: Alphanumeric characters providing a name for the leaf group to which the switch is assigned.

Command Examples
controller-1(config-switch)# leaf-group rack1

switch
mac Command

Command Syntax
[no] mac <mac>

Command Mode
config-switch submode

Command Description
Use the mac command to register the MAC address of a bare metal switch on the controller. After the MAC address is
configured on the controller, the controller will respond to requests from the switch and download its configuration and
operating system files.

Note: For connected switches, first shut down the switch before changing its MAC address.

Next Keyword Descriptions

<mac>: Enter the manufacturer hardware address for the switch to register on the controller.

Command Examples
controller-1(config)# switch leaf1a
controller-1(config-switch)# mac 70:72:CF:AE:B6:34

switch
shutdown Command

Command Syntax
[no] shutdown

Command Mode
config-switch submode

Command Description
Use the shutdown command to administratively shut down the switch. Use the [no] form of the command to enable a
switch that was previously shut down.

Command Examples
controller-1(config-switch)# shutdown

switch
storm-control Command

Big Switch Networks Confidential © Big Switch Networks 127

Big Cloud Fabric CLI Reference Guide

Command Syntax
[no] storm-control <profile>

Command Mode
config-switch submode

Command Description
Use the storm-control command to apply a Storm Control profile to the current switch. Define a Storm Control profile by
using the storm-control-profile command in config mode.

Next Keyword Descriptions

<profile>: Identify the name of the profile, defined using the storm-control-profile command in config mode.

Command Examples
The following commands define a Storm Control profile and apply the profile to leaf2-a:
controller-1(config)# storm-control-profile strmcntrl
controller-1(config-storm-control-profile)# broadcast-rate 10
This profile limits broadcast traffic to 10% of the available bandwidth on any interface where the profile is applied.
To apply the profile to a specific switch, enter the storm-control command followed by the profile name, as in the
following example:
controller-1(config)# switch leaf2-a
controller-1(config-switch)# storm-control strmcntrl

Note: A storm control profile applied in config-switch-if submode takes precedence over a profile applied in config-switch
submode.

tacacs Command

Command Syntax
[no] tacacs server host <server-address> [key {[<plaintext>] | 0 {<plaintext>} | 7 {<secret>}}

Command Mode
Config mode

Command Description
Use the tacacs command to configure server and protocol parameters for TACACS+. Specify remote TACACS+ servers, along
with protocol timeouts and security settings.
TACACS+ specific configuration here is enabled by a corresponding aaa command to enable authentication, authorization,
or accounting via the TACACS+ protocol.

Next Keyword Descriptions

server host <server-address>: AAA server IP address, or hostname if DNS is available
key : Use with <plaintext> or <secret> option to validate session with TACACS server
<plaintext>: Alphanumeric characters to validate session with TACACS server
0 [<plaintext>]: Use a plaintext password for authentication.
7 [<secret>]: <Use an encrypted password for authentication.

128 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
The following command configures the global TACACS+ protocol timeout to 20 seconds.
controller-1(config)# tacacs server timeout 20

The following command returns the TACACS+ protocol timeout to the default value.
controller-1(config)#no tacacs server timeout

The following command configures the (plaintext) key used to communicate with the TACACS+ server, if no key is specified
for a given server.
controller-1(config)#tacacs server key SECRET-KEY

The following command resets the global TACACS+ server key. If no key is specified, an empty key is assumed.
controller-1(config)#no tacacs server key

The following command configures a TACACS+ server with the specified IP address.
controller-1(config)# tacacs server host AA.BB.CC.DD

The following command deletes the specified TACACS+ server

controller-1(config)# no tacacs server host AA.BB.CC.DD

The following command specifies an encryption key for this TACACS+ server.
controller-1(config)# tacacs server host AA.BB.CC.DD key SECRET-KEY

The following command removes any key associated with this server, and use the global TACACS+ key instead.
controller-1(config)# no tacacs server host AA.BB.CC.DD key

tenant Command

Command Syntax
[no] tenant <tenant name>

Command Mode
Config mode

Command Description
Use the tenant command to define a tenant and to enter the config-tenant submode. The properties of the tenant are
configured by commands and additional submodes within config-tenant submode,
A tenant defines a logical Layer 2 and Layer 3 network connecting a group of devices or services. The tenant name "system"
is reserved for the system tenant that is used for routing between tenants. The system tenant does not contain any
segments. Other user-defined tenants contain multiple segments that can be interconnected by the tenant logical router.

Next Keyword Descriptions

tenant name: Name of the tenant.

Command Examples
The following command defines a new tenant instance named Red and enters the tenant sub-mode.
controller-1(config)# tenant Red
controller-1(config-tenant)#

The following command removes the tenant Red.

Big Switch Networks Confidential © Big Switch Networks 129

Big Cloud Fabric CLI Reference Guide

no tenant Red

Note: The CLI is case-sensitive; Red is a different tenant than red.

The following command enables tenant-lrouter mode for the system tenant:
controller-1(config)# tenant system
controller-1(config-tenant)#

Note: The CLI prompt is the same for system and user-defined tenants. You must re-enter the tenant command to change
the tenant or logical-router type.

config-tenant Submode Commands

The following commands are available in this submode.
• description: Specify a description for this tenant
• id: Specify an ID for this tenant
• logical-router: Enter the logical router configuration submode
• multicast-enable: Enable Multicast on Tenant
• multicast-group: Create a multicast-group and/or enter multicast-group submode
• origination: Configure the origination for this tenant
• segment: Create a segment and/or enter segment submode

tenant
description Command

Command Syntax
[no] description <description>

Command Mode
config-tenant mode

Command Description
Use the description command to associate an alphanumeric string with the current tenant. The text must be enclosed in
quotation marks (“”).

Command Examples
The following command enters a description for the Red tenant:
controller-1(config)# tenant Red
controller-1(config-tenant)# description “Red tenant containing Web, App, and Tier segments”

tenant
id Command

Command Syntax
[no] id <id>

130 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
config-tenant mode

Command Description
Use the id command to associate an identifier with the current tenant.

tenant
logical-router Command

Command Syntax
[no] logical-router

Command Mode
config-tenant mode

Command Description
Use the logical-router command to enter tenant-lrouter submode, from where you can enable and configure logical router
interfaces. A logical router in the Big Cloud Fabric is similar to a virtual routing and forwarding (VRF) instance, providing
routing and policy enforcement between segments within a tenant, between segments and external networks, and
between tenants.
A logical router is created when a tenant is defined. Generally speaking, each user-defined tenant has a logical router than
can route between segments within the tenant, between segments and external devices, and to the system tenant. The
system tenant is a special tenant that contains no logical segments but which can interconnect tenants.
When you define the system tenant, a special logical router is assigned that allows routing between tenants. The logical
router for the system tenant has only one type of logical interface, called a tenant interface. The system router can have
one tenant interface for each tenant. Other tenants can have a single tenant interface to the system tenant and a segment
interface for each segment within the tenant.

Command Examples
The following command enables tenant-lrouter mode for the system tenant:
controller-1(config)# tenant system
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)#

The following command enables tenant-lrouter mode for the Red tenant:
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)#

config-tenant-lrouter Submode Commands

Note: Some keywords and the effect of some commands in the tenant-lrouter submode differ depending on whether you
are configuring the logical router for the system tenant or a user-defined tenant. The prompt is the same for both types of
tenants, but you must re-enter the tenant command to change the tenant or logical-router type.

The following commands are available in this submode:

• apply: Apply a policy list to this logical router
• as-path-list: Create an as-path-list on the logical router
• bgp: Enter the BGP configuration submode

Big Switch Networks Confidential © Big Switch Networks 131

Big Cloud Fabric CLI Reference Guide

• description: Configure the description of this logical router

• interface: Create logical router interface to a segment
• nat-profile: Create a NAT profile on the logical router
• next-hop-group: Create an next hop group on the logical router
• origination: Configure the origination of this logical-router
• ospf: Enter the OSPF configuration submode
• policy-list: Create a policy list on the logical router
• prefix-list: Create a prefix list on the logical router
• qos-classifier-list: Create a QoS classifier list on the logical router
• route: Add an IP subnet route on the logical router
• route-map: Create a route-map on the logical router
• vtep: Create local source VTEP

tenant/logical-router
apply Command

Command Syntax
[no] apply policy-list <list-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the apply command to apply a policy list or a qos-classifier-list to the current logical router. To configure a policy list,
enter the policy-list command from tenant-lrouter submode. To configure a QoS classifier list, enter the qos-classifier-list
command from tenant-lrouter submode.
Policy and QoS classifier lists are composed of one or more entries and are applied to the logical router for a tenant. Each
entry applies to the ingress traffic received by one or more specified logical interfaces.
The default policy for every enabled logical interface is to route all traffic. However, when you apply a policy to the logical
router, all traffic is dropped on all interfaces unless specifically permitted by a policy list entry that is included in an applied
policy.

Next Keyword Descriptions

<list-name>: Name of the policy or QoS classifier list to apply.

Note: When you apply a policy list to a logical router, all traffic is dropped on all interfaces unless specifically permitted by a
policy list entry that is included in an applied policy.

Command Examples
The following command applies the policy-list external to the logical router for the Red tenant.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# apply policy-list external
controller-1(config-tenant-lrouter)#

The following command applies a QoS classifier list to the logical router for the Red tenant.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# apply qos-classifier-list myqoslist
controller-1(config-tenant-lrouter)#

132 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router
as-path-list Command

Command Syntax
[no] as-path-list <list-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the as-path command to define an as-path list and enter the tenant-lrouter-aspath submode, where you define entries
for the as-path list. An as-path-list can then be applied in a route-map. The route-map itself can be applied on a BGP
neighbor for filtering incoming or outgoing routes.

Next Keyword Descriptions

<list-name>: Provide a text description of the list.

Command Examples
The following command defines the as-path-list, my-list.
controller-1(config-tenant-lrouter)# as-path-list my-list
controller-1(config-tenant-lrouter-aspath)#

tenant-lrouter-aspath Submode Commands

A single command is available in this submode.

tenant/logical-router/as-path-list
<rulenumber> Command

Command Syntax
[no] <rule number> {exclude | include} <regex>}

Command Description:
Use the as-path rule command to add a new rule in the route-map. An as-path rule has a sequence number, an action
(include/exclude) and a regular expression.

Next Keyword Descriptions:

exclude: Set rule to exclude matching paths
include: Set rule to include matching paths
<regex>: Use a regular expression to match paths to include or exclude.
You can provide a range of characters in a regex within left and right square brackets, such as [xyz], or match using a single
character followed by regex operators.
A summary of regex operators is provided in the following table.

Regex operator Matches

Big Switch Networks Confidential © Big Switch Networks 133

Big Cloud Fabric CLI Reference Guide

. Single character

^ Start of the input string

$ End of the input string

\ Character

- , { } the start of the input string, the end of the

input string, or a space

* 0 or more sequences of the preceding character

+ 1 or more sequences of the preceding character

? preceding character or a null string

The following table provides some examples of regular expressions.

Regex expression Matches entries

_200_ Routed through AS200

_200$ Originating from AS200

^200 .* Transmission from AS200

^$ Originating from the current AS

Command Examples
(config-tenant-lrouter)# as-path-list a1
(config-tenant-lrouter-aspath)# 1 include 2,3

tenant/logical-router
bgp Command

Command Syntax
[no] bgp

Command Mode
Tenant-lrouter submode

Command Description
Use the bgp command to enable Border Gateway Protocol (BGP) and enter config-tenant-lrouter-bgp submode, where you
can configure various BGP options. Internal Border Gateway Protocol, (iBGP) provides information about the routers in the
same autonomous system (AS). BGP supports multiple equal-cost paths to reach the same destination prefix, with traffic to
the destination distributed across all the installed paths.
preference <integer>: Replace <integer> with a numeric value to set a preference for the current route. The lower
preference is the preferred route. If you do not specify a route preference, then the default preference value of 1 is used.

Command Examples
(config-tenant-lrouter)# bgp
(config-tenant-lrouter-bgp)#

134 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

config-tenant-lrouter-bgp Submode Commands

The following commands are available in this submode.
• aggregate-address: Configure an aggregate-address to advertise via BGP
• dampening: Configure dampening parameters for BGP routes
• graceful-restart: Configure graceful restart for BGP
• graceful-restart-stalepath-time: Configure graceful restart stalepath time for BGP
• local-as: Set the local Autonomous System ID
• log-neighbor-changes: Configure BGP to log neighbor changes
• maximum-paths: Configure the maximum number of paths a route can point to
• neighbor: Create a BGP neighbor for the tenant router
• network: Specify an IP subnet to advertise via BGP
• preference: Set the preference of external BGP routes
• protocol-ip: Configure the local BGP speaker IP address
• redistribute-connected: Redistribute connected interface subnets to BGP neighbors
• redistribute-ospf: Redistribute OSPF routes to BGP neighbors
• redistribute-static: Redistribute static routes to BGP neighbors
• router-id: Configure the BGP router identifier
• shutdown: Shutdown the BGP protocol

tenant/logical-router/bgp
aggregate-address Command

Command Syntax
[no] aggregate-address <ip-subnet> [[as-set] [summary-only]]

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the aggregate-address command to summarize the routes advertised to a BGP neighbor. BGP route aggregation
continues advertising all the more-specific routes summarized by an aggregate. This is different from the static route or
network command because the static-command requires enabling the redistribute-static option.

Next Keyword Descriptions

as-set: Advertise a summary of the AS numbers along with the route summary. This summarizes the AS_PATH attributes of
all the individual routes and helps prevent loops.
summary-only: The list of routes is suppressed and only the route summary is advertised.

Command Examples
The following command summarizes the routes matching the first two bytes in 1.1.0.0:
controller-1(config-tenant-lrouter)# bgp
controller-1(config-tenant-lrouter-bgp)# aggregate-address 1.1.0.0/16

Big Switch Networks Confidential © Big Switch Networks 135

Big Cloud Fabric CLI Reference Guide

tenant/logical-router/bgp
dampening Command

Command Syntax
[no] dampening

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the dampening command to configure dampening parameters for BGP routes.
<<add detail from user guide>>

tenant/logical-router/bgp
graceful-restart Command

Command Syntax
[no] graceful-restart

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the graceful-restart command to configure graceful restart for BGP.
The BGP graceful restart feature allows a BGP speaker to preserve forwarding state during BGP restart and to retain routing
information after a TCP session is reset. BGP graceful restart prevents the routing flap that can otherwise occur when BGP
on a router restarts and the BGP peers detect that the session has restarted. A routing flap causes BGP route re-
computation and updates to BGP routing and forwarding tables. A routing flap may create transient forwarding blackholes
or forwarding loops and consumes resources on the control affected by the flap.

tenant/logical-router/bgp
graceful-restart-stalepath-time Command

Command Syntax
graceful-restart-stalepath-time <stalepath-time>

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the graceful-restart-stalepath-time command to configure the graceful restart stalepath time for BGP.

Next Keyword Descriptions

<stalepath-time>: Replace <stalepath-time> with the number of seconds to wait . . .

136 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/bgp
local-as Command

Command Syntax
[no] local-as <local-as>

Command Mode
tenant-lrouter-bgp submode

Command Description
Use the local-as command to set the local Autonomous System ID.

Next Keyword Descriptions

<local-as>: Replace <local-as> with the local AS ID to assign to the current logical router.

tenant/logical-router/bgp
log-neighbor changes Command

Command Syntax
[no] log-neighbor-changes

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the log-neighbor-changes command to configure BGP to log neighbor changes.

tenant/logical-router/bgp
maximum-paths Command

Command Syntax
[no] maximum-paths

Command Mode
Tenant-lrouter-bgp submode

Command Description
For equal-cost multipath load balancing (ECMP), use the maximum-paths command to configure the maximum number of
paths to which a route can point.

Next Keyword Descriptions

<maximum-path-count>: Replace <maximum-path-count> with the maximum number of paths that BGP adds to the route
table.

tenant/logical-router/bgp
neighbor Command

Command Syntax
[no] neighbor <bgp-neighbor-name>

Big Switch Networks Confidential © Big Switch Networks 137

Big Cloud Fabric CLI Reference Guide

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the neighbor command to identify a BGP neighbor for the current tenant logical router and enter lrouter-bgp-neigh
submode, where you can configure various options related to BGP neighbors, such as filtering based on prefix lists.

Next Keyword Descriptions

<bgp-neighbor-name>: Replace <bgp-neighbor-name> with the name of a BGP neighbor for the current logical router.

config-tenant-lrouter-bgp-neigh Submode Commands

The following commands are available in this submode.
• apply: Apply inbound route map to this neighbor
• connect-time: Configure the connect timer for this neighbor
• description: Configure the description of this neighbor
• ebgp-ttl: Set the maximum number of hops to the eBGP neighbor
• hold-time: Configure the hold time for this neighbor
• maximum-prefix: Configure the maximum prefixes to accept from this neighbor
• neighbor-ip: Configure the IP address and remote AS for the BGP neighbor
• next-hop-self: Configure next-hop-self on neighbor
• password: Configure password for neighbor
• shutdown: Shutdown the BGP neighbor
• soft-reconfiguration: Initiate storage of inbound routing table updates from the neighbor
• update-source: Configure the source IP address to use while communicating with this neighbor

tenant/logical-router/bgp/neighbor
apply Command

Command Syntax
[no] apply prefix-list <prefix-lists-name> [in | out]

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the apply command to apply inbound prefix list to this neighbor.

Next Keyword Descriptions

prefix-list: Replace <prefix-list-name> with the name of the prefix list to apply.
in: Apply the prefix list to inbound routes.
out: Apply the prefix list to outbound routes.

138 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/bgp/neighbor
connect-time Command

Command Syntax
[no] connect-time <connect-time>

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the connect-time command to configure the connect timer for this neighbor.

Next Keyword Descriptions

<connect-time>: Replace <connect-time> with the number of seconds to wait before giving up on the connection request to
a BGP neighbor.

tenant/logical-router/bgp/neighbor
description Command

Command Syntax
[no] description <description>

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the description command to configure a text description of this neighbor.

Next Keyword Descriptions

<description>: An alphanumeric string to describe the BGP neighbor. If any special characters, space or quotes are included,
the string must the enclosed in either single (') or double quotes (").

tenant/logical-router/bgp/neighbor
ebgp-ttl Command

Command Syntax
[no] ebgp-ttl multihop <ebgp-multihop>

Command Mode
lrouter-bgp-neigh submode

Command Description
In most cases, eBGP peers are directly connected, and by default the time-to-live (TTL) value on an advertisement is set to
1. This TTL value assumes a single hop between eBGP peers. When eBGP peers are not directly connected, you can use the
ebgp-ttl command to change the TTL value to reflect the number of hops required for peers to reach each other through
the intermediary network.
In BCF, BGP messages originate from the controller and are forwarded through the tenant logical router. As a result, eBGP
multihop must be configured on each eBGP peer or the BGP packets will not reach the peer. The range of values allowed for
the TTL attribute in BCF is from 2 to 253.

Big Switch Networks Confidential © Big Switch Networks 139

Big Cloud Fabric CLI Reference Guide

Note: BCF cannot support eBGP packets coming in with TTL=1. You must configure multihop on all the eBGP peers
connecting to BCF, adding an additional hop to the actual number of hops between BCF and the BGP neighbor.
For eBGP peering, use the ebgp-ttl multihop command to indicate the number of hops between the BCF controller and
the eBGP neighbor. Note that the BCF tenant logical router is an intermediate hop, so you need to add 1 to the hop count
between BCF and the eBGP neighbor.

Command Examples
The following is an example for enabling a neighbor relationship with a directly connected eBGP peer.
controller-1# tenant Blue
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# bgp
(config-tenant-lrouter-bgp)# neighbor R2
(config-tenant-lrouter-bgp-neigh)# ebgp-ttl multihop 2

tenant/logical-router/bgp/neighbor
hold-time Command

Command Syntax
[no] hold-time <hold-time>

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the hold-time command to configure the hold timer for this neighbor. Hold-time is the time in seconds for which a
neighbor keeps the session active without receiving a BGP keep alive or update message. Both keep-alive and bgp update
messages reset this timer. Hold-time is exchanged in the BGP open message and the neighbors negotiate to the lower hold
time.

Next Keyword Descriptions

<hold-time>: Replace <hold-time> with the number of seconds during which a neighbor keeps the session active without
receiving a BGP keep alive or update message.

tenant/logical-router/bgp/neighbor
maximum-prefix Command

Command Syntax
[no] maximum-prefix <max-prefix-count>
[threshold <threshold>]
[restart <restart-interval> | warning-only]

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the maximum-prefix command to configure the maximum prefixes to accept from this neighbor. This command
configures the maximum number of prefixes to accept from the BGP neighbor <max-prefix-count>.

Next Keyword Descriptions

<max-prefix-count>: The maximum number of prefixes to accept from the BGP neighbor.

140 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

threshold <threshold>: When the Big Cloud Fabric BGP router receives the percentage of the maximum number set by the
threshold keyword, the session is terminated, unless the warning-only keyword is used, in which case only a warning is
generated.
restart <restart-interval>: Once the session is down, it will stay down until the session is cleared. The system tries to clear
and reconnect after the number of minutes specified by the restart keyword.
warning-only: When the threshold is exceeded the session is not shut down and only a warning is ussed.

tenant/logical-router/bgp/neighbor
neighbor-ip Command

Command Syntax
[no] neighbor-ip <bgp-neighbor-ip>

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the neighbor-ip command to assign an IP address for the BGP neighbor.

Next Keyword Descriptions

<bgp-neighbor-ip>: The IP address to assign to the BGP neighbor in dotted-decimal format.

Command Examples
controller-1(config-tenant-lrouter-bgp-neigh)#

tenant/logical-router/bgp/neighbor
next-hop-self Command

Command Syntax
[no] next-hop-self

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the next-hop-self command for the BCF tenant BGP neighbor if the BGP router is propagating BGP routes received from
its neighbor.Alternatively, provide an additional static route in BCF to make sure the received BGP next-hop is reachable
and programmed in the fabric-forwarding table.

tenant/logical-router/bgp/neighbor
password Command

Command Syntax
[no] password <cleartext>

Command Mode
lrouter-bgp-neigh submode

Big Switch Networks Confidential © Big Switch Networks 141

Big Cloud Fabric CLI Reference Guide

Command Description
Use the password command to configure a password for communication with the BGP neighbor. Use the no version of the
command to remove the password. The password is entered in cleartext but is stored and is displayed in the controller
running-config in MD5-hashed format. The hashed version of the password can be used to set the password in a different
controller or to restore the password to the original controller from a copy of the running config.
<<update>>
release-note:
password can be configured as clear text, it will take upto 80 chars. Once the password is configured, in show running
config, the password can only be show in hased format.
Hashed password can be configured as well,the usr can do:
password hashed 02272678
if special characters are needed, the password can be inserted in "" or ' ' or \ can be used to skip the special character.
For example:
To put ABC1234^!@#$%^&*()_+{}<>|~, usr can config:
password "ABC1234^!@#$%^&*()_+{}<>|~"

Next Keyword Descriptions

<cleartext>: Enter a cleartext password up to 80 characters that is requried to allow communication with the BGP neighbor.
A special character can be enclosed in single or double quotes ( "" or ' '). A backslash (\) can be used to skip the special
character.

tenant/logical-router/bgp/neighbor
shutdown Command

Command Syntax
[no] shutdown

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the shutdown command to shut down the BGP neighbor.

tenant/logical-router/bgp/neighbor
soft-reconfiguration Command

Command Syntax
[no] soft-reconfiguration

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the soft-reconfiguration command to Initiate storage of inbound routing table updates from the neighbor.

142 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/bgp/neighbor
update-source Command

Command Syntax
[no] update-source <ip-address>

Command Mode
lrouter-bgp-neigh submode

Command Description
Use the update-source command to configure the source IP address to use while communicating with the current neighbor.

tenant/logical-router/bgp
network Command

Command Syntax
[no] network <ip-subnet>

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the network command to specify an IP subnet to advertise via BGP.

Next Keyword Descriptions

<ip-subnet>: To identify the subnet that BGP advertises for the current logical router, replace <ip-subnet> with an an IP
address followed by a slash (/) and a decimal number between 0 and 31 to identify the number of bits in the network mask.

tenant/logical-router/bgp
preference Command

Command Syntax
[no] preference external-bgp <integer> | internal-bgp <integer>

Command Mode
Tenant-lrouter-bgp submode

Command Description
You can configure the learned route preference for eBGP and iBGP. for iBGP, and. The lower route preference is preferred,
but eBGP is always preferred over iBGP regardless of the configured route preference.

Next Keyword Descriptions

external-bgp <integer>: Replace <integer> with a value from 1 through 254. The default value is 20.
internal-bgp <integer>: Replace <integer> with a value from 1 through 254. The default value is 200.

Command Examples
The following commands configure 10 for the route preference for eBGP and 100 for the route preference for iBGP.
controller-1(config)# tenant red

Big Switch Networks Confidential © Big Switch Networks 143

Big Cloud Fabric CLI Reference Guide

controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# bgp
controller-1(config-tenant-lrouter-bgp)# preference external-bgp 10
controller-1(config-tenant-lrouter-bgp)# preference internal-bgp 100

This sets the preference of an external BGP route. Assigning a lower preference causes the route to be preferred.

tenant/logical-router/bgp
protocol-ip Command

Command Syntax
[no] protocol-ip <protocol-ip>

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the protocol-ip command to assign an IP address for the BGP speaker.

Next Keyword Descriptions

<protocol-ip>: Replace <protocol-ip> with the IP address of the BGP speaker, in dotted-decimial format.

tenant/logical-router/bgp
redistribute-connected Command

Command Syntax
[no] redistribute-connected

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the redistribute-connected command to redistribute connected interface subnets to BGP neighbors. This command
redistributes routes exported from the BCF system logical router or imported by the BCF tenant logical router.

tenant/logical-router/bgp
redistribute-ospf Command

Command Syntax
[no] redistribute-ospf <route-map>

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the redistribute-ospf command to redistribute OSPF routes to BGP neighbors

Next Keyword Descriptions

<route-map>: Enter the name of the route-map that identifies the routes to redistribute.

144 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/bgp
redistribute-static Command

Command Syntax
[no] redistribute-static

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the redistribute-static command to redistribute static routes to BGP neighbors.

tenant/logical-router/bgp
router-id Command

Command Syntax
[no] router-id <router-id>

Command Mode
Tenant-lrouter-bgp submode

Command Description
Use the router-id command to assign an IP address to use for Router ID of the BGP speaker. If this value is not specified
explicitly the IP address assigned to the Protocol IP is also used for the Router ID.

Next Keyword Descriptions

<router-id>: Replace <router-id> with the IP address of the BGP speaker, in dotted-decimial format.

tenant/logical-router/bgp
shutdown Command

Command Syntax
[no] shutdown

Command Mode
tenant-lrouter-bgp submode

Command Description
Use the shutdown command to disable the BGP protocol.

tenant/logical-router
description Command

Command Syntax
[no] description <description>

Command Mode
Tenant-lrouter submode

Big Switch Networks Confidential © Big Switch Networks 145

Big Cloud Fabric CLI Reference Guide

Command Description
Use the description command to associate a text description, enclosed in quotes, with the logical router for the current
tenant.

Next Keyword Descriptions

<description>: Alphanumeric characters, enclosed in quotes, describing the logical router for the current tenant.

Command Examples
controller-1(config-tenant-lrouter)# description “Red tenant logical router”

tenant/logical-router
interface Command

Command Syntax
[no] interface {tenant {<tenant>} | segment <segment>}

Note: the segment keyword is not used for the logical router on the system tenant. For other tenants, system is the only
valid value for <tenant>.

Command Mode
Tenant-lrouter-submode

Command Description
Use the interface command to define a logical interface on the logical router for the current tenant and to enter the
submode for the interface.

Next Keyword Descriptions

tenant <tenant>: Define an interface to a tenant and enter the lrouter-tenant-iface submode, from where you can shut
down the interface or enable an interface that was previously shutdown. The interface is enabled by default and a tenant
interface does not require assigning an IP address. For the system tenant, replace <tenant> with the user-defined tenant for
which you want to enable routing. For a user-defined tenant, replace <tenant> with the system keyword.
segment <segment>: This keyword is not used for the logical router of the system tenant. For other logical routers, define
an interface to a segment and enter the lrouter-seg-iface submode. The interface is enabled after you assign an IP address
and subnet mask in lrouter-seg-iface submode.

Command Examples
The following commands create the tenant interface on the system router to allow routing between the system tenant and
the Red tenant:
controller-1(config)# tenant system
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface tenant Red
controller-1(config-tenant-lrouter-tenant-iface)#

The following commands create the system interface on the logical router for the user-defined tenant, Red.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface tenant system
controller-1(config-tenant-lrouter-tenant-iface)#

The following commands create a segment interface on the logical router for the user-defined tenant, Red.
controller-1(config)# tenant Red

146 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface segment web
controller-1(config-tenant-lrouter-seg-iface)#

config-tenant-lrouter-seg-iface Submode Commands

The following commands are available in this submode.
• description: Configure the description of this interface
• dhcp-relay: Configure DHCP relay for this interface
• ip: Configure an IP subnet on the logical router interface
• ipv6-dns-server: Configure DNS server IPv6 address for the interface
• ipv6-domain-name: Configure IPv6 domain name to be advertised on the interface
• ipv6-link-local: Configure the IPv6 link local address of this interface
• ipv6-nd-managed: To enable managed mode address configuration
• ipv6-suppress-ra: To suppress RA on the interface segment
• origination: Configure the origination of this segment interface of the logical router
• private: Make the segment interface private to this tenant
• segment-group: (system use only) Marks the tenant interface with a group ID
• shutdown: Shutdown the logical router interface

Note: The lrouter-tenant-iface submode is similar to the seg-iface submode but the keywords and the effect of commands
differs depending on whether you are configuring the logical router for the system tenant or a user-defined tenant.

tenant/logical-router/interface/segment
description Command

Command Syntax
[no] description <description>

Command Mode
Lrouter-seg-iface submode

Command Description
Use the description command to associate a text description, enclosed in quotes, with the segment interface for the logical
router of a user-defined tenant. This command only applies to segment interfaces, and not to tenant interfaces.

Next Keyword Descriptions

<description>: Alphanumeric characters, enclosed in quotes, describing the segment interface on a logical router.

Command Examples
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface segment web
controller-1(config-tenant-lrouter-seg-iface)# description “Segment interface for web segment in Red
tenant”

Big Switch Networks Confidential © Big Switch Networks 147

Big Cloud Fabric CLI Reference Guide

tenant/logical-router/interface/segment
dhcp-relay Command

Command Syntax
[no] dhcp-relay address <dhcp-server-ip> [circuit-id <dhcp-circuit-id>]
[no] dhcp-relay agent-ip <agent-ip>

Command Mode
Lrouter-seg-iface submode

Command Description
If the DHCP server is not local to the Layer 2 segment where the host is physically connected, the DHCP request from the
host can be forwarded to the server using DHCP relay. BCF can be configured to provide DHCP relay service on any
segment. To enable DHCP relay on a segment, configure one or more DHCP server destination IP addresses where the DHCP
requests can be forwarded by the relay agent.
Use the dhcp-relay command to configure up to four DHCP servers for DHCP relay on the segment interface for any logical
segment. Enable DHCP relay on the segment interface where the DHCP request is seen.
Use the dhcp-relay agent-ip command to identify the source IP address to identify the relay agent. This configuration may
be important when you have multiple IP addresses assigned to the same segment. BCF automatically chooses the primary
IP as the DHCP relay agent source IP address, and the relay agent source address affects the subnet of the IP address
assigned to the requesting host by the DHCP server in the DHCP reply.

Note: The DHCP server identified with this command must be reachable based on the configured routes and policies in the
fabric.

Next Keyword Descriptions

<dhcp-server-ip>: Replace <dhcp-server-ip> with the IP address of the DHCP server.
circuit-id <dhcp-circuit-id>: Replace <dhcp-circuit-id with the circuit ID, as required to enable DHCP Option 82 for enhanced
security.

Command Examples
The following commands enable DHCP relay for the segment:
controller-1(config-tenant)# tenant dmz
controller-1(config-tenant-seg)# logical-router
controller-1(config-tenant-lrouter)# interface segment dmz-web
controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay server-ip 10.2.3.4

The following uses the circuit-id keyword with the DHCP server.
controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay server-ip 10.2.3.5 circuit-id abc
controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay server-ip 10.2.3.6 circuit-id def
controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay server-ip 10.2.3.7 circuit-id ghi

The circuit ID is used to enable DHCP option 82 for enhanced security.

The following example specifies the source IP (agent-ip) address of the DHCP relay agent.
The following example specifies the source IP address of the DHCP relay agent.
controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay agent-ip 10.1.1.1

If not specified, the controller uses an IP address that has been configured for the segment interface for the relay agent
source IP address.
The following example specifies the agent IP address to be used for relaying requests to a specific DHCP server.

148 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config-tenant-lrouter-seg-iface)# dhcp-relay server-ip 10.2.3.5 agent-ip 10.1.1.1 circuit-

id abc

The following example disables DHCP relay on an interface:

controller-1(config-tenant-lrouter-seg-iface)# no dhcp-relay server-ip 10.2.3.5

tenant/logical-router/interface/segment
ip address Command

Command Syntax
[no] ip address <ip-cidr> [no-autoconfig] [withdraw]

Command Mode
lrouter-seg-iface submode

Command Description
Use the ip command to assign an IP address and subnet mask to the current segment interface. The IP subnet assigned to
the interface can either be private or public. Private IP subnets are only reachable from the logical router for the same
tenant. Public IP subnets are potentially reachable from anywhere in the fabric. Public IP subnets cannot overlap with each
other. This command is available only on segment interfaces, not on tenant interfaces. Either an IPv4 or IPv6 subnet
address can be specified.

Next Keyword Descriptions

<ip-address>: Replace <ip-address> with the IP address and subnet mask to assign to the current segment interface, in
dotted-decimal format (nnn.nnn.nnn.nnn/nn) or string format (nn:nn:nn::nn/nn). Enter this command for each subnet you
want to add to the segment.
no-autoconfig : By default, this option is disabled, which allows setting the A flag of the advertised prefix in Router
Advertisements. This is applicable only to an IPv6 address prefix.When no-autoconfig is enabled, the IPv6 address prefix
cannot be used for address auto-configuration.
withdraw: By default, this option is disabled. When enabled, this specifies that the IPv6 address prefix is being withdrawn.
In other words, the prefix is being advertised with preferred and valid lifetimes set to 0 in Router Advertisements. This is
applicable only to an IPv6 address prefix.

Command Examples
The following command assigns IP address 192.168.110.1 to the web segment interface and to assign the subnet mask
255.255.255.0:
controller-1(config)# tenant Red
controller-1(config-tenant-seg)# logical-router
controller-1(config-tenant-lrouter)# interface segment R-Web
controller-1(config-tenant-lrouter-seg-iface)# ip address 192.168.110.1/24

The subnet ID for the segment is derived by applying the subnet mask to the interface address, so in this example, the
subnet ID 192.168.110.0 is assigned to the R-Web segment.

The following command assigns IP address 2001:1234::1 to the production segment interface with a prefix length of 64:
controller-1(config)# tenant Red
controller-1(config-tenant-seg)# logical-router
controller-1(config-tenant-lrouter)# interface segment R-Prod
controller-1(config-tenant-lrouter-seg-iface)# ip address 2001:1234::1/64

The subnet ID for the segment is derived by applying the subnet mask to the interface address, so in this example, the
subnet ID 2001:1234::1 is assigned to the R-Prod segment.

Big Switch Networks Confidential © Big Switch Networks 149

Big Cloud Fabric CLI Reference Guide

config-tenant-lrouter seg-iface-ip Submode Commands

The following commands areip available in this submode.
• description: Configure the description of this interface ip subnet
• directed-broadcast: Enable directed broadcast for the current segment interface.
• origination: Configure the origination of this segment interface ip subnet (for system use only)
• virtual-ip: Configure the virtual IP for this segment interface IP subnet

tenant/logical-router/interface/segment/ip
description Command

Command Syntax
[no] description <text>

Command Mode
Tenant-lrouter seg-iface-ip submode

Command Description
Use the description command to record information about the current segment interface.

tenant/logical-router/interface/segment/ip
directed-broadcast Command

Command Syntax
[no] directed-broadcast

Command Mode
Tenant-lrouter seg-iface-ip submode

Command Description
Use the directed-broadcast command to enable directed broadcast for the current segment interface. Directed broadcast
lets you send broadcast packets targeted to the hosts in a specific destination subnet. The goal is to send a packet that is
broadcast only in the target subnet and not the entire network. This feature helps perform remote administration and
application tasks, such as backups and wake-on-LAN (WOL).
Directed broadcast packets traverse the network in the same way as unicast IP packets until they reach the destination
subnet. When they reach the destination subnet and directed broadcast is enabled on the receiving logical router, the
directed broadcast packet is flooded (broadcast) on the target subnet. All hosts on the target subnet receive the directed
broadcast packet.

tenant/logical-router/interface/segment/ip
virtual-ip Command

Command Syntax
[no] virtual-ip <virtual-ip> [mac <mac-address>]

Command Mode
Tenant-lrouter seg-iface-ip submode

150 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
When a segment is extended between BCF pods and a VM moves from one pod to another, the default gateway of the VM
must be updated or the VM will use the remote router as the default gateway and traffic that could have been routed
locally on the pod will hairpin across pods.
To avoid manually updating the default gateway when a VM moves between pods, use the virtual-ip command to define a
single virtual IP address for the segment on both pods. This virtual IP is used as the default gateway by endpoints on both
pods. When endpoints ARP for the virtual IP address, instead of replying with the fabric MAC of the regular segment
interface IP address, the switches reply with the MAC address associated with the virtual IP. The pods never learn this MAC
address as an endpoint.
This feature is supported for both IPv4 and IPv6. You can configure a virtual IP for each IP subnet under the segment
interface.

Next Keyword Descriptions

<virtual-ip>: Specify the IP address on the extended segment. Associate a virtual IP address with a MAC address that can be
used as a common default gateway for endpoints on segments extended using VXLAN.
mac <mac-address>:: Optionally, associate the virtual IP with a fixed MAC address. If you do not explicitly define a MAC
address for the virtual IP, the MAC address used is 5c:16:c7:FF:FF:02. This default MAC is the same for all pods and all
virtual IPs.

Command Examples
The following examples show the configuration required on two BCF pods with a common segment extended through
VXLAN.
On BCF POD1:
controller-1(config)# tenant A
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface segment 1
controller-1(config-tenant-lrouter-seg-iface)# ip
controller-1(config-tenant-lrouter-seg-iface-ip)# ip address 10.1.1.1/24
controller-1(config-tenant-lrouter-seg-iface-ip)# virtual-ip 10.1.1.254 mac 00:11:22:33:44:55

On BCF POD2:
controller-1(config)# tenant A
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface segment 1
controller-1(config-tenant-lrouter-seg-iface)# ip
controller-1(config-tenant-lrouter-seg-iface-ip)# ip address 10.1.1.2/24
controller-1(config-tenant-lrouter-seg-iface-ip)# virtual-ip 10.1.1.254 mac 00:11:22:33:44:55

The difference in the configuration on each pod is that the virtual IP address is assigned to segment interfaces with unique
IP addresses (10.1.1.1 and 10.1.1.2 in this example) on each pod.

tenant/logical-router/interface/segment
ipv6-dns-server

Command Syntax
[no] ipv6-dns-server <ip-address> [{withdraw}]

Command Mode
lrouter-seg-iface submode

Big Switch Networks Confidential © Big Switch Networks 151

Big Cloud Fabric CLI Reference Guide

Command Description
Use the ipv6-dns-server command to configure a DNS server IPv6 address for this interface. Use this command to add or
remove the DNS Server IPv6 address that is advertised through IPv6 router advertisements.

Next Keyword Descriptions

ip-address: DNS Server IPv6 address of this logical router interface
withdraw: Withdraws an earlier advertised DNS server address. In other words, the DNS server IP address is advertised with
a lifetime of 0 in Router advertisements (RAs).

Command Examples
The following command adds the DNS Server IP that is advertised through IPv6 router advertisements for name resolution.
controller-1(config-tenant-lrouter-seg-iface)# ipv6-dns-server 2001:abc:def:1234::1

The following command removes the DNS Server IP from IPv6 router advertisements.
controller-1(config-tenant-lrouter-seg-iface)# no ipv6-dns-server 2001:abc:def:1234::1

tenant/logical-router/interface/segment
ipv6-domain-name

Command Syntax
[no] ipv6-domain-name <name> [{withdraw}]

Command Mode
lrouter-seg-iface submode

Command Description
Use the ipv6-domain-name command to add or remove the IPv6 domain name to be advertised on the interface.

Next Keyword Descriptions

<name>: IPv6 domain name to be advertised on this segment interface. The domain name is up to 253 characters in length,
consisting of letters, digits and hyphen.
withdraw: By default, this option is disabled. When enabled, this specifies that the IPv6 domain name is being withdrawn. In
other words, the domain name is being advertised with preferred and valid lifetimes set to 0 in Router Advertisements. This
is applicable only to an IPv6 address prefix.

Command Examples
The following command adds the domain name that is adveritsed through IPv6 router advertisements.
controller-1(config-tenant-lrouter-seg-iface)# ipv6-domain-name helloworld.com

The following command removes the domain name from IPv6 router advertisements.
controller-1(config-tenant-lrouter-seg-iface)# no ipv6-domain-name helloworld.com

tenant/logical-router/interface/segment
ipv6-link-local

Command Syntax
[no] ipv6-link-local <link-local>

152 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
lrouter-seg-iface submode

Command Description
Use the ipv6-link-local command to configure the IPv6 link local address of this interface.

Next Keyword Descriptions

<link-local>: Enter the link local address for the interface

tenant/logical-router/interface/segment
ipv6-nd-managed

Command Syntax
[no] ipv6-nd-managed

Command Mode
lrouter-seg-iface submode

Command Description
Use the ipv6-nd-managed command to enable managed mode address configuration on this interface. Use this command
to indicate whether the address autoconfiguration in a given segment interface of the logical router is managed or not. In
managed mode, endpoints may get IPv6 Addresses assigned through external DHCPv6 servers. In non-managed mode,
endpoints may auto-configure their IP addresses. This configuration helps setting the M flag in router advertisements.

tenant/logical-router/interface/segment
ipv6-suppress-ra

Command Syntax
[no] ipv6-suppress-ra

Command Mode
lrouter-seg-iface submode

Command Description
Use the ipv6-suppress-ra command to suppress RA on the interface segment. Use this command to suppress router
generated periodic IPv6 router advertisements.

tenant/logical-router/interface
origination Command

Command Syntax
[no] origination <description>

Command Mode
lrouter-seg-iface or lrouter-tenant-iface submode

Command Description
Use the origination command to identify the source of the logical router configuration.

Big Switch Networks Confidential © Big Switch Networks 153

Big Cloud Fabric CLI Reference Guide

tenant/logical-router/interface
private Command

Command Syntax
[no] private

Command Mode
lrouter-seg-iface or lrouter-tenant-iface submode

Command Description
Use the private command to prevent traffic from being routed to or from the current segment. Traffic on the segment
attached to this interface is not routed outside the tenant.

Note: In BCF Release 4.2.0, the private command applies only to IPv4 segments and is not applicable to IPv6 segments.

tenant/logical-router/interface
segment-group Command

Command Syntax
[no] segment-group <openstack-project>

Command Mode
lrouter-seg-iface

Command Description
The segment-group command is used only by the system when BCF is integrated with OpenStack to automatically identify
the group ID of a virtual-switch only segment. This group ID is part of the configuration required to support multiple
OpenStack project routers.

tenant/logical-router/interface
shutdown Command

Command Syntax
[no] shutdown

Command Mode
lrouter-seg-iface or lrouter-tenant-iface submode

Command Description
Use the shutdown command to disable a logical interface for the current logical router. Use the no shutdown command to
re-enable an interface that was previously shut down. This command is available for both segment interfaces and tenant
interfaces.

Command Examples
The following command shuts down the web segment interface on the logical router for the Red tenant.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface segment web
controller-1(config-tenant-lrouter-seg-iface)# shutdown

154 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

The following command shuts down the Red tenant interface on the logical router for the system tenant.
controller-1(config)# tenant system
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# interface tenant Red
controller-1(config-tenant-lrouter-tenant-iface)# shutdown

config-tenant-lrouter-tenant-iface Submode Commands

The lrouter-tenant-iface submode is similar to the seg-iface submode, but the keywords and the effect of commands differs
depending on whether you are configuring the logical router for the system tenant or a user-defined tenant. The following
commands are available in this submode.
• export-route: Export routes to the remote router
• import-route: Import routes from the remote router
• origination: Configure the origination of this tenant interface of the logical router
• shutdown: Shutdown the logical router interface

tenant/logical-router/tenant/interface
export-route Command

Command Syntax
[no] export-route

Command Mode
lrouter-tenant-iface submode

Command Description
Use the export-route command to export routes from the system tenant to the tenant connected to the current interface. If
you enter this command when the current tenant is not the system tenant, the following error message is displayed: Error:
Validation failed: Configuring export-route is not supported on a user tenant router interface. Connected routes are
redistributed to system router by default.

tenant/logical-router/tenant/interface
import-route Command

Command Syntax
[no] import-route

Command Mode
lrouter-tenant-iface submode

Command Description
Use the import-route command to import routes from the system tenant to the current tenant. If you enter this command
when the current tenant is the system tenant, the following error message is displayed: Error: Validation failed: The system
router does not support import-route.

Big Switch Networks Confidential © Big Switch Networks 155

Big Cloud Fabric CLI Reference Guide

tenant/logical-router
nat-profile Command

Command Syntax
nat-profile <profile-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the nat-profile command to enter nat-profile submode, where you can configure network address translation (NAT)
and port address translation (PAT) configuration. The NAT profile represents a NAT container, or logical NAT device, which
runs on a virtual switch (vleaf) running Switch Light OS. The NAT profile is used as the next hop for traffic that requires
address translation.

Next Keyword Descriptions

<profile-name>: Enter an identifying name for the NAT profile.

Command Examples
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# nat-profile myprofile
controller-1(config-tenant-lrouter-nat)#

config-tenant-lrouter-nat Submode Commands

The following commands are available in this submode.
• description: Configure a description for the nat profile
• floating-ip: Configure a new floating IP address
• origination: Configure the origination of the nat profile
• port-address-translation: Enter the port address translation configuration submode
• public-segment: Configure the segment the public side of the NAT belongs to

tenant-lrouter-nat
floating-ip Command

Command Syntax
[no] floating-ip <ip-address>

Command Mode
tenant-lrouter-nat submode

Command Description
Use the floating-ip command to configure a floating IP address for the current NAT profile. The floating IP is used for one-
to-one network address translation with a private IP address. Defining a floating IP enters config-tenant-lrouter-nat-flip
submode, where you can complete the configuration required for NAT.

Next Keyword Descriptions

<ip-address>: The IP address to assign as a floating address in dotted-decimal format (nnn.nnn.nnn.nnn).

156 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config-tenant-lrouter)# nat-profile myprofile
controller-1(config-tenant-lrouter-nat)# floating-ip 192.168.1.1

tenant-lrouter-nat-flip Submode Commands

The following commands are available in this submode.
• description: Configure the description of this floating IP
• origination: Configure the origination of the floating ip
• private-ip: Configure the private IP address mapped to this floating IP
• public-mac: Configure the public MAC address mapped to this floating IP

tenant-lrouter-nat-floating-ip
description Command

Command Syntax
[no] description <text>

Command Mode
tenant-lrouter-nat-flip submode

Command Description
Use the description command to enter a text description explaining the role of the current floating IP configuration.

Next Keyword Descriptions

<text>: A text description explaining the role of the current floating IP configuration.

tenant-lrouter-nat-floating-ip
origination Command

Command Syntax
[no] origination <text>

Command Mode
tenant-lrouter-nat-flip submode

Command Description
The origination command is used during integration with OpenStack to identify the source of the current floating IP. This
command is not used for manual floating IP configuration.

Next Keyword Descriptions

<text>: A system-generated text description explaining the origin of the floating IP.

tenant-lrouter-nat-floating-ip
private-ip Command

Command Syntax
[no] private-ip <internal-ip>/<cidr>

Big Switch Networks Confidential © Big Switch Networks 157

Big Cloud Fabric CLI Reference Guide

Command Mode
tenant-lrouter-nat-flip submode

Command Description
Use the private-ip command to identify the private IP address to which NAT is applied for translating to the current floating
IP.

Next Keyword Descriptions

<internal-ip>: An IP address, in dotted-decimal format assigned to an endpoint in the current tenant that is to be mapped to
the floating IP for communicating with external networks.
<cidr>: The number of bits in the subnet mask of the internal IP address.

tenant-lrouter-nat-floating-ip
public-mac Command

Command Syntax
[no] public-mac <mac-address>

Command Mode
tenant-lrouter-nat-flip submode

Command Description
Use the public-mac command to assign an arbitrary, but unique MAC address to the current floating IP.

Next Keyword Descriptions

<mac-address>: An arbitrary, but unique MAC address, assigned to the current floating IP. This 48-bit address is expressed
as a series of six pairs of hexadecimal digits, such as 22:22:22:22:22:22 .

tenant-lrouter-nat
origination Command

Command Syntax
origination <text>

Command Mode
tenant-lrouter-nat submode

Command Description
The origination command is used by the system to automatically generate an identifier that specifies the source of the
system-generated configuration.

Command Examples
controller-1(config-tenant-lrouter-nat)# port-address-translation
controller-1(config-tenant-lrouter-nat-pat)#

158 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant-lrouter-nat
port-address-translation Command

Command Syntax
[no] port-address-translation

Command Mode
Tenant-lrouter-nat submode

Command Description
Use the port-address-translation command to enter the config-tenant-lrouter-nat-pat submode, where a public IP address,
use for mapping to the endpoints in a tenant, can be defined.

Command Examples
controller-1(config-tenant-lrouter-nat)# port-address-translation
controller-1(config-tenant-lrouter-nat-pat)#

config-tenant-lrouter-nat-pat Submode Commands

A single command is available in this submode.

tenant-lrouter-nat-pat
public-ip Command

Command Syntax
[no] public-ip <ip-address>

Command Mode
tenant-lrouter-nat-pat submode

Command Description
Use the public-ip command to configure the public IP address mapped to this NAT profile. The public IP address is used for
mapping to the private IP addresses assigned to endpoints the current tenant.

Next Keyword Descriptions

<ip-address>: The IP address to assign as a public address for the current NAT profile in dotted-decimal format
(nnn.nnn.nnn.nnn).

Command Examples
controller-1(config-tenant-lrouter-nat)# port-address-translation
controller-1(config-tenant-lrouter-nat-pat)# public-ip 10.11.12.13

tenant-lrouter-nat
public-segment Command

Command Syntax
[no] public-segment tenant <tenant> segment <segment>

Big Switch Networks Confidential © Big Switch Networks 159

Big Cloud Fabric CLI Reference Guide

Command Mode
tenant-lrouter-nat submode

Command Description
Use the public-segment command to configure the segment used for the public network used with NAT or PAT. Define a
membership rule for this segment that includes the interface to the core router for connecting the Big Cloud Fabric to
external networks.

Next Keyword Descriptions

tenant <tenant>: Replace <tenant> with the name of the external tenant to use for the current NAT profile.
segment <segment>: Replace <segment> with the name of the external segment to use for the current NAT profile.

tenant/logical-router
next-hop-group Command

Command Syntax
[no] next-hop-group <group-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the next-hop-group command to identify one or more IP addresses to add to a group that can be used as the next hop
for a policy list entry or a static route. When multiple IP addresses are added to a group, the controller uses equal-cost
multi-path routing (ECMP) to load balance among the paths.
Use the next-hop-group command to define a next hop group and to enter the lrouter-nh-group submode, from where you
can add destination IP addresses to the group.

Next Keyword Descriptions

<group-name>: Name of the next hop group

Command Examples
controller-1(config-tenant-lrouter)# next-hop-group external
controller-1(config-tenant-lrouter-nh-group)#

config-tenant-lrouter-next-hop-group Submode Commands

The following commands are available in this submode.
• description: Configure the description of this next-hop-group
• ip: Add an IP address to the next hop group
• origination: Configure the origination of this next-hop-group

tenant/logical-router/next-hop-group
ip Command

Command Syntax
[no] ip <ip-address>

160 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Lrouter-nh-group submode

Command Description
Use the ip command in lrouter-nh-group submode to add one or more destination IP addresses to the group for use as the
next-hop on a route or in a policy list applied to a logical router.

Next Keyword Descriptions

<ip-address>: IP address of the next-hop destination interface in dotted decimal format (nnn.nnn.nnn.nnn)

Command Examples
The following commands assign two IP addresses as members of the external ECMP group.
controller-1(config-tenant-lrouter)# next-hop-group external
controller-1(config-tenant-lrouter-nh-group)# ip 192.168.17.1
controller-1(config-tenant-lrouter-nh-group)# ip 192.168.18.1

The following commands assign two IPv6 addresses as members of the external2 ECMP group.
controller-1(config-tenant-lrouter)# next-hop-group external2
controller-1(config-tenant-lrouter-nh-group)# ip 2001:1234::1
controller-1(config-tenant-lrouter-nh-group)# ip 2001:1234::2

tenant/logical-router
origination Command

Command Syntax
[no] origination <text>

Command Mode
tenant-lrouter submode

Command Description
The origination command is used during integration with OpenStack to identify the source of the current logical router. This
command is not used for manual floating IP configuration.

Next Keyword Descriptions

<text>: A system-generated text description explaining the origin of the logical router configuration.

tenant/logical-router
ospf Command

Command Syntax
ospf

Command Mode
Tenant-lrouter submode

Command Description
Use the ospf command to configure OSPF for the current logical router. OSPF is enabled by default.

Big Switch Networks Confidential © Big Switch Networks 161

Big Cloud Fabric CLI Reference Guide

config-tenant-lrouter-ospf Submode Commands

The following commands are available in this submode.
• apply: Apply a route-map for inbound routes to this logical router.
• log-neighbor-changes: Enable logging for neighbor changes
• ospf-interface: Configure OSPF parameters for the segment.
• redistribute-bgp: Redistribute static routes to OSPF neighbors
• redistribute-connected: Redistribute connected interface subnets to OSPF neighbors
• redistribute-static: Redistribute static routes to OSPF neighbors
• router-id : Configure the OSPF router identifier

tenant/logical-router/ospf
apply Command

Command Syntax
apply

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the apply to command to apply a route-map for inbound routes to this logical router.

tenant/logical-router/ospf
log-neighbor-changes Command

Command Syntax
log-neighbor-changes

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the log-neighbor-changes command to enable logging for neighbor changes.

tenant/logical-router/ospf
ospf-interface Command

Command Syntax
ospf-interface segment <segment>

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the ospf-interface segment command followed by the segment where OSPF is connected to enter the config-tenant-
lrouter-ospf-seg-iface submode.

Command Examples
controller-1(config-tenant-lrouter-ospf)# ospf-interface segment test
controller-1 (config-tenant-lrouter-ospf-seg-iface)#

162 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

config-tenant-lrouter-ospf Submode Commands

The following commands are available in this submode.
• area : Configure OSPF Area ID for this interface segment
• cost: Assign a cost to the segment that determines the priority of the path
• dead-interval: Configure the dead interval for the OSPF neighbor
• hello-interval: Configure the hello interval for the OSPF neighbor

tenant/logical-router/ospf/ospf-interface
area Command

Command Syntax
area

Command Mode
Tenant-lrouter-ospf-seg-iface submode

Command Description
Use the area command to configure OSPF Area ID for this interface segment.

tenant/logical-router/ospf/ospf-interface
cost Command

Command Syntax
cost <value>

Command Mode
Tenant-lrouter-ospf-seg-iface submode

Command Description
Use the cost command to specify the cost of the path. The lower cost path is the preferred path.

Next Keyword Descriptions

<value>: Enter an integer between 1 and 65535 to set a cost for the path. The lower cost path is the preferred path.

tenant/logical-router/ospf/ospf-interface
dead-interval Command

Command Syntax
dead-interval

Command Mode
Tenant-lrouter-ospf-seg-iface submode

Command Description
Use the dead-interval command to configure the dead interval for the OSPF neighbor.

Big Switch Networks Confidential © Big Switch Networks 163

Big Cloud Fabric CLI Reference Guide

tenant/logical-router/ospf/ospf-interface
hello-interval Command

Command Syntax
hello-interval

Command Mode
Tenant-lrouter-ospf-seg-iface submode

Command Description
Use the hello-interval command to configure the hello interval for the OSPF neighbor.

tenant/logical-router/ospf
redistribute-bgp Command

Command Syntax
redistribute-bgp

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the redistribute-bgp command to redistribute static routes to OSPF neighbors.

tenant/logical-router/ospf
redistribute-connected Command

Command Syntax
redistribute-connected

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the redistribute-connected command to redistribute connected interface subnets to OSPF neighbors.

tenant/logical-router/ospf
redistribute-static Command

Command Syntax
redistribute-static

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the redistribute-static command to redistribute static routes to OSPF neighbors.

164 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/logical-router/ospf
router-id Command

Command Syntax
router-id

Command Mode
Tenant-lrouter-ospf submode

Command Description
Use the router-id command to configure the OSPF router identifier.

tenant/logical-router
policy-list Command

Command Syntax
[no] policy-list <policy-list-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the policy-list command to define a policy list and to enter the policy-list submode, where you define each entry in the
policy list. A policy list is similar to an access control list (ACL) in a traditional network.

Next Keyword Descriptions

<policy-list-name>: Alphanumeric characters that provide a name for the policy list.

Command Examples
controller-1(config-tenant-lrouter)# policy-list external
controller-1(config-tenant-lrouter-policy-list)# policy-list external

config-tenant-lrouter-policy-list Submode Commands

The following commands are available in this submode.
• <rule number>: Add a rule to the policy list and log all matching traffic
• description: Configure the description of this policy list
• origination: Configure the origination of the policy list

tenant/logical-router/policy-list
<rule-number> Command

Command Syntax

[no] <rule number>

{{{permit | deny}
{{[proto {{udp | icmp | tcp} | <ip-protocol>}] [segment-interface <segment-interface-name> | tenant-
interface <tenant-interface-name>] {any | tenant <tenant-name> [segment <segment-name>] | {<src-ip-cidr>
| <src-ip-cidr>}} [port <src-l4-port>] to {any | tenant <tenant-name> [segment <segment-name>] | {<dst-
ip-cidr> | <dst-ip-cidr>}} [port <dst-l4-port>]}} |

permit {{[proto {{udp | icmp | tcp} | <ip-protocol>}] [segment-interface <segment-interface-name> |

Big Switch Networks Confidential © Big Switch Networks 165

Big Cloud Fabric CLI Reference Guide

tenant-interface <tenant-interface-name>] {any | tenant <tenant-name> [segment <segment-name>] | {<src-

ip-cidr> | <src-ip-cidr>}} [port <src-l4-port>] to {any | tenant <tenant-name> [segment <segment-name>]
| {<dst-ip-cidr> | <dst-ip-cidr>}} [port <dst-l4-port>]} {{next-hop {tenant <tenant-interface-name>
[next-hop-group <next-hop-group-name>] | nat-profile <nat-profile-name> |
next-hop-group <next-hop-group-name>}}}}} [ethtype {ipv4 | ipv6}] [{log}]}

system only:
auto-gen-segment-group-policy

Command Mode
Lrouter-policy-list submode

Command Description
To add a policy list entry, in lrouter-policy-list submode, type a number followed by the criteria to use for matching traffic
and specify the action to take (deny or permit). You can also optionally add a next-hop destination for permitted traffic.
Every policy list ends with an implicit deny; therefore, when you apply a policy list to the specified interface on a logical
router, all traffic on that interface is dropped unless entries specifically permit it. A policy rule can have IPv4 or IPv6 based
configuration for classifying traffic.

Next Keyword Descriptions

isolate-segment-group: For supporting multiple OpenStack project routers. This option generates ACLs to make sure traffic
can be forwarded only from interfaces belonging to the same segment group using a nat profile as the next hop.
permit: route matching traffic toward its destination based on the rules in the routing table for the current interface.
deny: drop matching traffic.
proto: Use this keyword to match traffic from a source using the ICMP, TCP, or UPD protocols. Use this keyword with the
port keyword to specific the specific protocol port number for TCP and UDP.
port: Use this keyword with the proto keyword to identify the specific TCP or UDP protocol port number used by the source
application.
tenant-interface <source-interface>: Use this keyword to specify traffic only from a specific tenant.
segment-interface <source-interface>: Use this keyword to specify traffic only from a specific segment.
<ip-cidr>: Replace this with the source IP address in dotted decimal format (nnn.nnn.nnn.nnn./nn) such as,
192.168.17.0/24. The bits in the host portion of the address are set to zero (0).
any: Use this keyword if you want to match on all traffic regardless of the traffic source.
next-hop <next-hop-group>: Use this keyword to identify the next hop for permitted traffic. Replace <next-hop-group> with
the name of a group configured using the next-hop-group command.
ethtype {ipv4 | ipv6: Use this keyword to apply the rule to IPv4 or IPv6 traffic. By default, the policy applies to either type of
traffic.
log: Use this keyword to create a log entry each time a traffic packet matches a policy list entry.

Command Examples
The following entry (20) is applied after entry 10, assuming that rule exists in the same policy list, and applies only to ingress
traffic on the web segment interface. The entry permits HTTP (port 80) traffic to the web segment from the Red tenant app
segment. Unless additional entries are applied to the web segment interface, other types of ingress traffic are dropped.
controller-1(config-tenant-lrouter-policy)# 20 permit proto tcp segment-interface R-web tenant Red
segment R-app port 80 to any
controller-1(config-tenant-lrouter-policy)# show this
! tenant
tenant Red
logical-router

166 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

policy-list Rweb-pol1
20 permit proto tcp segment-interface R-web tenant Red segment app port 80 to any
controller-1(config-tenant-lrouter-policy)#

tenant/logical-router
prefix-list Command

Command Syntax
prefix-list <list-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the prefix-list command to add a BGP prefix list entry, which can be used to control the routes advertised to BGP
neighbors by the Big Cloud Fabric BGP logical router. After you name the prefix list, the CLI enters lrouter-prefix submode,
where you can add rules to the prefix list or configure a text description of the prefix list.

Next Keyword Descriptions

<list-name>: Enter a name for the prefix list.

Command Examples
controller-1(config-tenant-lrouter)# prefix-list mylist
controller-1(config-tenant-lrouter-prefix)#

config-tenant-lrouter-prefix Submode Commands

The following commands are available in this submode.
• <rule number>: Add a prefix rule to the prefix list
• description: Configure the description of this prefix list

tenant/logical-router/prefix-list
<rule number> Command

Command Syntax
[no] <rule-number> { deny | permit } <ip-subnet> [le <prefix-length>]
[ge <prefix-length>]

Command Description
To add a prefix list entry, in lrouter-prefix-list submode, type a number, specify the action to take (deny or permit), and
identify the subnetwork to which the action applies. This action determines whether the route matching the entry is
advertised (permit) or not (deny) to the BGP neighbors defined for the Big Cloud Fabric BGP logical router.

Command Mode
Tenant-lrouter-prefix submode

Next Keyword Descriptions

exclude | include: To advertise the route matching the current entry, use the permit keyword. To hide the route, use the
deny keyword.
<ip-subnet>: Replace <ip-subnet> with the IP subnetwork in dotted-decimal format.
le <prefix-length>:Exclude or include routes less than or equal to the specified length.

Big Switch Networks Confidential © Big Switch Networks 167

Big Cloud Fabric CLI Reference Guide

ge <prefix-length>: Exclude or include routes greater than or equal to the specified length.

tenant/logical-router/prefix-list
description Command

Command Syntax
[no] description <description>

Command Description
Use the description command to provide a meaningful text description of the current BGP prefix list.

Command Mode
Tenant-lrouter-prefix submode

Next Keyword Descriptions

<description>: A text description of the current BGP prefix list.

tenant/logical-router
qos-classifier-list Command

Command Syntax
[no] qos-classifier-list <list-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the qos-classifier-list command to enter config-tenant-lrouter-qos-classifier submode where you can define a QoS
classifier list, which can be used to assign traffic classes to traffic matching specific criteria.

Next Keyword Descriptions

<list-name>: Enter a QoS classifier list name.

Command Examples
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# qos-classifier-list myqoslist
controller-1(config-tenant-lrouter-qos-classifier)#

tenant-lrouter-qos-classifier Submode Commands

A single command is available in this submode.

Note: This submode is available only when the fabric forwarding mode is set to high-scale.

tenant/logical-router
qos-classifier-list <rule-number> Command
[no] <rule number> {[proto {{icmpv6 | udp | icmp | tcp | igmp} | <ip-protocol>}]

[segment-interface <segment-name > | tenant-interface <tenant-name>] {any |

{<src-ip-cidr> | <src-ip-cidr>}} [port <src-l4-port>] to {any |

168 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

{<dst-ip-cidr> | <dst-ip-cidr>}} [port <dst-l4-port>] [ethtype {ipv4 | ipv6}]

traffic-class {traffic-class-0 | traffic-class-1 | traffic-class-2 | traffic-class-3 | unchanged}}

Command Description
Use the <rule-number> command to add a QoS classifier list entry in lrouter-qos-classifier-list submode. Type a sequence
number followed by the criteria to use for matching traffic and specify the traffic class. You can choose to keep the traffic
class unchanged, which will keep the default traffic class for flows matching this classifier rule.
Every rule in a QoS classifier list must have a unique sequence number. When a classifier list is applied to a logical router,
the rules are applied in ascending order of their rule numbers and the first matching rule is used. The rule numbers can be
within a range of 1 to 14,000. A rule with rule-number 1 is the highest priority rule.
Every classifier rule consists of a traffic class and a match criteria. The match criteria consists of an optional logical router
interface match, a source qualifier, a destination qualifier, an optional ether type and an optional IP protocol.
A qualifier can specify an IP cidr along with a L4 port number for TCP or UDP traffic. Use the any keyword in a qualifier to
match all traffic. When a tenant or a segment interface is specified, the classifier rule only matches traffic incoming from
that interface the the logical router where the QoS classifier list is applied.
When you apply a QoS classifier list to a logical router and the flow does not match any rule in the classifier list, the traffic
class of the flow remains unchanged from the original QoS classification.
To remove a classifier rule use the no form of the command.

Next Keyword Descriptions

proto icmpv6 | udp | icmp | tcp | igmp} | <ip-protocol>: Identify the protocol to match for the incoming packets.
segment-interface <segment-name >: Identify the source segment interface.
tenant-interface <tenant-name>: Identify the source tenant interface.
any: match on all interfaces
<src-ip-cidr> | <src-ip-cidr> [port <src-l4-port>] to: Source Ipaddress and subnet mask and port number to match. Specify
the number of bits in the subnet mask in dotted decimal notation (nnn.nnn.nnn.nnn/nn) or string notation
(nnnn:nnnn::/nn) for example, 192.168.17.0/24 or 2001:1234::/64. Use zeros to represent the bits that are used by the
host portion of the address.
any: Match all sources addresses.
<dst-ip-cidr> | <dst-ip-cidr>}} [port <dst-l4-port>] [ethtype {ipv4 | ipv6}: Destination IP address, subnet mask, port number
and ethtype to match. Specify the number of bits in the subnet mask in dotted decimal notation (nnn.nnn.nnn.nnn/nn) or
string notation (nnnn:nnnn::/nn) for example, 192.168.17.0/24 or 2001:1234::/64. Use zeros to represent the bits that are
used by the host portion of the address.
traffic-class traffic-class-0 | traffic-class-1 | traffic-class-2 | traffic-class-3 | unchanged: Traffic class to apply to matching
traffic. Use the unchanged action to keep the default traffic class for matching traffic.

Command Examples
The following commands create a rule to match all traffic and apply traffic class 1.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# qos-classifier-list myqoslist
controller-1(config-tenant-lrouter-qos-classifier)# 10 any to any traffic-class traffic-class-1

The following command creates a rule that leaves the traffic class unchanged for matching traffic.
20 20.0.0.0/16 to any port 80 proto tcp traffic-class unchanged

Big Switch Networks Confidential © Big Switch Networks 169

Big Cloud Fabric CLI Reference Guide

The following command creates a rule that is applied on traffic coming in from a segment interface.
10 segment-interface A1 10.0.0.0/16 port 1234 to 20.0.0.0/16 traffic-class traffic-class-1

The following command deletes rule entry #10 from the current QoS classifier list.
no 10

tenant/logical-router
route Command

Command Syntax
[no] route <dest-net/cidr> [discard | {next-hop {nat-profile <profile-name> | tenant <tenant-name>
[<next-hop-group>] | <next-hop-group> }} [preference <integer>]

Command Mode
Tenant-lrouter submode

Command Description
Use the route command to define a static route, including the default route, for a logical router. Routing is allowed by
default between segments within a tenant. Static routes are required to allow routing between tenants. Also, define static
routes for devices and networks external to the Big Cloud Fabric.

Note: To remove a static route, use the no keyword with the entire static route configuration.

Next Keyword Descriptions

no: To remove a route, use the no keyword with the complete route configuration.

<dest-ip-cidr>: Replace <dest-ip-cidr> with the destination network ID and the number of bits in the subnet mask. Enter the
IP address of the destination network ID and the number of bits in the subnet mask in dotted decimal notation
(nnn.nnn.nnn.nnn/nn), or example, 192.168.17.0/24. Use a zero to represent the bits that are used by the host portion of
the address.
discard: Drop all traffic.
preference <integer>: Replace <integer> with a numeric value to set a preference for the current route. The lower
preference is the preferred route. If you do not specify a route preference, then the default preference value of 1 is used.
You can create multiple static routes with the same next hop and different preference values.
next-hop: Specify the next-hop destination for permitted traffic, using one of the following parameters:
• tenant: Direct traffic to the destination network to the specified tenant for the next hop. Typically, you specify the
system tenant to forward traffic to the system logical router, which then routes the traffic to the destination tenant.
• next-hop-group <next-hop-group>: Replace <next-hop-group> with the name of the next-hop group. Use the next-hop-
group command to define the next-hop group.
• nat-profile <nat-profile-name> Replace <nat-profile-name> with the NAT profile that defines a floating IP to use for the
next hop.

Note: If the next hop is not correctly configured or if the next hop interface is not available, all traffic directed on this route
is dropped.

Command Examples
The following command defines the default route for the logical interface that connects the Red tenant to the system
tenant. The system tenant is defined as the next hop.

170 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config)# tenant Red

controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# route 0.0.0.0/0 next-hop tenant system

The following command defines a route to the subnetwork 192.168.17.0 using the next-hop group external for the next
hop.
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# route 192.168.17.0/24 next-hop external 192.168.17.1

tenant/logical-router
route-map Command

Command Syntax
[no] route-map <route-map-name>

Command Mode
Tenant-lrouter submode

Command Description
Use the route-map command to define a route-map on the logical router and enter the tenant-lrouter-rmap submode,
where you define each entry in the route-map. A route-map can then be applied on a BGP neighbor for filtering incoming
or outgoing routes.
A route map is an ordered list of route map entries, which lets you apply a policy for filtering or changing the cost of routes
to be advertised by the BGP speaker. Each route map entry can contain match and set criteria. For any BGP neighbor, you
can configure one route map for inbound BGP advertisements and a second route map for outbound advertisements. Do
the following to complete the configuration:
• Define a list of BGP paths to which the route map applies using a prefix-list for BGP neighbors or an as-path-list.
• Apply the route-map on the neighbor, to filter inbound or outbound updates, using the apply command,

Next Keyword Descriptions

<route-map-name>: Enter a name for the route map.

Command Examples
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# route-map my-map
controller-1(config-tenant-lrouter-rmap)#

tenant-lrouter-rmap Subcommands
The following commands are available in this submode.
• <rule number>: Add a rule to the route map
• description: Configure the description of this route map

tenant/logical-router/route-map
<entry number> Command

Command Syntax
[no] <entry number> {deny | permit}

Big Switch Networks Confidential © Big Switch Networks 171

Big Cloud Fabric CLI Reference Guide

Command Mode
Tenant-lrouter-rmap submode

Command Description
Enter an integer to add a new entry in the route-map. A route-map entry has a sequence number and a permit or deny
action. Upon creating a route map entry, you enter the tenant-lrouter-rmap-entry submode where you define each rule in
the route-map entry.
The default action of a deny entry in a route map is to deny all routes that are not specifically excluded in any prefix-list or
AS path list referenced by the route map. You should not configure a set action in a deny route-map entry because the deny
entry prohibits route redistribution.
The last entry in a route map is an implicit deny entry, which is applied to routes that did not match an earlier entry. To
change this behavior, add an empty permit entry as the last entry in the route-map to include any routes that did not meet
the match criteria in an earlier entry. The match criteria supported are prefix-list as-path-list.

Next Keyword Descriptions

<entry number: Enter an integer to indicate the sequence to assign the current entry.
deny: Set the entry to deny
permit: Set the entry to permit

Command Examples
The following example defines a route-map-entry with sequence number 1 and permit as the action.
controller-1(config-tenant-lrouter-rmap)# 1 permit
controller-1(config-tenant-lrouter-rmap-entry)#

tenant-lrouter-rmap-entry Subcommands
The following commands are available in this submode.
• match: Match for a route-map rule
• set: Manage CLI sessions settings

tenant/logical-router/route-map
match Command

Command Syntax
match {as-path-list | prefix-list }

Command Mode
Tenant-lrouter-rmap-entry submode

Command Description
Use the match command to define the match criteria for the current route map entry (as-path-list or prefix-list). You then
define a set condition, using the set command.

Next Keyword Descriptions

as-path-list: Match the criteria set on the as-path-list.
prefix-list: Match the criteria set on the prefix-list.

172 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
The following example defines a match-entry using the as-path-list mylist.
controller-1(config-tenant-lrouter-rmap-entry)# match as-path-list mylist

tenant/logical-router/route-map/<entry>
set Command

Command Syntax
set {as-path prepend {<as-number> | last-as <integer>} | { local-preference }

Command Mode
Tenant-lrouter-rmap-entry submode

Command Description
Use the set command to set local-preference or as-path prepend. These actions are applied to routes that match the as-
path-list or prefix-list specified by the match command. Use the set local-preference option only when applying the route
map to an iBGP neighbor. This attribute is ignored by eBGP neighbors.

Next Keyword Descriptions

as-path prepend: Specify the as-path to be set on routes
<as-number> | last-as <integer>
local-preference: Specify the local-preference to be set on routes to iBGP neighbors

Command Examples
The following commands prepends the AS number 75 three times before the advertised AS path:
controller-1(config-tenant-lrouter-rmap-entry)# set as-path prepend 75
controller-1(config-tenant-lrouter-rmap-entry)# set as-path prepend last-as 3

tenant/logical-router/route-map
description Command

Command Syntax
[no] description <description>

Command Mode
Tenant-lrouter-rmap submode

Command Description
Use the description command to provide descriptive text to explain the purpose of the current route map.

Next Keyword Descriptions

<description>: Enter a text description of the current route map enclosed in quotation marks.

Command Examples
controller-1(config)# tenant Red
controller-1(config-tenant)# logical-router
controller-1(config-tenant-lrouter)# route-map my-map
controller-1(config-tenant-lrouter-rmap)# description “this map causes traffic to use the path through
AS 10”

Big Switch Networks Confidential © Big Switch Networks 173

Big Cloud Fabric CLI Reference Guide

tenant/logical-router
vtep Command

Command Syntax
[no] vtep <vtep-name>

Command Mode
config-tenant-lrouter

Command Description
Use the vtep command to enter config-tenant-lrouter-vtep submode, where you can define a VXLAN termination endpoint
(VTEP). In the current version of Big Cloud Fabric, a single VTEP is supported and an error message is displayed if you try to
configure a second VTEP.

Next Keyword Descriptions

<vtep-name>: Enter a text identifier for the current VTEP.

Command Examples
controller-1(config-tenant-lrouter)# vtep myvtep
controller-1(config-tenant-lrouter-vtep)#

config-tenant-lrouter-vtep submode Commands

The following commands are available in this submode.
• description: Configure the description of this VTEP
• dst-udp-port: Configure the destination UDP port
• flood-vtep: Add a remote VTEP to the flood list to which broadcast packets are flooded from the current local VTEP
• origination: Used by system to identify the origin of the local VTEP configuration.
• source: Configure the source interface of the VTEP

tenant/logical-router/vtep
description Command

Command Syntax
[no] description <description>

Command Mode
config-tenant-lrouter-vtep

Command Description
Use the description command to configure the description of this VTEP.

Next Keyword Descriptions

<description>: Enter a text description of the current VTEP, enclosed in quotes.

174 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config-tenant-lrouter-vtep)# description “test VTEP”

tenant/logical-router/vtep
dst-udp-port Command

Command Syntax
[no] dst-udp-port <udp-port>

Command Mode
config-tenant-lrouter-vtep

Command Description
Use the dst-udp-port command to configure the destination UDP port.

Next Keyword Descriptions

<udp-port>: Enter the UDP port used by the destination of the VXLAN tunnel. The default port is 4789.

Command Examples
The following command assigns UDP port number 4790 to the current VTEP.
controller-1(config-tenant-lrouter-vtep)# dst-udp-port 4790

tenant/logical-router/vtep
flood-vtep Command

Command Syntax
[no] flood-vtep <remote-vtep>

Command Mode
config-tenant-lrouter-vtep

Command Description
Use the flood-vtep command to add a remote VTEP to the flood list to which broadcast packets are flooded from the
current local VTEP. Broadcast packets on segments extended by making use of this local VTEP are sent only to those
remote VTEPs added to the flood list on the local VTEP.

Next Keyword Descriptions

<remote-vtep>: Enter the VTEP identifier of the remote VTEP to add to the local VTEP flood list.

Command Examples
controller-1(config-tenant-lrouter-vtep)# flood-vtep rem-vtep1

tenant/logical-router/vtep
origination Command

Command Syntax
[no] origination <origination>

Big Switch Networks Confidential © Big Switch Networks 175

Big Cloud Fabric CLI Reference Guide

Command Mode
config-tenant-lrouter-vtep

Command Description
This command may be used by the system to identify the origin of the local VTEP configuration.

tenant/logical-router/vtep
source Command

Command Syntax
[no] source {ip <ip-address/CIDR> | segment-interface <segment-name>

Command Mode
config-tenant-lrouter-vtep

Command Description
Use the source command to configure the source interface of the VTEP.

Next Keyword Descriptions

ip <ip-address/CIDR>: Replace <ipaddress/CIDR> with the IP address and subnet mask of the VTEP source interface.
segment-interface <segment-name>: Replace <segment-name> with the segment containing the VTEP source interface.

Command Examples
controller-1(config-tenant-lrouter-vtep)#

Command Examples
The following command specifies the segment interface of the Green tenant as the VTEP source interface.
controller-1(config-tenant-lrouter-vtep)# source Green

tenant
multicast-enable Command

Command Syntax
[no] multicast-enable

Command Mode
config-tenant

Command Description
Use the multicast enable command to enable Layer 2 and Layer 3 multicast forwarding for the current tenant. Use the no
form of the command to disable multicast forwarding for the tenant. Multicast forwarding is disabled by default.
Note: When switch system resources are insufficient, multicast is enabled but remains inactive and a warning message is
displayed. For a summary of currently supported scaling limits for different features and hardware, refer to the Big Switch
Fabric Verified Scale document.

176 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant
multicast-group Command

Command Syntax
[no] multicast-group <multicast-address>

Command Mode
config-tenant

Command Description
Use the multicast-group command to configure a static multicast group and enter config-tenant-mcast submode, where
you can identify a multicast listener for the group.
controller-1(config-tenant)# multicast-group <static-mcast>

Next Keyword Descriptions

<static-mcast>: Replace with the multicast IP address.

Command Examples
The following command creates a static entry for Internet Group Management Protocol (IGMP):
controller-1(config-tenant)# multicast-group 224.2.0.22
controller-1(config-tenant-mcastgrp)#

config-tenant-mcast Submode Commands

A single command is available in this submode.

tenant multicast-group
listener Command

Command Syntax
[no] listener {ip <ip-address | segment <segment-name> {attachment-point {switch <switch> interface
<interface> {interface-group <group> | switch <switch> interface <interface> | endpoint <name> | ip
<address>}

Command Mode
config-tenant-mcastgrp

Next Keyword Descriptions

ip <ipaddress> : Replace <ipaddress> with the static multicast group address.
segment <segment-name>: Identify a segment as a multicast listener for the static multicast address. With this keyword,
use one of the following identifiers:
• attachment point {interface-group <group>| switch <switch> interface <interface>: Identify an attachment point on the
segment as a listener.
• endpoint <endpoint name>: Identify a known endpoint on the segment as a listener.
• ip <address>: Identify an IP address on the segment as a listener.

Big Switch Networks Confidential © Big Switch Networks 177

Big Cloud Fabric CLI Reference Guide

Command Examples
The following commands statically configure the multicast group 224.2.0.22 and identify the listener as endpoint server1 on
segment-1.
controller-1(config-tenant)# multicast-group 224.2.0.22
controller-1(config-tenant-mcastgrp)# listener segment attachment-point endpoint server1

tenant
origination Command

Command Syntax
[no] origination <origination>

Command Mode
config-tenant submode

Command Description
The origination command is used by the system to automatically generate an identifier that specifies the source of the
system-generated configuration.

Next Keyword Descriptions

<origination>: Origination of the tenant.

Command Examples
The following command adds an origination tag to the tenant:
controller-1(config-tenant)# origination openstack-instance-1

The following command removes the origination tag from the tenant:
controller-1(config-tenant)# no origination openstack-instance-1

tenant
segment Command

Command Syntax
[no] segment <segment-name>

Command Mode
config-tenant submode

Command Description
Use the segment command to define a segment within the current tenant and to enter the config-tenant-seg submode,
where you can add members to the segment.
A segment is a logical Layer 2 network, similar to a VLAN. Broadcast traffic within the segment remains local. All traffic
remains local within the segment unless a segment interface is enabled on the tenant logical router to route the traffic to
another segment within the tenant, to external networks or devices, or to the system tenant for routing to other tenants.

Next Keyword Descriptions

<segment-name>: Alphanumeric characters providing a name for the segment.

178 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1(config-tenant)# segment external
controller-1(config-tenant-seg)#

config-tenant-seg Submode Commands

The following commands are available in this submode.
• description: Configure the description of the segment
• endpoint: Create an endpoint and/or enter endpoint submode
• id: Configure the id of the segment
• member: Add a MAC based membership rule for the segment
• origination: Configure the origination of the segment
• qos-traffic-class: Configure segment QoS traffic class, default traffic-class-0
• vxlan-encapsulation: Configure VXLAN encapsulation

tenant/segment
description Command

Command Syntax
[no] description <description>

Command Mode
Config-tenant-seg submode

Command Description
Use the description command in config-tenant-seg submode to associate a text description, enclosed in quotes, with the
current segment.

Next Keyword Descriptions

<description>: Alphanumeric characters describing the current segment.

Command Examples
controller-1(config-tenant)# segment external
controller-1(config-tenant-seg)# description “segment including switch interface connected to external
router”

tenant/segment
endpoint Command

Command Syntax
[no] endpoint <endpoint-name>

Command Mode
Config-tenant-seg submode

Command Description
Use the endpoint command to define an endpoint and enter seg-endpoint submode, from where you can define the MAC
address and other properties of the endpoint.

Big Switch Networks Confidential © Big Switch Networks 179

Big Cloud Fabric CLI Reference Guide

An endpoint is an object defined on the controller that you can associate with a MAC address or other attributes of a
physical or virtual machine. Defining an endpoint provides a friendly name for the server that helps in troubleshooting,
performance management, and identifying unauthorized access to the fabric. You can also identify an attachment point to
restrict where a specific MAC address connects to the fabric. By defining the attachment point, the endpoint does not have
to be learned and is not aged out of forwarding tables.

Next Keyword Descriptions

<endpoint-name>: Name of the endpoint

Command Examples
The following commands assign the endpoint r1h1 to the web segment.
controller-1(config-tenant)# segment web
controller-1(config-tenant-seg)# endpoint r1h1
controller-1(config-tenant-seg-endpoint)#

config-tenant-seg-endpoint Submode Commands

The following commands are available in this submode.
• attachment-point: Describe the logical interface where the endpoint is attached
• description: Configure the description of the endpoint
• ip: Configure the IP address of the endpoint
• mac: Configure the MAC address of the endpoint
• origination: Configure the origination of the endpoint
• shutdown: Shutdown the endpoint

tenant/segment/endpoint
attachment-point Command

Command Syntax
[no] attachment-point {interface-group <interface-group-name> | switch <switch-name> interface
<interface-name>} {vlan {<vlan> | untagged}}

Command Mode
Config-tenant-seg-endpoint submode

Command Description
Use the attachment-point command to specify how the server, virtual machine, or other host is connected to the switched
fabric. You can define the attachment point by specifying the interface group and VLAN (or untagged), or by using the
switch, interface, and VLAN (or untagged).

Next Keyword Descriptions

interface-group <interface-group-name>: Interface group where the endpoint can connect.
switch {<switch-name> | any: Switch to which the endpoint can connect.
vlan <vlan> | untagged: VLAN to which the endpoint can belong, or untagged.
interface {<interface-name>: Interface on the specified switch where the endpoint can connect.

Command Examples
The following command assigns the endpoint to interface group pg1 and VLAN 110:
controller-1(config-tenant-endpoint)# attachment-point interface-group pg1 vlan 110

180 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

The following command assigns an endpoint to an interface that is not assigned to an interface group and allows the
endpoint to have an untagged VLAN:
controller-1(config-tenant-endpoint)# attachment-point switch leaf1a interface leaf1a-ethernet2 vlan
untaggged

tenant/segment/endpoint
description Command

Command Syntax
[no] description <description>

Command Mode
Config-tenant-seg-endpoint submode

Command Description
Use the description command in config-tenant-seg-endpoint submode to associate a text description, enclosed in quotes,
with the current endpoint.

Next Keyword Descriptions

<description>: Alphanumeric characters describing the current endpoint.

tenant/segment/endpoint
ip Command

Command Syntax
[no] ip <ip-address>

Command Mode
End-point submode

Command Description
Using the ip command to define an endpoint is optional. Use the ip command to assign one or more fixed IP addresses to
the current endpoint.

Next Keyword Descriptions

<ip-address>: IP address associated with the endpoint in dotted decimal format (nnn.nnn.nnn.nnn) or string format
(nn:nn::nn/nn).

Command Examples
The following command assigns the IP addresses 192.168.120.2 and 2001:1234::1 to the current endpoint:
controller-1(config-tenant-seg-endpoint)# ip 192.168.120.2
controller-1(config-tenant-seg-endpoint)# ip 2001:1234::1

Big Switch Networks Confidential © Big Switch Networks 181

Big Cloud Fabric CLI Reference Guide

tenant/segment/endpoint
mac Command

Command Syntax
[no] mac <mac>

Command Mode
Seg-endpoint submode

Command Description
Use the mac command to associate the current endpoint with the known MAC address of a server or other host connected
to the switched fabric. The mac command is required to define an endpoint.

Next Keyword Descriptions

<mac>: MAC address of a server or other host connected to the switched fabric.

Command Examples
The following command defines the MAC address of the current endpoint:
controller-1(config-tenant-endpoint)# mac 00:00:00:00:00:01

tenant/segment/endpoint
origination Command

Command Syntax
[no] origination

Command Mode
Seg-endpoint submode

Command Description
The origination command may be used by the system to indicate the source of the configuration.

tenant/segment/endpoint
shutdown Command

Command Syntax
[no] shutdown

Command Mode
Seg-endpoint submode

Command Description
Use the shutdown command to administration disable the current endpoint.

182 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/segment
id Command

Command Syntax
[no] id <segment-id>

Command Mode
Config-tenant-seg submode

Command Description
Use the id command to specify an identifier for the current segment.

tenant/segment
member interface-group Command

Command Syntax
[no] member interface-group {<interface-group-name> | any} {vlan {<vlan> | untagged}}

Note: The number of membership rules pertaining to a specific switch cannot exceed 16K.

Command Mode
Config-tenant-seg submode

Command Description
Use the member command to identify the interface groups and VLANs to include in the current segment. In default VLAN
mapping mode, a limit of 200 wildcard rules applies. A wildcard rule is a rule using the any keyword to identify the switch or
interface. In global VLAN mapping mode, a single untagged segment applies to the entire fabric and all ports must belong to
all segments. The vlan-mapping global command, entered from the config-fabric submode, changes the syntax of the
member command, as follows:
member vlan <vlan_number>

Next Keyword Descriptions

interface-group <interface-group-name> | any: Interface group to include in the segment or all interface groups.
vlan <vlan> | untagged: VLAN ID to include in the segment or untagged VLAN.

Command Examples
The following command assigns all traffic within any interface group with the VLAN tag 110 to the web segment:
controller-1(config-tenant)# segment web
controller-1(config-tenant-seg)# member interface-group any vlan 110

tenant/segment
member switch Command

Command Syntax
[no] member switch {<switch-name> | any} interface {<interface-name> | any} {vlan {<vlan> | untagged}}

[no] member virtual-switch <switch-name> interface <interface-name> vlan untagged

Big Switch Networks Confidential © Big Switch Networks 183

Big Cloud Fabric CLI Reference Guide

Command Mode
Config-tenant-seg submode

Command Description
Use the member switch command to identify the switch interfaces and VLANs to include in the current segment. In default
VLAN mapping mode, a limit of 200 wildcard rules applies. A wildcard rule is a rule using the any keyword to identify the
switch or interface.
The member virtual-switch command is used only by the system for automatically generating the BCF configuration
required for supporting multiple OpenStack project routers. It marks the segment as a virtual switch segment membership
rule.
In global VLAN mapping mode, a single untagged segment applies to the entire fabric and all ports must belong to all
segments. The vlan-mapping global command, entered from the config-fabric submode, changes the syntax of the member
command, as follows:
member vlan <vlan_number>

Next Keyword Descriptions

switch {<switch-name> | any: Switches to include in the segment or all switches.
interface {<interface-name> | any: Interfaces on specified switches to include in the segment or all interfaces.

Command Examples
The following command assigns traffic with VLAN tag 110 on interface leaf1a-ethernet1 to the R-Web segment:
controller-1(config-tenant)# segment R-Web
controller-1(config-tenant-seg)# member switch leaf1a interface leaf1a-ethernet1 vlan 110

tenant/segment
member virtual-switch Command

Command Syntax

[no] member virtual-switch <switch-name> interface <interface-name> vlan untagged

Command Mode
Config-tenant-seg submode

Command Description
The member virtual-switch command is used only by the system for automatically generating the BCF configuration
required for supporting multiple OpenStack project routers. It defines the segment as being connected to a virtual switch.

Next Keyword Descriptions

virtual-switch {<switch-name> | any: virtual witches to include in the segment.
interface {<interface-name> | any: specified switches to include in the segment.
vlan untagged: assign untagged VLAN traffic to the segment.

184 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

tenant/segment
origination Command

Command Syntax
[no] origination <origin>

Command Mode
Config-tenant-seg submode

Command Description
The origination command is used by the system to automatically generate an identifier that specifies the source of the
system-generated configuration.

tenant/segment
qos-traffic-class Command

Command Syntax
[no] qos-traffic-class {traffic_class_0 | traffic-class-1 | traffic-class-2 | traffic-class-3}

Command Mode
Config-tenant-seg submode

Command Description
Use the qos-traffic-class command to assign a traffic class to the current segment, which directs traffic on the segment to a
specific queue. To change the percentage of the total switch bandwidth allocated to a traffic class, use the queuing-profile
command from config-fabric-qos submode to change the default queuing profile or to define a new profile.

Next keyword Descriptions

traffic-class-0: Associated with Queue 0, assigned 10% of the available bandwidth by default.
traffic-class-1: Associated with Queue 1, assigned 20% of the available bandwidth by default.
traffic-class-2 Associated with Queue 2, assigned 30% of the available bandwidth by default.
traffic-class-3: Associated with Queue 3, assigned 35% of the available bandwidth by default.

user Command

Command Syntax
[no] user <user-name>

Command Mode
Config mode

Command Description
Use the user command to enter config-user submode, from where you can create a new administrative user account or
modify the settings of an existing account. Use the group command to create a group and associate privileges with the
group. Also use the group command to associate a user with the group and to inherit the privileges associated with the
group.

Big Switch Networks Confidential © Big Switch Networks 185

Big Cloud Fabric CLI Reference Guide

Note: New users are created without a group. To add a new user to a group, use the group command. In the current
release, the admin group is preconfigured for providing users full administrative privileges. The read-only group can be
defined for assigning users read-only access.

Next Keyword Descriptions

<user-name>: Enter the user account name to create or modify.

Command Examples
The following command creates a new user account bob and enters config-user submode to allow you to configure the
account settings.
controller-1(config)# user bob
controller-1(config-local-user)#

config-user Submode Commands

The following commands are available in this submode.
• access-token: Manage tokens associated with the user
• full-name: Associate a descriptive name with the user
• hashed-password: Associate a hashed password with the user
• password: Associate a password with the user
• ssh-authorized-key: Manage authorized ssh keys associated with the user

user
access-token Command

Command Syntax
[no] access-token

Command Mode
config-user submode

Command Description
Use the access-token command to create a long-lived token which can be used for authentication. This can be useful for
external scripting. The token can be deleted (repudiated) at any time. Additionally, it preserved in the running-config, in a
way that does not expose the value used for authentication.

user
full-name Command

Command Syntax
[no] full-name <user-name>

Command Mode
config-user submode

Command Description
Use the full-name command to associate the full name or other description with a user account. This could be the name of
the owner of the account, or text to describe the purpose of the account.

186 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

user-name: Alphanumeric characters providing a name for the user account.
User login name

Command Examples
controller-1(config-local-user)# user-name Robert Smith
controller-1(config-local-user)#

user
hashed-password Command

Command Syntax
[no] hashed password

Command Mode
config-user submode

Command Description
Use the hashed-password command to associate a hashed-password with the current user account.

user
password Command

Command Syntax
password [<password>]

Command Mode
config-user submode

Command Description
Use the password command to associate a password with the user account. If the password parameter is not included, the
CLI prompts for the password. This command uses the simple password to generate a hashed password, which will then be
saved in the configuration. The plain text password is not saved, and is impossible to regenerate once the password is
entered. The plain text password is not included in the running-config; instead, the hashed password appears.

Next Keyword Descriptions

<password>: Alphanumeric characters to allow administrative access to the controller.

Command Examples
The following command configures the password p@ssw0rd for the current user account.
controller-1(config-user)# password p@ssw0rd
controller-1(config-user)#

vcenter Command

Command Syntax
vcenter <vcenter-name>

Big Switch Networks Confidential © Big Switch Networks 187

Big Cloud Fabric CLI Reference Guide

Command Mode
Config mode

Command Description
Use the vcenter command to identify the vCenter instance and enter config-vcenter submode, where you can configure the
information required to connect the BCF controller with the vCenter.

Next Keyword Descriptions

<vcenter-name>: A descriptive name used to identify the vCenter in the Big Cloud Fabric.

Command Examples
controller-1(config)# vcenter vc1
controller-1(config-vcenter)#

config-vcenter Submode Commands

The following commands are available in this submode:
• automation-level: Configure BCF configuration automation
• description: Provide a description for this vCenter
• exclude: Specify vCenter management network vlan
• hashed-password: Set the vCenter password (to log into vCenter)
• host-name: Set the vCenter host name
• maintenance: Disconnect vCenter and maintain last synced configuration from vCenter
• manage-segment-for-vlan: Specify tenant and segment for vCenter vlan
• manage-segment-for-vlan-range: Specify tenant for vCenter vlan range
• password: Set the vCenter password (to log into vCenter)
• preserve-bcf-config: Preserve network configuration for this vCenter when it is removed using "no vcenter" command
• user-name: Set the vCenter user name (to log into vCenter)
• vsphere-gui-plugin: Configure access-rights for vSphere gui-plugin

config-vcenter
automation-level Command

Command Syntax
[no] automation-level {none | full | on-demand}

Command Mode
Config-vcenter submode

Command Description
Use the automation-level command to configure how vCenter configuration is integrated into BCF.

Next Keyword Descriptions

full: Monitor vCenter for visibility and utomatically import configuration to BCF based on vCenter network configuration
none: Monitor vCenter for visibility without automatic configuration to BCF. The sync vcenter command is ignored.
on-demand: Monitor vCenter for visibility and pull configuration on demand when the sync vcenter <vCenter-name>
command is entered. The on-demand option is an experimental feature for lab use only.

188 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

config-vcenter
description Command

Command Syntax
description <text>

Command Mode
Config-vcenter submode

Command Description
Use the description command to provide a description for the current vCenter instance.

Next Keyword Descriptions

<text>: Alphanumeric characters that describe the current vCenter instance.

Command Examples
controller-1(config-vcenter)# description “San Jose data center 1”

config-vcenter
exclude Command

Command Syntax
[no] exclude vlan <vlans>

Command Mode
Config-vcenter submode

Command Description
Use the exclude command to specifiy the vCenter management network VLAN.

Next Keyword Descriptions

<vlans>: Identify one or more VLANs as the vCenter management network VLAN. Separate multiple VLANs by a comma, or
specific a range of VLANs by entering the starting range, a dash, and an end range.

Command Examples
The following example specifies VLAN 100 and 200 as vCenter management VLANs:
controller-1(config-vcenter)# exclude vlan 100,200

The following example specifies VLAN 100 to 150 as vCenter management VLANs:
controller-1(config-vcenter)# exclude vlan 100-150

config-vcenter
hashed-password Command

Command Syntax
[no] hashed-password [<password>]

Big Switch Networks Confidential © Big Switch Networks 189

Big Cloud Fabric CLI Reference Guide

Command Mode
Config-vcenter submode

Command Description
Use the hashed-password command to set the vcenter password used for the controller authenticating to the vCenter
server, using a hash of the text password.

Next Keyword Descriptions

<password>: A hash value of the text password used for the controller authenticating to the vCenter server.

config-vcenter
host-name Command

Command Syntax
[no] host-name <vcenter-server>

Command Mode
Config-vcenter submode

Command Description
Use the host-name command to identify the vCenter server to which the controller connects.

Next Keyword Descriptions

<vcenter-server>: Host name resolvable by DNS or IP address of the vCenter server to which the controller connects.

Command Examples
controller-1(config-vcenter)# host-name 192.168.100.1

config-vcenter
maintenance Command

Command Syntax
[no] maintenance

Command Mode
Config-vcenter submode

Command Description
Use the maintenance command to disconnect vCenter and maintain the last synced configuration from vCenter.

manage-segment-for-vlan Command

Command Syntax
[no] manage-segment-for-vlan <vlan-id> tenant <tenant> | untagged

Command Mode
Config-vcenter submode

190 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the manage-segment-for-vlan command to specify the tenant and segment for vCenter VLAN.

Next Keyword Descriptions

<vlan-id>: Identify the VLAN to map with the current vCenter instance.
tenant <tenant>: Identify the BCF tenant containing the segment to map to the specified VLAN with the current vCenter
instance.
segment <segment>: Identify the BCF segment to map to the specified VLAN with the current vCenter instance.
untagged: Map untagged VLAN traffic to the current vCenter instnace.

manage-segment-for-vlan-range Command

Command Syntax
[no] manage-segment-for-vlan-range

Command Mode
Config-vcenter submode

Command Description
Use the manage-segment-for-vlan-range command to specify the tenant to map to a range of vCenter VLANs.

Next Keyword Descriptions

start-vlan <vlan-id>: Identify the start of the VLAN range to map with the current vCenter instance.
end-vlan <vlan-id>: Identify the end of the VLAN range to map with the current vCenter instance.
tenant <tenant>: Identify the BCF tenant to map to the specified range of VLANs with the current vCenter instance.

config-vcenter
password Command

Command Syntax
password <plaintext>

Command Mode
Config-vcenter submode

Command Description
Use the password command to set the vCenter password used by the BCF controller to log into the vCenter server.

Next Keyword Descriptions

<plaintext>: The password used by the BCF controller to log into the vCenter server.

config-vcenter
preserve-bcf-config Command

Command Syntax
preserve-bcf-config

Big Switch Networks Confidential © Big Switch Networks 191

Big Cloud Fabric CLI Reference Guide

Command Description
Use the preserve-bcf-config command to disable the auto-cleanup function. Autocleanup automatically removes the
associated configuration when a vCenter instance is removed. The preserve-bcf-config command disables this function,
which causes the configuration associated with the vCenter instance on the BCF controller to persist even after the instance
is removed.

Command Examples
The following command disables autocleanup for the current vCenter instance:
controller-1(config-vcenter)# preserve-bcf-config

Command Mode
Config-vcenter submode

Command Description
Use the password command to set the vCenter password used by the BCF controller to log into the vCenter server.

Next Keyword Descriptions

<plaintext>: The password used by the BCF controller to log into the vCenter server.

config-vcenter
user-name Command

Command Syntax
[no] user-name <user-name>

Command Mode
Config-vcenter submode

Command Description
Use the user-name command to identify the vCenter administrative account name used by the BCF controller to connect to
the vCenter server.

Next Keyword Descriptions

<user-name>: vCenter administrative account name used by the BCF controller to connect to the vCenter server.

config-vcenter
vsphere-gui-plugin access-right Command
vsphere-gui-plugin Configure access-rights for vSphere gui-plugin.

Command Syntax
vsphere access-right {read-only | read-write }

Command Mode
Config-vcenter submode

Command Description
Use the vsphere-gui-plugin-access-right command to configure access-rights for the vSphere plugin.

192 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

read-only: Allow read-only access to the vSphere plugin.
read-write: Allow read/write access to the vSphere plugin.

version command

Command Syntax
version {1.0 | 2.0}

Command Mode
Config mode

Command Description
Use the version command to move to a different version of the command syntax.

vxlan-termination Command

Command Syntax
[no] vxlan-termination

Command Mode
Config mode

Command Description
Use the vxlan-termination command to enter the config-vxlan-termination submode, where you can configure the
controller to terminate a Virtual Extensible LAN (VXLAN) tunnel.

Command Examples
controller-1(config)# vxlan-termination
controller-1(config-vxlan)#

config-vxlan Submode Commands

The following commands are available in this submode.
• active: Activate VXLAN
• incoming-udp-dst-port: Configure expected incoming UDP port for the VXLAN packets
• outgoing-default-udp-dst-port: Configure outgoing default UDP port for the VXLAN packets
• remote-vtep: Configure remote VTEP for the VXLAN termination
• termination: Configure interface-group for the VXLAN termination

config-vxlan
active Command

Command Syntax
[no] active

Command Mode
Config-vxlan mode

Big Switch Networks Confidential © Big Switch Networks 193

Big Cloud Fabric CLI Reference Guide

Command Description
Use the active command to activate VXLAN for the BCF pod.
Note: When switch system resources are insufficient, VXLAN is enabled but remains inactive and a warning message is
displayed. For a summary of currently supported scaling limits for different features and hardware, refer to the Big Switch
Fabric Verified Scale document.

Command Examples
The following command activates VXLAN.
controller-1(config-vxlan)# active

The following command disables VXLAN.

controller-1(config-vxlan)# no active

config-vxlan
incoming-udp-dst-port Command

Command Syntax
[no] incoming-udp-dst-port <incoming-udp-port>

Command Mode
Config-vxlan mode

Command Description
Use the incoming-udp-dst-port command to configure the expected incoming UDP port for VXLAN packets. The default
value is 4789.

Next Keyword Descriptions

<incoming-udp-port>: Enter the expected incoming UDP port for VXLAN packets. The default is 4789. A remote VTEP on a
Big Cloud Fabric pod uses the default port, but you may need to change this value for compatibility with a third-party
VXLAN deployment.

Note: The outgoing UDP port must be left at the default value (4789) for the current version of Big Cloud Fabric.

Command Examples
The following command changes the expected incoming UDP port for the VXLAN packets to 5000
controller-1(config-vxlan)# incoming-udp-dst-port 5000

config-vxlan
outgoing-udp-dst-port Command

Command Syntax
[no] outgoing-udp-dst-port <outgoing-udp-port>

Command Mode
Config-vxlan mode

194 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the outgoing-udp-dst-port command to change the defaut UDP port used for destination traffic. The default is 4789.

Next Keyword Descriptions

outgoing-udp-port>: Enter the outgoing-udp-dst-port command to change the defaut UDP port used for destination traffic.
The default is 4789.

config-vxlan
remote-vtep Command

Command Syntax
[no] remote-vtep <remote-vtep-name>

Command Mode
Config-vxlan mode

Command Description
Use the remote-vtep command to enter config-vxlan-remotevtep submode, where you can configure the IP address of the
remote VTEP.

Command Examples
The following command configures the remote VTEP for the VXLAN termination
controller-1(config-vxlan)# remote-vtep

config-vxlan remotevtep submode Commands

The following commands are available in this submode.
• id: Specify an ID
• ip: Configure the Remote VTEP
• origination: Used by the system to identify the source of the configuration

config-vxlan/remote-vtep
id Command

Command Syntax
[no] id <identifier>

Command Mode
Config-vxlan mode

Command Description
Use the id command to configure a descriptive identifier for the remote VTEP.

Next Keyword Descriptions

id <identifier>: Enter an identifier for the remote VTEP.

Big Switch Networks Confidential © Big Switch Networks 195

Big Cloud Fabric CLI Reference Guide

config-vxlan/remote-vtep
ip Command

Command Syntax
[no] ip <ipaddress>

Command Mode
Config-vxlan mode

Command Description
Use the ip command from config-vxlan-remotevtep submode to configure the IP address of the remote VTEP.

Next Keyword Descriptions

<ipaddress>: Enter the IP address of the remote VTEP.

Command Examples
The following command configures 192.168.1.1 as the IP address of the remote VTEP
controller-1(config-vxlan-remotevtep)# ip 192.168.1.1

config-vxlan/remote-vtep
origination Command

Command Syntax
[no] origination

Command Mode
Config-vxlan mode

Command Description
The origination command may be used by the system to identify the source of the configuration.

config-vxlan
termination Command

Command Syntax
[no] termination interface-group <group>

Command Mode
Config-vxlan mode

Command Description
Use the termination command to configure the interface-group for VXLAN termination.

Next Keyword Descriptions

interface-group < group-name>: Enter the name of the interface group to use for terminating the VXLAN tunnel.

196 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
The following command configures the vxlan1 interface-group for VXLAN termination.
controller-1(config-vxlan)# termination interface-group vxlan1

Big Switch Networks Confidential © Big Switch Networks 197

Big Cloud Fabric CLI Reference Guide

Chapter 5: show Commands

All show commands are available from all modes, except for show config and show test, which are available only from
enable mode and config mode. This section describes the information provided by the following show commands.
• show banner: Show pre-login banner message
• show bgp: Show BGP information
• show boot: Show boot details
• show bpdu-guard: Show switch interface BPDU-Guard information
• show clock: Show current date and time
• show controller: Show cluster information
• show debug: Show debugging details
• show dump: Show core dumps and heap dumps available for diagnosis
• show endpoint: Show endpoint details
• show environment: Show controller environment
• show fabric: Show QoS information
• show file: Show file contents
• show forwarding: Show internal tables
• show group: Show configured groups
• show image: Show upgrade image information
• show inband-port: Show details for ports in the inband management segment
• show interface-group: Show fabric interface-group information
• show ipv6-external-router Show IPv6 external router information
• show lag: Show fabric LAG information
• show link: Show fabric link information
• show local: Show local node interface state
• show logging: Show logs (switches, floodlight, web access/error, etc)
• show logical-router: Show logical router information
• show mac-membership: Show information about MAC based membership
• show member-rule: Show member rule information
• show multicast: Show multicast l2groups
• show nat-endpoint: Show NAT endpoints
• show nat-pool: Show details for switches in the NAT pool
• show ntp: Show status of ntp client keeping time with ntp server(s)
• show nsx: Show NSX integration information
• show ospf: Show OSPF information
• show prism-server: Show information about the Nutanix Prism instances integrated with BCF
• show pswitch: Show pswitch information
• show radius: Show RADIUS operational state
• show running-config: Show the current active configuration
• show secure: Show secure control plane status
• show segment: Show segment details
• show session: Show active sessions
• show sflow: Show switch specific sflow counters
• show snapshot: Show contents of running-configuration snapshot
• show span-fabric: Show span-fabric summary information
• show span-local: Show span-local summary information
• show storm-control: Show switch interface Storm-control information
• show support: Show diagnostic data bundles generated for technical support
• show switch: Show switch information

198 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• show system: Show system details

• show tacacs: Show TACACS operational state
• show tenant: Show tenant details
• show test: Show path taken by the test packet
• show this: Show information related to the current submode
• show upgrade: Show upgrade details
• show user: Show configured users
• show vcenter: Show vCenter information
• show version: Show version details
• show vswitch: Show switch information
• show vxlan: Show VXLAN information
• show where: Show details about the current mode
• show zerotouch: Show zerotouch request history

show banner Command

Command Syntax
show banner

Command Mode
Login mode

Command Description
Use the show banner command to display the pre-login banner message. Use the banner command from config mode to
change the banner message.

Command Examples
controller-1# show banner
Banner: BCF controller

show bgp segment Command

show bgp segment

Command Mode
Login mode

Command Description
Use the show bgp segment command to display information about Border Gateway Protocol segments..

Command Examples
controller-1# show bgp segment
# Tenant Name VLAN Attachment Point Endpoint MAC
--|------------|----------------|----|------------------------|------------------------------|
1 switch-33 switch-33_bgp 159 cliff-bcf-2-525400d2e549 5c:16:c7:09:51:03 (Big Switch)
2 switch-32 switch-32_bgp 158 cliff-bcf-2-525400d2e549 5c:16:c7:09:51:03 (Big Switch)
3 switch-31 switch-31_bgp 157 cliff-bcf-2-525400d2e549 5c:16:c7:09:51:03 (Big Switch)

show boot Command

Command Syntax
show boot partition [details]

Big Switch Networks Confidential © Big Switch Networks 199

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show boot command to display information associated with the boot configuration of the controller.

Next Keyword Descriptions

partition: Display all the current partitions available for booting, along with associated details for each of the partitions. The
associated information includes whether the partition has been formatted. If the partition contains a file system, this
keyword displays version information and the state of the associated partition.
details: Display additional details regarding the partition

Command Examples
The following command displays basic information about the boot partitions:
controller-1# show boot partition
# State Upgrade Product Version Build
-|------------|--------|-------|---------------|-----|
1 Original bcf 2.0.11-SNAPSHOT 2002
2 Active, Boot Original bcf 2.0.11-SNAPSHOT 2002
controller-1>

Partition 1 contains the Original image, which is also contained in Partition 2. Partition 2, in this example, is the active
partition and the boot partition. The active partition is the one that is currently running, and the boot partition is the image
that will be used when the controller is rebooted.
The following command displays detailed information:
controller-1(config)# show boot partition details
# State Upgrade Product Version Build Device Size
-|------------|--------|-------|---------------|-----|---------|-------|
1 Original bcf 2.0.11-SNAPSHOT 2002 /dev/sda2 8040448
2 Active, Boot Original bcf 2.0.11-SNAPSHOT 2002 /dev/sda3 8040448
controller-1>

This output also displays the build device and the size of the image file.

show bpdu-guard Command

Command Syntax
show bpdu-guard [switch <switch> [interface <interface>]

Command Mode
Login mode

Command Description
Use the show bpdu-guard command to display the active BPDU configuration for the fabric, or for a specific switch or
interface.

Next Keyword Descriptions

switch <switch> : Identify a specific switch for which you want to display the BPDU Guard configuration.
interface <interface>: Identify a interface on the specified switch for which you want to display the BPDU Guard
configuration.

200 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
bcf-controiller1(config)# show bpdu-guard switch leaf1-a
# Switch Name IF Name BPDU-Guard State
-|-----------|----------|----------------|
1 leaf1-a ethernet24 disabled

show clock Command

Command Syntax
show clock

Command Mode
Login mode

Command Description
Use the show clock command to display the current system date and time.

Command Examples
controller-1> show clock
System time : 2014-06-08 13:38:38.489000 UTC
controller-1>

show controller Command

Command Syntax
show controller access-control
show controller [details]
show controller localhost stats
show controller virtual-ip

Command Mode
Login mode

Command Description
Use the show controller command to display information about the controller cluster, including resource statistics and
virtual IP configuration. The following is the meaning of Redundancy Status:
• standalone: The current controller is the only node that is configured in the cluster.
• redundant: All the configured nodes in this cluster are connected and reachable. One node is in Active role and it is the
domain leader.
• degraded: More than one node is configured and one of the nodes is disconnected. This is a valid state for the cluster.
• split_brain: The current controller is connected to a switch, but the switch is aware of another controller from the
configured cluster, that is connected to the switch but not to the current controller.
• inconsistent: Includes both invalid states and valid transient states. If this status is not transient, it indicates a problem.

Next Keyword Descriptions

access-control: Displays the ACLs configured on the controller firewall.
details: Display details about the cluster. The following is the meaning of the possible details messages:
• Switches connected to unidentified controller <controller IP: port>: Split brain condition and the other controller
causing the split brain was not added to this cluster.

Big Switch Networks Confidential © Big Switch Networks 201

Big Cloud Fabric CLI Reference Guide

• No cluster leader node found: There is no leader in the cluster. This should be a transient state that is seen for a short
while election is in progress.
• More than one actives <list of active nodes>: More than one controller node with active role in the cluster; this
indicates a problem.
• No active nodes found in cluster: No node is running with the active role. If this is not transient, it indicates a problem.
• Active node is not the leader. Active node and the domain leader are different. If this is not transient, it indicates a
problem.
• No nodes are known: No nodes configured; this indicates a problem.
• Cluster state cannot be determined: Unidentified condition (none of the above).
• Failover History: The history of cluster node failover along with the failover reason.

localhost: Display statistics about the local controller node.

virtual-ip: Display the virtual IP address assigned to the cluster. The virtual IP address is an optional address assigned to the
cluster that is used for access to the management interface of the controller. This address does not change if the IP address
of the Active controller changes.

Command Examples
The following command shows the hostname and IP address of the controller, status, and uptime since rebooting or
failover.
controller-1# show controller
Cluster Name : techpubs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nodes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Hostname IP @ State Status Uptime
-|--------------|--------------|-|------|---------|--------------------|
1 192.168.17.210 192.168.17.210 * active connected 18 hours, 41 minutes
controller-1#

The following command shows details about the controller, including the history of cluster node failover along with the
failover reason.
controller-1# show controller details
Cluster Name : kay-vee-emm
Cluster Description : KVM cluster
Cluster Virtual IP : 1.2.3.4 *configuration-error
Cluster Virtual IP Error : The configured virtual IP address 1.2.3.4 must belong to the same subnet as
10.10.0.10/24 of the network interface ETHERNET 0
Redundancy Status : redundant
Redundancy Description : Cluster is Redundant
Last Role Change Time : 2015-03-09T15:18:30.429Z
Cluster Uptime : 4 days, 23 hours
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nodes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# IP @ Node Id Domain Id State Status Uptime
-|----------|-|-------|---------|-------|---------|------------------|
1 10.10.0.10 * 22825 1 active connected 1 hour, 21 minutes
2 10.10.0.11 5431 1 standby connected 1 hour, 17 minutes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Failover-history
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Winner Time completed Node Reason Description
-|------|------------------------------|-----|---------------------|------------------------------------
-------------------|
1 22825 2015-03-09 15:18:30.468000 UTC 5431 node-connected Changed connection state: connected
to node 5431
2 5431 2015-03-09 15:14:17.457000 UTC - node-disconnected Changed connection state:
disconnected from node 32767
3 22825 cluster-config-change Changed connection state: cluster
configuration changed
4 22825 cluster-config-change Changed connection state: cluster
configuration changed
5 22825 cluster-config-change Changed connection state: cluster
configuration changed

202 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

6 22825 cluster-config-change Changed connection state: cluster

configuration changed
7 22825 2015-03-09 14:56:52.063000 UTC - node-disconnected Changed connection state:
disconnected from node 32767
8 22825 cluster-config-change Changed connection state: cluster
configuration changed
controller-1#)#

The following command displays the configured ACLs on the controller firewall:
controller-1> show controller access-control
# Access-list Rule Action Source
--|-----------|----|------|---------|
1 api 1 permit ::/0
2 api 2 permit 0.0.0.0/0
3 gui 1 permit ::/0
4 gui 2 permit 0.0.0.0/0
5 ns-api 1 permit ::/0
6 ns-api 2 permit 0.0.0.0/0
7 snmp 1 permit ::/0
8 snmp 2 permit 0.0.0.0/0
9 ssh 1 permit ::/0
10 ssh 2 permit 0.0.0.0/0
controller-1>

show debug attachment-points Command

Command Syntax
show debug attachment-points

Command Mode
Login mode

Command Description
Use the show attachment-points command to display attachment point details. An attachment point is an optional
attribute of an endpoint, which provides a friendly name for the host and indicates how the endpoint is connected to the
fabric. The attachment point can be defined by an interface group + VLAN ID, or by a switch name + interface name + VLAN
ID.

Command Examples
controller-1> show debug attachment-points
# Total endpoints Interface Interface Group Segment Switch VLAN
--|---------------|----------|-------------|---------------------|------------|--------|
1 1 ethernet3 commercial t5-com-leaf1 untagged
2 0 ethernet3 commercial t5-com-leaf2 untagged
3 1 ethernet40 service t5-svc-leaf1 untagged
4 0 ethernet46 t5-svc-leaf1 untagged
5 0 ethernet21 eng t5-eng-leaf2 untagged
. . . <snip>. . .

show debug bgp Command

Command Syntax
show debug bgp [info | neighbor <neighbor-name>]

Big Switch Networks Confidential © Big Switch Networks 203

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show debug bgp command to display information about Border Gateway Protocol activity and configuration..

Next Keyword Descriptions

info: Display an overview of the BGP speaker, including information about the internal VLANs used for the BGP speaker, the
protocol IP used for the BGP speaker and the state of the configuration. The different states for the BGP configuration are
as follows:
• ACTIVE: Indicates that the BGP speaker is active.
• PLUGIN_DISCONNECTED: Indicates that the dynamic routing plugin is disconnected from the floodlight process. This
means that the BGP configuration is inactive.
• INSTANCE_DOWN: Indicates that the BGP speaker instance is down. This is likely to be a temporary state.
• ENDPOINT_DOWN: Indicates that the BGP speaker could not be programmed to the fabric.
• INCOMPLETE_CONFIG: Indicates that the BGP configuration is incomplete.

neighbor [<neighbor-ip>] Display information about BGP neighbors, or optionally, replace <n eighbor-ip> with the IP
address of a specific neighbor. Display BGP and TCP connection information for neighbor sessions. This includes detailed
neighbor attributes, capability, graceful restart and address family information. This also includes statistics related to BGP
neighbor session establishment and maintenance.

Command Examples
controller-1# show debug bgp info
# Tenant Name Internal Vlan Protocol IP State
--|------------|-------------|-----------|-------------|
1 switch-33 159 33.1.1.2 Instance Down
2 switch-32 158 32.1.1.2 Instance Down
3 switch-31 157 31.1.1.2 Instance Down
4 switch-30 156 30.1.1.2 Instance Down
5 switch-37 163 37.1.1.2 Instance Down
controller-1#

controller-1# show debug bgp neighbor

# Tenant Neighbor Name Description Neighbor IP Remote AS Shutdown eBGP TTL Max prefix Hold time Connect time Inbound
route map Outbound route map Soft Reconfiguration inbound Next-Hop Self
---|------------|-------------|-----------|------------|---------|--------|--------|----------|---------|------------|-----------
1 switch-1 switch-1m 172.16.224.1 201 False 3 20
False False
2 switch-1 switch-1l 172.16.223.1 201 False 3 20
False False
3 switch-1 switch-1k 172.16.222.1 201 False 3 20
controller-1#

show debug coordinator Command

Command Syntax
show debug coordinator

Command Mode
Login mode

204 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the show coordinator command to display the internal state of the controller sync coordinator.

Command Examples
controller-1# show coordinator
Digest Timestamp
----------------------------------------|------------------------------|
11401376C75AD08A09A2B29CABE367E96B128E57 2014-06-08 07:53:08.915000 UTC
controller-1#

show debug counters Command

Command Syntax
show debug counters {{warn | drop | error} | all} [<module-name> [<hierarchy>]]

Command Mode
Login mode

Command Description
Set of counters (name and value). Counters are organized in a tree-like structure. Each counter can have a list of
subcategories, which contains a name together with a list of subcounter names. These subcounter names can be used to
further discover and query the subcounter values.

Next Keyword Descriptions

warn: Display warning counters.
drop: Display drop counters.
error: Display error counters.
all: Display all counters.
<modulename>: Display counters related to the specified module.
<hierarchy>: Display counters related to the specified subcounter.

Command Examples
controller-1# show debug counters all
# Counter Hierarchy Metadata Module Name value
---|---------------------------------------------------------------|-----------|------------------------
-|-----|
1 number-of-completed-events-de-queued ApplicationManager 56
2 number-of-completed-events-queued ApplicationManager 28
3 number-of-events-de-queued ApplicationManager 0
. . . <snip> . . .

show debug datapath Command

Command Syntax
show debug datapath switch all {arp-table-stats | bvs-pipeline-stats | igmp-general-query-expectation-
table-counter | igmp-general-query-packet-table-counter | igmp-report-expectation-table-counter | igmp-
report-packet-table-counter | lacp-table-stats | pim-expectation-table-stats}

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 205

Big Cloud Fabric CLI Reference Guide

Command Description
Use the show debug datapath command to display debug information about the fabric datapath.

Next Keyword Descriptions

arp-table-stats: Display debug information about the ARP table.
bvs-pipeline-stats: Display debug information about the BVS pipeline.
igmp-general-query-expectation-table-counter: Display debug information about IGMP general query expectation table.
igmp-general-query-packet-table-counter: Display debug information about the IGMP general query packet table.
igmp-report-expectation-table-counter: Display debug information about the report expectation table.
igmp-report-packet-table-counter: Display debug information about the IGMP report packet table.
lacp-table-stats: Display debug information about the LACP table.
pim-expectation-table-stats: Display debug information about the PIM expectation table.

show debug discovery-service Command

Command Syntax
show discovery-service [tenant {<tenant-name> | all}] tracked-endpoint

Command Mode
Login mode

Command Description
Use the show discovery-service command to show the endpoints tracked by the discovery service.

Next Keyword Descriptions

tenant <tenant-name>: Name of the tenant owning this endpoint.

show debug endpoint-manager incomplete Command

Command Syntax
show debug endpoint-manager incomplete [endpoint | segment |
member-rule | tenant | inband-port | tracked-endpoint | attachment-point]

Command Mode
Login mode

Command Description
Use the show debug endpoint-manager incomplete command to see the runtime state for tenants, segments or endpoints
that are incomplete or invalid. This command can be used to quickly identify problems in configration or runtime state. This
command shows the following:
• Endpoints that are configured but inactive
• Segments that have been configured without any member rules
• Membership rules that are inactive
• Tenants that are configured without any segments
• Members interfaces of the inband segment without any endpoint
• Endpoints that have been tracked by the discovery service which are unknown

206 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• Attachment points in the fabric that dont belong to any segment

Next Keyword Descriptions

attachment-point: Use the show debug endpoint-manager incomplete attachment-point command to show information
about unclassified attachment points.
endpoint: Use the show debug endpoint-manager incomplete endpoint to display information about incomplete or inactive
endpoints.
inband-port: Use the show debug endpoint-manager incomplete inband-port command to show information about
incomplete or inactive members of the inband segment.
member-rule: Use the show debug endpoint-manager incomplete member-rule command to show information about
incomplete or inactive member rules.
segment: Use the show debug endpoint-manager incomplete segment command to show information about incomplete or
inactive segments.
tenant: Use the show debug endpoint-manager incomplete tenant command to show information about incomplete or
inactive tenants.
tracked-endpoint: Use the show debug endpoint-manager incomplete tracked-endpoint command to show information
about incomplete or inactive tracked endpoints

Command Examples
controller-1# show debug endpoint-manager incomplete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configured But
Inactive Endpoints ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Tenant Segment Name MAC
IP Address IP State Attachment Point Attachment point state Vlan State
---|---------------------|------------------------|--------------------------------------|--------------
------------|------------|--------|----------------|----------------------|----|--------------------|
1 vc27-vl-untag-118-app vc27-vl-untag-118-app-0 vm-198-00-0c-29-1b-85-c8
00:0c:29:1b:85:c8 (VMware) Attach
Point Unknown
2 vc27-vl-untag-118-app vc27-vl-untag-118-app-0 vm-461-00-0c-29-76-2e-a5
00:0c:29:76:2e:a5 (VMware) Attach
Point Unknown
3 vc27-vl-untag-118-app vc27-vl-untag-118-app-0 esx-17.qa.bigswitch.com-vmk1
00:50:56:64:55:9a (VMware)
< snip >

show debug event Command

Command Syntax
show debug event {module <module-name> [event-name <event-name>]| all} [last <num-of-events> events |
events]

Command Mode
Login mode

Command Description
Display a table of all the registered Debug Events in the system. The maximum number of instances recorded per event is
denoted by “BufferedCapacity”. Per Event instance data can be accessed by the keywords events or all.

Next Keyword Descriptions

module-name <module-name>: Display debug events for the specified module.

Big Switch Networks Confidential © Big Switch Networks 207

Big Cloud Fabric CLI Reference Guide

event-name <event-name>: Display debug events for the specified event.

last: Display the most recent debug events.
<num-of-events>: Display the specified number of events.

Command Examples
controller-1> show debug event all events
. . . <snip> . . .
Timestamp : 2014-07-17 16:00:38.572000 UTC
Module Event Name : OFSwitchManager/switch-event
DataFields : [dpid:00:00:00:00:00:02:00:03, reason:connected]
Timestamp : 2014-07-17 16:00:38.569000 UTC
Module Event Name : OFSwitchManager/switch-event
DataFields : [dpid:00:00:00:00:00:02:00:02, reason:connected]
controller-1>

show debug upgrade Command

Command Syntax
show debug upgrade status

Command Mode
Login mode

Command Description
Use the show debug upgrade status command to display upgrade details.

show debug vft Command

Command Syntax
show debug vft [status | completed-jobs [switch-jobs] | current-job | queued-jobs]

Command Mode
Login mode

Command Description
Use the show debug vft command to display VFT details.

Next Keyword Descriptions

completed-jobs: Display information about queued jobs.
current-job: Display information about currently executing job.
queued-jobs: Display information about queued jobs.
status: Display current state of the VFT syncing module.

show debug zerotouch Command

Command Syntax
show debug zerotouch {slrest | velocity}

208 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show debug zerotouch command to display debug information about zerotouch.

Next Keyword Descriptions

slrest: Display information about zerotouch slrest.
velocity: show velocity configuration state.

show dump Command

Command Syntax
show dump [core-dump <core-dump-name> | heap-dump <heap-dump-name>]

Command Mode
Login mode

Command Description
Use the show dump command to display the core dumps and heap dumps available for diagnosis. To direct the output to a
file for easier analysis, use the greater than sign (>) followed by a filename.

Next Keyword Descriptions

core-dump: Specify the name of the core dump to display.
heap-dump: Specify the name of the heap dump to display.

Command Examples
The following command shows two core dumps present:
standby controller> show dump
~~~~~~~~~~~~~~~~~~~~~~~~~ Heap-dumps ~~~~~~~~~~~~~~~~~~~~~~~~~
# Heap-dump size last modified
-|-----------------------------|------|-----------------------|
1 java_pid4377.94426f1.hprof.gz 4.34MB 2014-10-08 06:09:10 UTC
2 java_pid4706.23cc793.hprof.gz 4.52MB 2014-10-08 06:09:59 UTC

show endpoint Command

Command Syntax
show [tenant {<tenant-name> | all} [segment {<Segment Name> | all}]] [switch {<switch-name> | all}
[interface {<interface-name> | all}] | interface-group <interface-group-name>]
endpoint [ details | incomplete | [mac <MAC> | ip <endpoint-ip-address> | <endpoint-name>] [security-
group]}

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 209

Big Cloud Fabric CLI Reference Guide

Command Description
Use the show endpoint command to display the endpoints statically configured and learned by the controller. An endpoint
is a server or other host attached to a fabric switch that has been registered on the controller using its MAC address.
Optionally, the IP address and attachment point of the endpoint can also be registered.

Note: Endpoints associated with Switch Light Virtual instances are not aged out over time. These endpoints are managed by
Openstack orchestration and Big Cloud Fabric plugins. In contrast, endpoints connected to physical switches that are
dynamically discovered are aged out when inactive.

Next Keyword Descriptions

tenant <tenant-name> | all: Display information about endpoints for the specified tenant or all tenants.
segment <segment-name> | all: Display information about endpoints for the specified segment or all segments.
switch <switch-name> | all: Display information about endpoints connected to the specified switch or all switches.
interface <interface-name> | all: Display information about endpoints connected to the specified interface or all interfaces.
interface-group <interface-group-name>: Display information about endpoints using the specified VLAN.
endpoint: Display information about a specific endpoint, identified by one of the following:
mac <mac>: Display information about the endpoint with the specified MAC address.
ip <ip-address>: Display information about the endpoint with the specified IP address.
<endpoint-name>: Display information about the endpoint with the specified name.
incomplete: Display information about incomplete endpoints.
details: Display detailed information about incomplete endpoints.
security-group: Display endpoint security group information.

Command Examples
The following command displays information about all endpoints on all segments in the Red tenant:
controller-1> show endpoint
# Tenant Segment Name MAC IP IP State Attach
Point AP State VLAN State
--|---------|--------------|--------------|-----------------|-------------|--------|--------------------
---|--------|--------|--------------------|
1 internal commercial don.en4 3c:07:54:4a:d6:77 10.192.19.109 learned t5-com-
leaf1|ethernet3 learned untagged Active
2 internal eng srini 40:6c:8f:4a:97:7d unknown Unknown
unknown untagged Attach Point Unknown
3 internal eng 68:5b:35:cd:8f:a4 10.192.18.163 learned t5-eng-leaf2|ethernet4 learned
untagged Active
4 internal eng kenc.en0 3c:07:54:33:ca:79 10.192.18.129 learned t5-eng-
leaf1|ethernet20 learned untagged Active
5 internal eng jt.en0 78:31:c1:c1:22:20 unknown Unknown
unknown untagged Attach Point Unknown
6 internal eng kranti.en4 68:5b:35:8a:a0:3b unknown Unknown
unknown untagged Attach Point Unknown
. . . <snip> . . .

show endpoint-manager incomplete Command

Note: The show endpoint-manager incomplete command has been changed to show debug endpoint-manager incomplete.

210 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

show environment Command

Command Syntax
show environment

Command Mode
Login mode

Command Description
Use the show environment command to display the current values of the controller environmental variables, such as
temperature, and fan status.

Command Examples
The following command displays the current values of the controller environmental variables:
controller-1> Environment value
--|-------------------|----------|
1 Ambient Temperature 26 Celsius
2 CPU Temperature 48 Celsius
3 Fan 1A 2160 RPM
4 Fan 1B 2160 RPM
5 Fan 2A 1680 RPM
6 Fan 2B 1560 RPM
7 Fan 3A 1680 RPM
8 Fan 3B 1560 RPM
9 Fan 4A 1680 RPM
10 Fan 4B 1560 RPM
11 Fan 5A 1680 RPM
12 Fan 5B 1560 RPM
13 Platform Dell320
14 Serial Number 8V0QZ12

show fabric connected-devices Command

Command Syntax
show fabric connected-devices [switch <switch-name> [interface <interface-name>]] [protocol {cdp | lldp
}]

Command Mode
Login mode

Command Description
Use the show fabric connected-devices command to display information about the devices discovered to be connected to
the fabric using LLDP and CDP. The output displays the MAC address of each connected interface as a separate device.

Next Keyword Descriptions

switch <switch-name>: Discover the devices connected to a specific fabric switch.
interface <interface-name>: Discover the devices connected to a specific fabric switch edge port.
protocol {cdp | lldp }: Specify the protocol to use for discovering the connected devices.

Command Examples
controller-1> show fabric connected-devices
# Switch Interface Interface group Device Name Chassis ID Port ID
--|--------|----------|------------------------------------|----------------------------|-----------------|-----------------|

Big Switch Networks Confidential © Big Switch Networks 211

Big Cloud Fabric CLI Reference Guide

1 leaf1-a ethernet17 arista-7050.qa.bigswitch.com 00:1c:73:1b:e0:4c Ethernet49

2 leaf1-a ethernet18 arista-7050.qa.bigswitch.com 00:1c:73:1b:e0:4c Ethernet50
3 leaf1-a ethernet28 cisco-1-28-29-leaf1a1beth28-1 cisco-2(FOC1545R06Q) Ethernet1/28
4 leaf1-a ethernet30 arista-7050.qa.bigswitch.com 00:1c:73:1b:e0:4c Ethernet28
5 leaf1-a ethernet34 esx-20.qa.bigswitch.com vmnic2 00:50:56:5f:08:d5
6 leaf1-a ethernet44 00:0e:1e:8f:2e:50 00:0e:1e:8f:2e:50
<<snip>>

show fabric Command

Command Syntax
show fabric [inventory | switch redundancy | summary]

Command Mode
Login mode

Command Description
Use the show fabric command to display information about the status of the switched fabric.

Next Keyword Descriptions

inventory: Display a list of fabric devices.
switch redundancy: Display information regarding the redundancy of the switch fabric.
summary: Display a summary view of the fabric status.

Command Examples
The following command displays information about the status of the switched fabric.
controller-1# show fabric
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fabric Status ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overall Status : NOT OK
QoS Status : Enabled
GTP Hash Status : Disabled
# of errors : 13
# of warnings : 12
# of controller nodes : 2
# of spines configured : 2
# of spines connected : 2
# of leaves configured : 4
# of leaves connected : 4
# of vswitches connected : 2
# of leaf-groups configured : 2
# of interface-groups configured : 3
# of bidirectional spine to leaf links : 8
# of bidirectional links between switches in same leaf group : 3
# of bidirectional links between leaf and virtual switches : 4
# of edge interfaces : 8
# of tenants : 9
# of segments : 10
# of active endpoints : 0
# of inactive endpoints : 6
# of inactive member rules : 14
# of blocked endpoints : 0
# of active NAT profiles : 0
# of sflow collectors configured : 4
# of span-local sessions configured : 2
# of span-fabric sessions configured : 3
# of logical-router interface segments configured : 8
kranti-hw-c1(config)# show fabric error
~ Switches that are not connected to standby controller ~
# Switch Name Switch MAC Address
-|-----------|------------------|

212 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

1 rack2-ivs2 54:9f:35:1b:dd:64
2 rack2-ivs1 d4:ae:52:d0:0f:84

~ Switches that do not have management address configured ~

None.

~ Switches with mismatched CPLD ~

None.

~ Switches with mismatched loader ~

None.

~ Switches that are disconnected but have not been removed from the fabric ~
None.

~ Suspended switches ~
None.

~ Runtime lags with member count greater than maximum supported count(128) ~
None.

~ Invalid links ~
None.

~~~~~~~~~~~~~~~~~~~~~~~~~~~ Missing links ~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Switch Name Switch Name Description
-|-----------|-----------|-------------------------------------------|
1 leaf1-a leaf1-b Link between leaf switches missing in rack1

~ Interfaces whose breakout property was enabled by user but are breakout incapable ~
None.

~ Interfaces configured with bpdu-guard-disable but shut down because of no links to peer switch ~
# Switch name Interface name
--|-----------|--------------|
1 leaf1-a ethernet12
2 leaf1-a ethernet14
3 leaf1-a ethernet16
4 leaf1-a ethernet46
5 leaf1-b ethernet12
6 leaf1-b ethernet14
7 leaf1-b ethernet16
8 leaf1-b ethernet46
9 leaf1-b ethernet48
10 leaf2-a ethernet24

controller-1> show fabric warning incomplete-bpdu-guard-disabled-interface-group

~ Interface-groups with only subset of member switch-interfaces configured with BPDU-guard disable ~
# Interface-group Name Switch Interface BPDU-guard disable configured
-|---------------|-------|----------|-----------------------------|
1 leaf2a-2b-eth32 leaf2-a ethernet32 True
2 leaf2a-2b-eth32 leaf2-b ethernet32 False

kranti-hw-c1(config-switch-if)# show fabric warning

~ Switch interfaces that are not configured in an interface group ~
# Leaf Group Switch Name Interface Name
--|----------|-----------|--------------|
1 rack1 leaf1-a ethernet24
2 rack1 leaf1-a ethernet26
3 rack1 leaf1-a ethernet32
4 rack1 leaf1-a ethernet36
5 rack1 leaf1-a ethernet37
6 rack1 leaf1-a ethernet39
7 rack1 leaf1-a ethernet40
8 rack1 leaf1-b ethernet24
9 rack1 leaf1-b ethernet28
10 rack1 leaf1-b ethernet32
11 rack2 leaf2-a ethernet20
12 rack2 leaf2-a ethernet28
13 rack2 leaf2-b ethernet20
14 rack2 leaf2-b ethernet24

Big Switch Networks Confidential © Big Switch Networks 213

Big Cloud Fabric CLI Reference Guide

15 rack2 leaf2-b ethernet26

~ Spine switch interfaces with no links discovered on them ~

None.

~ Interface group member interfaces that are not in a forwarding state ~

None.

~ Controllers with non-redundant inband connection ~

None.

~ Switches with mismatched ONIE ~

None.

~ Incomplete or inactive member rules ~

None.

~ Incomplete or inactive endpoints ~

None.

~ Inband segment ports without endpoints ~

None

show fabric error Command

Command Syntax
show fabric error { bpdu-guard-disabled-shutdown-interfaces | breakout-failed-interfaces | invalid-links
| missing-links | pending-disconnect-switches | suspended-switches | switch-interface-shutdown |
switch-not-connected-to-standby | switch-with-mismatched-cpld | switch-with-mismatched-loader | switch-
without-management-address }

Command Mode
Login mode

Command Description
Use the show fabric error command to display detailed information about errors occurring in the switched fabric. All errors
related to the topology currently discovered by Fabric Manager are placed under this container node.

Next Keyword Descriptions

bpdu-guard-disabled-shutdown-interfaces
breakout-failed-interfaces: Lists failed interface configured with a breakout cable, which splits a single 40 GbE port into four
10 GbE ports.
invalid-links: A link between two switches that should not be detected. For example, a link between leaf switches in
different leaf groups is an invalid link. This is typically due to a wiring error.
missing-links: A link between a pair of switches indicates that there was no link detected between those switches. For
example, for redundant operation under failure scenarios, the peer link between leaf switches in the same leaf group
should be up and running. If the peer link is missing, this is flagged as a missing link.
pending-disconnect-switches: When a switch disconnects from the controller, the forwarding state for this switch is
evaluated to determine if it should be removed or not depending on whether the minimum number of connected switches
exists, as follows:
suspended-switches: Possibly no configuration exists for the switch or an invalid image is running on the switch.
switch-interface-shutdown: List of switch interfaces that are shut down by controller due to errors.
switch-not-connected-to-standby: List of switches that are not connected to the standby controller.

214 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

switch-with-mismatched-cpld: List switches where the CPLD running on the switch does not match the version packaged
with the Switch Light OS image.
switch-with-mismatched-loader: List switches where the Loader running on the switch does not match the version
packaged with the Switch Light OS image.
switch-without-management-address: List of switches that do not have IPv4 management address configured.

Command Examples
The following command lists all the errors in the switched fabric:
controller-1> show fabric error
~ Switches that are disconnected but have not been removed from the fabric ~
None.
~ Suspended switches ~
None.
~ Invalid links ~
None.
~~~~~~~~~~~~~~~~~~~ Missing links ~~~~~~~~~~~~~~~~~~~
# Switch Name Switch Name Description
-|-----------|------------|--------------------------|
1 t5-spine1 t5-com-leaf1 Spine to leaf link missing
2 t5-spine1 t5-eng-leaf2 Spine to leaf link missing
3 t5-spine1 t5-com-leaf2 Spine to leaf link missing
. . . <snip> . . .

If BPDU Guard is disabled and one or more ports are shut down because there is no link to a peer switch, the affected
interfaces are shown, as in the following example:
controller-1> show fabric error
~ Switches that are not connected to standby controller ~
# Switch Name Switch MAC Address
-|-----------|------------------|
1 rack2-ivs2 54:9f:35:1b:dd:64
. . .<snip> . . .

~ Interfaces configured with bpdu-guard-disable but shut down because of no links to peer switch ~
# Switch name Interface name
--|-----------|--------------|
1 leaf1-a ethernet12
2 leaf1-a ethernet14
3 leaf1-a ethernet16
4 leaf1-a ethernet46
5 leaf1-b ethernet12
6 leaf1-b ethernet14
7 leaf1-b ethernet16
8 leaf1-b ethernet46
9 leaf1-b ethernet48
10 leaf2-a ethernet24
controller-1>

show fabric warning

error-threshold-member-count-exceeded-lag: List of LAGs whose member port count has exceeded the maximum number
of LAG members supported by the switches in the BCF Fabric.
incomplete-bpdu-guard-disabled-interface-group Interface-groups with only subset of member switch-interfaces
configured with BPDU-guard disable
leaf-interface-with-no-interface-group-config Display all leaf switch interfaces that are not configured to be in an interface
group

• If a leaf-switch-a disconnects from the controller and leaf-switch-b in the same leaf group is still connected to the
controller, then leaf-switch-a forwarding state is removed. Otherwise, the leaf-switch-a forwarding state is not
removed and is kept intact.

Big Switch Networks Confidential © Big Switch Networks 215

Big Cloud Fabric CLI Reference Guide

• If spine-switch-x disconnects from the controller and at least 50% of the configured spine switches are still connected,
then the spine-switch-x forwarding state is removed. Otherwise, the spine-switch-x forwarding state is not removed
and is kept intact.
single-inband-connected-controller: Display controllers that do not have redundant inband connections
spine-interface-with-no-link: Display all spine switch interfaces on which no links are discovered

show fabric gtp-hash

Command Syntax
show fabric gtp-hash

Command Mode
Login mode

Command Description
Use the show fabric gtp-hash command to display information about the generic tunneling protocol (GTP) hash feature.

Command Examples
controller-1> show fabric gtp-hash
Gtp hash status
---------------|
Disabled

show fabric ipam switch Command

Command Syntax
show fabric ipam switch [<Switch name>] [details]

Command Mode
Login mode

Command Description
Use the show fabric ipam switch command to display information about the automatic assignment of IPv4 addresses to
fabric switches through the IP address management (IPAM) feature, which is used to assign IPv4 addresses to switches,
which are required for connecting to servers, such as syslog, that may not support IPv6.

Command Examples
controller-1> show fabric ipam switch
Start : 10.8.67.200
End : 10.8.67.245
Count : 46
Used : 5
~ Allocated IP Addresses ~
# Ip Switch
-|-----------|-------|
1 10.8.67.200 spine0
2 10.8.67.201 leaf0-a
3 10.8.67.202 spine1
4 10.8.67.203 leaf0-b
5 10.8.67.204 leaf1-a
controller-1>

216 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

show fabric warning Command

Command Syntax
show fabric warning [ disabled-interface-group-interface | incomplete-applied-policy | incomplete-bpdu-
guard-disabled-interface-group [interface-group <interface-group-name>] | incomplete-dynamic-route-next-
hop-member | incomplete-endpoint | incomplete-floating-ip | incomplete-inband-port | incomplete-member-
rule | incomplete-nat-profile | incomplete-next-hop-group-member | incomplete-pat-profile | incomplete-
policy-list | incomplete-route | incomplete-segment-interface | leaf-interface-with-no-interface-group-
config | single-inband-connected-controller | spine-interface-with-no-link | switch-with-mismatched-onie
]

Command Mode
Login mode

Command Description
Use the show fabric warning command to display warnings about questionable conditions in the switched fabric, such as
interfaces on leaf switches that are not assigned to interface groups, or spine interfaces that are not connected to other
switches.

Next Keyword Descriptions

disabled-interface-group-interface: Interface group interfaces that are currently not in a forwarding state. Causes may
include the following:
• Switch is not connected to the controller.
• Switch configuration is missing for the switch-interface switch name.
• Interface is not connected to the switch.
• LACP failed to converge on the interface of an LACP interface group.

incomplete-applied-policy: Incomplete applied policy rule table.

incomplete-bpdu-guard-disabled-interface-group [interface-group <port-grou-name>: Interface-groups with only a subset
of the member switch-interfaces configured with BPDU-guard disable. Use the optional interface-group keyword and
replace <interface-group-name> to specify an interface group.
incomplete-dynamic-route-next-hop-member: Incomplete dynamic route next hop group table.
incomplete-endpoint: Incomplete or inactive endpoints.
incomplete-floating-ip: Incomplete or inactive floating IPs.
incomplete-inband-port: Inband segment ports without endpoints.
incomplete-member-rule: Incomplete or inactive member rules.
incomplete-nat-profile: Incomplete or inactive NAT profiles.
incomplete-next-hop-group-member: Incomplete nex hop group table.
incomplete-pat-profile: Incomplete or inactive PAT profiles.
incomplete-policy-list: Incomplete policy list applied to logical router.
incomplete-route: Incomplete route table.
incomplete-segment-interface: Incomplete segment interface state table.
incomplete-tenant-interface: Incomplete tenant interface state table.

Big Switch Networks Confidential © Big Switch Networks 217

Big Cloud Fabric CLI Reference Guide

leaf-interface-with-no-interface-group-config: Interfaces that are not configured to be part of an interface group. The
recommended practice is for the leaf switch interfaces to be configured to be part of an interface group that provides for
load-balancing and failover capabilities for the end hosts connected to these interfaces.
single-inband-connected-controller: The list of controllers that are connected to only one of the switches in the fabric and
hence have no redundant switch connections.
spine-interface-with-no-link: Interfaces on spine switches that are not connected to other switches.
switch-with-mismatched-onie: List switches where the ONIE running on the switch does not match the version packaged
with the Switch Light OS image.

Command Examples
controller-1> show fabric warning
~ Switch interfaces that are not configured in an interface group ~
# Leaf Group Switch Name Interface Name
--|----------|-----------|--------------|
1 rack1 leaf1-a ethernet24
2 rack1 leaf1-a ethernet26
3 rack1 leaf1-a ethernet32
4 rack1 leaf1-a ethernet36
5 rack1 leaf1-a ethernet37
6 rack1 leaf1-a ethernet39
7 rack1 leaf1-a ethernet40
8 rack1 leaf1-b ethernet24
9 rack1 leaf1-b ethernet28
10 rack1 leaf1-b ethernet32
11 rack2 leaf2-a ethernet20
12 rack2 leaf2-a ethernet28
13 rack2 leaf2-b ethernet20
14 rack2 leaf2-b ethernet24
15 rack2 leaf2-b ethernet26

~ Spine switch interfaces with no links discovered on them ~

None.

~ Interface group member interfaces that are not in a forwarding state ~

None.

~ Controllers with non-redundant inband connection ~

None.

~ Switches with mismatched ONIE ~

None.

~ Incomplete or inactive member rules ~

None.

~ Incomplete or inactive endpoints ~

None.

~ Inband segment ports without endpoints ~

None.

~ Incomplete or inactive NAT profiles ~

None.

~ Incomplete or inactive PAT profiles ~

None.

~ Incomplete or inactive floating IPs ~

None.

The following command displays information about any interface group with one or more member interfaces configured
with bpdu-guard-disable, while one or more member interfaces are not configured with bpdu-guard-disable:
controller-1> show fabric warning incomplete-bpdu-guard-disabled-interface-group
~ Interface-groups with only subset of member interfaces with bpdu-guard-disable ~

218 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

# Interface-group Name Switch Interface BPDU-guard disable configured

-|---------------|-------|----------|-----------------------------|
1 leaf2a-2b-eth32 leaf2-b ethernet32 False
2 leaf2a-2b-eth32 leaf2-a ethernet32 True
controller-1#

show file Command

Command Syntax
show file [<file-name>

Command Mode
Login mode

Command Description
Use the show file command to list the contents of the user file repository on the controller. To save CLI outputs to a file, use
the greater than character (>) to direct the output of any show command to a file. You can then view the file information
about the saved files using the show file command.

Next Keyword Descriptions

<file-name: Filename where CLI output or other user-generated information has been saved in the controller local file
repository.

Command Examples
controller-1(config)# show fabric > fabric-june9
controller-1(config)# show file
# Name Size Created
-|------------|----|------------------------|
1 fabric-june9 1302 Sun Jun 8 22:04:54 2014
controller-1(config)#

show forwarding Command

Command Syntax
show forwarding [sync-state | dhcp-table | dhcp-vrf-table | ecmp-table | ep-table | arp-table | icmpv6-
neighbor-table | icmpv6-external-router-table | icmpv6-ra-table | icmpv6-prefix-table | router-ip-table
| my-station-table | vxlan-table | vxlan-vfi-table | vxlan-replication-table | vxlan-local-vtep-table |
vxlan-vfi-membership-table | vxlan-access-vp-table | vxlan-network-vp-table | vxlan-vni-vlan-mapping-
table | gtp-hash-table | lag-member-auto-add-table | l3-host-table | l3-cidr-table | qos-queue-weight-
table | priority-queue-table | ecap-table | icap-table {spine | leaf} | icmp-agent-table | arp-cache-
table | arp-vlan-reply-table | arp-disable-src-check-table | mcast-timer-table | mcast-vlan-table |
priority-pcp-table | dscp-priority-table]

Command Mode
Login mode

Command Description
Use the show forwarding command to display fabric-wide information, including ARP, DHCP, endpoint, QoS, and policy
tables. Use the show forwarding internal command to display the Internal forwarding tables.

Note: The Port Num column heading refers to a logical port, not a physical interface.

Big Switch Networks Confidential © Big Switch Networks 219

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

arp-cache-table: Display a table showing ARP entry cached in IVS (virtual switch). The arp-cache table includes information
about VLANs and IP to MAC address mapping.
arp-disable-src-check-table: Display a table showing ARP entries with disabled source check.
arp-table: Display the Address Resolution Protocol (ARP) table, showing the mapping discovered between MAC addresses
and IP addresses forwarding traffic in the fabric.
arp-vlan-reply-table: Display a table showing VLAN replies to ARP message.
dhcp-table: List the segments where Dynamic Host Control Protocol (DHCP) relay is enabled and the destination address
configured for the DHCP server.
dhcp-vrf-table: Display a table showing the mapping from VLANs to VRF.
ecap-table: Display the egress policy table.
ecmp-table: Display the Equal Cost Multiple Path (ECMP) table, including IP addresses assigned as members of an ECMP
group in the fabric.
ep-table: Display a list of the endpoints in the fabric.
gtp-hash-table: Display a table showing whether GTP hash is enabled.
icap-table spine | leaf: Display the ingress policy table for all spine switches or all leaf switches in the fabric. Use the
optional spine or leaf keyword to limit the display to switches assigned either role.
icmp-agent-table: Display a table showing the mapping between system VLAN, IP address and destination VLAN and subnet.
This applies only to leaf switches in response to ICMP requests.
internal: Display the Internal forwarding tables. Display a specific internal table by using one of the following optional
keywords:
• activated-vlan-table: Display a table of activated VLANs in the fabric.
• global-info: Display a table of global information.
• lag-mcast-mapping: Display a table of multicast addresses mapped to link aggregation groups (LAGs).
• mcast-info Display a table of multicast information.
• tenant-to-vrf-table: Display a table showing tenants and the assigned VRF instance identifiers.
• vfilag-vxlanaccessvp-mapping: Display a table of information about vfilag.
l3-cidr-table: List Layer 3 hosts, including IP addresses and subnet masks.
l3-host-table: List Layer 3 hosts, including IP addresses.
lag-member-auto-add-table:
mcast-timer-table: Display a table showing multicast timer configuration.
mcast-vlan-table: Display a table showing VLAN multicast configuration.
my-station-table: Display information about the local controller node.
priority-pfc-table: List Priority Flow Control (PFC) entries.
priority-queue-table: List QoS internal priority-to-queue mapping.
qos-queue-weight-table: List QoS queue-to-weight mapping.
router-ip-table: Display IP addresses from all tenant logical routers.
sync-state: List the VFT synchronization state of all switches.
vxlan-access-vp-table: Display the vxlan-access-vp table.
vxlan-local-vtep-table: Display the vxlan-local-vtep- table.

220 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

vxlan-network-vp-table: Display the vxlan-network-vp table.

vxlan-replication-table: Display the vxlan-replication table.
vxlan-table: Display the vxlan table.
vxlan-vfi-membershp-table: Display the vxlan-vfi-membershp table.
vxlan-vfi-table: Display the vxlan-vfi table.
vxlan-vni-vlan-mapping-table: Dis Display the vxlan-vni-vlan-mapping table.

Command Examples
The following command displays the DCHP table for the fabric:
controller-1> show forwarding dhcp-table
# VLAN Id Router IP Router MAC DHCP Server IP Circuit Id
-|-------|-----------|-----------------|--------------|----------|
1 11 10.192.18.1 5c:16:c7:01:00:02 10.192.3.1
2 15 10.192.20.1 5c:16:c7:01:00:04 10.192.3.1
3 10 10.192.19.1 5c:16:c7:01:00:02 10.192.3.1

The following command displays the endpoint table for the fabric:
controller-1> show forwarding ep-table
# VLAN Id MAC address rack id Rack LAG Id Interface Group LAG Id
--|-------|-----------------|--------|-----------|-----------------|
1 10 3c:07:54:4a:d6:77 com-rack 90 100
2 11 08:00:27:9d:7b:f4 eng-rack 102 116
3 11 10:dd:b1:b0:44:fa eng-rack 102 137
. . . <snip> . . .

The following command displays the ARP table for the fabric:
controller-1> show forwarding arp-table
# VLAN Id IP Address MAC Address Idle Timeout Broadcast Query Timeout Unicast Query Timeout
--|-------|-------------|-----------------|------------|-----------------------|---------------------|
1 2 10.192.16.1 00:1c:73:17:bf:dc 300000 255000 240000
2 3 10.192.16.5 00:1c:73:17:bf:dc 300000 255000 240000
3 4 10.192.16.9 00:1c:73:17:bf:dc 300000 255000 240000
. . . <snip> . . .

The following command displays the contents of all internal tables.

controller-1# show forwarding internal
~ Tenant-to-vrf-mappings ~
# Tenant Name VRF Id
-|-----------|------|
1 Red 1
2 system 1023

span-name-to-id-mapping
<. . . snip . . .>show

show forwarding switch Command

Command Syntax
show forwarding switch {<switch-name>} [l2-table | l2-flood-table | port-table | port-source-miss-
override-table | port-breakout-table | port-bpdu-guard-table | port-storm-control-table | port-mcast-
table | port-vxlan-table | vxlan-dcbx-vfp-table | lag-table | vlan-table | vlan-member-table | vlan-
xlate-table | vlan-xlate-gen-table | egr-vlan-xlate-table | l3-host-table | l3-cidr-table | vcap-table |
ecap-table | vrf-index-table | tenant-index-table | icap-table | debug-table | ecmp-table | span-table |
ingress-mirror-table | egress-mirror-table | lacp-table | nat-table | floating-ip-table | reverse-
floating-ip-table | arp-reply-table | arp-offload-table | sflow-sampler-table | sflow-collector-table |
lag-name-id-table | arp-table | icmpv6-neighbor-table | icmpv6-external-router-table | icmpv6-ra-table |
icmpv6-prefix-table | pim-expectation-table | igmp-general-query-packet-table | igmp-report-expectation-
table | igmp-report-packet-table | mcast-rx-port-table | mcast-tx-port-table | ip-mcast-table | mcast-

Big Switch Networks Confidential © Big Switch Networks 221

Big Cloud Fabric CLI Reference Guide

replication-table | vlan-refcnt-table | port-qos-table | arp-cache-table | arp-vlan-reply-table | arp-

disable-src-check-table | dhcp-table | dhcp-vrf-table | gtp-hash-table | icmp-agent-table | mcast-timer-
table | mcast-vlan-table | my-station-table | priority-pcp-table | dscp-priority-table | priority-queue-
table | qos-queue-weight-table | router-ip-table | vxlan-local-vtep-table]

Command Mode
Login mode

Command Description
Use the show forwarding switch command to display information about the specified switch, including Link Access Group
(LAG), routing, and VLAN tables.

Note: In the command output, Port Num refers to logical a port number assigned by the controller, not an actual port on
the physical switch.

Next Keyword Descriptions

<switch name>: Name of the switch as configured on the controller.
arp-offload-table: Display a table showing ARP offload entry for the floating IP.
arp-reply-table: Display a table showing ARP reply for floating IP.
arp-table: Display a table showing discovered ARP information.
arp-vlan-reply: Display the arp-vlan-reply table.
debug-table: Debug information.
dhcp-table: Dynamic Host Control Protocol (DHCP) entries.
dhcp-vrf-table: Display the dhcp-vrf table.
ecap-table: Information about the egress access policy.
ecmp-table: Information about Equal Cost Multiple Path (ECMP) groups configured.
egr-vlan-xlate-table: Mapping between VLAN IDs configured on the hosts, seen by the controller on fabric switch egress
ports, and the internal VLAN IDs assigned by the controller to segments within each tenant.
egress-mirror-table: Information about port mirroring on egress ports, set up using the fabric span and fabric local
commands.
floating-ip-table: Display a table showing floating IP entries.
icap-table: Information about ingress access policy.
icmp-agent-table: Display the icmp-agent table.
igmp-general-query-expectation-table: Display a table showing multicast general query expectation.
igmp-general-query-packet-table: Display a table showing multicast general query packets.
igmp-report-expectation-table: Display a table showing multicast report expectation.
igmp-report-packet-table: Display a table showing multicast report packets.
ingress-mirror-table: Information about port mirroring on ingress ports, set up using the fabric span or fabric local
commands.
ip-mcast-table: Display a table showing multicast group and replication table mapping.
l2-flood-table: Layer 2 switch flooding table.

222 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

l2-table: Layer 2 switch table.

l3-cidr-table: Information about routes to hosts, including IP addresses and subnet masks.
l3-host-table: Information about routes to hosts, including IP addresses.
lacp-table: Information about Link Access Control Protocol (LACP) on hosts connected to the switch.
lag-name-id-table: List switch LAG name to SPAN class id mapping.
lag-table: Information about Link Access Groups (LAGs).
mcast-vlan-table: Display multicast addresses mapped to VLANs.
mcast-replication-table: Display multicast replication table.
mcast-rx-port-table: Display a table showing multicast receiving ports.
mcast-tx-port-table: Display a table showing multicast transmit ports.
my-station-table: Display the my-station table.
nat-table: Display a table showing NAT entries.
pim-expectation-table: Display a table showing PIM expectation,
port-bpdu-guard-table: Display a table showing ports with BPDU guard,
port-breakout-table: Display a table showing ports in breakout mode.
port-dcbx-table: Display a table showing ports that have completed DCBX negotiation.
port-mcast-table: Display a table showing ports with IGMP enabled.
port-source-miss-override-table: Display the port-source-miss-override table.
port-storm-control-table: Display a table showing port configuration for storm control.
port-table: Information about interfaces on the specified switch.
port-vlan-table: Information about interface and vlan on the specified switch.
port-vxlan-table: Display a table showing recirculation ports.
priority-pcp-table: Display the priority-pcp table.
priority-queue-table: Display the priority-queue table.
qos-queue-weight table: Display a table showing the assignment of weights to user-configurable queues.
reverse-floating-ip-table: Display a table showing reverse floating IP entries.
router-ip-table: Display the router-ip table.
sflow-collector-table: Display a table showing sflow collector information.
sflow-sampler-table: Display a table showing port sflow samples.
span-table: Information about port mirroring, set up using the span local or span fabric commands.
tenant-index-table: Information about tenant reference count for the port member belonging to this tenant on the
specified virtual switch.
vcap-table: Information about VLAN (segment) access policy.
vlan-member-table: Information about members assigned to each VLAN.
vlan-refcnt-table: Information about vlan member reference count on the specified virtual switch (Vlan Member Reference
Count Table).

Big Switch Networks Confidential © Big Switch Networks 223

Big Cloud Fabric CLI Reference Guide

vlan-table: Information about VLANs.

vlan-xlate-gen-table: Display the vlan-xlate-gen table.
vlan-xlate-table: Mapping between VLAN IDs configured on the hosts and the internal VLAN IDs assigned by the controller
to segments within each tenant.
vrf-index-table: Information about the VRF reference count for the port member belonging to this tenant router on the
specified virtual switch.
vxlan-dcbx-vfp-table: Display the vxlan-dcbx-vfp table.
vxlan-local-vtep-table: Display the vxlan-local-vtep table.

Command Examples
The following command displays forwarding information about switch dt-leaf1a:
controller-1> show forwarding switch dt-leaf1a
~~~~~~~~~~~~~~~~~~ Switches ~~~~~~~~~~~~~~~~~~
# Switch Name Leaf Group Switch Id Switch Type
-|-----------|----------|---------|-----------|
1 dt-leaf1a rack1 dt-leaf1a 1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ecmp-switch-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Switch Id ecmp group id VLAN Id Source MAC Address Destination MAC Address Out Port Type Out LAG
-|---------|-------------|-------|------------------|-----------------------|-------------|-------|
1 dt-leaf1a 16777505 6 5c:16:c7:01:00:12 00:1c:73:00:00:99 LAG 89

~~~~~~~~~~~~~~~~~~~~~~~ Ecap-switch-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~

# Switch Id vlan id egr interface group id l3 intf class id l3 intf class id mask drop
-|---------|-------|-----------------|----------------|---------------------|----|
1 dt-leaf1a 4094 0 0 1 True

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ L3-cidr-route-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Switch Id Default VRF Id IP Address Subnet Mask Source MAC Address Destination MAC Address VLAN Id Copy To CPU Drop ECMP Group Id Port Type LAG Id
--|---------|--------------|-----------|---------------|------------------|-----------------------|-------|-----------|-----|-------------|---------|------|
1 dt-leaf1a 21 10.254.2.0 255.255.255.0 0 True True 0 -1
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~ Lag-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id lag id LAG Name Time Stamp Port Num
--|---------|------|------------------------------------|----------|--------|
1 dt-leaf1a 81 spine 5518 49, 51
<snip>
~ Ingress-mirror-tables of Switch Names ~
# Switch Id port num SPAN Session Id
-|---------|--------|---------------|
1 dt-leaf1a 1 33554433
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vlan-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id vlan id number-tagged-ports number-untagged-ports Default VRF L3 Class Id
--|---------|-------|-------------------|---------------------|-----------|-----------|
1 dt-leaf1a 2 4 2 23 3
<snip>
~~~~~~~ Vlan-member-tables of Switch Names ~~~~~~~
# Switch Id vlan id tagged-ports untagged-ports
--|---------|-------|--------------|--------------|
1 dt-leaf1a 2 47, 48, 49, 51 6, 7
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Icap-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id vlan id vrf l3 intf class id l3 src class id src ip dst ip ip proto tp src tp dst priority ecmp group id drop new dmac new smac new vlan New LAG Id log
-|---------|-------|---|----------------|---------------|---------|---------|--------|------|------|--------|-------------|-----|--------|--------|--------|----------|-----|
1 dt-leaf1a 0 18 0 0 0.0.0.0/0 0.0.0.0/0 0 0 0 14989 0 False 0 0 False
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lacp-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id Port Id LACP Port Number System MAC Address System Priority Port Priority Port Key LACP Enabled
-|---------|-------|----------------|------------------|---------------|-------------|--------|------------|
1 dt-leaf1a 1 5c:16:c7:02:00:01 32768 32768 1 1

~~~~~~~~~~~~ L2-flood-tables of Switch Names ~~~~~~~~~~~~

# Switch Id ingress lag id Egress LAG Id

224 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

-|---------|--------------|-----------------------------|
1 dt-leaf1a -1 82, 83, 89, 90, 182, 205, 223
<snip>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Port-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Switch Id port num Vlan Id LAG Id port-type VlanXlate Group Id Is Source Mac Check Disabled Is ARP Offload Enabled Id DHCP Offload Enabled packet-of-death-enabled Is AutoNeg
Enabled
-|---------|--------|-------|------|---------|------------------|----------------------------|----------------------|-----------------------|-----------------------|--------------
1 dt-leaf1a 1 6 89 EDGE 1 False True True False False
<snip>
~~~~~~~~~~~~~~~~~~~~ L2-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~
# Switch Id VLAN Id MAC Address Port Num Port Type Priority
--|---------|-------|-----------------|--------|---------|--------|
1 dt-leaf1a 2 00:21:b7:8a:57:d5 92 LAG 0
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vcap-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id smac smac mask dmac dmac mask vrf l3 intf class id src class id
-|---------|-----------------|-----------------|-----------------|-----------------|---|----------------|------------|
1 dt-leaf1a 5c:16:c7:01:03:ff ff:ff:ff:ff:ff:ff 5c:16:c7:01:00:17 ff:ff:ff:ff:ff:ff 23 3 1023
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ L3-host-route-tables of Switch Names ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch Id Default VRF IP Address Source MAC Address Destination MAC Address VLAN Id Copy To CPU Drop ecmp index Port Type LAG Id
--|---------|-----------|-----------|------------------|-----------------------|-------|-----------|-----|----------|---------|------|
1 dt-leaf1a 23 10.1.10.25 5c:16:c7:01:00:17 10:dd:b1:b8:85:48 2 False False LAG 92
<snip>

show group Command

Command Syntax
show group [<name> [details]]

Command Mode
Login mode

Command Description
Use the show group command to display information about groups that can be used for associating permissions and user
accounts. Permissions can only be assigned to groups, not to individual accounts. Individual accounts inherit the
permissions of any group with which they are associated. Users assigned to the preconfigured admin group have full
administrative privileges. Read-only privileges are assigned to users associated with the read-only group.

Next Keyword Descriptions

name: Name of the group with which permissions and user accounts are associated.
details: Display additional details about the groups.

Command Examples
controller-1> show group
# Group name User(s)
-|----------|-----------------|
1 admin admin, alice, bob

show image Command

Command Syntax
show image [details]

Big Switch Networks Confidential © Big Switch Networks 225

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show image command to display information about the software images in the controller local image file
repository.

Next Keyword Descriptions

details: Display additional information about the image file.

show inband-port Command

Command Syntax
show inband-port

Command Mode
Login mode

Command Description
Use the show inband-port command to display information about the in-band management ports connecting the BCF
controllers to the vSwitches.

Command Examples
controller-1# show inband-port
# Type Leaf Group Interface Group MAC
-|----------|----------|---------------------------------|------------------------------|
1 v-switch rack0 tmk aa:b0:35:8f:e4:45
2 controller rack0 bsnctrl-2MTRC42-44-a8-42-1b-12-14 5c:16:c7:00:12:16 (Big Switch)
3 controller rack0 bsnctrl-2MWSC42-44-a8-42-1b-11-5c 5c:16:c7:00:11:5e (Big Switch)

show interface-group Command

Command Syntax
show {[tenant {<tenant-name> | all} [segment {<Segment Name> | all}]] [switch {<switch-name> | all}

[interface {<interface-name> | all}] | interface-group {all | <interface-group-name>}] endpoint [mac

<MAC> | ip {<endpoint-ip-address> | <endpoint-ip-address>} | ipv4 | ipv6 | name <endpoint-name>]}
details

Command Mode
Login mode

Command Description
Use the show interface-group command to display information about all interface groups in the fabric or about a specific
interface group. You can use the show tenant command to display information about interface groups in a specific tenant.

Next Keyword Descriptions

all: Display information about all the interface groups.
<interface-group-mode>: When using the all keyword, to identify the type of interface group, replace <interface-group-
mode> with one of the following:

226 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

• cdp: using Cisco Discovery Protocol.

• inter-pod: interconnecting separate fabrics.
• lacp: using Link Aggregation Control Protocol.
• lacp-auto-host: auto constructed interface-groups based on LACP.
• lldp: using Link Layer Discovery Protocol.
• span-fabric: Configured for use with Fabric SPAN.
• static: with members assigned statically.
• static-auto-controller-inband: auto constructed interface-group that contains members (switch-interfaces) connecting
to the controller.
• static-auto-host: Auto constructed interface-group based on LLDP/CDP.
• static-auto-vswitch-inband: Auto constructed interface group that contains members (switch-interfaces) connecting to
the server which hosts Switch Light Virtual.

counters: Display cumulative statistics regarding traffic forwarded on the interface group. Use the clear interface-group
<switch-name | all> counters command to reset the counters to zero.
members: Display information about member interfaces included in the interface group.
details: Display additional information about the specified objects. This option can be used with other keywords followed
immediately by a return.
<interface-group-name>: To display information about a specific interface group, replace <interface-group-name> with the
name of the interface group.
endpoint: When specifying the interface group name, use this keyword to display information about the associated
endpoints. To display information about a specific endpoint, follow this keyword with an identifier for the endpoint.
• mac <MAC>: When using the mac keyword, replace <MAC> with the MAC address of the endpoint.
• ip <endpoint-ip-address>: When using the ip keyword, replace <endpoint-ip-address> with the IP address of the
endpoint.
• <endpoint-name>: Replace <endpoint-name> with the name of the endpoint.

Command Examples
The following command displays summary information about all the interface groups in the fabric.
controller-1# show interface-group
# Name Mode Leaf Group State
-|------|--------------------------|----------|-----|
1 hv0 static-auto-vswitch-inband rack0 up
2 hv1 static-auto-vswitch-inband rack1 up
3 hv2 static-auto-vswitch-inband rack2 up
4 to-bm2 span-fabric rack1 up

The following command displays summary information about a specific interface group.
controller-1)# show interface-group esx-15.qa.bigswitch.com-BIGDVS1-lag1
# Name Mode Discovery Leaf Group State
-|------------------------------------|----|---------|----------|-----|
1 esx-15.qa.bigswitch.com-BIGDVS1-lag1 lacp lldp rack2 up

The following command displays detailed information about a specific interface group.
controller-1)# show interface-group esx-15.qa.bigswitch.com-BIGDVS1-lag1 details
# Name Mode Discovery Member Name Interface
Associated Switch Associated Interface Leaf Group Phy. State Op. State Member Down Reason Actor System
Priority Actor System Mac Actor Key Actor Port Number Actor Port Priority Actor State
Flags Partner System Priority Partner System Mac Partner Key Partner Port Number Partner Port
Priority Partner State Flags Member Type
---------------|-----------------------|-------------------------|-----------|-------------------|------
---------------|------------
1 esx-15.qa.bigswitch.com-BIGDVS1-lag1 lacp lldp host esx-15.qa.bigswitch.com vmnic3 leaf2-b
ethernet44 rack2 up up None 32768

Big Switch Networks Confidential © Big Switch Networks 227

Big Cloud Fabric CLI Reference Guide

5c:16:c7:02:8c:02 (Big Switch) 2 244 32768 A, T, G, S, C, D 65535

90:e2:ba:6e:fb:28 (Intel) 15 32771 255 G, S, C, D
2 esx-15.qa.bigswitch.com-BIGDVS1-lag1 lacp lldp host esx-15.qa.bigswitch.com vmnic2 leaf2-a
ethernet44 rack2 up up None 32768
5c:16:c7:02:8c:02 (Big Switch) 2 44 32768 A, T, G, S, C, D 65535
90:e2:ba:6e:fb:28 (Intel) 15 32770 255 G, S, C, D

The following command displays information about the members in a specific interface group.
controller-1)# show interface-group esx-15.qa.bigswitch.com-BIGDVS1-lag1 members
# Name Mode Discovery Member Name Interface
Associated Switch Associated Interface Member Type Phy. State Op. State Leaf Group Member Down Reason
-|------------------------------------|----|---------|------|-----------------------|---------|---------
--------|--------------------|-----------|----------|---------|----------|------------------|
1 esx-15.qa.bigswitch.com-BIGDVS1-lag1 lacp lldp host esx-15.qa.bigswitch.com vmnic3 leaf2-b
ethernet44 up up rack2 None
2 esx-15.qa.bigswitch.com-BIGDVS1-lag1 lacp lldp host esx-15.qa.bigswitch.com vmnic2 leaf2-a
ethernet44 up up rack2 None
controller-1)#

show ipv6-external-router- Command

Command Syntax
show {[tenant {<tenant-name> | all} [segment {<Segment Name> | all}]]} ipv6-external-router

show ipv6-external-router

Command Mode
Login mode

Command Description
Use the show ipv6-external-router command to display information about the external IPv6 routers connected to the Big
Cloud Fabric.

Command Examples
controller-1# show ipv6-external-router
#show ipv6-external-router
# Tenant Segment Interface External Router IP
-|------|-----------------|-------------------------|
1 T1 T1S1 fe80::ca1f:66ff:fec1:5397

show lag Command

Command Syntax
show lag switch

Command Mode
Login mode

Command Description
Use the show lag switch command to display information about link access groups (LAGs) configured in the fabric. A LAG is
a group of ports that combine multiple interfaces into a single logical interface for improved throughput and stability. .

Command Examples
The following command displays information about the LAGs configured between fabric switches:

228 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1> show lag switch

<cr> dt-leaf1a dt-leaf1b dt-leaf2a dt-leaf2b dt-spine1 dt-spine2
standby dt-controller-1> show lag switch dt-leaf1`[Ka
# Switch Lag Name lag type src interface Dest Switch Dest IF Name
--|---------|------------------------------------|---------------|-------------|-----------|-----------|
1 dt-leaf1a bm_lacp_downlink-arista-2009 interface-group ethernet1
2 dt-leaf1a edge_port-00:00:70:72:cf:b7:6d:f0-6 interface-group ethernet6
<snip>

show link Command

Command Syntax
show link

Command Mode
Login mode

Command Description
Use the show link command to display the operational state of links discovered by Fabric Manager. A link is discovered
when LLDP packets are sent from one switch interface on the link and are received on the other switch interface.

Command Examples
controller-1> show link
# Switch Name IF Name Switch Name IF Name Link Type
-|------------|----------|------------|----------|----------|
1 t5-com-leaf1 ethernet45 t5-com-leaf2 ethernet45 peer
2 t5-com-leaf1 ethernet46 t5-com-leaf2 ethernet46 peer
3 t5-eng-leaf1 ethernet47 t5-eng-leaf2 ethernet47 peer
. . . <snip> . . .

show local node Command

Command Syntax
show local node {dna | interfaces [<if-name> | all] [error | stats [error]] | route [ipv6]}

Command Mode
Login mode

Command Description
Use the show local node command to display information about the local controller node.

Next Keyword Descriptions

dna: Display DNS information for the local controller.
interfaces [<if-name> | all]: Replace <if-name> with a specific controller interface or use the all keyword to specify all
interfaces.
error: Display information about errors on the specified controller interface or all interfaces.
stats [error]: Display statistics for the specified controller interface or all interfaces.
route [ipv6]}: Display information about routes on the local controller.

Big Switch Networks Confidential © Big Switch Networks 229

Big Cloud Fabric CLI Reference Guide

Command Examples

controller-1> show local node interfaces

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interfaces ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interface Master Hardware address Permanent hardware address Operstate Carrier
---------|------|-------------------------|--------------------------|---------|-------|
bond0 18:66:da:6b:f1:d5 (Dell) up up
bond1 18:66:da:6b:f1:d7 (Dell) up up
bond3 a0:36:9f:c0:14:c0 (Intel) up up
eno1 bond0 18:66:da:6b:f1:d5 (Dell) 18:66:da:6b:f1:d5 (Dell) up up
eno2 bond0 18:66:da:6b:f1:d5 (Dell) 18:66:da:6b:f1:d6 (Dell) down down
eno3 bond1 18:66:da:6b:f1:d7 (Dell) 18:66:da:6b:f1:d7 (Dell) up up
eno4 bond1 18:66:da:6b:f1:d7 (Dell) 18:66:da:6b:f1:d8 (Dell) down down
enp5s0f0 bond3 a0:36:9f:c0:14:c0 (Intel) a0:36:9f:c0:14:c0 (Intel) up up
enp5s0f1 bond3 a0:36:9f:c0:14:c0 (Intel) a0:36:9f:c0:14:c2 (Intel) up up

~~~~~~~~~~ Addresses of Interfaces ~~~~~~~~~~

# Interface Ip cidr
-|---------|---------------------------------|
1 bond0 10.8.25.9/18
2 bond0 fe80:0:0:0:1a66:daff:fe6b:f1d5/64
3 bond1 fe80:0:0:0:1a66:daff:fe6b:f1d7/64
4 bond3 fe80:0:0:0:a236:9fff:fec0:14c0/64
controller-1>
controller-1> show local node interfaces bond1
<cr> error stats
controller-1> show local node interfaces bond1 error
Interface Rx Drop Rx CRC Errors Rx Errors Rx Frame Errors Rx Overrun Errors Tx Errors Tx Drop Collisions
---------|-------|-------------|---------|---------------|-----------------|---------|-------|----------
|
bond1 534 0 0 0 0 0 0 0
controller-1> show local node interfaces bond1 stats
Interface Rx Bytes Rx Pkts Tx Bytes Tx Pkts
---------|-----------|--------|----------|--------|
bond1 18656788942 47762931 2800111986 14165761
controller-1>
controller-1> show local node interfaces bond3 stats
Interface Rx Bytes Rx Pkts Tx Bytes Tx Pkts
---------|--------|-------|--------|-------|
bond3 0 0 11052361 103294
controller-1> show local node interfaces eno2 stats

Error: running command "show local node interfaces eno2 stats"

controller-1> show local node interfaces eno2

Error: running command "show local node interfaces eno2 "

controller-1> show local node interfaces
<cr>
all Show local node interface state
<IF name> The display name for the interface
bond0 Name selection of bond0
bond1 Name selection of bond1
bond3 Name selection of bond3
eno1 Name selection of eno1
eno2 Name selection of eno2
eno3 Name selection of eno3
eno4 Name selection of eno4
enp5s0f0 Name selection of enp5s0f0
enp5s0f1 Name selection of enp5s0f1
controller-1> show local node interfaces all
<cr>
error Show interface error stats
stats Show interface stats
controller-1> show local node interfaces all error
Interface Rx Drop Rx CRC Errors Rx Errors Rx Frame Errors Rx Overrun Errors Tx Errors Tx Drop Collisions
---------|-------|-------------|---------|---------------|-----------------|---------|-------|----------
|
bond0 547 0 0 0 0 0 0 0
bond1 534 0 0 0 0 0 0 0
bond3 0 0 0 0 0 0 0 0

230 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

eno1 14 0 0 0 0 0 0 0
eno2 0 0 0 0 0 0 0 0
eno3 1 0 0 0 0 0 0 0
eno4 0 0 0 0 0 0 0 0
enp5s0f0 0 0 0 0 0 0 0 0
enp5s0f1 0 0 0 0 0 0 0 0
controller-1> show local node interfaces all stats
Interface Rx Bytes Rx Pkts Tx Bytes Tx Pkts
---------|-----------|--------|----------|--------|
bond0 4940231241 28398671 447673261 1917713
bond1 18658428330 47768531 2800330043 14167371
bond3 0 0 11053645 103306
eno1 4940231241 28398671 447673261 1917713
eno2 0 0 0 0
eno3 18658428330 47768531 2800330043 14167371
eno4 0 0 0 0
enp5s0f0 0 0 5520665 51595
enp5s0f1 0 0 5532980 51711

controller-1> show local node interfaces bond0 error

Interface Rx Drop Rx CRC Errors Rx Errors Rx Frame Errors Rx Overrun Errors Tx Errors Tx Drop Collisions
---------|-------|-------------|---------|---------------|-----------------|---------|-------|----------
|
bond0 547 0 0 0 0 0 0 0

controller-1> show local node interfaces bond0 stats

Interface Rx Bytes Rx Pkts Tx Bytes Tx Pkts
---------|----------|--------|---------|-------|
bond0 4940665761 28401479 447721786 1917965
controller-1> show local node interfaces bond0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interfaces ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interface Master Hardware address Permanent hardware address Operstate Carrier
---------|------|------------------------|--------------------------|---------|-------|
bond0 18:66:da:6b:f1:d5 (Dell) up up

~~~~~~~~~~ Addresses of Interfaces ~~~~~~~~~~

# Interface Ip cidr
-|---------|---------------------------------|
1 bond0 10.8.25.9/18
2 bond0 fe80:0:0:0:1a66:daff:fe6b:f1d5/64

The following command displays statistics for the specified interface on the hardware controller appliance.
controller-1> show local node interfaces eno1 stats
Interface Rx Bytes Rx Pkts Tx Bytes Tx Pkts
---------|----------|-------|---------|-------|
eno1 3466795161 8338939 306352021 1316797
controller-1>

The following command displayd errors for the specified interface on the hardware controller appliance.
controller-1> show local node interfaces eno2 error
Interface Rx Drop Rx CRC Errors Rx Errors Rx Frame Errors Rx Overrun Errors Tx Errors Tx Drop Collisions
---------|-------|-------------|---------|---------------|-----------------|---------|-------|----------
|
eno2 0 0 0 0 0 0 0 0
controller-1>

show logging Command

Command Syntax
show logging { audit | controller | networkservice | remote | routing | switch <switch> | syslog | web-
access | web-error } [complete | last <duration>] [forever]}

Big Switch Networks Confidential © Big Switch Networks 231

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show logging command to display the different logs maintained on the local controller node, including the local
copy of the syslog or the switch logs maintained on the controller.

Next Keyword Descriptions

audit: Display the audit log file contents. See show logging audit command for details.
controller: Display the controller log on the local controller node.
networkservice: Display the networkservice log file contents.
remote: Display the remote log file contents.
routing: Display the routing log file contents.
switch <switch>: List switch logs stored on the controller.
syslog: Display the syslog on the local controller node.
web-access: Display the web-access log on the local controller node.
web-error: Display the web-error log on the local controller node.
complete: Display the complete logs.
forever : Repeat the log periodically. Use the last keyword for a specified duration to repeat for a period of time. Press CtrlC
to cancel or terminate the command before completion.
last <duration>{sec|min|hour}: Display the most recent log entries for the specified duration. Replace <duration> with an
integer followed immediately by the interval type (without a space). For example 5min, 45sec, or 1hour.

Command Examples
The following command shows the last lines displayed from the current syslog on the local controller node, interrupted
with Ctrl-C.
controller-1> show syslog
. . .
2014-06-08T00:55:01.339276+00:00 controller CRON[2440]: (root) CMD (/usr/share/floodlight/bin/ip-change-
detect 2>&1 | logger -t cron_ip-change-detect)
2014-06-08T01:00:01.380654+00:00 controller CRON[2450]: (root) CMD (/usr/share/floodlight/bin/ip-change-
detect 2>&1 | logger -t cron_ip-change-detect)
^C
Interrupt.
controller-1#

To direct the output of the show logging command to a local file, use the greater than (>) operator followed by a filename.
controller-1> show syslog > syslog-june9

To view the switch logs on the controller that have been received in the previous 5 minutes, enter the following command:
controller-1># show logging switch leaf0-a last 5min forever
2015-11-16T11:11:07.084720+00:00 leaf0-a bash: DEBUG 'ztn manifest'
2015-11-16T11:11:07.482744+00:00 leaf0-a bash: DEBUG exit 0
. . . < snip > . . .
2015-11-16T11:15:43.325305+00:00 leaf0-a bash: DEBUG 'ztn manifest'
2015-11-16T11:15:43.690871+00:00 leaf0-a bash: DEBUG exit 0

This command displays the previous 5 minutes of switch logs and repeats periodically.

232 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

show logging audit Command

Command Syntax
show logging audit [last {[<integer>] <interval>} | complete] [forever]

Command Mode
Login mode

Command Description
Use the show logging audit command to display a log of the CLI commands and the REST API requests issued to the BCF
controller. The log files maintained on the controller are for short-term reference and are rotated to compressed files on a
periodic basis. For long-term storage of log files, use the BMF Analytics server or an external syslog server.

Next Keyword Descriptions

last <integer> <interval>: Display the most recent log entries. Limit the display to the length of time specified by an optional
integer followed by the interval value (second, minute, hour, day, or week). If no integer is specified, the logs for the last
interval are displayed.
complete: Display the entire log of CLI commands and REST API requests.
forever: Repeat the command until cancelled by entering <Ctrl-C>.

show logging remote Command

Command Syntax
show logging remote

Command Mode
Login mode

Command Description
Use the show logging remote command to display the current configuration of the remote syslog server and the level of
messages logged.

Command Examples
controller-1> show logging remote
# Server port
-|---------|----|
1 10.8.67.2 514
controller-1>

show logical-router Command

Command Syntax
show [tenant {<tenant-name> | all}]

logical-router [

applied-policy | applied-qos-classifier | as-path-list | detail | dhcp | dynamic-route-next-hop |

floating-ip | incomplete | interface [segment | tenant] | nat-profile | next-hop-group | pat-profile |
policy-list | prefix-list | qos-classifier-list | route | route-map |

Big Switch Networks Confidential © Big Switch Networks 233

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Command Description
Use the show logical-router command to display information about logical routers in all tenants in the fabric or in the
specified tenant.

Next Keyword Descriptions

applied-policy: View the rules in the policy list that have been applied on logical routers in all tenants in the fabric or in the
specified tenant.
applied-qos-classifier: View lists used for policy-based QoS applied on the logical router.
as-path-list: View lists associated with the logical router used for managing distribution of routing prefixes to BGP
neighbors.
dchp: View information about DHCP relay configuration on segment interfaces of logical routers in all tenants in the fabric
or in the specified tenant.
detail: Display all the information about the logical routers in all tenants in the fabric or in the specified tenant.
dhcp: Use the show logical-router dhcp command to view information about DHCP relay configuration on segment
interfaces of logical routers in all tenants in the fabric or in the specified tenant. dynamic-route-next-hop: Use the show
logical-router dynamic-route-next-hop command to view information about the members of the next hop groups that are
used for dynamic routes. This is for logical routers in all tenants in the fabric or in the specified tenant.
dynamic-route-next-hop: Display information about the logical routers in all tenants in the fabric or in the specified tenant.
floating-ip: Display information about the floating IPs configured on logical routers in all tenants in the fabric or in the
specified tenant.
incomplete: View information about incorrect, inactive or missing configuration on logical routers in all tenants in the fabric
or in the specified tenant.
interface [segment | tenant]: View information about the tenant and segment logical router interfaces on logical routers in
all tenants in the fabric or in the specified tenant.
nat-profile: Display information about the NAT profiles configured on logical routers in all tenants in the fabric or in the
specified tenant.
next-hop-group: View information about the members of the next hop groups configured on logical routers in all tenants in
the fabric or in the specified tenant.
pat-profile: View information about the P-NAT profiles configured within logical routers in all tenants in the fabric or in the
specified tenant.
policy-list: View information about policy lists configured within logical routers in all tenants in the fabric or in the specified
tenant.
prefix-list: View information about BGP prefix lists configured within logical routers in all tenants in the fabric or in the
specified tenant.
qos-classifier-list : View lists used for policy-based QoS associated with the logical router.
route: view information about all configured static routes in logical routers in all tenants in the fabric or in the specified
tenant.
route-map: View route maps associated with the logical router used for managing distribution of routing prefixes to BGP
neighbors.
tenant <tenant-name> | all: Tenant name for which logical router information should be displayed or all tenants.

234 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
Display information about all segment interfaces on all logical routers in the fabric.
controller-1> show logical-router interface segment
<cr> Display logical router segment interface information
controller-1> show logical-router interface segment
# L Router Segment IP Subnet Visibility State DHCP Relay
----|---------|---------------------|---------------|----------|------|------------|
1 FLAP190 V2 1.3.60.1/24 PUBLIC Active Unconfigured
2 FLAP190 V3 1.3.61.1/24 PUBLIC Active Unconfigured
3 FLAP190 V1 1.3.59.1/24 PUBLIC Active Unconfigured
. . . <snip> . . .

Display basic information about all logical routers in the fabric.

controller-1> show logical-router

Display basic information about the logical router of the specified tenant.
controller-1> show tenant-a logical router

Display detailed information about all logical routers in the fabric.

controller-1> show logical-router detail

Display information about configured policy lists of all logical routers in the fabric.
controller-1> show logical-router policy-list

Display information about routes in all logical routers in the fabric.

controller-1> show logical-router route

Display information about all policy rules of applied policy lists on all logical routers in the fabric.
controller-1> show logical-router applied-policy

Display information about members of next hop groups configured on all logical routers in the fabric.
controller-1> show logical-router next-hop-group

Display information about members of next hop groups used for dynamic routes for all logical routers in the fabric.
controller-1> show logical-router dynamic-route-next-hop

Display information about NAT profiles configured on all logical routers in the fabric.
controller-1> show logical-router nat-profile

Display information aobut P-NAT profiles configured on all logical routers in the fabric.
controller-1> show logical-router pat-profile

Display information about floating IPs configured on all logical routers in the fabric.
controller-1> show logical-router floating-ip

Display information about all interfaces on all logical routers in the fabric.
controller-1> show logical-router interface

Display information about all tenant interfaces on all logical routers in the fabric.
controller-1> show logical-router interface tenant

Display information about all incomplete configuration on all logical routers in the fabric.
controller-1> show logical-router incomplete

Display information about incomplete configuration of logical router interfaces of all logical routers in the fabric.

Big Switch Networks Confidential © Big Switch Networks 235

Big Cloud Fabric CLI Reference Guide

controller-1> show logical-router incomplete interface

Display information about incomplete policy list configuration within all logical routers in the fabric.
controller-1> show logical-router incomplete policy-list

Display information about incomplete or inactive members of all next hop groups within all logical routers in the fabric.
controller-1> show logical-router incomplete next-hop-group

Display information about inactive members of all dynamic route next hop groups within all logical routers in the fabric.
controller-1> show logical-router incomplete dynamic-route-next-hop

Display information about incomplete or inactive policy rules of applied policy lists in all logical routers in the fabric.
controller-1> show logical-router incomplete policy

Display information about incomplete or inactive static routes in all logical routers in the fabric.
controller-1> show logical-router incomplete route

Display information about incomplete or inactive NAT profiles in all logical routers in the fabric.
controller-1> show logical-router incomplete nat-profile

Display information about incomplete or inactive P-NAT profiles in all logical routers in the fabric.
controller-1> show logical-router incomplete pat-profile

Display information about incomplete or inactive floating IPs in all logical routers in the fabric.
controller-1> show logical-router incomplete floating-ip

Display information about configured DHCP relays on segment interfaces of all logical routers in the fabric.
controller-1> show logical-router dhcp

show mac-membership Command

show mac-membership classify-pool [switch {<switch-name> | all} [interface {<interface-name> | all}] |
interface-group {<interface-group-name> | all}]
[vlan {<VLAN> | untagged}]

show [tenant {<tenant-name> | all} [segment {<Segment Name> | all}]] mac-membership ignored-endpoint
[mac <MAC>]

show [tenant {<tenant-name> | all} [segment {<segment-name> | all}]] mac-membership rule

Command Syntax
show mac-membership

Command Mode
Login mode

Command Description
Use the show mac-membership command to display information about segment MAC-based membership rules.

Next Keyword Descriptions

classify-pool: Use the show mac-classify-pool command to display all members of the MAC based member rule attachment-
point pool. You can filter the member rules by specifying a switch and interface or a interface group name. You can further
filter the member rules by specifying the VLAN for the rule.

236 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

ignored-endpoint: Display the ignored endpoints on segments defined by a MAC membership rule
rule: Use the show mac-member-rule command to display the MAC based membership rules configured on the controller.
You can filter the MAC member rules displayed by specifying the tenant name and the segment name.

show member-rule Command

Command Syntax
show member-rule {interface-group {<interface-group> | all} | switch {switch-name | all }} vlan {<vlan-
id> | untagged } }

Command Mode
Login mode

Command Description
Use the show member-rule command to display information about the segment membership rules configured in the fabric.
A segment membership rule defines the traffic that should be included in a logical segment within a specific tenant. These
rules can be defined using interface groups or the switch and interface for interfaces that are not included in interface
groups.

Next Keyword Descriptions

interface-group <interface-group | all: List the segment membership rules defined using the specified interface group or all
interface groups.
switch <switch-name> | all: List the segment membership rules defined using the specified switch or all switches.
vlan <vlan-id> | untagged: List the segment membership rules defined using the specified VLAN ID or with untagged VLANs.

Command Examples
The following command displays information about the segment membership rules defined using interface groups:
controller-1> show member-rule interface-group all
# Tenant Segment Switch Interface Interface group VLAN State
---|-----------|-----------|---------|----------|-----------|--------|--------|
1 dt dt-seg4 dt-leaf2b ethernet38 untagged inactive
2 dt dt-seg4 dt-leaf1b ethernet39 untagged inactive
3 dt dt-seg4 dt-leaf1a ethernet39 untagged inactive
<snip>

The following command displays information about the segment membership rules defined using the switch name and
interface:
controller-1> show member rule switch all
# Tenant Segment Switch Interface Interface group VLAN State
---|-----------|-----------|---------|----------|-----------|--------|--------|
1 dt dt-seg4 dt-leaf2b ethernet38 untagged inactive
2 dt dt-seg4 dt-leaf1b ethernet39 untagged inactive
3 dt dt-seg4 dt-leaf1a ethernet39 untagged inactive
<snip>

show multicast command

Command Syntax
show multicast l2groups [tenant [all | <tenant-name>] [multicast-address {<address> | all} ] | [segment
{<segment> | all}]
show multicast l3groups [tenant [all | <tenant-name>] [multicast-address {<address> | all} ]
show multicast mrouter [tenant {<tenant-name> | all} [segment {<segment-name> | all}]
show multicast tenant [<tenant-name> | all]
show multicast summary

Big Switch Networks Confidential © Big Switch Networks 237

Big Cloud Fabric CLI Reference Guide

Command Mode
Login mode

Next Keyword Descriptions:

l2groups: Display information about Layer 2 groups for the specified multicast address or all multicast addresses.
l3groups: information about Layer 3 groups for the specified multicast address or all multicast addresses.
mrouter: Display mrouter information
segment <segment> | all: Display multicast information about the specified segment or all segments.
summary: Display summary information regarding multicast settings.
tenant <tenant> | all: Display multicast information about the specified tenant or all tenants.

Command Examples
The following command displays summary information about multicast configuration:
controller-1> show multicast summary
Total Multicast Entries : 0
IGMP Report Timeout (sec) : 260
IGMP Query Timeout (sec) : 260
IGMP Periodic Query Time (sec) : 120
IGMP Maximum Response Time (sec) : 10
IGMP Last Response Timeout (sec) : 10
controller-1>

show nat-endpoint Command

Command Syntax
show [tenant {<tenant-name> | all} [segment {<segment-name> | all}]]

nat-endpoint [mac <mac> | ip <endpoint-ip-address> | switch {<switch-name> | all} | logical-router

{<tenant-name> | all}

Command Mode
Login mode

Command Description
Use the show nat-endpoint command to display information about the NAT endpoints created by the BCF NAT feature.

Next Keyword Descriptions

tenant {<tenant-name> | all}: Name of the tenant or all tenants.
segment <segment-name> | all: Replace <segment-name> with the name of a specific segment or use the all keyword to
display information about all segments.
mac <mac>: Display information about the endpoint with the specified MAC address.
ip <ip-address>: Display information about the endpoint with the specified IP address.
switch <switch-name> | all: Display endpoints attached to a specific switch or use the all keyword for all switches.

238 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

logical-router {<tenant-name> | all}: Display endpoints attached to a specific logical router or use the all keyword for all
logical routers.

show nat-pool Command

Command Syntax
show nat-pool [switch {<switch-name> | all}]

Command Mode
Login mode

Command Description
Use the show nat-pool command to display information about the switches that are configured as preferred for providing
NAT/PAT services in an OpenStack environment.

show ntp Command

Command Syntax
show ntp {peers | status [details] }

Command Mode
Login mode

Command Description
Use the show ntp command to display the status of the NTP client keeping time with the NTP server configured for the
controller.

Command Examples
controller-1> show ntp peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*ada.selinc.com .PPS. 1 u 127 1024 377 31.251 -0.723 1.121
-resolver1.skyfi 216.218.254.202 2 u 295 1024 377 32.907 1.107 2.362
+getkratom.com 216.218.254.202 2 u 109 1024 377 8.097 -0.360 1.811
+ntp1.wiktel.com .PPS. 1 u 753 1024 337 72.776 0.127 0.671

controller-1> show ntp status details

synchronised to NTP server (74.117.214.3) at stratum 2
time correct to within 51 ms
polling server every 1024 s

show nsx Command

Command Syntax
show nsx <nsx instance name> hardware-vtep [ cert | local-endpoint | local-vtep | member-rule | plugin-
error | plugin-local-vtep | plugin-mcast-local | plugin-mcast-remote | plugin-port | plugin-state |
plugin-ucast-local | plugin-ucast-remote | plugin-vni | remote-endpoint | server-state | state | vtep-
pair | plugin-ucast-remote ]

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 239

Big Cloud Fabric CLI Reference Guide

Command Description
Use the show nsx command to display information about the NSX integration.

Command Examples
controller-1> show nsx NSX-Instance1 hardware-vtep state
# NSX Name Type Server IP address Server TCP Port Tenant Local Vtep NSX hardware VTEP
State Plugin Connected
-|-------------|----|-----------------|---------------|----------------|----------|---------------------
--|----------------|
1 NSX-Instance1 10.8.23.7 6640 NSX-Orchestrator 61.61.61.2 Active
True

controller-1> show nsx NSX-Instance1 hardware-vtep server-state

# Server IP address Server TCP Port NSX Server Connected
-|-----------------|---------------|--------------------|
1 10.8.23.7 6640 True
2 10.8.23.8 6640 True
3 10.8.23.9 6640 True

controller-1> show nsx NSX-Instance1 hardware-vtep plugin-state

# Ovsdb Server Connected Rest Server Connected Rest Server Error Config Task Queue Ovsdb Task Queue Rest
Task Queue
-|----------------------|---------------------|-----------------|-----------------|----------------|----
-----------|
1 True True False 0 0 0

controller-1> show nsx NSX-Instance1 hardware-vtep cert

-----BEGIN CERTIFICATE-----
MIIEeDCCAuCgAwIBAgIGAWFXxzfxMA0GCSqGSIb3DQEBCwUAMH0xEjAQBgNVBAMM

< S N I P >

V91NKKphJSsSODxYsti1J7x/F3lSct4DnvlyEYzUeQ57aUO6NHtEnsYtomRav4Sg
bqVCJiJ1JEjHFPsQaFBnmgyNDaaNNjmwluc6mL8l/AQhvqSDCEKR9tm78po=
-----END CERTIFICATE-----

controller-1> show nsx NSX-Instance1 hardware-vtep vtep-pair

# Local VTEP Tenant Local VTEP Local VTEP IP Remote VTEP Remote VTEP IP Dst UDP Port Next Hop
State
-|-----------------|----------|-------------|----------------------|--------------|------------|--------
--|-----------------------------------|
4 vc208 pod2-vtep 61.61.61.2 remote-vtep-20.20.20.2 20.20.20.2 4789
20.20.20.2 Active
5 vc208 pod2-vtep 61.61.61.2 remote-vtep-20.20.20.1 20.20.20.1 4789
20.20.20.1 Active

controller-1> show nsx NSX-Instance1 hardware-vtep local-vtep

# Tenant Name Source Segment Interface Source IP Dst UDP Port State
-|------|---------|------------------------|----------|------------|------|
1 vc208 pod2-vtep ext-1001 61.61.61.2 4789 Active

controller-1> show nsx NSX-Instance1 hardware-vtep local-endpoint

# Tenant Segment Name MAC IP
Address IP State Leaf Group Attachment Point Attach Point State VLAN VNI State
-|----------------|---------------------------------------------|----|--------------------------|-------
---|---------------|----------|---------------------------------|------------------|----|----|------|
1 NSX-Orchestrator seg-5001-03b264c5-9540-3666-a34a-c75d828439bc 00:50:56:a7:b5:a3 (VMware)
41.41.1.10 learned-L2 Only rack1 ESXi-43.qa.bigswitch.com-VLAN_DVS learned 2001 5001
Active

controller-1> show nsx NSX-Instance1 hardware-vtep remote-endpoint

# Tenant Segment Name MAC IP
Address IP State Leaf group Attachment Point Attach Point State Vlan VNI State
---|----------------|---------------------------------------------|----|--------------------------|-----
-----|--------|----------|-----------------------------------|------------------|----|----|------|
1 NSX-Orchestrator seg-5001-03b264c5-9540-3666-a34a-c75d828439bc 00:50:56:a7:8f:6e (VMware)
Remote VTEP: remote-vtep-20.20.20.2 static 5001 Active

controller-1> show nsx NSX-Instance1 hardware-vtep member-rule

240 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

# Tenant Segment Interface Group

VLAN
---|----------------|---------------------------------------------|---------------------------------|---
-|
1 NSX-Orchestrator seg-5001-03b264c5-9540-3666-a34a-c75d828439bc ESXi-43.qa.bigswitch.com-VLAN_DVS
2001

controller-1> show nsx NSX-Instance1 hardware-vtep member-rule

# Tenant Segment Interface Group
VLAN
---|----------------|---------------------------------------------|---------------------------------|---
-|
1 NSX-Orchestrator seg-5001-03b264c5-9540-3666-a34a-c75d828439bc ESXi-43.qa.bigswitch.com-VLAN_DVS
2001

controller-1> show nsx NSX-Instance1 hardware-vtep plugin-error

# Time Task Error Message
--|------------------------------|---------|------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
-----------------------------------------|
1. 2018-02-09 01:16:12.343000 UTC Rest_Task _send_rest: action=topology, err_msg={"message": "Server
Error: Failed to create vni 5120 in segment seg-5120-6aadca7b-d86c-3743-a672-4f9607256126",
"ctrl_error": "{\\"description\\":\\"Validation failed: Segment cannot be extended when tenant has
multicast enabled.\\",\\"error-code\\":400}"}

show ospf Command

Command Syntax
show ospf segment

Command Mode
Login mode

Command Description
Use the show ospf command to display information about the OSPF configuration of each segment.

Command Examples
controller-1> show ospf

show prism-server

Command Syntax
show prism-server

show prism-server {<name> | all} connected-device cluster {<Nutanix cluster name> | all} [virtual-switch
{<virtual-switch name> | all}]

show prism-server {<prism-name> | all} endpoints cluster {<Nutanix cluster name> | all} [vm-name <vm-
name>]

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 241

Big Cloud Fabric CLI Reference Guide

Command Description
Use the show prism-server command to display information about the Nutanix Prism instances integrated with BCF. Use the
show prism-server connected device command to display information about devices connected through Nutanix Prism
servers integrated with BCF. Use the show prism-server endpoints command to display information about endpoints
connected through Nutanix Prism servers integrated with BCF.

Next Keyword Descriptions

<name> | all: Display information about the specific instance or all instances.
connected-device: Display information about devices connected through Nutanix Prism servers integrated with BCF.
cluster {<Nutanix cluster name> | all: Display information about endpoints or connected devices associated with a specific
Nutanix cluster or all clusters.
virtual-switch {<virtual-switch name> | all: Display information about connected devices associated with a specific virtual
switch or all virtual switches.
vm-name {<vm- name> | all: Display information about endpoints associated with a specific VM or all VMs.
endpoints: Display information about endpoints connected through Nutanix Prism servers integrated with BCF.

Command Examples
controller-1> show prism-server
# Prism Name Nutanix Prism Server Host Name or IP Automation Level Preserve BCF Config State Last
Nutanix Prism Update Time Detail State Version Last BCF Config Sync Time
-|----------|------------------------------------|----------------|-------------------|------------|----
--------------------------|------------|-------|-------------------------|
1 test none False disconnected
2018-05-19 22:05:40.392000 PDT disconnected
controller-1>

show pswitch Command

Command Syntax
show pswitch [all | <switch-name>] [connections [details] | [ details ]

Command Mode
Login mode

Command Description
Use the show pswitch command to display information about the physical switches in the fabric.
The connection state shown is a combination of two conditions:
• Control channel connection state on the current controller node to the switch
• Controller application view of the Active controller node regarding the switch connection
The connection state indicates the conditions summarized in the following table:

Status Displayed Control Channel Connection State Controller Application View

Connected True Connected
Connecting True Not_connected
Disconnecting False Connected
Not_connected False Not_connected

242 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

all | <switch-name>: Display fabric information about the specified physical switch or use the all keyword to display
information about all physical switches.
connections [details]: Display fabric connection information about the specified physical switch or all physical switches. Use
the optional details keyword for additional information.
details: Display detailed fabric information about the specified physical switch or all physical switches.

show radius Command

Command Syntax
show radius

Command Mode
Login mode

Command Description
Use the show radius command to display information about RADIUS configuration and operational state.

show running-config Command

Command Syntax
show running-config [<running-config-keyword>] [details]

Command Mode
Login mode

Command Description
Use the show running-config command to display the entire active running-config, or the specified section of the running-
config.

Next Keyword Descriptions

running-config-keyword: Use any of the section headings in the running-config to limit the output to that section.
details: Display detailed information. Use this keyword with a section heading to provide full details if the default output is
abridged.

Command Examples
controller-1# show running-config
!
! Big Cloud Fabric Appliance 2.0.11-SNAPSHOT (bcf_master #2002)
! Current Time: 2014-06-08.13:44:42
version 1.0
! ntp
ntp server 0.bigswitch.pool.ntp.org
! tacacs
tacacs server host 192.168.17.1
! aaa
aaa accounting exec default start-stop local
. . . <snip> . . .

Big Switch Networks Confidential © Big Switch Networks 243

Big Cloud Fabric CLI Reference Guide

show secure control plane Command

Command Syntax
show secure control plane

Command Mode
Login mode

Command Description
Use the show secure control plane command to display the control plane status of the controller and to display information
about the certificate signing requests (CSRs) and certificates in the controller local repository.

Command Examples
The following shows the output when the secure control plane is off.
controller-1> show secure control plane
State Configured mode : off
State Current mode : off
Provision Issue : TLS must be fully configured before entering provision or lock mode
Provision Issue : Every controller in the cluster must have a valid certificate imported before
entering provision or lock mode
Lockdown Issue : The following switches have not been provisioned with valid certificates:
[leaf0-a, leaf0-b, leaf1-a, spine0, spine1]
~~~~~~~ Switches ~~~~~~~
# Switch State
-|-------|-------------|
1 leaf0-a unprovisioned
2 leaf0-b unprovisioned
3 leaf1-a unprovisioned
4 spine0 unprovisioned
5 spine1 unprovisioned

~ Certs ~
# Name
-|------|
1 cacert-example <====Use this certificate ID to import the CA root certificate to the
Active controller

~~~~~~~~~~ Csrs ~~~~~~~~~~

# Name
-|------------------------|
1 18082.controller.cluster
2 27141.controller.cluster

Before entering provisioning mode the first time, this command displays the certificate signing requests (CSRs) for the
Active and Standby controllers. After the signed certificates are imported to the Active controller from the CA, the CSRs are
automatically removed.
The following example shows the controller in provisioning mode:
controller-2> show secure control plane
State Configured mode : provision
State Current mode : provision
. . . <snip> . . .
~~~~~~~~~~~~~~ Csrs ~~~~~~~~~~~~~~
# Name
-|--------------------------------|
1 34-17-eb-f7-a0-c4.switch.cluster
2 70-72-cf-ae-b6-34.switch.cluster
3 70-72-cf-b5-f4-5c.switch.cluster
4 70-72-cf-bd-58-34.switch.cluster
5 70-72-cf-c7-c1-ed.switch.cluster

244 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

This example displays the CSRs that were generated for each connected fabric switch. The CSR names are generated by
appending switch.cluster to the MAC address of each switch.
The following command shows the controller in lockdown mode:
controller-1> show secure control plane
State Configured mode : lockdown
State Current mode : lockdown
~~~~ Switches ~~~~
# Switch State
-|-------|--------|
1 leaf0-a lockdown
2 leaf0-b lockdown
3 leaf1-a lockdown
4 spine0 lockdown
5 spine1 lockdown

~~~~~~~~~~~~~~ Certs ~~~~~~~~~~~~~~

# Name
-|--------------------------------|
1 18082.controller.cluster
2 27141.controller.cluster
3 34-17-eb-f7-a0-c4.switch.cluster
4 70-72-cf-ae-b6-34.switch.cluster
5 70-72-cf-b5-f4-5c.switch.cluster
6 70-72-cf-bd-58-34.switch.cluster
7 70-72-cf-c7-c1-ed.switch.cluster
8 cacert-example

~ Csr ~
None.

Once the controllers have entered lockdown mode, no additional switches can join the fabric until the controller control
plane is returned to provision mode.

show segment Command

Command Syntax
show [tenant {<tenant-name> | all}]
segment {<segment-name> | all [counters |
rates [time-range {week | hour | month | year | day | minute} [<range-multiple>]]
[top-n-talkers <limit>]

Command Mode
Login mode

Command Description
Use the show segment command to display information about the logical segments defined in the fabric.

Next Keyword Descriptions

show [tenant {<tenant-name> | all}]
segment {<segment-name> | all [counters |
rates [time-range {week | hour | month | year | day | minute} [<range-multiple>]]
[top-n-talkers <limit>]

tenant {<tenant-name> | all}: Name of the tenant or all tenants.

segment <segment-name> | all: Replace <segment-name> with the name of a specific segment or use the all keyword to
display information about all segments.
counters | rates: Display cumulative historical or rate statistics.

Big Switch Networks Confidential © Big Switch Networks 245

Big Cloud Fabric CLI Reference Guide

time-range: Display rates for a period of time indicated by the following keyword (week | hour | month | year | day |
minute).
<range-multiple>: Replace <range-multiple with an integer to display information related to multiple time units.
top-n-talkers <integer>: Display rates for the most active senders.

Command Examples
The following command displays information the logical segments in the fabric:
controller-1> show segment
# Tenant Segment Internal VLAN Member VLAN Total endpoints Active endpoints Total ports
--|-----------|-----------|-------------|-----------|---------------|----------------|-----------|
1 dt dt-seg4 5 1 0 32
2 dt dt-seg3 4 2 1 39
3 dt dt-seg2 3 4 2 41
<snip>

show session Command

Command Syntax
show session [<session-id>] [details]

Command Mode
Login mode

Command Description
Use the show session command to display information about the sessions established to the management interface of the
local controller node.

Next Keyword Descriptions

<session-id>: Specify the numeric identifier for the session.
details: Display additional details about the session.

Command Examples
controller-1# show session
# @ ID User Groups Full Name Ip Address Last Used
-|-|-------|-----|------|-------------|------------|------------------------------|
1 * 7346bb0 admin admin Default admin 192.168.17.1 2014-06-08 13:44:59.563000 UTC

show sflow Command

Command Syntax
show sflow {summary | switch <switch-name> [ collectors | interfaces ] }

Command Mode
Login mode

Command Description
Use the show sflow command to view a summary of sFlow activity, or sFlow activity for a specific switch, collector, or
interface, enter the show sflow command, which has the following syntax:

246 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

summary: Display a summary of information about sFlow.
switch <switch-name>: Display sFlow information
collectors | interfaces .

Command Examples
The following command displays summary information about sFlow collectorsl.
controller-1# show sflow summary
'~ List of suspended sFlow collectors ~
None.

~~~~~~~~~~~~~~~~~~~~~~ sFlow Counters Summary ~~~~~~~~~~~~~~~~~~~~~~

# Collector IP Address Switch Name TX packets TX Bytes Total Samples
-|--------------------|-----------|----------|--------|-------------|
1 160.1.1.5 leaf1-a 7272 1891168 7809
2 160.1.1.5 leaf1-b 2675 680494 2753
3 160.1.1.5 leaf2-a 6108 1579256 6506
4 160.1.1.5 leaf2-b 5555 1426946 5895
5 160.1.1.5 rack1-ivs1 355 88622 356
6 160.1.1.5 rack2-ivs1 162 45420 164
7 160.1.1.5 rack2-ivs2 164 45748 165
8 160.1.1.5 spine0 3447 881342 3590
9 160.1.1.5 spine1 4136 1054636 4296

The following command displays sflow details about switch leaf2-b:

controller-1# show sflow switch leaf2-b collectors
~~~~~~~ sFlow Collector Statistics ~~~~~~~
# Collector IP Address TX Packets TX Bytes
-|--------------------|----------|--------|
1 160.1.1.5 5561 1428450
controller-1# show sflow switch leaf2-b interfaces
~ sFlow Interface Statistics ~
# Interface Number of samples
--|---------|-----------------|
1 1 0
2 10 0
3 11 0
4 12 2
5 13 0
6 14 1
<. . . snip . . . >
53 8 0
54 9 0
The following command displays sflow details about the spine switch spine0:
controller-1# show sflow switch spine0 collectors
~~~~~~~ sFlow Collector Statistics ~~~~~~~
# Collector IP Address TX Packets TX Bytes
-|--------------------|----------|--------|
1 160.1.1.5 3451 882362
controller-1> show sflow switch spine0 interfaces
~ sFlow Interface Statistics ~
# Interface Number of samples
--|---------|-----------------|
1 1 0
2 10 0
3 11 0
4 12 0
5 13 0
6 14 0
<. . . snip . . . >
31 8 0
32 9 0

Big Switch Networks Confidential © Big Switch Networks 247

Big Cloud Fabric CLI Reference Guide

This command also lists the invalid collectors when IP addresses are not configured or the segment not present on the
logical router.

show snapshot Command

Command Syntax
show snapshot [<snapshot-name> [details]]

show snapshot firstboot-config <cr>

show snapshot firstboot-config details <cr>
show snapshot <snapshot-name>

Command Mode
Login mode

Command Description
Use the show snapshot command to list any snapshots taken of the running-config (using the copy snapshot command).
Entering this command without keywords displays a summary listing of all the snapshots.

Next Keyword Descriptions

<snapshot-name>: Optionally identify the snapshot where the controller running-config was saved using the copy snapshot
command.
details: Optionally display all details in the snapshot.

Command Examples
controller-1(config)# copy running-config snapshot://sept21
controller-1(config)# show snapshot
# Name Create Size Appliance Version Build
-|------|------------------------|----|----------|-----------------------|-----|
1 sept21 Sun Sep 21 12:26:09 2014 1701 bcf_master 2.0.1-master01-SNAPSHOT 3370
controller-1(config)# show snapshot sept21
!
! Saved-Config sept21
! Create Time: Sun Sep 21 12:26:09 2014
! Saved-Config version: 1.0
! Version: 2.0.1-master01-SNAPSHOT
! Appliance: bcf_master
! Build-Number 3370
<snip>
! tenant
tenant Red
logical-router
next-hop-group external1
tenant system

show span-fabric Command

Command Syntax
show span-fabric {<span-fabric-session-name>}}{switch {<switch-name> | all}

Command Mode
Login mode

Command Description
Use the show span-fabric command to display information about the specified span-fabric session.

248 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

<span-fabric-session-name>: Replace <span-fabric-session-name> with the name of the span-fabric session.
switch <switch-name> | all: Replace <switch-name> with the name of a switch to display information about a specific
switch or use the all keyword to display information about all switches.

Command Examples
controller-1# show span-fabric test1 switch all
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Span-Fabric Destination on Switch ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Session Name Switch Priority Destination Interface-group Name Destination interfaces on
Switch
------------|------------------|--------|---------------------------|--------------------------------|
test1 leaf0-b 1 yrdy23
test1 leaf0-a 1 yrdy23
test1 leaf1-a 1 yrdy23
test1 tmk-mininet-leaf-0 1 yrdy23
test1 tmk-mininet-leaf-2 1 yrdy23

~~~~~~~~~~~ Filters In-use for Switch ~~~~~~~~~~~

# Session-Switch Filter Rule State
-|------------------------|----------------|-----|
1 test1 leaf0-a 1 ether-type arp error
2 test1 leaf0-b 1 ether-type arp error
3 test1 leaf1-a 1 ether-type arp error
4 test1 tmk-mininet-leaf-0 1 ether-type arp error
5 test1 tmk-mininet-leaf-2 1 ether-type arp error
controller-1#

show span-local Command

Command Syntax
show span-local

Command Mode
Login mode

Command Description

show storm-control Command

Command Syntax
show storm-control [switch <switch> [interface <interface>]

show storm-control <cr>

show storm-control switch <Switch Name>
show storm-control switch hv0 <cr>
show storm-control switch hv0 interface <Interface Name>
show storm-control switch hv0 interface hv0-eth1 <cr>
show storm-control switch hv0 interface hv0-eth2 <cr>
show storm-control switch hv0 interface hv0-eth3 <cr>
show storm-control switch hv0 interface hv0-eth4 <cr>
show storm-control switch hv0 interface inband <cr>
show storm-control switch hv0 interface local <cr>

Command Mode
Login mode

Big Switch Networks Confidential © Big Switch Networks 249

Big Cloud Fabric CLI Reference Guide

Command Description
Use the show storm-control command to display the active configuration of Storm Control on fabric switches. Enter this
command with the switch name to display the leaf switch edge ports where Storm Control can be applied.

Next Keyword Descriptions

switch <switch> : Identify a specific switch for which you want to display the Storm Control configuration.
interface <interface>: Identify a interface on the specified switch for which you want to display the Storm Control
configuration.

Command Examples
controller-1> show storm-control switch leaf2-b
# Switch Name IF Name Profile Name Broadcast Rate Known Multicast Rate Unknown Multicast Rate
Unknown Unicast Rate State
--|-----------|----------|------------|--------------|--------------------|----------------------|------
--------------|------------------------|
1 leaf2-b ethernet12 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
2 leaf2-b ethernet14 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
3 leaf2-b ethernet16 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
4 leaf2-b ethernet18 stcntrl2 20% 25% 25% 25%
enabled
5 leaf2-b ethernet24 stcntr1 10% 20% 20% 20%
enabled
6 leaf2-b ethernet44 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
7 leaf2-b ethernet46 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
8 leaf2-b ethernet48 stcntrl2 20% 25% 25% 25%
enabled
9 leaf2-b ethernet49 stcntrl2 20% 25% 25% 25%
error-interface-not-edge
10 leaf2-b ethernet50 stcntrl2 20% 25% 25% 25%
error-interface-not-edge

When a storm-control profile is applied, it is shown the state as “enabled”. If it is not applied due to peer link, fabric link or
internal link, the state column will show the error “error-interface-not-edge”.

Note: 100% indicates that no threshold has been set, and there is no limit on the percentage of traffic allowed by the
specific type of traffic.

show support Command

Command Syntax
show support [switch] [<name>]

Command Mode
Login mode

Command Description
Use the show support command to display the list of available diagnostic bundles of information about the controllers and
switches previously generated for technical support.

Next Keyword Descriptions

switch: Identify the switches that have core dumps for analysis by tech support.
<name>: Name of the file containing the bundle of tech support information.

250 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Examples
controller-1> show support
# Bundle size
-|------------------------------------------------------------------------|-----|
1 floodlight-support--controller--2014-09-29--02-13-47--UTC--XIoXF0.tar.gz 361KB
controller-1>

The following command displays the switches that have core dumps for analysis by tech support.
controller-1> show support switch
Name Dpid Has core
-------|-----------------------|--------|
leaf0-b 00:00:70:72:cf:b5:f4:a6 False
spine0 00:00:70:72:cf:ae:b6:34 True
spine1 00:00:70:72:cf:bd:58:34 False
leaf0-a 00:00:70:72:cf:b5:f4:5c True
leaf1-a 00:00:70:72:cf:bc:c4:c4 False

show switch Command

Command Syntax
show switch <switch-name>

[agent-counters [ arpa | cdpa | cxn | debug_counter | description | igmpa | ofstatemanager | pimu |

pktina | sflowa ] |

config-audit [local | timeout ] | connections [details] | cpu-queue [{<queue-id> | all} counters ] |

endpoint [ <endpoint-name> | ip <ip-address> | mac <mac-address> ] [details] | environment [timeout
<seconds>] | host-stats | images [timeout <seconds>] |

interface [<interface> | all ] [dom | pfc | queue | utilization | counters | endpoint | properties |
rates ] |

inventory [timeout <seconds>] | management-ip [timeout <seconds>] | manifest [timeout <seconds>] |

pimu-counters | secure control plane [timeout <seconds>] | switch-view {connection | controller [timeout
<seconds>]} | version [timeout <seconds>] | zerotouch ]

Command Mode
Login mode

Command Description
Use the show switch agent-counters command to display the agent counters for a specific switch or for all switches. Use the
show switch counters or rates command to display the statistics counters or rates for a specific interface on a specific
switch, for all interfaces on a specific switch, or for all interfaces on all switches.

Note: After a switch reboot or after removing or adding tenants and segments, counters may display high values.

Use the show switch switch-view command to show the controller status or connections from the point of view of the
specified switch. Use the show switch connections command to display connection information about all fabric switches or
a specific switch. The connection state shown is a combination of two conditions:

• Control channel connection state on the current controller node to the switch
• Controller application view of the Active controller node regarding the switch connection
The connection state indicates the conditions summarized in the following table:

Status Displayed Control Channel Connection State Controller Application View

Connected True Connected

Big Switch Networks Confidential © Big Switch Networks 251

Big Cloud Fabric CLI Reference Guide

Connecting True Not_connected

Disconnecting False Connected
Not_connected False Not_connected

Next Keyword Descriptions

<switch-name> | all: Identify a specific switch or show information for all switches.
agent-counters <counter-groups>: Display agent counters. Use the optional <counter-groups> parameter to limit the
display to specific counter groups.
connections: Optionally display information about connections for the specified switch or for all switches
details: Optionally display detailed information about the specified switch or all switches.
config-audit: Audit switch config
cpu-queue <queue-id> all counters: Display the counters for the specified queue or for all queues.
details: Display fabric information for selected switch
dom [timeout <seconds>]: Display digital optical monitoring information for selected switch interface. Use the optional
timeout keyword to specify the maximum time to wait for a reply from the switch before terminating the command.
endpoint: Display endpoint information
environment: Display switch environment
host-stats: Display information about hosts connected to the fabric
images: Display images cached on the switch
interface {<if-name> | all}: Specify an interface or show counters or rates for all interfaces.
inventory: Display switch inventory. The status of the optics can be one of the following:
• R = RX_LOS is reported by the SFP. For 10-GbE and 1-GbE Fiber, this status value means that the SFP is not receiving a
signal from the link partner. For 1-GbE Copper this status value means that the external copper PHY has no link.
• T = the SFP is reporting a TX_FAULT.
• X = TX_DISABLE. The local SFP transmitter is disabled, usually because the port is admin-down.
properties: Optionally display additional interface properties.
counters [drops | errors | incoming | outgoing]: View the current setting for dropped packets, errors, incoming packets, or
outgoing packets.
queue: Display counters for each queue on the specified interface.

Note: vSwitches use the Unicast queues for unknown traffic, while physical switches use the multicast queues.

rates [drops | errors | incoming | outgoing] | queues: view the average current rate for dropped packets, errors, incoming
packets, outgoing packets, and packets queued due to congestion.
agent-counters Display counters for various agents on the switch.
management-ip: Displays the IP address assigned to the management interface of all connected switches. The output does
not include switches that are either disconnected or inactive at the time the command is entered.
manifest: Display switch manifest.
pimu-counters: Display PIMU counters for the specified switch.
running-config Display switch startup-config.

252 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

secure-control-plane: Display the certificate and other secure control plane information about the specified switch.
switch-view: Display switch details from switch perspective.
version [details]: Display switch version of switches connected to the controller. Use the details keyword to show more
information about the versions.
zerotouch: Display Zerotouch state.

Command Examples
The following command shows all queue counters for interface ethernet17 on switch leaf1-a:
controller-1# show switch leaf1-a interface ethernet17 queue all counters
# Switch Name IF Name QoS Traffic Class Tx UCast Bytes Tx UCast Pkts Tx UCast Dropped Pkts Tx
MCast Bytes Tx MCast Pkts Tx MCast Dropped Pkts
-|-----------|----------|-------------------------|--------------|-------------|---------------------|--
------------|-------------|---------------------|
1 leaf1-a ethernet17 traffic-class-0 1440 20 0
2160 30 0
2 leaf1-a ethernet17 traffic-class-1 0 0 0 0
0 0
3 leaf1-a ethernet17 traffic-class-2 0 0 0 0
0 0
4 leaf1-a ethernet17 traffic-class-3 62773009830 13604913 0 0
0 0
5 leaf1-a ethernet17 traffic-class-pfc 0 0 0 0
0 0
6 leaf1-a ethernet17 traffic-class-span-fabric 0 0 0 0
0 0
7 leaf1-a ethernet17 traffic-class-inband 0 0 0 0
0 0
controller-1#

The following command shows the drop counters for all interfaces on all switches:
controller-1> show switch all interface all counters drops
# IF Name Rx Drop Tx Drop
---|----------|----------|-------|
1 ethernet1 0 0
2 ethernet2 0 0
3 ethernet3 4 0
4 ethernet4 0 0
. . .
The following command shows the environmental information for switch leaf1-a:
controller-1# show switch leaf1-a environment
Report : Fan 1
Description: Chassis Fan 1
State: Present
Status: Running.
RPM: 8100.
Speed: 48%.
Airflow: Back-to-Front.
<snip>
Thermal 1
Description: Chassis Thermal Sensor 1 (Sensor on CPU board)
Status: Sensor Functional
Temperature: 33.0 C.
<snip>
PSU 1
Description: PSU-1
State: Present
Status: Running.
Model: CPR-4011-4M21
Type: AC
Vin: 211.0
Vout: 12.0
Iin: 0.3
Iout: 5.5

Big Switch Networks Confidential © Big Switch Networks 253

Big Cloud Fabric CLI Reference Guide

Pin: 74.0
Pout: 66.0
Fan 6
<snip>

The following command shows inventory information about switch leaf1-a:

controller-1# show switch leaf1-a inventory
Report : Port Phy Type Media Status Len Vendor Model S/N
---- ---- ------------ ------ ------ ----- ---------------- ---------------- ----------------
1 0.1 10GBASE-SR Fiber FIBERSTORE SFP-10G85-3M-CO FS40711D0011
2 0.2 10GBASE-SR Fiber FIBERSTORE SFP-10G85-3M-CO FS40711D0013
3 0.3 10GBASE-SR Fiber FIBERSTORE SFP-10G85-3M-CO FS40711D0015
<snip>
54 0.50 40GBASE-CR4 Copper 3m 3M Company 9QA0-111-12-3.00 V30BA016

The following command shows information about all queues on switch leaf0-a:
controller-1# show switch leaf0-a cpu-queue all counters
Reg01-HW-C2# show switch leaf0-a cpu-queue all counters
# Switch Name IF Name Queue ID Tx Bytes Tx Pkts Tx Errors
-|-----------|-------|--------|--------|-------|---------|
1 leaf0-a CPUPort 0 4905 45 0
2 leaf0-a CPUPort 1 8419 65 0
. . . <snip>. . .

The following command shows information about the software images on switch leaf1-a:
controller-1# show switch leaf1-a images

Startup config Checksum : 6309fa7455637930bf8909f93e3e088b

Startup config Date : 2014-09-29 16:27:02 UTC
Startup config Path : /mnt/flash2/ztn/cache/startup-
config/6309fa7455637930bf8909f93e3e088b/6309fa7455637930bf8909f93e3e088b.startup-config
Startup config Url :
http://10.8.25.21/ztn/switch/70:72:cf:b7:5f:7c/startup_config?arch=powerpc&vendor=as5710&machine=54x&mac
hine_revision=0b&serial=unknown

Swi Version : Switch Light OS SWL-BCF-2.0.1

(powerpc.release,bcf,2014.09.28.16.17,c0fdb1a694930402035af5cd171db327695c96bc)
Swi Checksum : e3bc7a7e20138c5c02a010d8232622e4
Swi Date : 2014-09-29 16:26:56 UTC
Swi Path :
/mnt/flash2/ztn/cache/swi/e3bc7a7e20138c5c02a010d8232622e4/e3bc7a7e20138c5c02a010d8232622e4.swi
Swi Url : http://10.8.25.21/image/switchlight-SWL-BCF-2.0.1-powerpc-release-bcf-
2014.09.28.16.17.swi

The following command shows the running-config on switch leaf1-a:

controller-1# show switch leaf1-a running-config
Checksum : 6309fa7455637930bf8909f93e3e088b
Config : !
interface ma1 ip-address dhcp
hostname leaf1-a
datapath id 00:00:70:72:cf:b7:5f:7c
controller 10.8.25.21 port 6653
!
ssh enable
<snip>

The following command shows connections to switch leaf0-a:

controller-1# # show switch leaf0-a switch-view connection

# Switch DPID aux id role state uri
-|-----------|------|------|---------|---------------------|
1 leaf0-a 0 master connected tcp://10.8.25.26:6653
2 leaf0-a 1 master connected tcp://10.8.25.26:6653
3 leaf0-a 2 master connected tcp://10.8.25.26:6653
4 leaf0-a 3 master connected tcp://10.8.25.26:6653

254 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

The following command shows the point of view for switch leaf0-a regarding the controller:
controller-1# show switch leaf0-a switch-view controller
Report : IP:Port State Role #Aux 10.8.25.26:6653 CONNECTED
MASTER 3

The following command shows the PIMU counters for switch leaf0-a:
controller-1# show switch leaf0-a pimu-counters
# Switch Name PIMU Group Name Invoke Packets Drop Packets Forward Packets Forward Prio Packets Error
Packets
--|-----------|---------------|--------------|------------|---------------|--------------------|--------
-----|
1 leaf0-a L2_miss_move 0 0 0 0 0
2 leaf0-a L3_miss_ttl 0 0 0 0 0
. . . <snip> . . .

The following command shows the version for all switches connected to the controller:
controller-1> show switch all version
# Switch Hardware Implementation Version
--|-------------------|-----------------------------|---------------|-------------------|
1 hv0 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
2 hv1 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
3 hv2 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
4 hv3 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
5 hv4 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
6 hv5 Bochs Bochs Switch Light VX SWL-VX-BCF-3.1.0(0)
7 leaf0-a powerpc-accton-as5710-54x-r0b Switch Light OS SWL-OS-BCF-3.1.0(0)
8 leaf0-b powerpc-accton-as5710-54x-r0b Switch Light OS SWL-OS-BCF-3.1.0(0)
9 leaf1-a powerpc-accton-as5710-54x-r0 Switch Light OS SWL-OS-BCF-3.1.0(0)

The following command shows more details about the version for all switches connected to the controller:
controller-1> show switch all version details
# Switch Hardware Implementation Build Version Loader version
Next loader version Onie Next onie Cpld Next cpld
--|---------------------------------------|-----------------------------|---------------|------------------------|-------------------|------------------
1 hv0 (00:00:00:03:00:01) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
2 hv1 (00:00:00:03:00:02) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
3 hv2 (00:00:00:03:00:03) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
4 hv3 (00:00:00:03:00:04) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
5 hv4 (00:00:00:03:00:05) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
6 hv5 (00:00:00:03:00:06) Bochs Bochs Switch Light VX 2015-10-07.00:17-60a8572 SWL-VX-BCF-3.1.0(0)
7 leaf0-a (70:72:cf:b5:f4:5c) powerpc-accton-as5710-54x-r0b Switch Light OS 2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0) SWL-OS-BCF-
3.1.0(0),2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0),2015-10-12.21:22-709a654 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
8 leaf0-b (70:72:cf:b5:f4:a6) powerpc-accton-as5710-54x-r0b Switch Light OS 2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0) SWL-OS-BCF-
3.1.0(0),2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0),2015-10-12.21:22-709a654 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
9 leaf1-a (70:72:cf:c7:c1:ed) powerpc-accton-as5710-54x-r0 Switch Light OS 2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0) SWL-OS-BCF-
3.1.0(0),2015-10-12.21:22-709a654 SWL-OS-BCF-3.1.0(0),2015-10-12.21:22-709a654 2015.02.00.05 2015.02.00.05 6.6.6 6.6.6
controller-1>

The following command displays ZTN information for leaf0-a:

controller-1# # show switch leaf0-a zerotouch
Device : 70:72:cf:c7:ce:11
Name : leaf0-a
Reload pending : False
Platform : powerpc-accton-as5710-54x-r0
Serial number : 571054X1427056
Ip address : 10.8.2.40
Dpid : leaf0-a

The show switch interface properties command displays the interface configuration for breakout-capable interfaces, as in
the following example:
controller-1(config)# show switch spine0 interface all properties
# Switch IF Name MAC Address Config State Adv. Features Curr Features Supported Features peer features
--|------|-----------|-----------------|------|-----|--------------|--------------|-----------------------------|-------------|
1 spine0 ethernet1 5c:16:c7:1f:b9:48 up down 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable

Big Switch Networks Confidential © Big Switch Networks 255

Big Cloud Fabric CLI Reference Guide

2 spine0 ethernet2 5c:16:c7:1f:b9:49 up up 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable

3 spine0 ethernet3 5c:16:c7:1f:b9:4a up down 40gb-fd 40gb-fd 40gb-fd, bsn-breakout-capable

Breakout ports are indicated by a slash and the sequence number after the interface name, such as ethernet17/1. The
following example shows information about a specific breakout port.

controller-1(config)# show switch dell-leaf1-b interface ethernet17/1

# Switch IF Name IF Type IF State IF Down Reason LACP State Curr Features
-|------------|------------|-------|--------|--------------|----------|-------------|
1 dell-leaf1-b ethernet17/1 unknown down Link Down inactive 10gb-fd

If you enter the show switch command without specifying the interface, information about all the interfaces on the switch
is displayed.
If BPDU Guard is disabled and one or more ports are shut down because there is no link to a peer switch, the error
condition is shown in the output from the show switch command when you identify an affected interface, as in the
following example:
bcf-controiller1> show switch leaf1-b interface ethernet14
# Switch IF Name IF Type IF State IF Down Reason LACP State BPDU-Guard State Curr Features
-|-------|----------|-------|--------|------------------------------------------------------|----------|------------------------------|---------------|
1 leaf1-b ethernet14 unknown down BPDU-Guard-Disabled Port Down caused by empty peer LAG inactive error-peer-link-empty-shutdown 10gb-fd, copper

The BPDU Guard State is shown as “error-peer-link-empty-shutdown” and the IF Down Reason is “Guard-Disabled Port
Down caused by empty peer.”
The following command displays statistics about hosts connected to fabric switches:
controller-1> show switch all host-stats
# Switch DPID Distribution description Mem total Mem free 1 min 5 min 15 min
-|-----------|------------------------------------|---------|--------|--------|--------|--------|
1 tmk CentOS Linux release 7.1.1503 (Core) 31.2GB 25.0GB 0.700000 0.530000 0.340000

The following command displays information about the versions of each virtual and physical switch connected to the
controller::
controller-1> show switch version details
Next loader version Onie Next onie Cpld Next cpld
-|--------------------------------------|-----------------------------|---------------|------------------------|-------------------
|--------------------------------------------|--------------------------------------------|-------------|-------------|-----|-------
--|
1 dt-leaf1a (70:72:cf:b7:6d:f0) powerpc-accton-as5710-54x-r0b 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
2 dt-leaf1b (70:72:cf:bc:cf:2c) powerpc-accton-as5710-54x-r0b 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
3 dt-leaf2a (70:72:cf:b7:6d:12) powerpc-accton-as5710-54x-r0b 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
4 dt-leaf2b (70:72:cf:b5:ff:ec) powerpc-accton-as5710-54x-r0b 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2015.05.00.01 2015.05.00.01 6.6.6 6.6.6
5 dt-spine1 (70:72:cf:ae:a5:f4) powerpc-accton-as6700-32x-r0 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2014.08.00.11 2014.08.00.11 0.3 0.5
6 dt-spine2 (70:72:cf:ae:a0:5e) powerpc-accton-as6700-32x-r0 2015-10-07.01:00-5716978
SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 SWL-OS-BCF-3.1.0(0),2015-10-07.01:00-5716978 2014.08.00.11 2014.08.00.11 0.3 0.5
controller-1>

The following command displays the certificate and other secure control plane information about the specified switch:
controller-1> show switch spine0 secure control plane
Next tls mode : off
Certificate issuer : /countryName=US/stateOrProvinceName=CA/organizationName=Big Switch
Networks/localityName=Santa Clara/commonName=Engineering/organizationalUnitName=Switch
Light/[email protected]
Certificate start : 2015-12-07 09:36:50 UTC
Tls mode : off
Openflow tls mode : off
Certificate validity : False
Certificate end : 2025-12-04 09:36:50 UTC

256 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Certificate modulus :
F4AFDA90D24F1860A49566C1F1B159F76E04ADE7D9918EF658382DB6C15CA545F63A6B9643BC9C01BE564048C4A59346DFBACF8E
A227A1DDC7D90618B563789E18D3BF3C63D9D02973B0799F222076288373F70C4CAD184E89985459DA4E6618A4B2074E647A8138
E6C45714DBA1EA1940653E9BC8E67A70EAD4AE45FABB7C55904C9232FFEA7D36044230864C534B3839D246936B6A0DEF7ED19D01
0C35F03C2095BA49E07D669A0CB88A040FE4F6DF9CCF7CEEBFE0A134A8A3AF41C818470761367F3DAFD2AA4A20E8C65EA5E92FEE
1C12224B0B145B7A93BBAF9A3B1CFB7B22E31E4849FFC0603746726925ABE0CD31B7A1327A6D284EF111439F8FF1142B
Key modulus :
F4AFDA90D24F1860A49566C1F1B159F76E04ADE7D9918EF658382DB6C15CA545F63A6B9643BC9C01BE564048C4A59346DFBACF8E
A227A1DDC7D90618B563789E18D3BF3C63D9D02973B0799F222076288373F70C4CAD184E89985459DA4E6618A4B2074E647A8138
E6C45714DBA1EA1940653E9BC8E67A70EAD4AE45FABB7C55904C9232FFEA7D36044230864C534B3839D246936B6A0DEF7ED19D01
0C35F03C2095BA49E07D669A0CB88A040FE4F6DF9CCF7CEEBFE0A134A8A3AF41C818470761367F3DAFD2AA4A20E8C65EA5E92FEE
1C12224B0B145B7A93BBAF9A3B1CFB7B22E31E4849FFC0603746726925ABE0CD31B7A1327A6D284EF111439F8FF1142B
Certificate subject : /countryName=US/stateOrProvinceName=CA/organizationName=Big Switch
Networks/localityName=Santa Clara/commonName=Engineering/organizationalUnitName=Switch
Light/[email protected]
controller-1>

show system Command

Command Syntax
show system {storage | process [<pid>] [details]}

Command Mode
Login mode

Command Description
Use the show system command to display information about the local controller node, including processes currently
running and the hard disk storage.

Next Keyword Descriptions

storage: Display information about system storage utilization
process [<pid>]: Display information about system processes. Optionally, specify the process ID for the interesting process.
details: Display detailed information.

Command Examples
The following command displays information about system persistent (hard disk) storage:
controller-1> show system storage
# Device Path Blocks Avail In Use Percent
-|---------|--------|--------|--------|-------|-------|
1 tmpfs /run 204456 203744 712 0%
2 /dev/sda3 / 7913648 5246924 2666724 33%
3 /dev/sda5 /var/log 17732476 17553064 179412 1%
controller-1>

The following command displays information about processes running on the local controller node:
controller-1> show system process
# id Command
--|----|------------------------------------------------------------|
1 1 /sbin/init
2 383 upstart-udev-bridge--daemon
3 386 /sbin/udevd--daemon
4 539 /sbin/udevd--daemon
5 540 /sbin/udevd--daemon
. . . <snip> . . .
controller-1>

Big Switch Networks Confidential © Big Switch Networks 257

Big Cloud Fabric CLI Reference Guide

show tacacs Command

Command Syntax
show tacacs

Command Mode
Login mode

Command Description
Use the show tacacs command to display the aaa server operational state, global aaa sources and services, as well as any
configured TACACS+ servers and parameters.

show tenant Command

Command Syntax
show tenant {<tenant-name> | all} [counters | rates [time-range | top-n-talkers] |

[segment {<segment-name> | all [counters | rates [time-range {week | hour | month | year | day | minute}
[<range-multiple>]] [top-n-talkers <limit>] |

[mac-membership { ignored-endpoint [mac <mac>] | rule }

[member-rule} [ interface-group <interface-group-name> ] |

[bgp { aggregate <address> | details | {neighbor [<neighbor-name> | ip <neighbor-ip>] [ advertised-route

| received-route ] | all } | route [<ip-address> | <ip-subnet> ] | segment | summary }

[endpoint [ details | incomplete | [mac <MAC> | ip <endpoint-ip-address> | <endpoint-name>] [security-

group]

[logical-router [ applied-policy | detail | dhcp | dynamic-route-next-hop | floating-ip | incomplete |

interface | nat-profile | next-hop-group | pat-profile | policy-list | prefix-list | route [imported] ]
|

[nat-endpoint [mac <mac> | ip <endpoint-ip-address> | switch {<switch-name> | all} | logical-router

{<tenant-name> | all}] |

[remote-vtep {<Remote VTEP Name> | ip <remote-vtep-ip>}] |

[vxlan remote-endpoint [mac <MAC> | ip <endpoint-ip-address>]]

Command Mode
Login mode

Command Description
Use the show tenant command to display information about the tenant and the objects configured with tenants in the
fabric or a specific tenant. The show segment, show debug bgp, show logical-router, show endpoint, and show nat-
endpoint commands can be used as separate commands but can also be used as options with the show tenant command to
limit the information to a specific tenant.

Next Keyword Descriptions

tenant {<tenant-name> | all}: Name of the tenant or all tenants.
counters | rates: Display cumulative or rate statistics about the specified tenant or all tenants.
top-n-talkers <integer>: Display rates for the most active senders.

258 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

segment <segment-name> | all: Replace <segment-name> with the name of a specific segment or use the all keyword to
display information about all segments.
time-range: Display rates for a period of time indicated by the following keyword (week | hour | month | year | day |
minute).
<range-multiple>: Replace <range-multiple with an integer to display information for a longer duration, based on the
preceding time-range unit keyword. For example, time-range hour 3, provides information about the most recent 3-hour
period.
top-n-talkers <integer>: Display rates for the most active senders.
mac-membership ignored-endpoint [mac <mac>] | rule: Display information about MAC membership rules. Use the
ignored-endpoint keyword to display MAC addresses that have transmitted traffic on interfaces belonging to a MAC
classification pool, but for which no MAC membership rule exists. Use the optional mac keyword with a specific MAC
address to identify the interface where the ignored endpoint appeared. Use the rule keyword to display MAC membership
rules.
member-rule: Display the membership rules configured on the controller. To filter the member rules displayed, specify the
tenant name, switch and interface, interface group name, or VLAN.
interface-group<interface-group-name>: Specify the name of the interface group.
bgp: Displays information about BGP for the specified tenant. This option requires one of the following keywords:
• details Display details about BGP sessions.
• neighbor [<neighbor-ip>] Display information about BGP neighbors, or optionally, replace <n eighbor-ip> with the IP
address of a specific neighbor.
• route: Display information about BGP routes. This command displays inactive BGP routes that are less preferred
compared to other protocols, such as OSPF.
• segment: Display segment details for BGP segments.
• summary: Display summary for BGP sessions, including Soft Reconfig status and Prefix Recvd Count.

endpoint: Display information about a specific endpoint, identified by one of the following:
• mac <mac>: Display information about the endpoint with the specified MAC address.
• ip <ip-address>: Display information about the endpoint with the specified IP address.
• <endpoint-name>: Display information about the endpoint with the specified name.
• incomplete: Display information about incomplete endpoints.
• details: Display detailed information about incomplete endpoints.

logical-router: Display information about all logical routers in the fabric or in the specified tenant. This keyword provides
the following options:
• applied-policy: View the rules in the policy list that have been applied on logical routers in all tenants in the fabric or in
the specified tenant.
• dchp: View information about DHCP relay configuration on segment interfaces of logical routers in all tenants in the
fabric or in the specified tenant.
• detail: Display all the information about the logical routers in all tenants in the fabric or in the specified tenant.
• dhcp: Use the show logical-router dhcp command to view information about DHCP relay configuration on segment
interfaces of logical routers in all tenants in the fabric or in the specified tenant. dynamic-route-next-hop: Use the show
logical-router dynamic-route-next-hop command to view information about the members of the next hop groups that
are used for dynamic routes. This is for logical routers in all tenants in the fabric or in the specified tenant.
• dynamic-route-next-hop: Display information about the logical routers in all tenants in the fabric or in the specified
tenant.
• floating-ip: Display information about the floating IPs configured on logical routers in all tenants in the fabric or in the
specified tenant.

Big Switch Networks Confidential © Big Switch Networks 259

Big Cloud Fabric CLI Reference Guide

• incomplete: View information about incorrect, inactive or missing configuration on logical routers in all tenants in the
fabric or in the specified tenant.
• interface [segment | tenant]: View information about the tenant and segment logical router interfaces on logical
routers in all tenants in the fabric or in the specified tenant.
• nat-profile: Display information about the NAT profiles configured on logical routers in all tenants in the fabric or in the
specified tenant.
• next-hop-group: View information about the members of the next hop groups configured on logical routers in all
tenants in the fabric or in the specified tenant.
• pat-profile: View information about the P-NAT profiles configured within logical routers in all tenants in the fabric or in
the specified tenant.
• policy-list: View information about policy lists configured within logical routers in all tenants in the fabric or in the
specified tenant.
• prefix-list: View information about BGP prefix lists configured within logical routers in all tenants in the fabric or in the
specified tenant.
• route [imported]: View information about all configured static routes in logical routers in all tenants in the fabric or in
the specified tenant. Use the imported option to display information about routes imported to the specified tenant
from the system tenant logical router.

nat-endpoint: Display information about NAT endpoints associated with the specified tenant and segment or with all
segments or with all tenants.
• mac <mac>: Display information about the endpoint with the specified MAC address.
• ip <ip-address>: Display information about the endpoint with the specified IP address.
• switch <switch-name> | all: Display endpoints attached to a specific switch or use the all keyword for all switches.
• logical-router {<tenant-name> | all}: Display endpoints attached to a specific logical router or use the all keyword for all
logical routers.

remote-vtep {<remote-vtep> | ip <remote-vtep-ip>}: Display information about the remote VXLAN Termination Endpoint
(VTEP)
vxlan remote-endpoint [mac <MAC> | ip <endpoint-ip-address>]:

Command Examples
The following command displays the BGP neighbor name and Soft Reconfig information:
bcf-controlller1# show tenant test1 bgp sum
Tenant : test1
Protocol IP : 50.1.1.2
Router ID : 50.1.1.2
Local AS : 50
Peer Count : 3
Route resync in progress : False
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Peer Name Peer ID Remote AS Version Msg Rcvd Msg Sent Out Queue In Queue Flaps Uptime Soft
Reconfig Inbound Prefix Rcvd Count Prefix Accepted Count Prefix Applied Count State
-|--------------|------------|---------|-------|--------|--------|---------|--------|-----|--------|----
-----------------|-----------------|---------------------|--------------------|-----------|
1 test50b 172.16.150.1 50 4 2029 1961 0 0 0 03:15:38 False
N/A 1 0 Established
2 switch-50-vrrp 172.16.230.1 50 4 596 396 0 0 0 03:15:43 True
15610 15610 15609 Established
3 switch-50a 50.1.1.1 50 4 2202 1976 0 0 0 03:17:10
False

The Soft Reconfig column indicates "True" or "False" based on whether this option is configured for the BGP neighbor.
When "True", the column "Prefix Rcvd Count" is populated. Otherwise, it is "N/A."

The following command shows information about the Red tenant:

260 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1# show tenant Red

# Tenant Name Total Segments Total endpoints Total ports
-|-----------|--------------|---------------|-----------|
1 Red 3 0 0

The following command displays the 7 most active senders in all tenants:
controller-1# show tenant all rates top-n-talkers 7
# Tenant Name Interval sec Rx Byte/s Rx Pkt/s Tx Byte/s Tx Pkt/s Timestamp
-|-----------|------------|---------|--------|---------|--------|-----------------------|
1 ixia-test 60 2.42MBps 19.8K 2.42MBps 19.8K 2015-04-29 17:48:00 PDT
2 dt 60 40.3KBps 290 698KBps 572 2015-04-29 17:48:00 PDT
3 external 60 696KBps 561 40.1KBps 289 2015-04-29 17:48:00 PDT
controller-1#

The following command displays a summary of information about BGP for the specified tenant::
controller-1# show tenant BGP bgp summary
Tenant : BGP
Protocol IP : 200.200.250.14
Router ID : 200.200.250.14
Local AS : 100
Peer Count : 1
Route resync in progress : True
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Peers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Peer ID Remote AS Version Msg Rcvd Msg Sent Out Queue In Queue Flaps Uptime Prefix received
count Prefix Accepted Count Prefix Applied Count State
-|------------|---------|-------|--------|--------|---------|--------|-----|--------|-------------------
--|---------------------|--------------------|-----------|
1 100.14.201.1 100 4 4 5 0 0 0 00:00:04
7 6 Established

Note: When the route resync in progress field is True, a discrepancy may be observed between the show tenant all bgp
route and show logical-router route dynamic commands.

The following example shows the routes imported to tenantA from the system tenant:
controller-1# show tenant tenantA logical-router route imported
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Route Table ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Tenant Name Dest Cidr Type Next Hop Tenant Next Hop Next Hop IP Status
--|-----------|---------------|--------|---------------|--------|-----------|------|
1 tenantA 40.40.40.0/24 imported system Active
2 tenantA 172.16.1.0/30 imported system Active
3 tenantA 172.16.2.0/30 imported system Active
4 tenantA 172.16.101.0/30 imported system Active
5 tenantA 172.16.102.0/30 imported system Active
6 tenantA 172.16.201.0/24 imported system Active
7 tenantA 172.16.214.0/30 imported system Active

The following command displays BGP routes for a given tenant and neighbor:
controller-1> show tenant tenant48 logical-router route imported
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Route Table ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tenant Name Dest Cidr Preference Type Next Hop Tenant Next Hop Next Hop IP Status
-------------------------------------------------------------------------------|
1 tenant48 172.16.1.0/30 0 imported system Active
2 tenant48 172.16.1.1/32 0 imported system Inactive
3 tenant48 172.16.2.0/30 0 imported system Active
4 tenant48 172.16.2.1/32 0 imported system Inactive
5 tenant48 172.16.101.0/30 0 imported system Active
6 tenant48 172.16.101.1/32 0 imported system Inactive
7 tenant48 172.16.102.0/30 0 imported system Active
8 tenant48 172.16.102.1/32 0 imported system Inactive
9 tenant48 172.16.201.0/24 0 imported system Active
10 tenant48 172.16.201.1/32 0 imported system BGP Export Only
11 tenant48 172.16.211.0/24 0 imported system Active

Big Switch Networks Confidential © Big Switch Networks 261

Big Cloud Fabric CLI Reference Guide

The BGP Export Only status indicates that the route originates from a BCF extended segment.

show test path Command

Command Syntax
show test path <test-name>

Command Mode
Enable or config mode

Command Description
Use the show test command to display the actual path taken by packet programmed by test path command with test path
command with the fabric-view option. See the test path command for details about how to use the fabric-view option. You
can use the show test command to display previously configured test path instances. Use the show test command with the
name of the instance after injecting traffic of the specified protocol on the path being tested.

Note: To see changes in topology that occur after entering the test path command, wait 10 seconds or more. To see any
changes that occurred less than 10 seconds before the test expiration, re-enter the command.

Next Keyword Descriptions

<test-name>: Name of the test path instance.

Command Examples
The following command displays the status of Fabric View test path instances:
controller-1# show test path
# Test Name Test Configuration Test Status Expires In (s)
-|---------|----------------------------------------------|-----------|--------------|
1 test1 src-name bm1 dst-ip 50.0.0.1 ip-protocol icmp timedout

The following command injects ICMP traffic on the path being tested by the test path instance test1 and displays the results
of the test:
controller-1# ping 50.0.0.1
controller-1# show test path test1

show this Command

Command Syntax
show this

Command Mode
Nested submodes

Command Description
Use the show this command to display the path and current configuration for a nested object related to the current CLI
submode.

Command Examples
The following command shows the configuration of the segment web:
controller-1(config)# tenant Red

262 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

controller-1(config-tenant)# segment web

controller-1(config-tenant-seg)# show this
! tenant
tenant Red
segment web
endpoint finwebip 192.168.17.1
controller-1(config-tenant-seg)#

show upgrade Command

Command Syntax
show upgrade {fabric errors {pre-upgrade | since-upgrade} show images | staged | progress [continuous]}
[details]

Command Mode
Login mode

Command Description
Use the show upgrade command to display the status of the controller upgrade process.

Next Keyword Descriptions

fabric errors pre-upgrade | since-upgrade: Display fabric errors before an upgrade and after the upgrade. The fabric errors
shown after the upgrade are those errors remaining at the time the command is entered.
images: Display information about the images available for upgrading the controller.
staged: Display information about the images staged for upgrading the controller. Images are staged using the upgrade
stage command, but the upgrade does not take effect until you enter the upgrade launch command.
progress: Display the current state of the upgrade process. Use the optional continuous keyword to display progress of the
upgrade process continuously.
continuous: Use this optional keyword to display progress of the upgrade process continuously.

Command Examples
The following command shows the status of the upgrade process:
controller-1-> show upgrade progress
Upgrade new/active: state: Local: phase-1-migrate-traffic-and-services Remote: phase-1-migrate-traffic-
and-services upgrading-active Paused until: 2017-06-20 15:32:03 UTC (20:46 left)

controller-1->

In this example, the upgrade has been paused using the pause option with the upgrade command.

show user Command

Command Syntax
show user [<user-name> [details]]

Command Mode
Login mode

Command Description
Use the show user command to display information about all administrative user accounts or about the specified account.

Big Switch Networks Confidential © Big Switch Networks 263

Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

user-name: User account name.
details: Display additional information about all user accounts or the specified account.

Command Examples
controller-1# show user
# User name Full name Groups
-|---------|-------------|------|
1 admin Default admin admin
2 bob

show vcenter command

Command Syntax
show vcenter [<vcenter-name>]

Command Mode
Login mode

Command Description
Use the show vcenter command to display information about all vCenter instances configured on the controller or a specific
instance.

Next Keyword Descriptions

vcenter-name: (Optional) Display information about the specified vCenter instance. If this value is omitted, information
about all vCenter instances is displayed.

Command Examples
controller-1# show vcenter
# vCenter Name Host name Tenant Preserve bcf config State Last update time Detail
Version Bcf sync time vSphere gui-plugin version Permission
-|------------|-----------|------|-------------------|------------|------------------------------|------
-------------------------------------------------------------|-------|------------------------------|---
-----------------------|----------|
1 VC1 10.8.20.100 VC1 False connected 2016-12-12 08:42:34.834000 PST
Connected and authenticated 6.0.0 2016-12-12 08:42:34.834000
PST read-write
2 wjt-test False disconnected 2016-12-12 08:42:53.765000 PST
Invalid vCenter Configuration: missing host, user, password, tenant
read-only
controller-1#

show version Command

Command Syntax
show version [ details | switch-image ]

Command Mode
Login mode

Command Description
Use the show version command to display information about the software version currently running on the controller
Version information of various components

264 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Next Keyword Descriptions

details: Display additional information.
switch-image: Display information about Switch Light OS images.

Command Examples
The following command displays the version of the controller:
controller-1> show version
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appliance ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Name : Big Cloud Fabric
Build date : 2017-05-04 08:11:15 UTC
Build user : bsn
Ci build number : 9315
Ci job name : bcf-master
Community edition : False
Product type : BCF
Release string : Big Cloud Fabric 4.2.0-master-SNAPSHOT (bcf-master #9315)
Version : 4.2.0-master-SNAPSHOT
controller-1>

The following example displays information about the Switch Light OS software images:
controller-1> show version switch-image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# File checksum manifest version operation
-|------------------------------------------------------------------|--------------------------------|----------------|-----------|
1 switchlight-SWL-BCF-2.5.0-amd64-release-2014.12.19.15.41.swi 468e3d8d7f219e9199f0e79705e67f4e 1 ztn-runtime
<snip>

~~~~~~ Switchlight-e47f400-amd64-ztn.2014.12.19.15.41.installers of file-names ~~~~~~

# file name platform
-|--------------------------------------------------------|--------------------------|
1 switchlight-e47f400-amd64-ztn.2014.12.19.15.41.installer x86-64-dell-s4000-c2338-r0
2 switchlight-e47f400-amd64-ztn.2014.12.19.15.41.installer x86-64-dell-s6000-s1220-r0

~~~~~~~~~ Switchlight-e47f400-powerpc-release.ztn.2014.12.19.15.41.installers of file-names ~~~~~~~~~

# file name platform
--|------------------------------------------------------------------|------------------------------|
1 switchlight-e47f400-powerpc-release.ztn.2014.12.19.15.41.installer powerpc-accton-as4600-54t-r0
2 switchlight-e47f400-powerpc-release.ztn.2014.12.19.15.41.installer powerpc-accton-as5610-52x-r0
<snip>
15 switchlight-e47f400-powerpc-release.ztn.2014.12.19.15.41.installer powerpc-quanta-ly2-r0
Reg01-HW-C2>

show vswitch Command

Command Syntax
show vswitch [all | <switch-name> ] [connections [ details ] | details | host-stats | version [ details
]]

Command Mode
Login mode

Command Description
Use the show vswitch command to display information about the vLeaf switches (Switch Light Virtual instances) in the
fabric.
The connection state shown is a combination of two conditions:
• Control channel connection state on the current controller node to the switch

Big Switch Networks Confidential © Big Switch Networks 265

Big Cloud Fabric CLI Reference Guide

• Controller application view of the Active controller node regarding the switch connection
The connection state indicates the conditions summarized in the following table:

Status Displayed Control Channel Connection State Controller Application View

Connected True Connected
Connecting True Not_connected
Disconnecting False Connected
Not_connected False Not_connected

Next Keyword Descriptions

all: Use the all keyword to display information about all Switch Light Virtual instances in the fabric.
<switch-name>: The name of the virtual switch.
connections [details]: Display fabric connection information about Switch Light Virtual instances. Use the optional details
keyword for additional information.
details: Display detailed fabric information about the Switch Light Virtual instances.
host-stats: Display information about hosts running Switch Light Virtual.
version [details]: Display version information about Switch Light Virtual instances. Use the optional details keyword for
additional information.

show vxlan Command

Command Syntax
show vxlan [ extended-segment | remote-endpoint | remote-vtep | vtep-pair ]

Command Mode
Login mode

Command Description
Use the show vxlan command to display information about Virtual Extensible LAN (VXLAN) configuration, extended
segments, endpoints on a remote VXLAN network, or the VXLAN Termination Endpoint (VTEP).

Next Keyword Descriptions

extended-segment: Display information about all extended segments in the fabric.
remote-endpoint: Show details about endpoints that are remotely connected on an extended segment.
remote-vtep: Display information about all remote VTEPs visible on the fabric.
vtep-pair: Display information about all known VTEP pairs in the fabric.

show where Command

Command Syntax
show where [details]

Command Mode
Login mode

266 © Big Switch Networks Big Switch Networks Confidential

 Big Cloud Fabric CLI Reference Guide

Command Description
Use the show where command to display details about the current CLI submode.

Next Keyword Descriptions

details: Display additional detail about the current submode.

Command Examples
controller-1(config-tenant)# show where
Mode Related Object
-------------|-------------------|

08
config-tenant Tenant Name:Red
controller-1(config-tenant)# Fall

show zerotouch request Command

Command Syntax
show zerotouch request [mac-addr <MAC-address>

Command Mode
Login mode

Command Description
Use the show zerotouch command to display a Zero Touch request.

Next Keyword Descriptions

mac-add <MAC-address>: Display a Zero Touch request for the specified MAC address.

Command Examples
controller-1> show zerotouch request
# Request-history Ip address Action Timestamp
Result Message
-|----------------------------|--------------------------|--------------|------------------------------
|-----------------|-------------------------------------------------------------------------------------
----------|
1 00:01:e8:d8:55:0d (Force10) fe80::201:e8ff:fed8:550d%2 mdns-discovery 2018-02-20 01:27:39.003000 PST
unable-to-service No switch name configured for switch mac 00:01:e8:d8:55:0d
2 08:9e:01:f8:6b:8b (QUANTA) fe80::a9e:1ff:fef8:6b8b%2 mdns-discovery 2018-02-20 01:27:44.180000 PST
unable-to-service No switch name configured for switch mac 08:9e:01:f8:6b:8b
3 70:72:cf:e6:01:43 (EdgeCore) fe80::7272:cfff:fee6:143 onie-install 2018-02-20 01:27:48.416000 PST
unable-to-service ONIE is not allowed for this device: No switch name configured for switch mac
70:72:cf:e6:01:43

Big Switch Networks Confidential © Big Switch Networks 267

Related Documents
The following documentation is available for Big Cloud Fabric Release 4.7:

Big Cloud Fabric 4.7 CLI Reference Guide

Big Cloud Fabric 4.7 Deployment Guide
Big Cloud Fabric 4.7 GUI Guide
Big Cloud Fabric 4.7 Hardware Compatibility List
Big Cloud Fabric 4.7 Hardware Guide
Big Cloud Fabric 4.7 REST API Guide
Big Cloud Fabric 4.7 SNMP MIB Reference
Big Cloud Fabric 4.7 System Messages Guide
Big Cloud Fabric 4.7 User Guide
Big Cloud Fabric 4.7 Verified Scale
Big Cloud Fabric 4.7.x Release Notes

Opening a Technical Support Case

You may open a support case with a simple description about the problem or question. However, to expedite the case resolution,
more information can be provided when opening a case, depending on the case type and severity. Big Switch Networks provides
three methods for opening a case:
• By Email : [email protected]
• By telephone: Call 800-653-0565, option 2
• By website : http://www.bigswitch.com/support

1. Login to Support portal.

2. Select Cases.
3. Select Create New.
Contact your sales representative or email [email protected] to obtain login credentials for accessing the Support Portal.

Documentation Feedback
We look forward to hearing from you. To provide technical feedback on this document, or to report an error or omission, please
send your comments to [email protected]. We appreciate your feedback.

Copyright 2018 Big Switch Networks, Inc. All rights reserved. Big Switch Networks, Big Cloud Fabric, Big Tap, Switch Light OS, and Switch Light vSwitch are trademarks or registered trademarks of Big
Switch Networks, Inc. All other trademarks, service marks, registered marks or registered service marks are the property of their respective owners. Big Switch Networks assumes no responsibility for any
inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.