Cumulus Linux Command Reference Guide

Common System Commands

Command(s)DescriptionExampleMore Information
!!Replays last CLI command (same as !-1, which is one command back in the CLI history).cumulus@leaf1$ echo “Hello World”Hello Worldcumulus@leaf1$ !!echo “Hello World”Hello WorldEvent Designators
cat /etc/lsb-releaseDisplays software version information.cumulus@leaf1$ cat /etc/lsb-releaseDISTRIB_ID=“Cumulus Linux”DISTRIB_RELEASE=4.2.0DISTRIB_DESCRIPTION=“Cumulus Linux 4.2.0”lsb_release
cat /etc/os-releaseDisplays detailed software version information.NAME=“Cumulus Linux”VERSION_ID=4.2.0VERSION=“Cumulus Linux 4.2.0”PRETTY_NAME=“Cumulus Linux”ID=cumulus-linuxID_LIKE=debianCPE_NAME=cpe:/o:cumulusnetworks:cumulus_linux:4.2.0HOME_URL=“http://www.cumulusnetworks.com/SUPPORT_URL=“http://support.cumulusnetworks.com/os-release
cl-licenseDisplays license status and information; installs license.cumulus@leaf1$ sudo cl-licensecwlicense@cumulusnetworks.com|XXXXXLicense Installation
onie-selectUninstalls and reinstalls an image; boots into rescue mode.Note: Requires sudo or root.cumulus@leaf1$ sudo onie-select -iWARNING:WARNING: Operating System install requested.WARNING: This will wipe out all system data.WARNING:Are you sure (y/N)? yEnabling install at next reboot…done.Reboot required to take effect.Image Management
decode-syseeprom1Displays hardware version information; sets EEPROM content.cumulus@leaf1$ sudo decode-syseepromTlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 108TLV Name Code Len Value——————– —- — —–Serial Number 0x23 10 ADXXXXXXXXProduct Name 0x21 10 AS4600-54TManufacture Date 0x25 19 06/30/2012 12:00:00Base MAC Address 0x24 6 70:72:CF:XX:XX:XXLabel Revision 0x27 4 R01APlatform Name 0x28 28 powerpc-accton_as4600_54t-r0ONIE Version 0x29 7 2014.11MAC Addresses 0x2A 2 65CRC-32 0xFE 4 0x182BXXXX(checksum valid)Monitoring System Hardware
dmesgDisplays system boot messages.cumulus@leaf1$ dmesg<snip for brevity>[ 2485.689082] bonding: bond0: Removing slave swp1.[ 2485.689169] bonding: bond0: releasing backup interface swp1[ 2486.029832] ADDRCONF(NETDEV_UP): swp1: link is not ready[ 2489.431326] ADDRCONF(NETDEV_CHANGE): swp1: link becomes ready[ 2536.508917] bonding: bond0: enslaving swp1 as a backup interface with a down link.[ 2536.602285] bonding: bond0: link status definitely up for interface swp1, 0 Mbps half duplex.[ 2536.902216] bonding: bond0: link status definitely down for interface swp1, disabling it[ 2540.108185] bonding: bond0: link status definitely up for interface swp1, 1000 Mbps full duplex.[ 2569.010752] bonding: bond0: link status definitely down for interface swp1, disabling it[ 2571.810708] bonding: bond0: link status definitely up for interface swp1, 1000 Mbps full duplex.dmesg
/usr/lib/cumulus/onie/onie-versionDisplays ONIE version.cumulus@leaf1$ /usr/lib/cumulus/onie/onie-versionONIE version : 2018.08ONIE vendor_id : 42623ONIE build_machine : cumulus_vxONIE machine_rev : 0ONIE arch : x86_64ONIE build_platform : x86_64-cumulus_vx-r0ONIE config_version : 1ONIE build_date : 2018-08-14T03:52-0700ONIE partition_type : gptONIE kernel_version : 4.1.38ONIE firmware : autoONIE switch_asic : qemuONIE skip_ethmgmt_macs: yesONIE grub_image_name: grubx64.efiONIE uefi_boot_loader: grubx64.efiONIE uefi_arch : x64ONIE command line reference
historyDisplays CLI command history.cumulus@leaf1$ history 1 exit 2 ping -I bond0 10.0.0.2 3 smonctl 4 sudo su - 5 echo hi 6 historyhistory
hostnamecat /etc/hostnameDisplays/sets hostname. A reboot is required if changes to the /etc/hostname file are made.cumulus@leaf1$ hostnameleaf1hostname
date1Displays time and timezone information.cumulus@leaf1:~# dateThu Feb 11 21:17:32 UTC 2016date
ping -I bond0 <INTERFACE_IP>Pings sourced from a specified interface. This can also be a virtual interface.cumulus@leaf1$ ping -I bond0 10.0.0.1PING 10.0.0.1 (10.0.0.1) from 10.0.0.1 bond0: 56(84) bytes of data.64 bytes from 10.0.0.1: icmp_req=1 ttl=64 time=0.083 ms64 bytes from 10.0.0.1: icmp_req=2 ttl=64 time=0.079 ms^C— 10.0.0.1 ping statistics —2 packets transmitted, 2 received, 0% packet loss, time 1000msrtt min/avg/max/mdev = 0.079/0.081/0.083/0.002 msping
sensors -fDisplays PSU, fan, and environmental information (in Fahrenheit).cumulus@leaf1$ sensors -flm75a-i2c-0-4bAdapter: MPC adaptertemp1: +86.9 F (high = +113.0 F, hyst = +113.0 F)lm75a-i2c-1-48Adapter: MPC adaptertemp1: +91.4 F (high = +149.0 F, hyst = +149.0 F)lm75a-i2c-1-49Adapter: MPC adaptertemp1: +88.7 F (high = +113.0 F, hyst = +113.0 F)lm75a-i2c-1-4eAdapter: MPC adaptertemp1: +98.6 F (high = +149.0 F, hyst = +149.0 F)lm75a-i2c-1-4fAdapter: MPC adaptertemp1: +79.7 F (high = +113.0 F, hyst = +113.0 F)emc2305-i2c-1-4dAdapter: MPC adapterfan1: 9060 RPM (div = 4)fan2: 9060 RPM (div = 4)fan3: 9060 RPM (div = 4)fan4: 8998 RPM (div = 4)fan5: 9018 RPM (div = 4)sensors
tail -n<N> /var/log/syslogDisplays the last N lines of syslog.cumulus@leaf1$ tail -n30 /var/log/syslogSep 23 23:17:01 leaf1 CRON[31219]: pam_unix(cron:session): session closed for user rootSep 23 23:20:57 leaf1 dhclient: DHCPREQUEST on eth0 to 192.168.0.1 port 67Sep 23 23:20:57 leaf1 dhclient: DHCPACK from 192.168.0.1Sep 23 23:20:57 leaf1 dhclient: bound to 192.168.0.11 – renewal in 1620 seconds.Sep 23 23:20:57 leaf1 cl-autoprovision[31423]: version: 0.4Sep 23 23:20:57 leaf1 cl-autoprovision[31423]: Provisioning has already occured, use –force to overrideSep 23 23:21:54 leaf1 sudo: cumulus : TTY=pts/0 ; PWD=/home/cumulus ; USER=root ; COMMAND=/bin/bashSep 23 23:23:08 leaf1 sshd[23560]: Received disconnect from 192.168.0.1: 11: disconnected by userSep 23 23:23:08 leaf1 sshd[23558]: pam_unix(sshd:session): session closed for user cumulusSep 23 23:23:10 leaf1 sshd[31560]: Accepted publickey for cumulus from 192.168.0.1 port 44133 ssh2Sep 23 23:23:10 leaf1 sshd[31560]: pam_unix(sshd:session): session opened for user cumulus by (uid=0)Sep 23 23:23:22 leaf1 sudo: cumulus : TTY=pts/0 ; PWD=/home/cumulus ; USER=root ; COMMAND=/bin/echo hiSep 23 23:23:40 leaf1 sudo: cumulus : TTY=pts/0 ; PWD=/home/cumulus ; USER=root ; COMMAND=/sbin/hwclockSep 23 23:25:03 leaf1 sshd[31562]: Received disconnect from 192.168.0.1: 11: disconnected by userSep 23 23:25:03 leaf1 sshd[31560]: pam_unix(sshd:session): session closed for user cumulusSep 23 23:25:04 leaf1 sshd[31673]: Accepted publickey for cumulus from 192.168.0.1 port 44134 ssh2Sep 23 23:25:04 leaf1 sshd[31673]: pam_unix(sshd:session): session opened for user cumulus by (uid=0)Sep 23 23:30:01 leaf1 CRON[31946]: pam_unix(cron:session): session opened for user root by (uid=0)Sep 23 23:30:01 leaf1 CRON[31945]: pam_unix(cron:session): session opened for user root by (uid=0)Sep 23 23:30:01 leaf1 /USR/SBIN/CRON[31947]: (root) CMD ( /usr/sbin/logrotate /etc/logrotate.conf)Sep 23 23:30:01 leaf1 /USR/SBIN/CRON[31948]: (root) CMD ( /usr/sbin/logrotate /etc/logrotate.conf)Sep 23 23:30:01 leaf1 CRON[31946]: pam_unix(cron:session): session closed for user rootSep 23 23:30:01 leaf1 CRON[31945]: pam_unix(cron:session): session closed for user rootSep 23 23:45:01 leaf1 CRON[32703]: pam_unix(cron:session): session opened for user root by (uid=0)Sep 23 23:45:01 leaf1 CRON[32702]: pam_unix(cron:session): session opened for user root by (uid=0)Sep 23 23:45:01 leaf1 /USR/SBIN/CRON[32704]: (root) CMD ( /usr/sbin/logrotate /etc/logrotate.conf)Sep 23 23:45:01 leaf1 /USR/SBIN/CRON[32705]: (root) CMD ( /usr/sbin/logrotate /etc/logrotate.conf)Sep 23 23:45:01 leaf1 CRON[32703]: pam_unix(cron:session): session closed for user rootSep 23 23:45:01 leaf1 CRON[32702]: pam_unix(cron:session): session closed for user roottail
topDisplays real time CPU/memory utilization and the top processes.cumulus@leaf1$ toptop - 23:47:40 up 1 day, 3:13, 1 user, load average: 0.13, 0.24, 0.23Tasks: 64 total, 1 running, 63 sleeping, 0 stopped, 0 zombie%Cpu(s): 17.9 us, 7.6 sy, 0.0 ni, 74.5 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 stKiB Mem: 2006792 total, 202936 used, 1803856 free, 23324 buffersKiB Swap: 0 total, 0 used, 0 free, 77356 cachedPID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND3157 root 15 -5 166m 47m 11m S 24.5 2.4 342:24.96 switchd368 cumulus 20 0 3696 1504 1084 R 0.3 0.1 0:00.06 toptop
uname -aDisplays machine information, including kernel version, release, operating system, and hostname.cumulus@leaf1$ uname -aLinux leaf1 3.2.65-1+deb7u2+cl2.5+2 #3.2.65-1+deb7u2+cl2.5+2 SMP Mon Jun 1 18:26:55 PDT 2015 ppc powerpc GNU/Linuxuname
whoamiDisplays the current active user/account.cumulus@leaf1$ whoamicumuluswhoami
dpkg-reconfigure tzdata1Configures the timezone.cumulus@leaf1$ sudo dpkg-reconfigure tzdataConfiguring tzdata——————Please select the geographic area in which you live. Subsequent configuration questions will narrow this down by presenting a list of cities, representing the time zones in which they are located. 1. Africa 2. America 3. Antarctica 4. Australia 5. Arctic 6. Asia 7. Atlantic 8. Europe 9. Indian 10. Pacific 11. SystemV 12. US 13. EtcGeographic area: 12Please select the city or region corresponding to your time zone. 1. Alaska 2. Aleutian 3. Arizona 4. Central 5. Eastern 6. Hawaii 7. Indiana-Starke 8. Michigan 9. Mountain 10. Pacific 11. Pacific-New 12. SamoaTime zone: 10Current default time zone: ‘US/Pacific’Local time is now: Wed Sep 23 17:01:00 PDT 2015.Universal Time is now: Thu Sep 24 00:01:00 UTC 2015.Debian wiki on timezone changes
reboot1Reboots the switch.cumulus@leaf1$ sudo rebootBroadcast message from root@leaf1 (pts/0) (Wed Sep 23 17:04:44 2015):The system is going down for reboot NOW!reboot
sudo susudo -isudo /bin/bashSwitches user to root/super user.cumulus@leaf1$ sudo su[sudo] password for cumulus:root@leaf1:~#Different ways to become root

File Editing Commands

Command(s)DescriptionMore Information
nanoBasic, user-friendly text editor with persistent on-screen keybindings.nano
viAdvanced text editor.vi for Beginners

Interface Commands

Command(s)DescriptionExampleMore Information
arp -n^1^cat /proc/net/arpDisplays ARP table with IP addresses instead of trying to resolve hostnames (when using the -n flag).cumulus@leaf1$ sudo arp -nAddress HWtype HWaddress Flags Mask Iface10.1.1.2 ether 08:9e:01:ce:d8:64 C swp1s010.1.1.34 ether 00:e0:ec:25:7c:d7 C swp1s210.1.1.6 ether 08:9e:01:ce:d8:65 C swp1s1192.168.0.1 ether 72:01:84:88:f5:8b C eth010.1.1.38 ether 00:e0:ec:25:7c:d8 C swp1s3arp man page
cat /etc/network/interfacesDisplays the interface configuration, bridges, bonds, and VLANs. This file is not indicative of the current running state.cumulus@leaf1$ cat /etc/network/interfaces#Configured By Ansibleauto loiface lo inet loopbackauto lo:1iface lo:1 inet static address 10.2.1.1/32auto eth0iface eth0 inet dhcpConfiguring and Managing Network Interfaces
cat /proc/net/bonding/bond0Displays bond0’s bond (LAG) information.cumulus@leaf1$ cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)Bonding Mode: IEEE 802.3ad Dynamic link aggregationTransmit Hash Policy: layer3+4 (1)MII Status: upMII Polling Interval (ms): 100Up Delay (ms): 0Down Delay (ms): 0802.3ad infoLACP rate: fastMin links: 1Aggregator selection policy (ad_select): stableSystem Identification: 65535 08:9e:01:f8:90:80Active Aggregator Info: Aggregator ID: 1 Number of ports: 2 Actor Key: 17 Partner Key: 17 Partner Mac Address: 08:9e:01:f8:98:c8LACP Bypass Info: Allowed: 0 Timeout: 0 All-active: 0Slave Interface: swp2MII Status: upSpeed: 1000 MbpsDuplex: fullLink Failure Count: 1Permanent HW addr: 08:9e:01:f8:90:80Aggregator ID: 1LACP bypass priority: 0Slave queue ID: 0Slave Interface: swp1MII Status: upSpeed: 1000 MbpsDuplex: fullLink Failure Count: 0Permanent HW addr: 08:9e:01:f8:90:7fAggregator ID: 1LACP bypass priority: 0Slave queue ID: 0proc man page
cl-netstatcl-netstat -cDisplays/clears counters for cl-netstat.cumulus@leaf1$ cl-netstatKernel Interface tableIface MTU Met RX_OK RX_ERR RX_DRP RX_OVR TX_OK TX_ERR TX_DRP TX_OVR Flg——- —– —– ——- ——– ——– ——– ——- ——– ——– ——– —–br0 1500 0 0 0 0 0 4 0 0 0 BMRUbr1 1500 0 0 0 0 0 5 0 0 0 BMRUeth0 1500 0 9973 0 0 0 7761 0 0 0 BMRUlo 16436 0 4 0 0 0 4 0 0 0 LRUswp1s0 1500 0 2275 0 1 0 2485 0 0 0 BMRUswp1s1 1500 0 2452 0 1 0 2324 0 0 0 BMRUswp1s2 1500 0 2448 0 3 0 2338 0 0 0 BMRUswp1s3 1500 0 2453 0 3 0 2442 0 0 0 BMRUswp32s0 1500 0 0 0 0 0 10081 0 0 0 BMRUswp32s1 1500 0 0 0 0 0 10082 0 0 0 BMRUView and Clear Interface Counters
ethtool <INTERFACE>1Displays low level port information.cumulus@leaf1$ sudo ethtool swp32s0Settings for swp32s0: Supported ports: [ TP ] Supported link modes: 10baseT/Full 100baseT/Full 1000baseT/Full 10000baseT/Full Supported pause frame use: Symmetric Receive-only Supports auto-negotiation: Yes Advertised link modes: 1000baseT/Full 10000baseT/Full Advertised pause frame use: Symmetric Advertised auto-negotiation: No Speed: 10000Mb/s Duplex: Full Port: FIBRE PHYAD: 0 Transceiver: external Auto-negotiation: off Current message level: 0x00000000 (0) Link detected: yesMonitor Interfaces using ethtool
ethtool -S <INTERFACE>1Displays detailed low level statistics.cumulus@leaf1$ sudo ethtool -S swp32s0 HwIfInOctets: 0 HwIfInUcastPkts: 0 HwIfInBcastPkts: 0 HwIfInMcastPkts: 0 HwIfOutOctets: 692670 HwIfOutUcastPkts: 0 HwIfOutMcastPkts: 10128 HwIfOutBcastPkts: 0 HwIfInDiscards: 0 HwIfInL3Drops: 0 HwIfInBufferDrops: 0 HwIfInAclDrops: 0 HwIfInDot3LengthErrors: 0 HwIfInErrors: 0 SoftInErrors: 0 SoftInDrops: 0 SoftInFrameErrors: 0 HwIfOutDiscards: 0 HwIfOutErrors: 0 HwIfOutQDrops: 0 HwIfOutNonQDrops: 0 SoftOutErrors: 0 SoftOutDrops: 0 SoftOutTxFifoFull: 0 HwIfOutQLen: 0 HwIfInDot3FrameErrors: 0 HwIfInPausePkt: 0 HwIfOutPausePkt: 0 HwIfInPfc0Pkt: 0 HwIfOutPfc0Pkt: 0 HwIfInPfc1Pkt: 0 HwIfOutPfc1Pkt: 0 HwIfInPfc2Pkt: 0 HwIfOutPfc2Pkt: 0 HwIfInPfc3Pkt: 0 HwIfOutPfc3Pkt: 0 HwIfInPfc4Pkt: 0 HwIfOutPfc4Pkt: 0 HwIfInPfc5Pkt: 0 HwIfOutPfc5Pkt: 0 HwIfInPfc6Pkt: 0 HwIfOutPfc6Pkt: 0 HwIfInPfc7Pkt: 0 HwIfOutPfc7Pkt: 0Monitor Interfaces using ethtool
ifquery <INTERFACE>Displays configuration information for an interface.cumulus@leaf1$ sudo ifquery -aauto loiface lo inet loopbackauto loiface lo inet static address 10.2.1.1/32auto eth0iface eth0 inet dhcpauto swp1s0iface swp1s0 inet static address 10.1.1.1/30auto swp1s1iface swp1s1 inet static address 10.1.1.5/30auto swp1s2iface swp1s2 inet static address 10.1.1.33/30auto swp1s3iface swp1s3 inet static address 10.1.1.37/30auto br1iface br1 inet static address 10.4.1.129/25 bridge-ports swp32s1 bridge-stp onauto br0iface br0 inet static address 10.4.1.1/25 bridge-ports swp32s0 bridge-stp onUse ifquery
ifreload -a1service networking reloadRuns ifdown, then ifup, on any interfaces with configuration changes.cumulus@leaf1$ ifreload -acumulus@leaf1$Use ifupdown2
ifdown <INTERFACE>;ifup <INTERFACE>1Brings a specified interface down, then back up.cumulus@leaf1$ sudo ifdown swp1s0cumulus@leaf1$ sudo ifup swp1s0cumulus@leaf1$Use ifupdown2
ip addr showDisplays all configured IP addresses.cumulus@leaf1$ ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 10.2.1.1/32 scope global lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 44:38:39:00:49:8b brd ff:ff:ff:ff:ff:ff inet 192.168.0.11/24 brd 192.168.0.255 scope global eth0 inet6 fe80::4638:39ff:fe00:498b/64 scope link valid_lft forever preferred_lft forever5: swp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 link/ether 44:38:39:00:49:8c brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/30 scope global swp1s0 inet6 fe80::4638:39ff:fe00:498c/64 scope link valid_lft forever preferred_lft forever6: swp1s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 link/ether 44:38:39:00:49:8d brd ff:ff:ff:ff:ff:ff inet 10.1.1.5/30 scope global swp1s1 inet6 fe80::4638:39ff:fe00:498d/64 scope link valid_lft forever preferred_lft forever7: swp1s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 link/ether 44:38:39:00:49:8e brd ff:ff:ff:ff:ff:ff inet 10.1.1.33/30 scope global swp1s2 inet6 fe80::4638:39ff:fe00:498e/64 scope link valid_lft forever preferred_lft forever8: swp1s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 link/ether 44:38:39:00:49:8f brd ff:ff:ff:ff:ff:ff inet 10.1.1.37/30 scope global swp1s3 inet6 fe80::4638:39ff:fe00:498f/64 scope link valid_lft forever preferred_lft foreverip man page
ip link showDisplays interface information.cumulus@leaf1$ ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 44:38:39:00:49:8b brd ff:ff:ff:ff:ff:ff5: swp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8c brd ff:ff:ff:ff:ff:ff6: swp1s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8d brd ff:ff:ff:ff:ff:ff7: swp1s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8e brd ff:ff:ff:ff:ff:ff8: swp1s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8f brd ff:ff:ff:ff:ff:ff9: swp2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 500 link/ether 44:38:39:00:49:90 brd ff:ff:ff:ff:ff:ffip man page
ip -s linkDisplays interface statistics.cumulus@leaf1$ ip -s link1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 112 4 0 0 0 0 TX: bytes packets errors dropped carrier collsns 112 4 0 0 0 02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 44:38:39:00:49:8b brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 3208342 10725 0 0 0 0 TX: bytes packets errors dropped carrier collsns 1067425 8355 0 0 0 05: swp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8c brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 1982 21 0 1 0 5 TX: bytes packets errors dropped carrier collsns 2071 23 0 0 0 06: swp1s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8d brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 212068 2516 0 1 0 646 TX: bytes packets errors dropped carrier collsns 205763 2384 0 0 0 07: swp1s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8e brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 213608 2512 0 3 0 648 TX: bytes packets errors dropped carrier collsns 207061 2398 0 0 0 08: swp1s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 500 link/ether 44:38:39:00:49:8f brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 213598 2517 0 3 0 648 TX: bytes packets errors dropped carrier collsns 214315 2506 0 0 0 09: swp2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 500 link/ether 44:38:39:00:49:90 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0ip man page
ip -br link showDisplays a brief, one line summary of each interface; appends up to show only administratively up interfaces.cumulus@leaf1$ ip -br link showlo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>eth0 UP 44:38:39:00:49:8b <BROADCAST,MULTICAST,UP,LOWER_UP>swp1s0 UP swp1s1 UP 44:38:39:00:49:8d <BROADCAST,MULTICAST,UP,LOWER_UP>swp1s2 UP 44:38:39:00:49:8e <BROADCAST,MULTICAST,UP,LOWER_UP>swp1s3 UP 44:38:39:00:49:8f <BROADCAST,MULTICAST,UP,LOWER_UP>swp2 DOWN 44:38:39:00:49:90 <BROADCAST,MULTICAST>ip man page
lldpcli show neighbors1Displays LLDP neighbor information.cumulus@leaf1$ sudo lldpcli show neighbors——————————————————————————-LLDP neighbors:——————————————————————————-Interface: eth0, via: LLDP, RID: 6, Time: 0 day, 05:22:26 Chassis: ChassisID: mac 70:72:cf:f5:4a:3b SysName: cwl42-prod-ag-tor-1 SysDescr: Cumulus Linux version 2.5.3 running on accton as4600_54t MgmtIP: 10.70.6.194 Capability: Bridge, on Capability: Router, on Port: PortID: ifname swp3 PortDescr: swp3——————————————————————————-Interface: swp1s2, via: LLDP, RID: 5, Time: 0 day, 05:22:45 Chassis: ChassisID: mac 00:e0:ec:25:7c:a4 SysName: spine2 SysDescr: Cumulus Linux version 2.5.5 running on cel kennisis MgmtIP: 10.2.1.4 Capability: Bridge, off Capability: Router, on Port: PortID: ifname swp51 PortDescr: swp51——————————————————————————-Interface: swp1s3, via: LLDP, RID: 5, Time: 0 day, 05:22:45 Chassis: ChassisID: mac 00:e0:ec:25:7c:a4 SysName: spine2 SysDescr: Cumulus Linux version 2.5.5 running on cel kennisis MgmtIP: 10.2.1.4 Capability: Bridge, off Capability: Router, on Port: PortID: ifname swp52 PortDescr: swp52——————————————————————————-Interface: swp1s0, via: LLDP, RID: 7, Time: 0 day, 05:22:13 Chassis: ChassisID: mac 08:9e:01:ce:d8:33 SysName: spine1 SysDescr: Cumulus Linux version 2.5.5 running on quanta lb9 MgmtIP: 10.2.1.3 Capability: Bridge, off Capability: Router, on Port: PortID: ifname swp49 PortDescr: swp49——————————————————————————-LLDP
netstat -iDisplays statistics for UP interfaces.cumulus@leaf1$ netstat -iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgbr0 1500 0 0 0 0 0 4 0 0 0 BMUbr1 1500 0 0 0 0 0 5 0 0 0 BMUeth0 1500 0 11066 0 0 0 8640 0 0 0 BMRUlo 16436 0 4 0 0 0 4 0 0 0 LRUswp1s0 1500 0 29 0 1 0 33 0 0 0 BMRUswp1s1 1500 0 2526 0 1 0 2392 0 0 0 BMRUswp1s2 1500 0 2521 0 3 0 2406 0 0 0 BMRUswp1s3 1500 0 2526 0 3 0 2514 0 0 0 BMRUswp32s0 1500 0 0 0 0 0 11232 0 0 0 BMRUswp32s1 1500 0 0 0 0 0 10179 0 0 0 BMRUnetstat man page

Bridge/STP Commands

Command(s)DescriptionExampleMore Information
brctl showDisplays bridge information.cumulus@leaf1$ brctl showbridge name bridge id STP enabled interfacesbr0 8000.7072cfbe0d6c yes swp32s0br1 8000.7072cfbe0d6d yes swp32s1Ethernet Bridging
brctl showmacs <BRIDGE>Displays the MAC FDB for a bridge.cumulus@leaf1$ brctl showmacs br0port name mac addr vlan is local? ageing timerswp32s0 70:72:cf:be:0d:6c 0 yes 0.00Ethernet Bridging
brctl showstp <BRIDGE>Displays the STP information for a bridge.cumulus@leaf1$ brctl showstp br1br1 bridge id 8000.7072cfbe0d6d designated root 8000.7072cfbe0d6d root port 0 path cost 0 max age 20.00 bridge max age 20.00 hello time 2.00 bridge hello time 2.00 forward delay 15.00 bridge forward delay 15.00 ageing time 300.00 hello timer 0.00 tcn timer 0.00 topology change timer 0.00 gc timer 277.39 hash elasticity 4096 hash max 4096 mc last member count 2 mc init query count 2 mc router 1 mc snooping 1 mc last member timer 1.00 mc membership timer 260.00 mc querier timer 255.00 mc query interval 125.00 mc response interval 10.00 mc init query interval 31.25 mc querier 0 mc query ifaddr 0 flagsswp32s1 (1) port id 8001 state forwarding designated root 8000.7072cfbe0d6d path cost 2 designated bridge 8000.7072cfbe0d6d message age timer 0.00 designated port 8001 forward delay timer 0.00 designated cost 0 hold timer 0.00 mc router 1 mc fast leave 0 flagsEthernet Bridging
bridge fdb showDisplays the FDB for all bridges.cumulus@leaf1$ bridge fdb show70:72:cf:be:0d:6d dev swp32s1 vlan 0 master br1 permanent70:72:cf:be:0d:6c dev swp32s0 vlan 0 master br0 permanentEthernet Bridging
bridge vlan showDisplays VLAN-aware bridge mode VLAN configuration.cumulus@leaf1$ bridge vlan showport vlan idsswp32s0 1 PVID Egress Untagged 100 200swp32s1 1 PVID Egress Untagged 100 200bridge NoneEthernet Bridging
clagctl -vDisplays MLAG information.cumulus@leaf1$ clagctl -vThe peer is alive Our Priority, ID, and Role: 4096 34:17:eb:f6:15:fd primary Peer Priority, ID, and Role: 4096 34:17:eb:f9:80:fd secondary Peer Interface and IP: peerlink.4094 169.254.255.1 VxLAN Anycast IP: 10.254.4.1 Backup IP: 10.11.26.37 (active) System MAC: 44:38:39:ff:00:01CLAG InterfacesOur Interface Peer Interface CLAG Id Conflicts Proto-Down Reason—————- —————- ——- ——————– —————– vni100 vni100 - - - bond0 - 1 - - bond1 bond1 2 - - bond2 bond2 3 - - vni30 vni30 - - - vni20 vni20 - - - vni40 vni40 - - -Our LACP InformationOur Interface Partner MAC CIST PortId CLAG Id Oper St Flags—————- —————– ———– ——- ——- —–bond0 00:00:00:00:00:00 None 1 None -bond1 b0:83:fe:eb:91:99 None 2 None Dbond2 00:01:e8:8b:c9:da None 3 None DPeer LACP InformationPeer Interface Partner MAC CIST PortId CLAG Id Oper St Flags—————- —————– ———– ——- ——- —–bond0 00:00:00:00:00:00 None 1 None -bond1 b0:83:fe:eb:91:99 None 2 None Dbond2 00:01:e8:8b:c9:da None 3 None DBackup info:IP: 10.11.26.37; State: active; Role: primaryPeer priority and id: 4096 34:17:eb:f9:80:fd; Peer role: secondaryOur Interface Dynamic MAC VLAN Id—————- —————– ——-vni100 00:00:02:00:00:06 0vni100 00:00:02:00:00:01 0bond1 00:0c:29:48:b1:38 20vni20 00:0c:29:ea:71:3c 20bond2 00:00:01:00:00:00 0vni100 00:00:02:00:00:03 0vni100 00:00:02:00:00:0a 0bond2 00:00:01:00:00:01 0vni100 00:00:02:00:00:04 0bond2 00:00:01:00:00:02 0vni100 00:00:02:00:00:08 0bond2 00:00:01:00:00:03 0Peer Interface Dynamic MAC VLAN Idbond2 00:00:01:00:00:09 0bond2 00:00:01:00:00:06 0bond2 00:00:01:00:00:07 0bond2 00:01:e8:8b:c9:dc 0vni100 00:00:02:00:00:00 0vni100 00:00:02:00:00:05 0vni100 00:00:02:00:00:09 0bond2 00:00:01:00:00:04 0vni100 00:00:02:00:00:02 0vni100 00:00:02:00:00:07 0bond2 00:00:01:00:00:08 0bond2 00:00:01:00:00:05 0bond2 00:00:01:00:00:0a 0Our Multicast Group Port VLAN Id Device Age———————- —————- ——- —————- —Peer Multicast Group Port VLAN Id Device Age———————- —————- ——- —————- —Our Router Port Device Age—————- —————- —Peer Router Port Device Age—————- —————- —Our VLAN InformationOur Interface VLAN Id—————- ——-vni100 Nonebond1 20, 30, 40bond2 Nonevni30 Nonevni20 Nonevni40 NonePeer VLAN InformationPeer Interface VLAN Id—————- ——-vni100 Nonebond1 20, 30, 40bond2 Nonevni30 Nonevni20 NoneMulti-Chassis Link Aggregation - MLAG
mstpctl showbridgeDisplays mstpd (RSTP) information.cumulus@leaf1$ mstpctl showbridgebridge CIST info enabled yes bridge id 8.000.70:72:CF:BE:0D:6C designated root 8.000.70:72:CF:BE:0D:6C regional root 8.000.70:72:CF:BE:0D:6C root port none path cost 0 internal path cost 0 max age 20 bridge max age 20 forward delay 15 bridge forward delay 15 tx hold count 6 max hops 20 hello time 2 ageing time 300 force protocol version rstp time since topology change 69446s topology change count 0 topology change no topology change port None last topology change port NoneSpanning Tree and Rapid Spanning Tree
mstpctl showport <BRIDGE>Displays the summary of each port's role on a bridge.cumulus@leaf1$ mstpctl showport bridge E swp32s0 8.002 forw 8.000.70:72:CF:BE:0D:6C 8.000.70:72:CF:BE:0D:6C 8.002 Desg E swp32s1 8.001 forw 8.000.70:72:CF:BE:0D:6C 8.000.70:72:CF:BE:0D:6C 8.001 DesgSpanning Tree and Rapid Spanning Tree
mstpctl showportdetail <BRIDGE>Displays detailed mstpd port information for a bridge.cumulus@leaf1$ mstpctl showportdetail bridgebridge:swp32s0 CIST info enabled yes role Designated port id 8.002 state forwarding external port cost 2000 admin external cost 0 internal port cost 2000 admin internal cost 0 designated root 8.000.70:72:CF:BE:0D:6C dsgn external cost 0 dsgn regional root 8.000.70:72:CF:BE:0D:6C dsgn internal cost 0 designated bridge 8.000.70:72:CF:BE:0D:6C designated port 8.002 admin edge port no auto edge port yes oper edge port yes topology change ack no point-to-point yes admin point-to-point auto restricted role no restricted TCN no port hello time 2 disputed no bpdu guard port no bpdu guard error no network port no BA inconsistent no Num TX BPDU 34819 Num TX TCN 0 Num RX BPDU 0 Num RX TCN 0 Num Transition FWD 1 Num Transition BLK 0 bpdufilter port no clag ISL no clag ISL Oper UP no clag role unknown clag dual conn mac 0:0:0:0:0:0 clag remote portID F.FFF clag system mac 0:0:0:0:0:0bridge:swp32s1 CIST info enabled yes role Designated port id 8.001 state forwarding external port cost 2000 admin external cost 0 internal port cost 2000 admin internal cost 0 designated root 8.000.70:72:CF:BE:0D:6C dsgn external cost 0 dsgn regional root 8.000.70:72:CF:BE:0D:6C dsgn internal cost 0 designated bridge 8.000.70:72:CF:BE:0D:6C designated port 8.001 admin edge port no auto edge port yes oper edge port yes topology change ack no point-to-point yes admin point-to-point auto restricted role no restricted TCN no port hello time 2 disputed no bpdu guard port no bpdu guard error no network port no BA inconsistent no Num TX BPDU 34819 Num TX TCN 0 Num RX BPDU 0 Num RX TCN 0 Num Transition FWD 1 Num Transition BLK 0 bpdufilter port no clag ISL no clag ISL Oper UP no clag role unknown clag dual conn mac 0:0:0:0:0:0 clag remote portID F.FFF clag system mac 0:0:0:0:0:0Spanning Tree and Rapid Spanning Tree

Routing Commands

Command(s)DescriptionExampleMore Information
ip route showDisplays the Linux route table.cumulus@leaf1$ ip route showdefault via 192.168.0.1 dev eth010.1.1.0/30 dev swp1s0 proto kernel scope link src 10.1.1.110.1.1.4/30 dev swp1s1 proto kernel scope link src 10.1.1.510.1.1.16/30 via 10.1.1.2 dev swp1s0 proto zebra metric 2010.1.1.20/30 via 10.1.1.2 dev swp1s0 proto zebra metric 2010.1.1.32/30 dev swp1s2 proto kernel scope link src 10.1.1.3310.1.1.36/30 dev swp1s3 proto kernel scope link src 10.1.1.3710.1.1.48/30 via 10.1.1.34 dev swp1s2 proto zebra metric 2010.1.1.52/30 via 10.1.1.34 dev swp1s2 proto zebra metric 2010.2.1.2 via 10.1.1.2 dev swp1s0 proto zebra metric 2010.2.1.3 via 10.1.1.2 dev swp1s0 proto zebra metric 2010.2.1.4 via 10.1.1.34 dev swp1s2 proto zebra metric 2010.4.1.0/25 dev br0 proto kernel scope link src 10.4.1.110.4.1.128/25 dev br1 proto kernel scope link src 10.4.1.12910.4.2.0/25 via 10.1.1.2 dev swp1s0 proto zebra metric 2010.4.2.128/25 via 10.1.1.2 dev swp1s0 proto zebra metric 20192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.11Routing
ptmctl -dDisplays detailed Prescriptive Topology Manager (PTM) information.cumulus@leaf1$ ptmctl -d—————————————————————————————————————————-port cbl exp act sysname portID portDescr match last BFD BFD BFD BFD BFD status nbr nbr on upd status peer local type DownDiag—————————————————————————————————————————-swp1s0 pass spine1:swp49 spine1:swp49 spine1 swp49 swp49 IfName 37s N/A N/A N/A N/A N/Aswp1s1 pass spine1:swp50 spine1:swp50 spine1 swp50 swp50 IfName 37s N/A N/A N/A N/A N/Aswp1s2 pass spine2:swp51 spine2:swp51 spine2 swp51 swp51 IfName 37s N/A N/A N/A N/A N/Aswp1s3 pass spine2:swp52 spine2:swp52 spine2 swp52 swp52 IfName 37s N/A N/A N/A N/A N/Aswp17 N/A leaf2:swp17 no-info N/A N/A N/A N/A N/A N/A N/A N/A N/A N/Aswp18 N/A leaf2:swp18 no-info N/A N/A N/A N/A N/A N/A N/A N/A N/A N/Aswp32s0 N/A server1:eth3 no-info N/A N/A N/A N/A N/A N/A N/A N/A N/A N/Aswp32s1 N/A server2:eth2 no-info N/A N/A N/A N/A N/A N/A N/A N/A N/A N/APTM
vtysh1A modal (interactive industry standard) CLI for configuring FRRouting.cumulus@leaf1$ sudo vtyshHello, this is FRRouting (version 7.0+cl4u1).Copyright 1996-2005 Kunihiro Ishiguro, et al.leaf01# show verFRRouting 7.0+cl4u1 (leaf01).Copyright 1996-2005 Kunihiro Ishiguro, et al.Configure FRRouting - Modal
vtysh -c "show ip route"1Displays the FRRouting routing table.cumulus@leaf1$ sudo vtysh -c “show ip route”Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected routeK>* 0.0.0.0/0 [0/0] via 192.168.0.254, eth0, 1d23h44mC>* 10.0.0.11/32 is directly connected, lo, 1d23h44mB>* 10.0.0.12/32 [20/0] via fe80::4638:39ff:fe00:25, swp52, 1d23h44m * via fe80::4638:39ff:fe00:54, swp51, 1d23h44mB>* 10.0.0.13/32 [20/0] via fe80::4638:39ff:fe00:25, swp52, 1d23h44m * via fe80::4638:39ff:fe00:54, swp51, 1d23h44mB>* 10.0.0.14/32 [20/0] via fe80::4638:39ff:fe00:25, swp52, 1d23h44m * via fe80::4638:39ff:fe00:54, swp51, 1d23h44mB>* 10.0.0.22/32 [20/0] via fe80::4638:39ff:fe00:25, swp52, 1d23h44mB>* 10.0.0.121/32 [20/0] via fe80::4638:39ff:fe00:54, swp51, 1d23h44mC * 172.16.1.0/24 [0/1024] is directly connected, vlan100-v0, 1d23h03mC>* 172.16.1.0/24 is directly connected, vlan100, 1d23h03mB>* 172.16.2.0/24 [20/0] via fe80::4638:39ff:fe00:25, swp52, 1d23h42m * via fe80::4638:39ff:fe00:54, swp51, 1d23h42mC>* 192.168.0.0/24 is directly connected, eth0, 1d23h44mConfigure FRRouting
net show ospf neighbor1Displays OSPF neighbors.cumulus@switch:~$ net show ospf neighborNeighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL10.0.255.101 1 Full/DROther 38.091s 10.0.255.11 swp51:10.0.255.21 0 0 010.0.255.102 1 Full/DROther 38.085s 10.0.255.12 swp52:10.0.255.21 0 0 0OSPF
net show bgp summary1vtysh -c "show ip bgp summary"1Displays BGP summary information.cumulus@leaf01:~$ sudo vtysh -c “show ip bgp summary”IPv4 Unicast Summary:BGP router identifier 10.0.0.11, local AS number 65011 vrf-id 0BGP table version 89RIB entries 15, using 2760 bytes of memoryPeers 2, using 41 KiB of memoryPeer groups 1, using 64 bytes of memoryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcdspine01(swp51) 4 65020 57399 57432 0 0 0 1d23h47m 5spine02(swp52) 4 65020 57400 57432 0 0 0 1d23h47m 5Total number of neighbors 2BGP
net show bgp ipv4 unicastvtysh -c "show ip bgp"1Displays the BGP routing table.cumulus@leaf1$ sudo vtysh -c “show ip bgp”BGP table version is 220, local router ID is 10.2.1.1Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R RemovedOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path> 10.1.1.0/30 0.0.0.0 0 32768 ? i 10.1.1.2 0 100 0 ?* i 10.1.1.6 0 100 0 ?*> 10.1.1.4/30 0.0.0.0 0 32768 ?* i 10.1.1.6 0 100 0 ?* i 10.1.1.2 0 100 0 ?* i10.1.1.16/30 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?* i 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?* i10.1.1.20/30 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?* i 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?*> 10.1.1.32/30 0.0.0.0 0 32768 ?* i 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?*> 10.1.1.36/30 0.0.0.0 0 32768 ?* i 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?* i10.1.1.48/30 10.1.1.38 0 100 0 ?*>i 10.1.1.34 0 100 0 ?* i 10.1.1.6 0 100 0 ?* i 10.1.1.2 0 100 0 ?* i10.1.1.52/30 10.1.1.38 0 100 0 ?*>i 10.1.1.34 0 100 0 ?* i 10.1.1.6 0 100 0 ?* i 10.1.1.2 0 100 0 ?*> 10.2.1.1/32 0.0.0.0 0 32768 ?* i10.2.1.2/32 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?* i 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?* i10.2.1.3/32 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?* i10.2.1.4/32 10.1.1.38 0 100 0 ?*>i 10.1.1.34 0 100 0 ?* i10.4.2.0/25 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?* i 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?* i10.4.2.128/25 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?* i 10.1.1.6 0 100 0 ?*>i 10.1.1.2 0 100 0 ?*> 192.168.0.0 0.0.0.0 0 32768 ?* i 10.1.1.6 0 100 0 ?* i 10.1.1.2 0 100 0 ?* i 10.1.1.38 0 100 0 ?* i 10.1.1.34 0 100 0 ?Total number of prefixes 15BGP

ACL Commands

Command(s)DescriptionExampleMore Information
cl-acltool -L all1Displays all filter rules.cumulus@leaf1$ sudo cl-acltool -L all——————————-Listing rules of type iptables:——————————-TABLE filter :Chain INPUT (policy ACCEPT 11749 packets, 1752K bytes) pkts bytes target prot opt in out source destination 0 0 DROP all – swp+ any 240.0.0.0/5 anywhere 0 0 DROP all – swp+ any loopback/8 anywhere 0 0 DROP all – swp+ any base-address.mcast.net/8 anywhere 0 0 DROP all – swp+ any 255.255.255.255 anywhere 0 0 SETCLASS udp – swp+ any anywhere anywhere udp dpt:3785 SETCLASS class:7 0 0 POLICE udp – any any anywhere anywhere udp dpt:3785 POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS udp – swp+ any anywhere anywhere udp dpt:3784 SETCLASS class:7 0 0 POLICE udp – any any anywhere anywhere udp dpt:3784 POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS udp – swp+ any anywhere anywhere udp dpt:4784 SETCLASS class:7 0 0 POLICE udp – any any anywhere anywhere udp dpt:4784 POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS ospf – swp+ any anywhere anywhere SETCLASS class:7 0 0 POLICE ospf – any any anywhere anywhere POLICE mode:pkt rate:2000 burst:200020312 1650K SETCLASS tcp – swp+ any anywhere anywhere tcp dpt:bgp SETCLASS class:720312 1732K POLICE tcp – any any anywhere anywhere tcp dpt:bgp POLICE mode:pkt rate:2000 burst:2000 5 453 SETCLASS tcp – swp+ any anywhere anywhere tcp spt:bgp SETCLASS class:7 5 473 POLICE tcp – any any anywhere anywhere tcp spt:bgp POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS tcp – swp+ any anywhere anywhere tcp dpt:5342 SETCLASS class:7 0 0 POLICE tcp – any any anywhere anywhere tcp dpt:5342 POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS tcp – swp+ any anywhere anywhere tcp spt:5342 SETCLASS class:7 0 0 POLICE tcp – any any anywhere anywhere tcp spt:5342 POLICE mode:pkt rate:2000 burst:2000 5 330 SETCLASS icmp – swp+ any anywhere anywhere SETCLASS class:2 8 574 POLICE icmp – any any anywhere anywhere POLICE mode:pkt rate:100 burst:40 0 0 SETCLASS udp – swp+ any anywhere anywhere udp dpts:bootps:bootpc SETCLASS class:2 16 5248 POLICE udp – any any anywhere anywhere udp dpt:bootps POLICE mode:pkt rate:100 burst:100 108 40068 POLICE udp – any any anywhere anywhere udp dpt:bootpc POLICE mode:pkt rate:100 burst:100 0 0 SETCLASS tcp – swp+ any anywhere anywhere tcp dpts:bootps:bootpc SETCLASS class:2 0 0 POLICE tcp – any any anywhere anywhere tcp dpt:bootps POLICE mode:pkt rate:100 burst:100 0 0 POLICE tcp – any any anywhere anywhere tcp dpt:bootpc POLICE mode:pkt rate:100 burst:100 0 0 SETCLASS udp – swp+ any anywhere anywhere udp dpt:10001 SETCLASS class:3 0 0 POLICE udp – any any anywhere anywhere udp dpt:10001 POLICE mode:pkt rate:2000 burst:2000 0 0 SETCLASS igmp – swp+ any anywhere anywhere SETCLASS class:6 0 0 POLICE igmp – any any anywhere anywhere POLICE mode:pkt rate:300 burst:100 0 0 POLICE all – swp+ any anywhere anywhere ADDRTYPE match dst-type LOCAL POLICE mode:pkt rate:1000 burst:1000 class:0 0 0 POLICE all – swp+ any anywhere anywhere ADDRTYPE match dst-type IPROUTER POLICE mode:pkt rate:400 burst:100 class:0 0 0 SETCLASS all – swp+ any anywhere anywhere SETCLASS class:0Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all – swp+ any 240.0.0.0/5 anywhere 0 0 DROP all – swp+ any loopback/8 anywhere 0 0 DROP all – swp+ any base-address.mcast.net/8 anywhere 0 0 DROP all – swp+ any 255.255.255.255 anywhereChain OUTPUT (policy ACCEPT 31983 packets, 2328K bytes) pkts bytes target prot opt in out source destinationTABLE mangle :Chain PREROUTING (policy ACCEPT 31472 packets, 2689K bytes) pkts bytes target prot opt in out source destinationChain INPUT (policy ACCEPT 11137 packets, 1399K bytes) pkts bytes target prot opt in out source destinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 31390 packets, 2272K bytes) pkts bytes target prot opt in out source destinationChain POSTROUTING (policy ACCEPT 31394 packets, 2272K bytes) pkts bytes target prot opt in out source destinationTABLE raw :Chain PREROUTING (policy ACCEPT 31473 packets, 2689K bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 31391 packets, 2272K bytes) pkts bytes target prot opt in out source destination——————————–Listing rules of type ip6tables:——————————–TABLE filter :Chain INPUT (policy ACCEPT 9473 packets, 836K pkts bytes target prot opt in out source destination 0 0 DROP all swp+ any ip6-mcastprefix/8 anywhere 0 0 DROP all swp+ any ::/128 anywhere 0 0 DROP all swp+ any ::ffff:0.0.0.0/96 anywhere 0 0 DROP all swp+ any localhost/128 anywhere 0 0 POLICE udp swp+ any anywhere anywhere udp dpt:3785 POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE udp swp+ any anywhere anywhere udp dpt:3784 POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE udp swp+ any anywhere anywhere udp dpt:4784 POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE ospf swp+ any anywhere anywhere POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE tcp swp+ any anywhere anywhere tcp dpt:bgp POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE tcp swp+ any anywhere anywhere tcp spt:bgp POLICE mode:pkt rate:2000 burst:2000 class:7 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmp router-solicitation POLICE mode:pkt rate:100 burst:100 class:2 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmp router-advertisement POLICE mode:pkt rate:500 burst:500 class:2 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmp neighbour-solicitation POLICE mode:pkt rate:400 burst:400 class:2 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmp neighbour-advertisement POLICE mode:pkt rate:400 burst:400 class:2 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmptype 130 POLICE mode:pkt rate:200 burst:100 class:6 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmptype 131 POLICE mode:pkt rate:200 burst:100 class:6 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmptype 132 POLICE mode:pkt rate:200 burst:100 class:6 4 376 POLICE ipv6-icmp swp+ any anywhere anywhere ipv6-icmptype 143 POLICE mode:pkt rate:200 burst:100 class:6 0 0 POLICE ipv6-icmp swp+ any anywhere anywhere POLICE mode:pkt rate:64 burst:40 class:2 0 0 POLICE udp swp+ any anywhere anywhere udp dpts:dhcpv6-client:dhcpv6-server POLICE mode:pkt rate:100 burst:100 class:2 0 0 POLICE tcp swp+ any anywhere anywhere tcp dpts:dhcpv6-client:dhcpv6-server POLICE mode:pkt rate:100 burst:100 class:2 0 0 POLICE all swp+ any anywhere anywhere ADDRTYPE match dst-type LOCAL POLICE mode:pkt rate:1000 burst:1000 class:0 0 0 POLICE all swp+ any anywhere anywhere ADDRTYPE match dst-type IPROUTER POLICE mode:pkt rate:400 burst:100 class:0 0 0 SETCLASS all swp+ any anywhere anywhere SETCLASS class:0Chain FORWARD (policy ACCEPT 2 packets, 208 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all swp+ any ip6-mcastprefix/8 anywhere 0 0 DROP all swp+ any ::/128 anywhere 0 0 DROP all swp+ any ::ffff:0.0.0.0/96 anywhere 0 0 DROP all swp+ any localhost/128 anywhereChain OUTPUT (policy ACCEPT 9683 packets, 884K bytes) pkts bytes target prot opt in out source destinationTABLE mangle :Chain PREROUTING (policy ACCEPT 9455 packets, 835K bytes) pkts bytes target prot opt in out source destinationChain INPUT (policy ACCEPT 9449 packets, 834K bytes) pkts bytes target prot opt in out source destinationChain FORWARD (policy ACCEPT 2 packets, 208 bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 9641 packets, 880K bytes) pkts bytes target prot opt in out source destinationChain POSTROUTING (policy ACCEPT 9625 packets, 879K bytes) pkts bytes target prot opt in out source destinationTABLE raw :Chain PREROUTING (policy ACCEPT 9455 packets, 835K bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 9641 packets, 880K bytes) pkts bytes target prot opt in out source destination——————————-Listing rules of type ebtables:——————————-TABLE filter :Bridge table: filterBridge chain: INPUT, entries: 16, policy: ACCEPT-d BGA -i swp+ -j setclass –class 7 , pcnt = 0 – bcnt = 0-d BGA -j police –set-mode pkt –set-rate 2000 –set-burst 2000 , pcnt = 0 – bcnt = 0-d 1:80:c2:0:0:2 -i swp+ -j setclass –class 7 , pcnt = 0 – bcnt = 0-d 1:80:c2:0:0:2 -j police –set-mode pkt –set-rate 2000 –set-burst 2000 , pcnt = 0 – bcnt = 0-d 1:80:c2:0:0:e -i swp+ -j setclass –class 6 , pcnt = 23045 – bcnt = 2926715-d 1:80:c2:0:0:e -j police –set-mode pkt –set-rate 200 –set-burst 200 , pcnt = 23045 – bcnt = 3018895-d 1:0:c:cc:cc:cc -i swp+ -j setclass –class 6 , pcnt = 0 – bcnt = 0-d 1:0:c:cc:cc:cc -j police –set-mode pkt –set-rate 200 –set-burst 200 , pcnt = 0 – bcnt = 0-p ARP -i swp+ -j setclass –class 2 , pcnt = 45529 – bcnt = 2913856-p ARP -j police –set-mode pkt –set-rate 400 –set-burst 100 , pcnt = 45529 – bcnt = 3095972-d 1:0:c:cc:cc:cd -i swp+ -j setclass –class 7 , pcnt = 0 – bcnt = 0-d 1:0:c:cc:cc:cd -j police –set-mode pkt –set-rate 2000 –set-burst 2000 , pcnt = 0 – bcnt = 0-p IPv4 -i swp+ -j ACCEPT , pcnt = 0 – bcnt = 0-p IPv6 -i swp+ -j ACCEPT , pcnt = 4 – bcnt = 376-i swp+ -j setclass –class 0 , pcnt = 0 – bcnt = 0-j police –set-mode pkt –set-rate 100 –set-burst 100 , pcnt = 0 – bcnt = 0Bridge chain: FORWARD, entries: 0, policy: ACCEPTBridge chain: OUTPUT, entries: 0, policy: ACCEPTNetfilter - ACLs
iptables -L1Displays the IPv4 filter rules.cumulus@leaf1$ sudo iptables -LChain INPUT (policy ACCEPT)target prot opt source destinationDROP all – 240.0.0.0/5 anywhereDROP all – loopback/8 anywhereDROP all – base-address.mcast.net/8 anywhereDROP all – 255.255.255.255 anywhereSETCLASS udp – anywhere anywhere udp dpt:3785 SETCLASS class:7POLICE udp – anywhere anywhere udp dpt:3785 POLICE mode:pkt rate:2000 burst:2000SETCLASS udp – anywhere anywhere udp dpt:3784 SETCLASS class:7POLICE udp – anywhere anywhere udp dpt:3784 POLICE mode:pkt rate:2000 burst:2000SETCLASS udp – anywhere anywhere udp dpt:4784 SETCLASS class:7POLICE udp – anywhere anywhere udp dpt:4784 POLICE mode:pkt rate:2000 burst:2000SETCLASS ospf – anywhere anywhere SETCLASS class:7POLICE ospf – anywhere anywhere POLICE mode:pkt rate:2000 burst:2000SETCLASS tcp – anywhere anywhere tcp dpt:bgp SETCLASS class:7POLICE tcp – anywhere anywhere tcp dpt:bgp POLICE mode:pkt rate:2000 burst:2000SETCLASS tcp – anywhere anywhere tcp spt:bgp SETCLASS class:7POLICE tcp – anywhere anywhere tcp spt:bgp POLICE mode:pkt rate:2000 burst:2000SETCLASS tcp – anywhere anywhere tcp dpt:5342 SETCLASS class:7POLICE tcp – anywhere anywhere tcp dpt:5342 POLICE mode:pkt rate:2000 burst:2000SETCLASS tcp – anywhere anywhere tcp spt:5342 SETCLASS class:7POLICE tcp – anywhere anywhere tcp spt:5342 POLICE mode:pkt rate:2000 burst:2000SETCLASS icmp – anywhere anywhere SETCLASS class:2POLICE icmp – anywhere anywhere POLICE mode:pkt rate:100 burst:40SETCLASS udp – anywhere anywhere udp dpts:bootps:bootpc SETCLASS class:2POLICE udp – anywhere anywhere udp dpt:bootps POLICE mode:pkt rate:100 burst:100POLICE udp – anywhere anywhere udp dpt:bootpc POLICE mode:pkt rate:100 burst:100SETCLASS tcp – anywhere anywhere tcp dpts:bootps:bootpc SETCLASS class:2POLICE tcp – anywhere anywhere tcp dpt:bootps POLICE mode:pkt rate:100 burst:100POLICE tcp – anywhere anywhere tcp dpt:bootpc POLICE mode:pkt rate:100 burst:100SETCLASS udp – anywhere anywhere udp dpt:10001 SETCLASS class:3POLICE udp – anywhere anywhere udp dpt:10001 POLICE mode:pkt rate:2000 burst:2000SETCLASS igmp – anywhere anywhere SETCLASS class:6POLICE igmp – anywhere anywhere POLICE mode:pkt rate:300 burst:100POLICE all – anywhere anywhere ADDRTYPE match dst-type LOCAL POLICE mode:pkt rate:1000 burst:1000 class:0POLICE all – anywhere anywhere ADDRTYPE match dst-type IPROUTER POLICE mode:pkt rate:400 burst:100 class:0SETCLASS all – anywhere anywhere SETCLASS class:0Chain FORWARD (policy ACCEPT)target prot opt source destinationDROP all – 240.0.0.0/5 anywhereDROP all – loopback/8 anywhereDROP all – base-address.mcast.net/8 anywhereDROP all – 255.255.255.255 anywhereChain OUTPUT (policy ACCEPT)target prot opt source destinationNetfilter - ACLs
ip6tables -L1Displays the IPv6 filter rules.cumulus@leaf1$ sudo ip6tables -LChain INPUT (policy ACCEPT)target prot opt source destinationDROP all ip6-mcastprefix/8 anywhereDROP all ::/128 anywhereDROP all ::ffff:0.0.0.0/96 anywhereDROP all localhost/128 anywherePOLICE udp anywhere anywhere udp dpt:3785 POLICE mode:pkt rate:2000 burst:2000 class:7POLICE udp anywhere anywhere udp dpt:3784 POLICE mode:pkt rate:2000 burst:2000 class:7POLICE udp anywhere anywhere udp dpt:4784 POLICE mode:pkt rate:2000 burst:2000 class:7POLICE ospf anywhere anywhere POLICE mode:pkt rate:2000 burst:2000 class:7POLICE tcp anywhere anywhere tcp dpt:bgp POLICE mode:pkt rate:2000 burst:2000 class:7POLICE tcp anywhere anywhere tcp spt:bgp POLICE mode:pkt rate:2000 burst:2000 class:7POLICE ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation POLICE mode:pkt rate:100 burst:100 class:2POLICE ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement POLICE mode:pkt rate:500 burst:500 class:2POLICE ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation POLICE mode:pkt rate:400 burst:400 class:2POLICE ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement POLICE mode:pkt rate:400 burst:400 class:2POLICE ipv6-icmp anywhere anywhere ipv6-icmptype 130 POLICE mode:pkt rate:200 burst:100 class:6POLICE ipv6-icmp anywhere anywhere ipv6-icmptype 131 POLICE mode:pkt rate:200 burst:100 class:6POLICE ipv6-icmp anywhere anywhere ipv6-icmptype 132 POLICE mode:pkt rate:200 burst:100 class:6POLICE ipv6-icmp anywhere anywhere ipv6-icmptype 143 POLICE mode:pkt rate:200 burst:100 class:6POLICE ipv6-icmp anywhere anywhere POLICE mode:pkt rate:64 burst:40 class:2POLICE udp anywhere anywhere udp dpts:dhcpv6-client:dhcpv6-server POLICE mode:pkt rate:100 burst:100 class:2POLICE tcp anywhere anywhere tcp dpts:dhcpv6-client:dhcpv6-server POLICE mode:pkt rate:100 burst:100 class:2POLICE all anywhere anywhere ADDRTYPE match dst-type LOCAL POLICE mode:pkt rate:1000 burst:1000 class:0POLICE all anywhere anywhere ADDRTYPE match dst-type IPROUTER POLICE mode:pkt rate:400 burst:100 class:0SETCLASS all anywhere anywhere SETCLASS class:0Chain FORWARD (policy ACCEPT)target prot opt source destinationDROP all ip6-mcastprefix/8 anywhereDROP all ::/128 anywhereDROP all ::ffff:0.0.0.0/96 anywhereDROP all localhost/128 anywhereChain OUTPUT (policy ACCEPT)target prot opt source destinationNetfilter - ACLs
ebtables -L1Displays the ebtables (L2 MAC address) filter rules.cumulus@leaf1$ sudo ebtables -LBridge table: filterBridge chain: INPUT, entries: 16, policy: ACCEPT-d BGA -i swp+ -j setclass –class 7-d BGA -j police –set-mode pkt –set-rate 2000 –set-burst 2000-d 1:80:c2:0:0:2 -i swp+ -j setclass –class 7-d 1:80:c2:0:0:2 -j police –set-mode pkt –set-rate 2000 –set-burst 2000-d 1:80:c2:0:0:e -i swp+ -j setclass –class 6-d 1:80:c2:0:0:e -j police –set-mode pkt –set-rate 200 –set-burst 200-d 1:0:c:cc:cc:cc -i swp+ -j setclass –class 6-d 1:0:c:cc:cc:cc -j police –set-mode pkt –set-rate 200 –set-burst 200-p ARP -i swp+ -j setclass –class 2-p ARP -j police –set-mode pkt –set-rate 400 –set-burst 100-d 1:0:c:cc:cc:cd -i swp+ -j setclass –class 7-d 1:0:c:cc:cc:cd -j police –set-mode pkt –set-rate 2000 –set-burst 2000-p IPv4 -i swp+ -j ACCEPT-p IPv6 -i swp+ -j ACCEPT-i swp+ -j setclass –class 0-j police –set-mode pkt –set-rate 100 –set-burst 100Bridge chain: FORWARD, entries: 0, policy: ACCEPTBridge chain: OUTPUT, entries: 0, policy: ACCEPTNetfilter - ACLs

Miscellaneous Commands

Command(s)DescriptionExampleMore Information
netstat -lDisplays all active listening port connections.cumulus@leaf1$ netstat -lActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:zebra 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:bgpd 0.0.0.0:* LISTENtcp 0 0 localhost:http-alt 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:bgp 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:2616 0.0.0.0:* LISTENtcp6 0 0 [::]:zebra [::]:* LISTENtcp6 0 0 [::]:bgpd [::]:* LISTENtcp6 0 0 [::]:bgp [::]:* LISTENtcp6 0 0 [::]:ssh [::]:* LISTENtcp6 0 0 [::]:2616 [::]:* LISTENtcp6 0 0 fe80::4638:39ff:fe:5342 [::]:* LISTENudp 0 0 0.0.0.0:bootpc 0.0.0.0:*udp 0 0 leaf01:ntp 0.0.0.0:*udp 0 0 localhost:ntp 0.0.0.0:*udp 0 0 0.0.0.0:ntp 0.0.0.0:*udp 0 0 0.0.0.0:4784 0.0.0.0:*udp 0 0 0.0.0.0:34489 0.0.0.0:*udp 0 0 0.0.0.0:3784 0.0.0.0:*udp 0 0 0.0.0.0:3785 0.0.0.0:*udp 0 0 0.0.0.0:5342 0.0.0.0:*udp6 0 0 fe80::a200:ff:fe00::ntp [::]:*udp6 0 0 localhost:ntp [::]:*udp6 0 0 [::]:ntp [::]:*udp6 0 0 [::]:4784 [::]:*udp6 0 0 [::]:3784 [::]:*raw6 0 0 [::]:ipv6-icmp [::]:* 7Active UNIX domain sockets (only servers)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 30989 /var/run/frr/bgpd.vtyunix 2 [ ACC ] STREAM LISTENING 95538 /var/run/clag-zebra.socketunix 2 [ ACC ] STREAM LISTENING 95545 /var/run/clagd.socketunix 2 [ ACC ] STREAM LISTENING 31033 /var/run/frr/staticd.vtyunix 2 [ ACC ] STREAM LISTENING 27316 @/var/run/ptmd.socketunix 2 [ ACC ] STREAM LISTENING 10123 /run/systemd/privateunix 2 [ ACC ] STREAM LISTENING 30869 /var/run/frr/watchfrr.vtyunix 2 [ ACC ] STREAM LISTENING 10138 /run/lvm/lvmpolld.socketunix 2 [ ACC ] STREAM LISTENING 10149 /run/systemd/fsck.progressunix 2 [ ACC ] STREAM LISTENING 12197 /run/uuidd/requestunix 2 [ ACC ] SEQPACKET LISTENING 10152 /run/udev/controlunix 2 [ ACC ] STREAM LISTENING 10155 /run/systemd/journal/stdoutunix 2 [ ACC ] STREAM LISTENING 12213 /var/run/dbus/system_bus_socketunix 2 [ ACC ] STREAM LISTENING 27308 @/var/run/ptmd-quagga.socketunix 2 [ ACC ] STREAM LISTENING 28094 /run/nclu/udsunix 2 [ ACC ] STREAM LISTENING 27594 /var/run/lldpd.socketunix 2 [ ACC ] STREAM LISTENING 26838 /var/run/neighmgrd/udsunix 2 [ ACC ] STREAM LISTENING 30952 /var/run/frr/zserv.apiunix 2 [ ACC ] STREAM LISTENING 30959 /var/run/frr/zebra.vtynetstat man page
netstat -atDisplays all active listening TCP socket connections.cumulus@leaf1$ netstat -atActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 *:bgp *:* LISTENtcp 0 0 *:ssh *:* LISTENtcp 0 0 localhost.localdom:2812 *:* LISTENtcp 0 0 localhost.localdo:zebra *:* LISTENtcp 0 0 localhost.localdo:ospfd *:* LISTENtcp 0 0 localhost.localdom:bgpd *:* LISTENtcp 0 0 10.1.1.1:bgp 10.1.1.2:57267 ESTABLISHEDtcp 0 0 10.1.1.5:bgp 10.1.1.6:47451 ESTABLISHEDtcp 0 0 10.1.1.33:bgp 10.1.1.34:56332 ESTABLISHEDtcp 0 0 leaf1.lab.local:ssh wbench.lab.local:50308 ESTABLISHEDtcp 0 0 10.1.1.37:bgp 10.1.1.38:45210 ESTABLISHEDtcp6 0 0 [::]:bgp [::]:* LISTENtcp6 0 0 [::]:ssh [::]:* LISTENnetstat man page
netstat -auDisplays all active listening UDP socket connections.cumulus@leaf1$ netstat -auActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Stateudp 0 0 :46609 :udp 0 0 :bootpc :udp 0 0 leaf1.lab.local:ntp :udp 0 0 localhost.localdoma:ntp :udp 0 0 :ntp :udp 0 0 :4784 :udp 0 0 :3784 :udp 0 0 :3785 :udp6 0 0 [::]:5638 [::]:udp6 0 0 fe80::7272:cfff:feb:ntp [::]:udp6 0 0 localhost:ntp [::]:udp6 0 0 [::]:ntp [::]:udp6 0 0 [::]:4784 [::]:udp6 0 0 [::]:3784 [::]:netstat man page
ps -efDisplays all running processes.cumulus@leaf1$ ps -efUID PID PPID C STIME TTY TIME CMDroot 1 0 0 Aug27 ? 00:00:21 /sbin/initroot 2 0 0 Aug27 ? 00:00:00 [kthreadd]root 3 2 0 Aug27 ? 00:00:00 [rcu_gp]root 4 2 0 Aug27 ? 00:00:00 [rcu_par_gp]root 6 2 0 Aug27 ? 00:00:00 [kworker/0:0H-kblockd]root 8 2 0 Aug27 ? 00:00:00 [mm_percpu_wq]root 9 2 0 Aug27 ? 00:00:05 [ksoftirqd/0]root 10 2 0 Aug27 ? 00:00:34 [rcu_sched]root 11 2 0 Aug27 ? 00:00:00 [rcu_bh]root 12 2 0 Aug27 ? 00:00:00 [migration/0]root 14 2 0 Aug27 ? 00:00:00 [cpuhp/0]root 15 2 0 Aug27 ? 00:00:00 [kdevtmpfs]root 16 2 0 Aug27 ? 00:00:00 [netns]root 17 2 0 Aug27 ? 00:00:00 [kauditd]root 18 2 0 Aug27 ? 00:00:00 [khungtaskd]root 19 2 0 Aug27 ? 00:00:00 [oom_reaper]root 20 2 0 Aug27 ? 00:00:00 [writeback]root 21 2 0 Aug27 ? 00:00:00 [kcompactd0]root 22 2 0 Aug27 ? 00:00:00 [ksmd]root 23 2 0 Aug27 ? 00:00:00 [khugepaged]root 24 2 0 Aug27 ? 00:00:00 [crypto]root 25 2 0 Aug27 ? 00:00:00 [kintegrityd]root 26 2 0 Aug27 ? 00:00:00 [kblockd]root 27 2 0 Aug27 ? 00:00:00 [ata_sff]root 28 2 0 Aug27 ? 00:00:00 [edac-poller]root 29 2 0 Aug27 ? 00:00:00 [watchdogd]root 30 2 0 Aug27 ? 00:00:00 [rpciod]root 31 2 0 Aug27 ? 00:00:00 [kworker/u3:0]root 32 2 0 Aug27 ? 00:00:00 [xprtiod]root 33 2 0 Aug27 ? 00:00:00 [kswapd0]root 34 2 0 Aug27 ? 00:00:00 [nfsiod]root 49 2 0 Aug27 ? 00:00:00 [kthrotld]root 50 2 0 Aug27 ? 00:00:01 [kworker/0:1H-kblockd]root 51 2 0 Aug27 ? 00:00:00 [scsi_eh_0]root 52 2 0 Aug27 ? 00:00:00 [scsi_tmf_0]root 53 2 0 Aug27 ? 00:00:00 [scsi_eh_1]root 54 2 0 Aug27 ? 00:00:00 [scsi_tmf_1]root 56 2 0 Aug27 ? 00:00:00 [ipv6_addrconf]root 115 2 0 Aug27 ? 00:00:03 [jbd2/vda4-8]root 116 2 0 Aug27 ? 00:00:00 [ext4-rsv-conver] root 207 1 0 Aug27 ? 00:01:44 /lib/systemd/systemd-journaldroot 221 1 0 Aug27 ? 00:00:00 /lib/systemd/systemd-udevdroot 232 1 0 Aug27 ? 00:00:03 /usr/sbin/haveged –Foreground –verbose=1 -w 1024root 238 1 0 Aug27 ? 00:00:00 /sbin/auditdroot 268 1 0 Aug27 ? 00:00:28 /usr/sbin/rsyslogd -n -iNONEmessage+ 273 1 0 Aug27 ? 00:00:00 /usr/bin/dbus-daemon –system –address=systemd: –noroot 275 1 0 Aug27 ? 00:00:00 /usr/sbin/rasdaemon -f -rroot 279 1 0 Aug27 ? 00:00:00 /lib/systemd/systemd-logindroot 284 1 0 Aug27 ? 00:00:00 /usr/sbin/cron -f -L 38root 292 1 0 Aug27 ? 00:00:01 /usr/sbin/wd_keepaliveroot 293 1 0 Aug27 tty1 00:00:00 /sbin/agetty -o -p – \u –noclear tty1 linuxroot 294 1 0 Aug27 ? 00:01:22 /sbin/mstpd -d -v2root 326 1 0 Aug27 ? 00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; mwww-data 327 326 0 Aug27 ? 00:00:00 nginx: worker processroot 468 1 0 Aug27 ? 00:00:00 /usr/sbin/switchd -vxroot 488 1 0 Aug27 ? 00:06:46 /usr/bin/python2 /usr/sbin/smondroot 493 1 0 Aug27 ? 00:00:49 /usr/bin/python2 /usr/sbin/pwmdroot 494 1 0 Aug27 ? 00:00:31 /usr/bin/python2 /usr/sbin/ledmgrdroot 564 1 0 Aug27 ? 00:00:02 /sbin/dhclient -pf /run/dhclient.eth0.pid -lf /var/liroot 635 1 0 Aug27 ? 00:13:29 /usr/bin/python2 /usr/bin/neighmgrdroot 637 1 0 Aug27 ? 00:00:07 /bin/bash /usr/lib/cumulus/sysmonitorroot 646 1 0 Aug27 ? 00:00:01 /usr/bin/python -O /usr/sbin/netd -droot 657 1 0 Aug27 ? 00:00:00 /usr/sbin/sshd -Dntp 700 1 0 Aug27 ? 00:00:30 /usr/sbin/ntpd -n -u ntp:ntp -groot 704 1 0 Aug27 ttyS0 00:00:00 /sbin/agetty -o -p – \u –keep-baud 115200,38400,960root 705 1 0 Aug27 ? 00:00:19 /usr/sbin/ptmd -l INFO_lldpd 707 1 0 Aug27 ? 00:00:00 lldpd: monitor._lldpd 711 707 0 Aug27 ? 00:01:00 lldpd: 10 neighbors.root 1055 2 0 Aug27 ? 00:00:00 [peerlink]root 1157 2 0 Aug27 ? 00:00:00 [server01]root 1165 2 0 Aug27 ? 00:00:00 [server02]root 1537 1 0 Aug27 ? 00:00:23 /usr/lib/frr/watchfrr -d zebra bgpd staticdfrr 1553 1 0 Aug27 ? 00:02:18 /usr/lib/frr/zebra -dfrr 1557 1 0 Aug27 ? 00:00:52 /usr/lib/frr/bgpd -dfrr 1563 1 0 Aug27 ? 00:00:08 /usr/lib/frr/staticd -droot 3352 2 0 01:51 ? 00:00:00 [kworker/0:1]root 3559 2 0 01:57 ? 00:00:03 [kworker/0:0-events]root 4478 1 1 Aug27 ? 00:43:46 /usr/bin/python /usr/sbin/clagd –daemon linklocal peroot 4613 2 0 02:24 ? 00:00:00 [kworker/u2:1-server02]root 5433 2 0 02:49 ? 00:00:00 [kworker/u2:0-peerlink]root 5637 657 0 02:55 ? 00:00:00 sshd: cumulus [priv]cumulus 5672 5637 0 02:55 ? 00:00:00 sshd: cumulus@pts/0cumulus 5673 5672 0 02:55 pts/0 00:00:00 -bashroot 6317 2 0 03:12 ? 00:00:00 [kworker/u2:2-events_unbound]root 6372 637 0 03:13 ? 00:00:00 sleep 60cumulus 6398 5673 0 03:14 pts/0 00:00:00 ps -efps man page

NCLU net show Command

The NCLU net show command displays a lot of useful information about the network, including netstat counters, interface details and LLDP information, as just three examples.

Command(s)DescriptionExampleMore Information
net show countersDisplays interface counters.cumulus@leaf1$ net show countersKernel Interface tableIface MTU Met RX_OK RX_ERR RX_DRP RX_OVR TX_OK TX_ERR TX_DRP TX_OVR Flg————- —– —– ——- ——– ——– ——– ——- ——– ——– ——– —–bond-swp1 1500 0 1298 0 0 0 1950 0 0 0 BMmRUbond-swp2 1500 0 1322 0 0 0 1976 0 0 0 BMmRUbridge 1500 0 26 0 0 0 27 0 0 0 BMRUeth0 1500 0 9306 0 0 0 6462 0 0 0 BMRUlo 65536 0 0 0 0 0 0 0 0 0 LRUmgmt 65536 0 6001 0 0 0 4907 0 0 0 OmRUpeerlink 1500 0 4643 0 4 0 4645 0 0 0 BMmRUpeerlink.4094 1500 0 1533 0 0 0 1534 0 0 0 BMRUswp1 1500 0 1306 0 0 0 1950 0 0 0 BMsRUswp2 1500 0 1330 0 0 0 1976 0 0 0 BMsRUswp49 1500 0 2328 0 0 0 2324 0 0 0 BMsRUswp50 1500 0 2315 0 2 0 2321 0 0 0 BMsRUswp51 1500 0 1235 0 0 0 1212 0 0 0 BMRUswp52 1500 0 1046 0 0 0 1049 0 0 0 BMRUvlan20 1500 0 24 0 0 0 20 0 0 0 BMRUvlan20-v0 1500 0 15 0 0 0 13 0 0 0 BMRUNCLU
net show lldpDisplays all LLDP neighbors, in a table format.cumulus@leaf1$ net show lldpLocalPort Speed Mode RemoteHost RemotePort——— —– ———- ————— ———-eth0 1G Mgmt oob-mgmt-switch swp6eth0 1G Mgmt oob-mgmt-switch swp6swp1 1G BondMember server01 eth1swp2 1G BondMember server02 eth1swp49 1G BondMember leaf02 swp49swp49 1G BondMember leaf02 to Leaf01swp50 1G BondMember leaf02 swp50swp50 1G BondMember leaf02 to Leaf01swp51 1G Default spine01 to Leaf01swp51 1G Default spine01 swp1swp52 1G Default spine02 swp1swp52 1G Default spine02 to Leaf01NCLU
net show interfaceDisplays significant and relevant information for all 'up' interfaces.cumulus@leaf1$ net show interface Name Master Speed MTU Mode Remote Host Remote Port Summary—– ————- ——— ——- —– ————– ————— —————– —————————————UP lo None N/A 65536 Loopback IP: 10.254.0.3/32, 127.0.0.1/8, ::1/128UP eth0 mgmt 1G 1500 Mgmt oob-mgmt-switch swp8 IP: 192.168.0.13/24(DHCP)UP swp1 bond-swp1 1G 1500 BondMember server03 44:38:39:00:00:28 Master: bond-swp1(UP)UP swp2 bond-swp2 1G 1500 BondMember server04 44:38:39:00:00:23 Master: bond-swp2(UP)UP swp49 peerlink 1G 1500 BondMember leaf04 swp49 Master: peerlink(UP)UP swp50 peerlink 1G 1500 BondMember leaf04 swp50 Master: peerlink(UP)UP swp51 None 1G 1500 BGP Unnumbered spine01 swp3UP swp52 None 1G 1500 BGP Unnumbered spine02 swp3UP bond-swp1 bridge 1G 1500 Bond/Access Bond Members: swp1(UP)UP bond-swp2 bridge 1G 1500 Bond/Access Bond Members: swp2(UP)UP bridge None N/A 1500 Bridge/L2 Untagged Members: bond-swp1-2, peerlinkUP mgmt None N/A 65536 Interface/L3 IP: 127.0.0.1/8UP peerlink bridge 2G 1500 Bond/Trunk Bond Members: swp49(UP), swp50(UP)UP peerlink.4094 None 2G 1500 SubInt/L3 IP: 169.254.1.1/30ADMDN vagrant None 0M 1500 NotConfiguredUP vlan20 None N/A 1500 Interface/L3 IP: 10.3.20.253/24UP vlan20-v0 None N/A 1500 Interface/L3 IP: 10.3.20.254/32NCLU

  1. Requires sudo or to be logged in as root. ↩︎