HP Moonshot-45G/180G Switch Module
CLI Command Reference
Software Version 2.0
Published: September 2014
Edition: 4
Par t Number: 727829 -002
© Copyright 2003, 2014 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in
the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and
12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed
to the U.S. Government under vendor's standard commercial license.
Table of ContentsHP Moonshot Switch Module CLI Command Reference
Table of Contents
About This Document.....................................................................................................................................9
Purpose ....................................................................................................................................................9
Audience .................................................................................................................................................. 9
Support and Other Resources ........................................................................................................................9
Before you Contact HP.............................................................................................................................9
HP Contact Information .........................................................................................................................10
Documentation Feedback ............................................................................................................................10
Section 1: About Switch Module Software ...................................................................... 11
Overview.......................................................................................................................................................11
Scope...................................................................................................................................................... 11
Product Concept ....................................................................................................................................11
Section 2: Using the Command-Line Interface ................................................................. 12
Command Syntax..........................................................................................................................................12
Using the “No” Form of a Command ...........................................................................................................13
Command Conventions ................................................................................................................................13
Common Parameter Values .........................................................................................................................14
unit/slot/port Naming Convention..............................................................................................................15
CLI Output Filtering ...................................................................................................................................... 16
Command Modes .........................................................................................................................................17
Command Completion and Abbreviation ....................................................................................................20
CLI Error Messages .......................................................................................................................................20
CLI Line-Editing Conventions........................................................................................................................21
Using CLI Help............................................................................................................................................... 22
Accessing the CLI ..........................................................................................................................................23
Section 3: Stacking Commands........................................................................................ 24
Switch Stacking.............................................................................................................................................24
Stack Port Commands ............................................................................................................................... ...33
Stack Firmware Synchronization Commands ..............................................................................................35
Nonstop Forwarding Commands .................................................................................................................37
Section 4: Management Commands ................................................................................ 41
Enable and Do Commands ...........................................................................................................................42
Network Interface Commands..................................................................................................................... 43
IPv6 Management Commands .....................................................................................................................49
Console Port Access Commands ..................................................................................................................59
CLI Command Reference
September 2014 Page 3
Table of ContentsHP Moonshot Switch Module CLI Command Reference
Telnet Commands.........................................................................................................................................62
Secure Shell Commands ............................................................................................................................... 67
Management Security Commands...............................................................................................................69
Access Commands ........................................................................................................................................70
User Account Commands .............................................................................................................................71
SNMP Commands .......................................................................................................................................100
RADIUS Commands ....................................................................................................................................115
TACACS+ Commands ..................................................................................................................................128
Configuration Scripting Commands...........................................................................................................134
Banner, Prompt, and Host Name Commands............................................................................................136
Section 5: Utility Commands ......................................................................................... 138
AutoInstall Commands ............................................................................................................................... 139
CLI Output Filtering Commands .................................................................................................................142
Dual Image Commands ..............................................................................................................................145
Bootcode and Firmware Commands .........................................................................................................146
System Information and Statistics Commands.......................................................................................... 148
Warp Core Expandable Port Configuration ...............................................................................................174
Logging Commands ....................................................................................................................................176
Email Alerting and Mail Server Commands ...............................................................................................184
Device Location, System Utility, and Clear Commands.............................................................................190
Simple Network Time Protocol Commands...............................................................................................199
Time Zone Commands................................................................................................................................206
DNS Client Commands................................................................................................................................210
IP Address Conflict Commands ..................................................................................................................216
Serviceability Packet Tracing Commands ..................................................................................................217
Support Mode Commands .........................................................................................................................241
sFlow Commands........................................................................................................................................243
Switch Database Management Template Commands ..............................................................................250
Remote Monitoring Commands.................................................................................................................252
Section 6: Switching Commands.................................................................................... 268
Port Configuration Commands ..................................................................................................................269
Spanning Tree Protocol Commands...........................................................................................................275
VLAN Commands ........................................................................................................................................298
Double VLAN Commands ...........................................................................................................................313
Private VLAN Commands ...........................................................................................................................317
Provisioning (IEEE 802.1p) Commands ......................................................................................................320
Cut-Through (ASF) Commands ...................................................................................................................321
CLI Command Reference
September 2014 Page 4
Table of ContentsHP Moonshot Switch Module CLI Command Reference
Asymmetric Flow Control ...........................................................................................................................322
Protected Ports Commands .......................................................................................................................324
GARP Commands........................................................................................................................................ 326
GVRP Commands........................................................................................................................................ 328
GMRP Commands.......................................................................................................................................330
Port-Based Network Access Control Commands.......................................................................................333
802.1X Supplicant Commands ................................................................................................................... 348
Storm-Control Commands..........................................................................................................................352
Link Local Protocol Filtering Commands....................................................................................................359
MMRP Commands......................................................................................................................................360
MVRP Commands .......................................................................................................................................364
Port-Channel/LAG (802.3ad) Commands ..................................................................................................368
Port Mirroring Commands .........................................................................................................................388
Static MAC Filtering Commands ................................................................................................................392
DHCP L2 Relay Agent Commands...............................................................................................................396
DHCP Client Commands .............................................................................................................................401
DHCP Snooping Configuration Commands ................................................................................................ 403
Dynamic ARP Inspection Commands.........................................................................................................413
IGMP Snooping Configuration Commands ................................................................................................ 421
IGMP Snooping Querier Commands ..........................................................................................................430
MLD Snooping Commands .........................................................................................................................434
MLD Snooping Querier Commands............................................................................................................ 443
Port Security Commands ............................................................................................................................447
LLDP (802.1AB) Commands ........................................................................................................................453
LLDP-MED Commands ................................................................................................................................462
Denial of Service Commands......................................................................................................................469
MAC Database Commands.........................................................................................................................480
ISDP Commands .........................................................................................................................................483
UniDirectional Link Detection Commands.................................................................................................490
Priority-Based Flow Control Commands....................................................................................................495
Section 7: Routing Commands....................................................................................... 500
Address Resolution Protocol Commands ..................................................................................................501
IP Routing Commands ............................................................................................................................... .508
Router Discovery Protocol Commands ......................................................................................................528
Virtual LAN Routing Commands ................................................................................................................532
Virtual Router Redundancy Protocol Commands......................................................................................535
DHCP and BOOTP Relay Commands ..........................................................................................................544
CLI Command Reference
September 2014 Page 5
Table of ContentsHP Moonshot Switch Module CLI Command Reference
IP Helper Commands ..................................................................................................................................546
Open Shortest Path First Commands.........................................................................................................555
General OSPF Commands ....................................................................................................................555
OSPF Interface Commands ..................................................................................................................575
IP Event Dampening Commands..........................................................................................................581
OSPF Graceful Restart Commands.......................................................................................................583
OSPFv2 Stub Router Commands..........................................................................................................586
OSPF Show Commands ........................................................................................................................587
Routing Information Protocol Commands.................................................................................................607
ICMP Throttling Commands.......................................................................................................................614
Loopback Interface Commands..................................................................................................................616
Section 8: Quality of Service Commands........................................................................ 618
Class of Service Commands ........................................................................................................................619
Differentiated Services Commands ........................................................................................................... 627
DiffServ Class Commands ...........................................................................................................................628
DiffServ Policy Commands .........................................................................................................................637
DiffServ Service Commands .......................................................................................................................643
DiffServ Show Commands ..........................................................................................................................644
Management Access Control List...............................................................................................................651
MAC Access Control List Commands..........................................................................................................657
IP Access Control List Commands ..............................................................................................................663
IPv6 Access Control List Commands...........................................................................................................672
Time Range Commands for Time-Based ACLs ...........................................................................................676
iSCSI Optimization Commands................................................................................................................... 680
Section 9: Log Message Information.............................................................................. 686
Core............................................................................................................................................................. 686
Utilities........................................................................................................................................................688
Management ..............................................................................................................................................692
Switching ....................................................................................................................................................694
QoS..............................................................................................................................................................701
Routing........................................................................................................................................................702
Stacking.......................................................................................................................................................704
Technologies...............................................................................................................................................704
O/S Support ................................................................................................................................................706
Command Index............................................................................................................ 708
CLI Command Reference
September 2014 Page 6
List of TablesHP Moonshot Switch Module CLI Command Reference
List of Tables
Table 1: Parameter Conventions ...................................................................................................................... 13
Table 2: Parameter Descriptions ......................................................................................................................14
Table 3: Type of Slots .......................................................................................................................................15
Table 4: Type of Ports....................................................................................................................................... 15
Table 5: CLI Command Modes..........................................................................................................................17
Table 6: CLI Mode Access .................................................................................................................................19
Table 7: CLI Error Messages .............................................................................................................................20
Table 8: CLI Editing Conventions ......................................................................................................................21
Table 9: Copy Parameters ..............................................................................................................................197
Table 10: Default Ports - UDP Port Numbers Implied by Wildcard ................................................................546
Table 11: Trapflags Groups............................................................................................................................. 573
Table 12: Type of OSPF Packets Sent and Received on the Interface ............................................................599
Table 13: Ethertype Keyword and 4-digit Hexadecimal Value .......................................................................658
Table 14: ACL Command Parameters.............................................................................................................663
Table 15: BSP Log Messages...........................................................................................................................686
Table 16: NIM Log Messages..........................................................................................................................686
Table 17: SIM Log Message ............................................................................................................................687
Table 18: System Log Messages .....................................................................................................................687
Table 19: Trap Mgr Log Message ...................................................................................................................688
Table 20: DHCP Filtering Log Messages..........................................................................................................688
Table 21: NVStore Log Messages ...................................................................................................................689
Table 22: RADIUS Log Messages.....................................................................................................................689
Table 23: TACACS+ Log Messages ..................................................................................................................690
Table 24: LLDP Log Message...........................................................................................................................690
Table 25: SNTP Log Message ..........................................................................................................................690
Table 26: DHCPv6 Client Log Messages..........................................................................................................691
Table 27: DHCPv4 Client Log Messages..........................................................................................................691
Table 28: SNMP Log Message.........................................................................................................................692
Table 29: EmWeb Log Messages ....................................................................................................................692
Table 30: CLI_UTIL Log Messages ................................................................................................. ..................692
Table 31: CLI_WEB_MGR Log Messages ........................................................................................................692
Table 32: SSHD Log Messages ........................................................................................................................693
Table 33: User_Manager Log Messages.........................................................................................................693
Table 34: Protected Ports Log Messages........................................................................................................694
Table 35: IP Subnet VLANS Log Messages ......................................................................................................694
CLI Command Reference
September 2014 Page 7
List of TablesHP Moonshot Switch Module CLI Command Reference
Table 36: Mac-based VLANs Log Messages....................................................................................................695
Table 37: 802.1X Log Messages......................................................................................................................695
Table 38: IGMP Snooping Log Messages ........................................................................................................696
Table 39: GARP/GVRP/GMRP Log Messages..................................................................................................696
Table 40: 802.3ad Log Messages....................................................................................................................697
Table 41: FDB Log Message ............................................................................................................................697
Table 42: Double VLAN Tag Log Message ......................................................................................................697
Table 43: IPv6 Provisioning Log Message.......................................................................................................697
Table 44: MFDB Log Message.........................................................................................................................697
Table 45: 802.1Q Log Messages .....................................................................................................................698
Table 46: 802.1S Log Messages ......................................................................................................................700
Table 47: Port Mac Locking Log Message.......................................................................................................700
Table 48: Protocol-based VLANs Log Messages .............................................................................................700
Table 49: ACL Log Messages...........................................................................................................................701
Table 50: CoS Log Message ............................................................................................................................ 701
Table 51: DiffServ Log Messages ....................................................................................................................701
Table 52: DHCP Relay Log Messages .............................................................................................................. 702
Table 53: OSPFv2 Log Messages.....................................................................................................................702
Table 54: Routing Table Manager Log Messages ...........................................................................................703
Table 55: VRRP Log Messages ........................................................................................................................703
Table 56: ARP Log Message............................................................................................................................703
Table 57: RIP Log Message .............................................................................................................................703
Table 58: EDB Log Message............................................................................................................................704
Table 59: Switching Silicon Error Messages ...................................................................................................704
Table 60: Linux BSP Log Message ...................................................................................................................706
Table 61: OSAPI Linux Log Messages..............................................................................................................706
CLI Command Reference
September 2014 Page 8
HP Moonshot Switch Module CLI Command Reference
About This Document
Purpose
This document describes command-line interface (CLI) commands you use to view and configure HP
Moonshot-45G Switch Module and Moonshot-180G Switch Module software. You can access the CLI by using
a direct connection to the serial port or by using Telnet or SSH over a remote network connection.
Audience
This document is for system administrators who configure and operate systems using HP Moonshot Switch
Module software. This document assumes that the reader has a basic knowledge of Ethernet and networking
concepts.
Support and Other Resources
Before you Contact HP
Be sure to have the following information available before you call HP:
• Technical support registration number (if applicable)
• Product serial number
• Product model name and number
• Product identification number
• Applicable error messages
• Add-on boards or hardware
• Third-party hardware or software
• Operating system type and revision level
CLI Command Reference
September 2014 Page 9
HP Moonshot Switch Module CLI Command Reference
HP Contact Information
For United States and worldwide contact information, see the Contact HP website (http://www.hp.com/go/
assistance).
In the United States:
• To contact HP by phone, call 1-800-334-5144. For continuous quality improvement, calls may be recorded
or monitored.
• If you have purchased a Care Pack (service upgrade), see the Support & Drivers website (http://
www8.hp.com/us/en/support-drivers.html). If the problem cannot be resolved at the website, call 1-800-
633-3600. For more information about Care Packs, see the HP website (http://pro-aq-
sama.houston.hp.com/services/cache/10950-0-0-225-121.html).
Documentation Feedback
HP is committed to providing documentation that meets your needs. To help us improve the documentation,
send any errors, suggestions, or comments to Documentation Feedback (mailto:docsfeedback@hp.com
Include the document title and part number, version number, or the URL when submitting your feedback.
).
CLI Command Reference
September 2014 Page 10
HP Moonshot Switch Module CLI Command Reference
About Switch Module Software
Section 1: About Switch Module Software
Overview
The HP Moonshot-45G Switch Module and Moonshot-180G Switch Module software has two purposes:
• Assist attached hardware in switching frames, based on Layer 2, 3, or 4 information contained in the
frames.
• Provide a complete device management portfolio to the network administrator.
Scope
HP Moonshot Switch Module software encompasses both hardware and software support. The software is
partitioned to run in the following processors:
•CPU
This code runs the networking device management portfolio and controls the overall networking device
hardware. It also assists in frame forwarding, as needed and specified.
• Networking device processor
This code does the majority of the packet switching, usually at wire speed.
Product Concept
Fast Ethernet and Gigabit Ethernet switching continues to evolve from high-end backbone applications to
desktop switching applications. The price of the technology continues to decline, while performance and
feature sets continue to improve. Devices that are capable of switching Layers 2, 3, and 4 are increasingly in
demand. HP Moonshot Switch Module software provides a flexible solution to these ever-increasing needs.
HP Moonshot Switch Module software includes a set of comprehensive management functions for managing
both HP Moonshot Switch Module software and the network. You can manage the HP Moonshot Switch
Module software by using one of the following two methods:
• Command-Line Interface (CLI)
• Simple Network Management Protocol (SNMP)
Each of the HP Moonshot Switch Module management methods enables you to configure, manage, and
control the software locally or remotely using in-band or out-of-band mechanisms. Management is standardsbased, with configuration parameters and a private MIB providing control for functions not completely
specified in the MIBs.
CLI Command Reference
September 2014 Page 11
HP Moonshot Switch Module CLI Command Reference
Using the Command-Line Interface
Section 2: Using the Command-Line Interface
The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the
CLI by using a direct serial connection or by using a remote logical connection with Telnet or SSH.
This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:
• “Command Syntax” on page 12
• “Command Conventions” on page 13
• “Common Parameter Values” on page 14
• “unit/slot/port Naming Convention” on page 15
• “Using the “No” Form of a Command” on page 13
• “Command Modes” on page 17
• “Command Completion and Abbreviation” on page 20
• “CLI Error Messages” on page 20
• “CLI Line-Editing Conventions” on page 21
• “Using CLI Help” on page 22
• “Accessing the CLI” on page 23
Command Syntax
A command is one or more words that might be followed by one or more parameters. Parameters can be
required or optional values.
Some commands, such as
network parms, require that you supply a value after the command. You must type the parameter values in a
specific order, and optional parameters follow required parameters. The following example describes the
network parms command syntax:
network parms ipaddr netmask [gateway]
• network parms is the command name.
•
ipaddr and netmask are parameters and represent required values that you must enter after you type the
command keywords.
•
[gateway] is an optional parameter, so you are not required to enter a value in place of the parameter.
show network or clear vlan, do not require parameters. Other commands, such as
CLI Command Reference
September 2014 Page 12
HP Moonshot Switch Module CLI Command Reference
Using the “No” Form of a Command
The CLI Command Reference lists each command by the command name and provides a brief description of
the command. Each command reference also contains the following information:
• Format shows the command keywords and the required and optional parameters.
• Mode identifies the command mode you must be in to access the command.
• Default shows the default value, if any, of a configurable setting on the device.
The
show commands also contain a description of the information that the command shows.
Using the “No” Form of a Command
The no keyword is a specific form of an existing command and does not represent a new or distinct command.
Almost every configuration command has a
command or reset a value back to the default. For example, the
the shutdown of an interface. Use the command without the keyword
enable a feature that is disabled by default. Only the configuration commands are available in the
no form. In general, use the no form to reverse the action of a
no shutdown configuration command reverses
no to re-enable a disabled feature or to
no form.
Command Conventions
The parameters for a command might include mandatory values, optional values, or keyword choices.
Parameters are order-dependent. Tab le 1 describes the conventions this document uses to distinguish
between value types.
Table 1: Parameter Conventions
Symbol Example Description
[] square brackets
italic font in a
parameter
{} curly braces
.
| Vertical bars
[
{}] Braces within
square brackets
[value]
value or [value]
{choice1 | choice2}
choice1 | choice2
[{choice1 | choice2}]
Indicates an optional parameter.
Indicates a variable value. You must replace the italicized text
and brackets with an appropriate value, which might be a
name or number.
Indicates that you must select a parameter from the list of
choices.
Separates the mutually exclusive choices.
Indicates a choice within an optional element.
CLI Command Reference
September 2014 Page 13
HP Moonshot Switch Module CLI Command Reference
Common Parameter Values
Common Parameter Values
Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the
name value in double quotes. For example, the expression “System Name with Spaces” forces the system to
accept the spaces. Empty strings (““) are not valid user-defined strings. Tab le 2 describes common parameter
values and value formatting.
Table 2: Parameter Descriptions
Parameter Description
ipaddr This parameter is a valid IP address. Enter the IP address in a the standard dotted
decimal format, for example 192.168.2.10.
In addition to the standard format, the CLI accepts decimal, hexadecimal and octal
formats through the following input formats (where n is any valid hexadecimal, octal
or decimal number):
0xn (CLI assumes hexadecimal format.)
0n (CLI assumes octal format with leading zeros.)
n (CLI assumes decimal format.)
ipv6-address
FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:FEBF:DBCB, or
FE80::20F24FF:FEBF:DBCB
For additional information, refer to RFC 3513.
Interface or
unit/slot/port
Valid slot and port number separated by a forward slash. For example, 1/0/1
represents unit number 1, slot number 0, and port number 1.
Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-
channel (LAG). You can use the logical unit/slot/port to configure the port-channel.
Character strings Use double quotation marks to identify character strings, for example, “System
Name with Spaces”. An empty string (“”) is not valid.
CLI Command Reference
September 2014 Page 14
HP Moonshot Switch Module CLI Command Reference
unit/slot/port Naming Convention
unit/slot/port Naming Convention
HP Moonshot Switch Module software references physical entities such as cards and ports by using a unit/
slot/port naming convention. The HP Moonshot Switch Module software also uses this convention to identify
certain logical entities, such as Port-Channel interfaces.
The unit number identifies the stack member within a stack of switches. The slot number has two uses. In the
case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also
identifies the type of interface or port.
Table 3: Type of Slots
Slot Type Description
Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the maximum
number of physical slots. Internal ports are located on slot 0, and external
ports are located on slot 1. For example, the external uplink/stacking ports are
1/1/1, 1/1/2, 1/1/3, and so on.
Logical slot numbers Logical slots immediately follow physical slots and identify port-channel (LAG)
or router interfaces.
A LAG (port-channel) interface uses 3 as the slot number. By default, the first
LAG that is configured is 0/3/1.
A VLAN routing interface uses 4 as the slot number. By default, the first VLAN
configured as a VLAN routing interface is 0/4/1.
CPU slot numbers The CPU slots immediately follow the logical slots.
The port identifies the specific physical port or logical interface being managed on a given slot.
Table 4: Type of Ports
Port Type Description
Physical Ports The physical ports for each slot are numbered sequentially starting from one,
For example, port 1 on slot 0 (an internal port) for a stand alone (nonstacked)
switch is 1/0/1, port 2 is 1/0/2, port 3 is 1/0/3, and so on.
Logical Interfaces Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces
that are only used for bridging functions.
VLAN routing interfaces are only used for routing functions.
Loopback interfaces are logical interfaces that are always up.
CPU ports CPU ports are handled by the driver as one or more physical entities located on
physical slots.
Note: In the CLI, loopback interfaces do not use the unit/slot/port format. To specify a loopback
interface, you use the loopback ID.
CLI Command Reference
September 2014 Page 15
HP Moonshot Switch Module CLI Command Reference
CLI Output Filtering
CLI Output Filtering
Many CLI show commands display a large amount of content. This can make output difficult to parse through
to find the information of desired importance. The CLI Output Filtering feature allows you to optionally specify
arguments in
simplify the display and make it easier to find the desired information.
The main functions of the CLI Output Filtering feature are:
• Pagination Control
– Supports enabling/disabling paginated output for all
displayed in its entirety. When enabled, the command output is displayed page-by-page such that
content does not scroll off the terminal screen until the user presses a key to continue.
• Output Filtering
– “Grep”-like control for modifying the displayed output to show only the user-desired content.
show commands to filter the CLI output to display only the desired information. The result is to
show CLI commands. When disabled, the output is
Note: Although some HP Moonshot Switch Module show commands already support pagination, the
implementation is unique per command and not generic to all commands.
• Filter displayed output to include only lines containing a specified string match.
• Filter displayed output to exclude lines containing a specified string match.
• Filter displayed output to include only lines including and following a specified string match.
• Filter displayed output to include only a specified section of the content (e.g. interface 10/1) with a
configurable end-of-section delimiter.
• String matching is case insensitive.
• Pagination, when enabled, also applies to filtered output.
Example: The following shows an example of the extensions made to the CLI
show commands for the
Output Filtering feature.
(Routing) #show running-config ?
<cr> Press enter to execute the command.
| Output filter options.
<scriptname> Script file name for writing active configuration.
all Show all the running configuration on the switch.
(Routing) #show running-config | ?
begin Begin with the line that matches
exclude Exclude lines that matches
include Include lines that matches
section Display portion of lines
For commands for the feature, see “CLI Output Filtering Commands” on page 142.
CLI Command Reference
September 2014 Page 16
HP Moonshot Switch Module CLI Command Reference
Command Modes
Command Modes
The CLI groups commands into modes according to the command function. Each of the command modes
supports specific HP Moonshot Switch Module software commands. The commands in one mode are not
available until you switch to that particular mode, with the exception of the User EXEC mode commands. You
can execute the User EXEC mode commands in the Privileged EXEC mode.
Note: Show commands are available in every mode.
Note: The do command allows Privileged EXEC mode commands to be executed in any command
mode. For more information, see “do (Privileged EXEC commands)” on page 42.
The command prompt changes in each command mode to help you identify the current mode. Tab le 5
describes the command modes and the prompts visible in that mode.
Table 5: CLI Command Modes
Command Mode Prompt Mode Description
User EXEC
(Routing) >
Contains a limited set of commands to view
basic system information.
Privileged EXEC
(Routing) #
Allows you to issue any EXEC command, enter
the VLAN mode, or enter the Global
Configuration mode.
Global Config
(Routing) (Config)#
Groups general setup commands and permits
you to make modifications to the running
configuration.
VLAN Config
Interface Config
(Routing) (Vlan)#
(Routing) (Interface unit/slot/port)#
Groups all the VLAN commands.
Manages the operation of an interface or
range of interfaces including the following
(Routing) (Interface Loopback id)#
(Routing) (Interface unit/slot/port
(startrange)-unit/slot/port(endrange)#
(Routing) (Interface lag lag-intf-num)#
interface types:
•Physical port
• Link aggregation group (LAG, also known
as port-channel)
• VLAN routing interface
• Loopback interface
(Routing) (Interface vlan vlan-id)#
Line Console
(Routing) (config-line)#
Contains commands to configure outbound
Telnet settings and console interface settings,
as well as to configure console login/enable
authentication.
Line SSH
(Routing) (config-ssh)#
Contains commands to configure SSH login/
enable authentication.
CLI Command Reference
September 2014 Page 17
HP Moonshot Switch Module CLI Command Reference
Table 5: CLI Command Modes (Cont.)
Command Mode Prompt Mode Description
Line Telnet
(Routing) (config-telnet)#
Contains commands to configure telnet
login/enable authentication.
AAA IAS User
Config
Mail Server Config
Tim e Range Config
(Routing) (Config-IAS-User)#
(Routing) (Mail-Server)#
(Routing) (config-time-range)#
Allows password configuration for a user in
the IAS database.
Allows configuration of the email server.
Allows configuration of periodic and absolute
entries in within a named time range.
Policy Map
Config
Policy Class
Config
(Routing) (Config-policy-map)#
(Routing) (Config-policy-class-map)#
Contains the QoS Policy-Map configuration
commands.
Consists of class creation, deletion, and
matching commands. The class match
commands specify Layer 2, Layer 3, and
general match criteria.
Class Map Config
(Routing) (Config-class-map)#
Contains the QoS class map configuration
commands for IPv4.
Ipv6_Class-Map
Config
Router OSPF
(Routing) (Config-class-map)#
(Routing) (Config-router)#
Contains the QoS class map configuration
commands for IPv6.
Contains the OSPF configuration commands.
Config
Router RIP Config
IPv4 ACL Config
(Routing) (Config-router)#
(Routing) (Config-ipv4-acl)#
Contains the RIP configuration commands.
Allows you to create a IPv4 ACL and configure
rules for the ACL.
IPv6 ACL Config
(Routing) (Config-ipv6-acl)#
Allows you to create a IPv4 ACL and configure
rules for the ACL.
MAC Access-list
Config
(Routing) (Config-mac-access-list)#
Allows you to create a MAC Access-List and to
enter the mode containing MAC Access-List
configuration commands.
Management ACL
Config
TACACS Config
(Routing) (config-macal)#
(Routing) (Tacacs)#
Allows you to create a management ACL and
configure rules for the ACL.
Contains commands to configure properties
for the TACACS servers.
Stack Global
Config Mode
ARP Access-List
Config Mode
Support Mode
(Routing) (Config stack)#
(Routing) (Config-arp-access-list)#
(Routing) (Support)#
Allows you to access the Stack Global Config
Mode.
Contains commands to add ARP ACL rules in
an ARP Access List.
Allows access to the support commands,
which should only be used by the
manufacturer's technical support personnel
as improper use could cause unexpected
system behavior and/or invalidate product
warranty.
Data Center
Bridging
(Routing) (config-if-dcb)#
Allows access to priority flow control (PFC)
commands for an interface.
Command Modes
CLI Command Reference
September 2014 Page 18
HP Moonshot Switch Module CLI Command Reference
Command Modes
Table 6 explains how to enter each command mode. To exit a mode and return to the previous mode, enter
exit. To exit to Privileged EXEC mode, enter end.
Note: Entering end from Privileged EXEC mode exits to User EXEC mode. To exit User EXEC mode,
logout.
enter
Table 6: CLI Mode Access
Command Mode Access Method
User EXEC This is the first level of access.
Privileged EXEC From the User EXEC mode, enter
Global Config From the Privileged EXEC mode, enter
VLAN Config From the Privileged EXEC mode, enter
enable.
configure.
vlan database.
Interface Config From the Global Config mode, enter one of the following, depending on the type
of interface:
interface unit/slot/port
interface unit/slot/port(startrange)-unit/slot/port(endrange)
interface loopback id
interface lag lag-intf-num
interface vlan vlan-id
The following example shows how to enter interface configuration mode for the
range of interfaces that includes physical ports 1, 2, 3, and 4.
interface 1/0/1-1/0/4
Note: The interface unit/slot/port command and range command can be
used to enter interface configuration mode for a physical port (for example,
1/0/1), VLAN routing interface (for example, 0/4/1), or LAG (for example, 0/3/1).
Line Console From the Global Config mode, enter
Line SSH From the Global Config mode, enter
Line Telnet From the Global Config mode, enter
AAA IAS User Config
Mail Server Config
Tim e Range Config
Policy-Map
From the Global Config mode, enter
From the Global Config mode, enter
From the Global Config mode, enter
From the Global Config mode, enter policy-map.
line console.
line ssh.
line telnet.
aaa ias-user username name.
mail-server ip_address
time-range name
Config
Policy-Class-Map Config From the Policy Map mode enter
Class-Map
Config
From the Global Config mode, enter
the named class has already been created, enter class-map class-name. See
class.
class-map match-all class-name ipv4. If
“class-map” on page 629 for more information.
Ipv6-Class-Map
Config
From the Global Config mode, enter
class-map match-all class-name ipv6. If
the named class has already been created, enter
class-map class-name. See
“class-map” on page 629 for more information.
Router OSPF Config From the Global Config mode, enter
Router RIP
From the Global Config mode, enter
router ospf.
router rip.
Config
CLI Command Reference
September 2014 Page 19
HP Moonshot Switch Module CLI Command Reference
Table 6: CLI Mode Access (Cont.)
Command Mode Access Method
Command Completion and Abbreviation
IPv6 Access-list Config From the Global Config mode, enter
IPv4 Access-list Config From the Global Config mode, enter
MAC Access-list Config From the Global Config mode, enter
Management Access-list
From the Global Config mode, enter
ipv6 access-list name.
ip access-list name.
mac access-list extended name.
management access-list name.
Config
TACACS Config From the Global Config mode, enter
is the IP address of the TACACS server on your network.
addr
Stack Global Config Mode From the Global Config mode, enter the
ARP Access-List Config Mode From the Global Config mode, enter the
Support Mode From the Privileged EXEC mode, enter
Note: The
support command is available only if the techsupport enable
tacacs-server host ip-addr, where ip-
stack command.
arp access-list command.
support.
command has been issued.
Data Center Bridging
From the Interface Config mode, enter
datacenter-bridging.
Command Completion and Abbreviation
Command completion finishes spelling the command when you type enough letters of a command to uniquely
identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to
complete the word.
Command abbreviation allows you to execute a command when you have entered there are enough letters to
uniquely identify the command. You must enter all of the required keywords and parameters before you enter
the command.
CLI Error Messages
If you enter a command and the system is unable to execute it, an error message appears. Tab le 7 describes
the most common CLI error messages.
Table 7: CLI Error Messages
Message Text Description
% Invalid input detected at '^'
marker.
Command not found / Incomplete
command. Use ? to list commands.
Ambiguous command
Indicates that you entered an incorrect or unavailable command. The
carat (^) shows where the invalid text is detected. This message also
appears if any of the parameters or values are not recognized.
Indicates that you did not enter the required keywords or values.
Indicates that you did not enter enough letters to uniquely identify the
command.
CLI Command Reference
September 2014 Page 20
HP Moonshot Switch Module CLI Command Reference
CLI Line-Editing Conventions
CLI Line-Editing Conventions
Ta bl e 8 describes the key combinations you can use to edit commands or increase the speed of command
entry. You can access this list from the CLI by entering
Table 8: CLI Editing Conventions
Key Sequence Description
DEL or Backspace Delete previous character.
Ctrl-A Go to beginning of line.
Ctrl-E Go to end of line.
Ctrl-F Go forward one character.
Ctrl-B Go backward one character.
Ctrl-D Delete current character.
Ctrl-U, X Delete to beginning of line.
Ctrl-K Delete to end of line.
Ctrl-W Delete previous word.
Ctrl-T Transpose previous character.
Ctrl-P Go to previous line in history buffer.
Ctrl-R Rewrites or pastes the line.
Ctrl-N Go to next line in history buffer.
Ctrl-Y Prints last deleted character.
Ctrl-Q Enables serial flow.
Ctrl-S Disables serial flow.
Ctrl-Z Return to root command prompt.
Tab, <SPACE> Command-line completion.
Exit Go to next lower command prompt.
? List available commands, keywords, or parameters.
help from the User or Privileged EXEC modes.
CLI Command Reference
September 2014 Page 21
HP Moonshot Switch Module CLI Command Reference
Using CLI Help
Using CLI Help
Enter a question mark (?) at the command prompt to display the commands available in the current mode.
(Routing) >?
enable Enter into user privilege mode.
help Display help for various special keys.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP address.
quit Exit this session. Any unsaved changes are lost.
show Display Switch Options and Settings.
telnet Telnet to a remote host.
Enter a question mark (?) after each word you enter to display available command keywords or parameters.
(Routing) #network ?
ipv6 Configure IPv6 parameters for system network.
mac-address Configure MAC Address.
mac-type Select the locally administered or burnedin MAC
address.
mgmt_vlan Configure the Management VLAN ID of the switch.
parms Configure Network Parameters of the device.
protocol Select DHCP, BootP, or None as the network config
protocol.
If the help output shows a parameter in angle brackets, you must replace the parameter with a value.
(Routing) #network parms ?
<ipaddr> Enter the IP Address.
none Reset IP address and gateway on management interface
If there are no additional command keywords or parameters, or if additional parameters are optional, the
following message appears in the output:
<cr> Press Enter to execute the command
You can also enter a question mark (?) after typing one or more characters of a word to list the available
command or parameters that begin with the letters, as shown in the following example:
(Routing) #show m?
mac mac-addr-table mac-address-table
mail-server management mldsnooping
mmrp monitor mrp
mvr mvrp
CLI Command Reference
September 2014 Page 22
HP Moonshot Switch Module CLI Command Reference
Accessing the CLI
Accessing the CLI
You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a
remote management host.
For the initial connection, you must use a direct connection to the console port. You cannot access the system
remotely until the system has an IP address, subnet mask, and default gateway. You can set the network
configuration information manually, or you can configure the system to accept these settings from a BOOTP or
DHCP server on your network. For more information, see “Network Interface Commands” on page 43.
For step-by-step instructions about how to connect to the switch management interface, see the HP Moonshot
Switch Module Administrator’s Guide.
CLI Command Reference
September 2014 Page 23
HP Moonshot Switch Module CLI Command Reference
Stacking Commands
Section 3: Stacking Commands
This chapter describes the stacking commands available in the HP Moonshot Switch Module CLI.
The Stacking Commands chapter includes the following sections:
• “Switch Stacking” on page 24
• “Stack Port Commands” on page 33
• “Nonstop Forwarding Commands” on page 37
Note: The Primary Management Unit is the unit that controls the stack.
Switch Stacking
This section describes the commands you use to configure switch stacks.
stack
This command sets the mode to Stack Global Config.
Format
Mode Global Config
stack
member
This command configures a switch. The unit is the switch identifier of the switch to be added/removed from
the stack. The
the switch being preconfigured. The switch index is a 32-bit integer. This command is executed on the Primary
Management Unit.
Format
Mode Stack Global Config
switchindex is the index into the database of the supported switch types, indicating the type of
member unit switchindex
Note: Switch index can be obtained by executing the show supported switchtype command in User
EXEC mode.
CLI Command Reference
September 2014 Page 24
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
no member
This command removes a switch from the stack. The unit is the switch identifier of the switch to be removed
from the stack. This command is executed on the Primary Management Unit.
Format
no member unit
Mode Stack Global Config
switch priority
This command configures the ability of a switch to become the Primary Management Unit. The unit is the
switch identifier. The
switch over another. The range for priority
value is the preference parameter that allows the user to specify, priority of one backup
is 0 to 15. The switch with the highest priority value will be chosen
to become the Primary Management Unit if the active Primary Management Unit fails. Setting the value to 0
prevents the unit from being able to become the Management Unit. The switch priority defaults to the
hardware management preference value 1. Switches that do not have the hardware capability to become the
Primary Management Unit are not eligible for management.
Default enabled
Format
switch unit priority value
Mode Global Config
switch renumber
This command changes the switch identifier for a switch in the stack. The oldunit is the current switch
identifier on the switch whose identifier is to be changed. The
identifier. Upon execution, the switch will be configured with the configuration information for the new switch,
if any. The old switch configuration information will be retained, however the old switch will be operationally
unplugged. This command is executed on the Primary Management Unit. After issuing this command, you are
prompted to reload the unit that is being renumbered. The renumbering will not take effect until the unit is
reloaded.
newunit is the updated value of the switch
Note: If the management unit is renumbered, then the running configuration is no longer applied (i.e.
the stack acts as if the configuration had been cleared).
Format
switch oldunit renumber newunit
Mode Global Config
CLI Command Reference
September 2014 Page 25
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
movemanagement
This command moves the Primary Management Unit functionality from one switch to another. The fromunit
is the switch identifier on the current Primary Management Unit. The tounit is the switch identifier on the new
Primary Management Unit. Upon execution, the entire stack (including all interfaces in the stack) is
unconfigured and reconfigured with the configuration on the new Primary Management Unit. After the reload
is complete, all stack management capability must be performed on the new Primary Management Unit. To
preserve the current configuration across a stack move, execute the
nvram:startup-config
(in Privileged EXEC) command before performing the stack move. A stack move causes
all routes and layer 2 addresses to be lost. This command is executed on the Primary Management Unit. The
system prompts you to confirm the management move.
copy system:running-config
Format
movemanagement fromunit tounit
Mode Stack Global Config
standby
Use this command to configure a unit as a Standby Management Unit (STBY).
Note: The Standby Management Unit cannot be the current Management Unit. The Standby unit
should be a management-capable unit.
Format
Mode Stack Global Config
Parameter Description
Standby Management Unit Number Indicates the unit number which is to be the Standby Management
no standby
standby unit number
Unit. unit number must be a valid unit number.
The no form of this command allows the application to run the auto Standby Management Unit logic.
Format
no standby
Mode Stack Global Config
CLI Command Reference
September 2014 Page 26
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
slot
This command configures a slot in the system. The unit/slot is the slot identifier of the slot. The cardindex is
the index into the database of the supported card types, indicating the type of the card being preconfigured in
the specified slot. The card index is a 32-bit integer. If a card is currently present in the slot that is unconfigured,
the configured information will be deleted and the slot will be re-configured with default information for the
card.
Format
Mode Global Config
Note: Card index can be obtained by executing show supported cardtype command in User EXEC
mode.
no slot
This command removes configured information from an existing slot in the system.
slot unit/slot cardindex
Format
no slot unit/slot cardindex
Mode Global Config
Note: Card index can be obtained by executing show supported cardtype command in User EXEC
mode.
set slot disable
This command configures the administrative mode of the slot(s). If you specify [all], the command is applied to
all slots, otherwise the command is applied to the slot identified by
If a card or other module is present in the slot, this administrative mode will effectively be applied to the
contents of the slot. If the slot is empty, this administrative mode will be applied to any module that is inserted
into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as
“unplugged” on management screens.
Format
set slot disable [unit/slot] | all]
Mode Global Config
unit/slot.
CLI Command Reference
September 2014 Page 27
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
no set slot disable
This command unconfigures the administrative mode of the slot(s). If you specify all, the command removes
the configuration from all slots, otherwise the configuration is removed from the slot identified by
If a card or other module is present in the slot, this administrative mode removes the configuration from the
contents of the slot. If the slot is empty, this administrative mode removes the configuration from any module
inserted into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as
“unplugged” on management screens.
unit/slot.
Format
no set slot disable [unit/slot] | all]
Mode Global Config
set slot power
This command configures the power mode of the slot(s) and allows power to be supplied to a card located in
the slot. If you specify
identified by
unit/slot.
Use this command when installing or removing cards. If a card or other module is present in this slot, the power
mode is applied to the contents of the slot. If the slot is empty, the power mode is applied to any card inserted
into the slot.
Format
set slot power [unit/slot] | all]
Mode Global Config
no set slot power
This command unconfigures the power mode of the slot(s) and prohibits power from being supplied to a card
located in the slot. If you specify
prohibits power to the slot identified by
all, the command is applied to all slots, otherwise the command is applied to the slot
all, the command prohibits power to all slots, otherwise the command
unit/slot.
Use this command when installing or removing cards. If a card or other module is present in this slot, power is
prohibited to the contents of the slot. If the slot is empty, power is prohibited to any card inserted into the slot.
Format
no set slot power [unit/slot] | all]
Mode Global Config
reload (Stack)
This command resets the entire stack or the identified unit. The unit is the switch identifier. The system
prompts you to confirm that you want to reset the switch.
Format
Mode Privileged EXEC
September 2014 Page 28
reload [unit]
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
show slot
This command displays information about all the slots in the system or for a specific slot.
Format
Mode User EXEC
Term Definition
show slot [unit/slot]
Switch Stacking
Slot The slot identifier in a
unit/slot format.
Status The slot is empty, full, or has encountered an error
Admin State The slot administrative mode is enabled or disabled.
Power State The slot power mode is enabled or disabled.
Configured Card
Model Identifier
The model identifier of the card preconfigured in the slot. Model Identifier is a 32-character
field used to identify a card.
Pluggable Cards are pluggable or non-pluggable in the slot.
Power Down Indicates whether the slot can be powered down.
If you supply a value for
unit/slot, the following information appears:
Term Definition
Slot The slot identifier in a
unit/slot format.
Slot Status The slot is empty, full, or has encountered an error
Admin State The slot administrative mode is enabled or disabled.
Power State The slot power mode is enabled or disabled.
Inserted Card
Model Identifier
Inserted Card
The model identifier of the card inserted in the slot. Model Identifier is a 32-character field
used to identify a card. This field is displayed only if the slot is full.
The card description. This field is displayed only if the slot is full.
Description
Configured Card
Model Identifier
Configured Card
The model identifier of the card preconfigured in the slot. Model Identifier is a 32-character
field used to identify a card.
A description of the card configured for the slot.
Description
Pluggable Cards are pluggable or non-pluggable in the slot.
Power Down Indicates whether the slot can be powered down.
CLI Command Reference
September 2014 Page 29
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
show supported cardtype
This commands displays information about all card types or specific card types supported in the system.
Format
show supported cardtype [cardindex]
Mode User EXEC
If you do not supply a value for
cardindex, the following output appears:
Term Definition
Card Index (CID) The index into the database of the supported card types. This index is used when
preconfiguring a slot.
Card Model
The model identifier for the supported card type.
Identifier
If you supply a value for
cardindex, the following output appears:
Term Definition
Card Type The 32-bit numeric card type for the supported card.
Model Identifier The model identifier for the supported card type.
Card Description The description for the supported card type.
show switch
This command displays switch status information about all units in the stack or a single unit when you specify
the unit value.
Format
show switch [unit]
Mode Privileged EXEC
Term Definition
Switch The unit identifier assigned to the switch.
When you do not specify a value for
unit, the following information appears:
Term Definition
Management
Switch
Indicates whether the switch is the Primary Management Unit, a stack member, a
configured standby switch, an operational standby switch, or the status is unassigned.
Standby Status Indicates whether the switch a configured or operational standby switch.
Preconfigured
Model Identifier
The model identifier of a preconfigured switch ready to join the stack. The Model Identifier
is a 32-character field assigned by the device manufacturer to identify the device.
CLI Command Reference
September 2014 Page 30
HP Moonshot Switch Module CLI Command Reference
Term Definition
Switch Stacking
Plugged-In Model
Identifier
The model identifier of the switch in the stack. Model Identifier is a 32-character field
assigned by the device manufacturer to identify the device.
Switch Status The switch status. Possible values for this state are: OK, Code Mismatch, or Not Present. A
mismatch indicates that a stack unit is running a different version of the code than the
management unit.
If there is a Stacking Firmware Synchronization operation in progress status is shown as
Updating Code.
Code Version The detected version of code on this switch.
Example: The following shows example CLI display output for the command.
(Routing) #show switch
(Routing) #show switch
Management Standby Preconfig Plugged-in Switch Code
SW Switch Status Model ID Model ID Status Version
--- ---------- --------- ---------------- ---------------- ------------- ----------1 Mgmt Sw Moonshot-180G Moonshot-180G OK H.9.1.2
2 Stack Mbr Oper Stby Moonshot-180G Moonshot-180G OK H.9.1.2
When you specify a value for unit, the following information appears.
Term Definition
Switch Switch ID
Management Status Indicates whether the switch is the Primary Management Unit, a stack member, or
the status is unassigned.
Hardware Management
Preference
Admin Management
Preference
The hardware management preference of the switch. The hardware management
preference can be disabled or unassigned.
The administrative management preference value assigned to the switch. This
preference value indicates how likely the switch is to be chosen as the Primary
Management Unit.
Switch Type The 32-bit numeric switch type.
Preconfigured Model
Identifier
The model identifier for this switch that has been preconfigured for the unit prior
to joining the stack. Model Identifier is a 32-character field assigned by the device
manufacturer to identify the device.
Plugged-in Model
Identifier
The model identifier for this switch detected by the hardware. Model Identifier is a
32-character field assigned by the device manufacturer to identify the device.
Switch Status The switch status. Possible values are OK, Code Mismatch, or Not Present.
Switch Description The switch description.
Detected Code in Flash The version of code that is currently stored in FLASH memory on the switch. This
code executes after the switch is reset. If the switch is not present and the data is
from pre-configuration, then the code version is “None”.
SFS Last Attempt Status The stack firmware synchronization status in the last attempt for the specified unit.
Serial Number
The unique serial number assigned to the switch.
(Moonshot-180G only)
Up Time The system up time.
CLI Command Reference
September 2014 Page 31
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
Example: The following shows example CLI display output for the command on a Moonshot-45G switch
module.
(Routing) #show switch 1
Switch............................ 1
Management Status................. Management Switch
Hardware Management Preference.... Unassigned
Admin Management Preference....... Unassigned
Switch Type....................... 0x68440101
Preconfigured Model Identifier.... HP Moonshot-45G
Plugged-in Model Identifier....... HP Moonshot-45G
Switch Status..................... OK
Switch Description................ HP Moonshot-45G Switch
Detected Code in Flash............ 1.0.0.15
SFS Last Attempt Status........... None
Up Time........................... 0 days 2 hrs 31 mins 9 secs
show supported switchtype
This commands displays information about all supported switch types or a specific switch type.
Format
show supported switchtype [switchindex]
Mode User EXEC
Privileged EXEC
If you do not supply a value for
switchindex, the following output appears:
Term Definition
SID The index into the database of supported switch types. This index is used when
preconfiguring a member to be added to the stack.
Switch Model ID The model identifier for the supported switch type.
Mgmt Pref The management preference value of the switch type.
If you supply a value for
switchindex, the following output appears:
Term Definition
Switch Type The 32-bit numeric switch type for the supported switch.
Model Identifier The model identifier for the supported switch type.
Switch
The description for the supported switch type.
Description
Management
The management preference value of the switch type.
Preference
Supported Cards Provides information about the supported cards in the device, including the slot number,
card index, and model identifier.
CLI Command Reference
September 2014 Page 32
HP Moonshot Switch Module CLI Command Reference
Stack Port Commands
Stack Port Commands
This section describes the commands you use to view and configure stack port information.
stack-port
This command sets stacking per port or range of ports to either stack or ethernet mode.
Default stack
Format
Mode Stack Global Config
show stack-port
This command displays summary stack-port information for all interfaces.
Format
Mode Privileged EXEC
stack-port unit/slot/port [{ethernet | stack}]
show stack-port
For Each Interface:
Term Definition
Unit The unit number.
Interface The slot and port numbers.
Configured Stack Mode Stack or Ethernet.
Running Stack Mode Stack or Ethernet.
Link Status Status of the link.
Link Speed Speed (Gbps) of the stack port link.
CLI Command Reference
September 2014 Page 33
HP Moonshot Switch Module CLI Command Reference
show stack-port counters
This command displays summary data counter information for all interfaces.
Format
Mode Privileged EXEC
Term Definition
Unit The unit number.
Interface The slot and port numbers.
Tx Data Rate Trashing data rate in megabits per second on the stacking port.
Tx Error Rate Platform-specific number of transmit errors per second.
Tx Total Errors Platform-specific number of total transmit errors since power-up.
Rx Data Rate Receive data rate in megabits per second on the stacking port.
Rx Error Rate Platform-specific number of receive errors per second.
Rx Total Errors Platform-specific number of total receive errors since power-up.
show stack-port counters
Stack Port Commands
show stack-port diag
This command shows stack port diagnostics for each port and is only intended for Field Application Engineers
(FAEs) and developers. An FAE will advise on the necessity to run this command and capture this information.
Format
Mode Privileged EXEC
Term Definition
Unit The unit number.
Interface The slot and port numbers.
Diagnostic Entry1 80 character string used for diagnostics.
Diagnostic Entry2 80 character string used for diagnostics.
Diagnostic Entry3 80 character string used for diagnostics.
show stack-port diag
show stack-port stack-path
This command displays the route a packet will take to reach the destination.
Format
Mode Privileged EXEC
show stack-port stack-path {1—9 | all}
CLI Command Reference
September 2014 Page 34
HP Moonshot Switch Module CLI Command Reference
Stack Firmware Synchronization Commands
Stack Firmware Synchronization Commands
Stack Firmware Synchronization (SFS) provides the ability to automatically synchronize firmware for all stack
members. If a unit joins the stack and its firmware version is different from the version running on the stack
manager, the SFS feature can either upgrade or downgrade the firmware on the mismatched stack member.
There is no attempt to synchronize the stack to the latest firmware in the stack.
For optimal operation, use the recommended firmware version.
For more information on recommended firmware versions, see the HP website (http://www.hp.com/go/
servers/Moonshot/download).
boot auto-copy-sw
Use this command to enable the Stack Firmware Synchronization feature on the stack.
Default Disabled
Format
boot auto-copy-sw
Mode Privileged Exec
no boot auto-copy-sw
Use this command to disable the Stack Firmware Synchronization feature on the stack
Format
Mode Privileged Exec
no boot auto-copy-sw
boot auto-copy-sw trap
Use this command to enable the sending of SNMP traps related to the Stack Firmware Synchronization feature.
Default Enabled
Format
Mode Privileged Exec
no boot auto-copy-sw trap
Use this command to disable the sending of traps related to the Stack Firmware Synchronization feature.
boot auto-copy-sw trap
Format
Mode Privileged Exec
September 2014 Page 35
no boot auto-copy-sw trap
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
Stack Firmware Synchronization Commands
boot auto-copy-sw allow-downgrade
Use this command to allow the stack manager to downgrade the firmware version on the stack member if the
firmware version on the manager is older than the firmware version on the member.
Default Enabled
Format
Mode Privileged Exec
no boot auto-copy-sw allow-downgrade
Use this command to prevent the stack manager from downgrading the firmware version of a stack member.
boot auto-copy-sw allow-downgrade
Format
Mode Privileged Exec
no boot auto-copy-sw allow-downgrade
show auto-copy-sw
Use this command to display Stack Firmware Synchronization configuration status information.
Format
Mode Privileged Exec
Term Definition
Synchronization Shows whether the SFS feature is enabled.
SNMP Trap Status Shows whether the stack will send traps for SFS events.
Allow Downgrade Shows wether the manager is permitted to downgrade the firmware version of a
show auto-copy-sw
stack member.
CLI Command Reference
September 2014 Page 36
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
Nonstop Forwarding Commands
A switch can be described in terms of three semi-independent functions called the forwarding plane, the
control plane, and the management plane. The forwarding plane forwards data packets. The forwarding plane
is implemented in hardware. The control plane is the set of protocols that determine how the forwarding plane
should forward packets, deciding which data packets are allowed to be forwarded and where they should go.
Application software on the management unit acts as the control plane. The management plane is application
software running on the management unit that provides interfaces allowing a network administrator to
configure and monitor the device.
Nonstop forwarding (NSF) allows the forwarding plane of stack units to continue to forward packets while the
control and management planes restart as a result of a power failure, hardware failure, or software fault on
the management unit. A nonstop forwarding failover can also be manually initiated using the
failover command. Traffic flows that enter and exit the stack through physical ports on a unit other than the
management continue with at most sub-second interruption when the management unit fails.
To prepare the backup management unit in case of a failover, applications on the management unit
continuously checkpoint some state information to the backup unit. Changes to the running configuration are
automatically copied to the backup unit. MAC addresses stay the same across a nonstop forwarding failover so
that neighbors do not have to relearn them.
initiate
When a nonstop forwarding failover occurs, the control plane on the backup unit starts from a partiallyinitialized state and applies the checkpointed state information. While the control plane is initializing, the stack
cannot react to external changes, such as network topology changes. Once the control plane is fully operational
on the new management unit, the control plane ensures that the hardware state is updated as necessary.
Control plane failover time depends on the size of the stack, the complexity of the configuration, and the speed
of the CPU.
The management plane restarts when a failover occurs. Management connections must be reestablished.
For NSF to be effective, adjacent networking devices must not reroute traffic around the restarting device. The
switch uses three techniques to prevent traffic from being rerouted:
1. A protocol may distribute a part of its control plane to stack units so that the protocol can give the
appearance that it is still functional during the restart. Spanning tree and port channels use this technique.
2. A protocol may enlist the cooperation of its neighbors through a technique known as graceful restart. OSPF
uses graceful restart if it is enabled (see “IP Event Dampening Commands” on page 581).
3. A protocol may simply restart after the failover if neighbors react slowly enough that they will not normally
detect the outage. The IP multicast routing protocols are a good example of this behavior.
To take full advantage of nonstop forwarding, layer 2 connections to neighbors should be via port channels that
span two or more stack units, and layer 3 routes should be ECMP routes with next hops via physical ports on
two or more units. The hardware can quickly move traffic flows from port channel members or ECMP paths on
a failed unit to a surviving unit.
CLI Command Reference
September 2014 Page 37
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
nsf (Stack Global Config Mode)
This command enables nonstop forwarding feature on the stack. When nonstop forwarding is enabled, if the
management unit of a stack fails, the backup unit takes over as the master without clearing the hardware tables
of any of the surviving units. Data traffic continues to be forwarded in hardware while the management
functions initialize on the backup unit.
NSF is enabled by default. The administrator may wish to disable NSF in order to redirect the CPU resources
consumed by data checkpointing.
If a unit that does not support NSF is connected to the stack, then NSF is disabled on all stack members. When
a unit that does not support NSF is disconnected from the stack and all other units support NSF, and NSF is
administratively enabled, then NSF operation resumes.
Default enabled
Format
Mode Stack Global Config Mode
no nsf
nsf
This command disables NSF on the stack.
Format
Mode Stack Global Config Mode
no nsf
show nsf
This command displays global and per-unit information on NSF configuration on the stack.
Format
Mode Privileged Exec
Parameter Description
NSF Administrative
Status
NSF Operational Status Indicates whether NSF is enabled on the stack.
show nsf
Whether nonstop forwarding is administratively enabled or disabled.
Default: Enabled
CLI Command Reference
September 2014 Page 38
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
Parameter Description
Last Startup Reason The type of activation that caused the software to start the last time:
• “Power-On” means that the switch rebooted. This could have been caused by a
power cycle or an administrative “Reload” command.
• “Administrative Move” means that the administrator issued the
movemanagement
command for the stand-by manager to take over.
• “Warm-Auto-Restart” means that the primary management card restarted due to
a failure, and the system executed a nonstop forwarding failover.
• “Cold-Auto-Restart” means that the system switched from the active manager to
the backup manager and was unable to maintain user data traffic. This is usually
caused by multiple failures occurring close together.
Time Since Last Restart Time since the current management unit became the active management unit.
Restart in progress Whether a restart is in progress.
Warm Restart Ready Whether the system is ready to perform a nonstop forwarding failover from the
management unit to the backup unit.
Copy of Running
Configuration to
Whether the running configuration on the backup unit includes all changes made on
the management unit. Displays as Current or Stale.
Backup Unit: Status
Time Since Last Copy When the running configuration was last copied from the management unit to the
backup unit.
Time Until Next Copy The number of seconds until the running configuration will be copied to the backup
unit. This line only appears when the running configuration on the backup unit is
Stale.
Per Unit Status Parameters
NSF Support Whether a unit supports NSF.
initiate failover
This command forces the backup unit to take over as the management unit and perform a “warm restart” of
the stack. On a warm restart, the backup unit becomes the management unit without clearing its hardware
tables (on a cold restart, hardware tables are cleared). Applications apply checkpointed data from the former
management unit. The original management unit reboots.
If the system is not ready for a warm restart, for example because no backup unit has been elected or one or
more members of the stack do not support nonstop forwarding, the command fails with a warning message.
movemanagement command (see page 26) also transfers control from the current management unit;
The
however, the hardware is cleared and all units reinitialize.
Format
Mode Stack Global Config Mode
initiate failover
CLI Command Reference
September 2014 Page 39
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
show checkpoint statistics
This command displays general information about the checkpoint service operation.
Format
Mode Privileged Exec
Parameter Description
Messages Checkpointed Number of checkpoint messages transmitted to the backup unit. Range: Integer.
Bytes Checkpointed Number of bytes transmitted to the backup unit. Range: Integer. Default: 0
Time Since Counters Cleared Number of days, hours, minutes and seconds since the counters were reset to
Checkpoint Message Rate Average number of checkpoint messages per second. The average is computed
Last 10-second Message Rate Average number of checkpoint messages per second in the last 10-second
Highest 10-second Message
Rate
show checkpoint statistics
Default: 0
zero. The counters are cleared when a unit becomes manager and with a
support command. Range: Time Stamp. Default: 0d00:00:00
over the time period since the counters were cleared. Range: Integer. Default: 0
interval. This average is updated once every 10 seconds. Range: Integer.
Default: 0
The highest rate recorded over a 10-second interval since the counters were
cleared. Range: Integer. Default: 0
clear checkpoint statistics
This command clears all checkpoint statistics to their initial values.
Format
Mode Privileged Exec
clear checkpoint statistics
CLI Command Reference
September 2014 Page 40
HP Moonshot Switch Module CLI Command Reference
Management Commands
Section 4: Management Commands
This chapter describes the management commands available in the HP Moonshot Switch Module CLI.
The Management Commands chapter contains the following sections:
• “Network Interface Commands” on page 43
• “Console Port Access Commands” on page 59
• “Telnet Commands” on page 62
• “Secure Shell Commands” on page 67
• “Management Security Commands” on page 69
• “Access Commands” on page 70
• “User Account Commands” on page 71
• “SNMP Commands” on page 100
• “RADIUS Commands” on page 115
• “TACACS+ Commands” on page 128
• “Configuration Scripting Commands” on page 134
• “Banner, Prompt, and Host Name Commands” on page 136
CLI Command Reference
September 2014 Page 41
HP Moonshot Switch Module CLI Command Reference
Enable and Do Commands
Enable and Do Commands
enable (Privileged EXEC access)
This command gives you access to the Privileged EXEC mode. From the Privileged EXEC mode, you can
configure the network interface.
Format
enable
Mode User EXEC
do (Privileged EXEC commands)
This command executes Privileged EXEC mode commands from any of the configuration modes.
Format
Mode • Global Config
Example: The following is an example of the
script list in Global Config Mode.
(Routing) #configure
(Routing)(config)#do script list
Configuration Script Name Size(Bytes)
-------------------------------- ----------backup-config 2105
running-config 4483
startup-config 445
do Priv Exec Mode Command
•Interface Config
•VLAN Config
• Routing Config
do command that executes the Privileged Exec command
3 configuration script(s) found.
2041 Kbytes free.
CLI Command Reference
September 2014 Page 42
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
Network Interface Commands
This section describes the commands you use to configure a logical interface for management access. To
configure the management VLAN, see “network mgmt_vlan” on page 298.
serviceport ip
This command sets the IP address, the netmask and the gateway of the network management port. You can
specify the
values to 0.0.0.0).
none option to clear the IPv4 address and mask and the default gateway (i.e., reset each of these
Format
serviceport ip {ipaddr netmask [gateway] | none}
Mode Privileged EXEC
serviceport protocol
This command specifies the network management port configuration protocol. If you modify this value, the
change is effective immediately. If you use the
BootP server until a response is received. If you use the
to a DHCP server until a response is received. If you use the
bootp parameter, the switch periodically sends requests to a
dhcp parameter, the switch periodically sends requests
none parameter, you must configure the network
information for the switch manually.
Format
serviceport protocol {none | bootp | dhcp}
Mode Privileged EXEC
serviceport protocol dhcp
This command enables the DHCPv4 client on a Service port. If the client-id optional parameter is given, the
DHCP client messages are sent with the client identifier option.
Default DHCP
Format
Mode Privileged EXEC
serviceport protocol dhcp [client-id]
There is no support for the no form of the command serviceport protocol dhcp client-id. To remove the
client-id option from the DHCP client messages, issue the command serviceport protocol dhcp without the
client-id option. The command serviceport protocol none can be used to disable the DHCP client and client-
id option on the interface.
Example: The following shows an example of the command.
(Routing) # serviceport protocol dhcp client-id
CLI Command Reference
September 2014 Page 43
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
network parms
This command sets the IP address, subnet mask and gateway of the device. The IP address and the gateway
must be on the same subnet. When you specify the
factory defaults.
none option, the IP address and subnet mask are set to the
Format
network parms {ipaddr netmask [gateway]| none}
Mode Privileged EXEC
network protocol
This command specifies the network configuration protocol to be used. If you modify this value, change is
effective immediately. If you use the
until a response is received. If you use the
server until a response is received. If you use the
bootp parameter, the switch periodically sends requests to a BootP server
dhcp parameter, the switch periodically sends requests to a DHCP
none parameter, you must configure the network information
for the switch manually.
Default none
Format
network protocol {none | bootp | dhcp}
Mode Privileged EXEC
network protocol dhcp
This command enables the DHCPv4 client on a Network port. If the client-id optional parameter is given, the
DHCP client messages are sent with the client identifier option.
Default none
Format
network protocol dhcp [client-id]
Mode Global Config
There is no support for the no form of the command network protocol dhcp client-id. To remove the
id
option from the DHCP client messages, issue the command network protocol dhcp without the client-id
client-
option. The command network protocol none can be used to disable the DHCP client and client-id option on
the interface.
Example: The following shows an example of the command.
(Routing) # network protocol dhcp client-id
CLI Command Reference
September 2014 Page 44
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
network mac-address
This command sets locally administered MAC addresses. The following rules apply:
• Bit 6 of byte 0 (called the U/L bit) indicates whether the address is universally administered (b'0') or locally
administered (b'1').
• Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individual address (b'0')
or a group address (b'1').
• The second character, of the twelve character macaddr, must be 2, 6, A or E.
A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
Format
Mode Privileged EXEC
network mac-address macaddr
network mac-type
This command specifies whether the switch uses the burned in MAC address or the locally-administered MAC
address.
Default burnedin
Format
Mode Privileged EXEC
no network mac-type
This command resets the value of MAC address to its default.
Format
Mode Privileged EXEC
network mac-type {local | burnedin}
no network mac-type
CLI Command Reference
September 2014 Page 45
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
show network
This command displays configuration settings associated with the switch's network interface. The network
interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel
ports. The configuration parameters associated with the switch's network interface do not affect the
configuration of the front panel ports through which traffic is switched or routed. The network interface is
always considered to be up, whether or not any member ports are up; therefore, the
will always show Interface Status as
Up.
show network command
Format
show network
Modes •Privileged EXEC
• User EXEC
Term Definition
Interface Status The network interface status; it is always considered to be up.
IP Address The IP address of the interface. The factory default value is 0.0.0.0.
Subnet Mask The IP subnet mask for this interface. The factory default value is 0.0.0.0.
Default Gateway The default gateway for this IP interface. The factory default value is 0.0.0.0.
IPv6 Administrative Mode Whether enabled or disabled.
IPv6 Address/Length The IPv6 address and length. This field is visible only if the IPv6 administrative
mode is enabled.
IPv6 Default Router The IPv6 default router address. This field is visible only if the IPv6
administrative mode is enabled.
Burned In MAC Address The burned in MAC address used for in-band connectivity.
Locally Administered MAC
Address
If desired, a locally administered MAC address can be configured for in-band
connectivity. To take effect, 'MAC Address Type' must be set to 'Locally
Administered'. Enter the address as twelve hexadecimal digits (6 bytes) with a
colon between each byte. Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0, i.e.
byte 0 should have the following mask 'xxxx xx10'. The MAC address used by
this bridge when it must be referred to in a unique fashion. It is recommended
that this be the numerically smallest MAC address of all ports that belong to
this bridge. However it is only required to be unique. When concatenated with
dot1dStpPriority a unique Bridge Identifier is formed which is used in the
Spanning Tree Protocol.
MAC Address Type The MAC address which should be used for in-band connectivity. The choices
are the burned in or the Locally Administered address. The factory default is to
use the burned in MAC address.
Configured IPv4 Protocol The IPv4 network protocol being used. The options are bootp | dhcp | none.
Configured IPv6 Protocol The IPv6 network protocol being used. The options are dhcp | none.
DHCPv6 Client DUID The DHCPv6 client’s unique client identifier. This row is displayed only when the
configured IPv6 protocol is DHCP.
IPv6 Autoconfig Mode Whether IPv6 Stateless address autoconfiguration is enabled or disabled.
CLI Command Reference
September 2014 Page 46
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
Term Definition
Management VLAN ID The VLAN ID for the management VLAN. Some network administrators use a
management VLAN to isolate system management traffic from end-user data
traffic.
DHCP Client Identifier The client identifier is displayed in the output of the command only if DHCP is
enabled with the client-id option on the network port. See “network protocol
dhcp” on page 44.
Example: The following shows example CLI display output for the network port.
(Routing) #show network
Interface Status............................... Up
IP Address..................................... 0.0.0.0
Subnet Mask.................................... 0.0.0.0
Default Gateway................................ 0.0.0.0
IPv6 Administrative Mode....................... Disabled
Burned In MAC Address.......................... 00:24:81:D0:0F:C2
Locally Administered MAC address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Configured IPv4 Protocol....................... None
Configured IPv6 Protocol....................... None
IPv6 AutoConfig Mode........................... Disabled
Management VLAN ID............................. 1
show serviceport
This command displays service port configuration information.
Format
Mode •Privileged EXEC
Term Definition
Interface Status The network interface status. It is always considered to be up.
IP Address The IP address of the interface. The factory default value is 0.0.0.0.
Subnet Mask The IP subnet mask for this interface. The factory default value is 0.0.0.0.
Default Gateway The default gateway for this IP interface. The factory default value is 0.0.0.0.
IPv6 Administrative
Mode
IPv6 Address/Length The IPv6 address and length. Default is Link Local format.
IPv6 Default Router TheIPv6 default router address on the service port. The factory default value is an
Configured IPv4 Protocol The IPv4 network protocol being used. The options are bootp | dhcp | none.
Configured IPv6 Protocol The IPv6 network protocol being used. The options are dhcp | none.
DHCPv6 Client DUID The DHCPv6 client’s unique client identifier. This row is displayed only when the
show serviceport
• User EXEC
Whether enabled or disabled. Default value is enabled.
unspecified address.
configured IPv6 protocol is dhcp.
CLI Command Reference
September 2014 Page 47
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
Term Definition
IPv6 Autoconfig Mode Whether IPv6 Stateless address autoconfiguration is enabled or disabled.
Burned in MAC Address The burned in MAC address used for in-band connectivity.
DHCP Client Identifier The client identifier is displayed in the output of the command only if DHCP is
enabled with the client-id option on the service port. See “serviceport protocol”
on page 43.
Example: The following shows example CLI display output for the service port.
(admin) #show serviceport
Interface Status............................... Up
IP Address..................................... 10.230.3.51
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.230.3.1
IPv6 Administrative Mode....................... Enabled
IPv6 Prefix is ................................ fe80::210:18ff:fe82:640/64
IPv6 Prefix is ................................ 2005::21/128
IPv6 Default Router is ........................ fe80::204:76ff:fe73:423a
Configured IPv4 Protocol ...................... DHCP
Configured IPv6 Protocol ...................... DHCP
DHCPv6 Client DUID ............................ 00:03:00:06:00:10:18:82:06:4C
IPv6 Autoconfig Mode........................... Disabled
Burned In MAC Address.......................... 00:10:18:82:06:4D
DHCP Client Identifier......................... 0Moonshot-0010.1882.160C
CLI Command Reference
September 2014 Page 48
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
IPv6 Management Commands
IPv6 Management commands allow a device to be managed via an IPv6 address. HP Moonshot Switch Module
software has capabilities such as:
• Static assignment of IPv6 addresses and gateways for the service/network ports.
• The ability to ping an IPv6 link-local address over the service/network port.
• The ability to send SNMP traps and queries via the service/network port.
• Management of the device via the network port (in addition to a Routing Interface or the Service port).
serviceport ipv6 enable
Use this command to enable IPv6 operation on the service port. By default, IPv6 operation is enabled on the
service port.
Format
Mode Privileged EXEC
serviceport ipv6 enable
no serviceport ipv6 enable
Use this command to disable IPv6 operation on the service port.
Format
Mode Privileged EXEC
no serviceport ipv6 enable
network ipv6 enable
Use this command to enable IPv6 operation on the network port. By default, IPv6 operation is enabled on the
network port.
Format
Mode Privileged EXEC
no network ipv6 enable
Use this command to disable IPv6 operation on the network port.
network ipv6 enable
Format
Mode Privileged EXEC
September 2014 Page 49
no network ipv6 enable
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 address
Use the options of this command to manually configure IPv6 global address, enable/disable stateless global
address autoconfiguration and to enable/disable dhcpv6 client protocol information on the service port.
Note: Multiple IPv6 prefixes can be configured on the service port.
Format
serviceport ipv6 address {address/prefix-length [eui64]|autoconfig|dhcp}
Mode Privileged EXEC
Parameter Description
address IPv6 prefix in IPv6 global address format.
prefix-length IPv6 prefix length value.
eui64 Formulate IPv6 address in eui64 address format.
autoconfig Configure stateless global address autoconfiguration capability.
dhcp Configure dhcpv6 client protocol.
no serviceport ipv6 address
Use the command no serviceport ipv6 address to remove all configured IPv6 prefixes on the service port
interface.
Use the command with the address option to remove the manually configured IPv6 global address on the
network port interface.
Use the command with the autoconfig option to disable the stateless global address autoconfiguration on the
service port.
Use the command with the dhcp option to disable the dhcpv6 client protocol on the service port.
Format
no serviceport ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
Mode Privileged EXEC
CLI Command Reference
September 2014 Page 50
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 gateway
Use this command to configure IPv6 gateway (i.e. Default routers) information for the service port.
Note: Only a single IPv6 gateway address can be configured for the service port. There may be a
combination of IPv6 prefixes and gateways that are explicitly configured and those that are set
through auto-address configuration with a connected IPv6 router on their service port interface.
Format
Mode Privileged EXEC
Parameter Description
gateway-address Gateway address in IPv6 global or link-local address format.
serviceport ipv6 gateway gateway-address
no serviceport ipv6 gateway
Use this command to remove IPv6 gateways on the service port interface.
Format
Mode Privileged EXEC
no serviceport ipv6 gateway
network ipv6 address
Use the options of this command to manually configure IPv6 global address, enable/disable stateless global
address autoconfiguration and to enable/disable dhcpv6 client protocol information for the network port.
Multiple IPv6 addresses can be configured on the network port.
Format
Mode Privileged EXEC
network ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
Parameter Description
address IPv6 prefix in IPv6 global address format.
prefix-length IPv6 prefix length value.
eui64 Formulate IPv6 address in eui64 format.
autoconfig Configure stateless global address autoconfiguration capability.
dhcp Configure dhcpv6 client protocol.
CLI Command Reference
September 2014 Page 51
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
no network ipv6 address
The command no network ipv6 address removes all configured IPv6 prefixes.
Use this command with the address option to remove the manually configured IPv6 global address on the
network port interface.
Use this command with the autoconfig option to disable the stateless global address autoconfiguration on the
network port.
Use this command with the dhcp option disables the dhcpv6 client protocol on the network port.
Format
Mode Privileged EXEC
no network ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
network ipv6 gateway
Use this command to configure IPv6 gateway (i.e. default routers) information for the network port.
Format
Mode Privileged EXEC
Parameter Description
gateway-address Gateway address in IPv6 global or link-local address format.
no network ipv6 gateway
Use this command to remove IPv6 gateways on the network port interface.
Format
Mode Privileged EXEC
network ipv6 gateway gateway-address
no network ipv6 gateway
network ipv6 neighbor
Use this command to manually add IPv6 neighbors to the IPv6 neighbor table for this network port. If an IPv6
neighbor already exists in the neighbor table, the entry is automatically converted to a static entry. Static
entries are not modified by the neighbor discovery process. They are, however, treated the same for IPv6
forwarding. Static IPv6 neighbor entries are applied to the kernel stack and to the hardware when the
corresponding interface is operationally active.
Format
Mode Privileged EXEC
September 2014 Page 52
network ipv6 neighbor ipv6-address macaddr
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
Parameter Description
ipv6-address The IPv6 address of the neighbor or interface.
macaddr The link-layer address.
no network ipv6 neighbor
Use this command to remove IPv6 neighbors from the neighbor table.
IPv6 Management Commands
Format
no network ipv6 neighbor ipv6-address macaddr
Mode Privileged EXEC
show network ipv6 neighbors
Use this command to display the information about the IPv6 neighbor entries cached on the network port. The
information is updated to show the type of the entry.
Default None
Format
Mode • Privileged EXEC
Field Description
IPv6 Address The IPv6 address of the neighbor.
MAC Address The MAC Address of the neighbor.
isRtr Shows if the neighbor is a router. If TRUE, the neighbor is a router; FALSE it is not a router.
Neighbor State The state of the neighbor cache entry. Possible values are: Incomplete, Reachable, Stale,
Age The time in seconds that has elapsed since an entry was added to the cache.
Last Updated The time in seconds that has elapsed since an entry was added to the cache.
Type The type of neighbor entry. The type is Static if the entry is manually configured and
show network ipv6 neighbors
Delay, Probe, and Unknown
Dynamic if dynamically resolved.
Example: The following is an example of the command.
(Routing) #show network ipv6 neighbors
Neighbor Age
IPv6 Address MAC Address isRtr State (Secs) Type
------------------------ ----------------- ----- --------- ------ -----FE80::5E26:AFF:FEBD:852C 5c:26:0a:bd:85:2c FALSE Reachable 0 Static
CLI Command Reference
September 2014 Page 53
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 neighbor
Use this command to manually add IPv6 neighbors to the IPv6 neighbor table for the service port. If an IPv6
neighbor already exists in the neighbor table, the entry is automatically converted to a static entry. Static
entries are not modified by the neighbor discovery process. They are, however, treated the same for IPv6
forwarding. Static IPv6 neighbor entries are applied to the kernel stack and to the hardware when the
corresponding interface is operationally active.
Format
Mode Privileged EXEC
Parameter Description
ipv6-address The IPv6 address of the neighbor or interface.
macaddr The link-layer address.
serviceport ipv6 neighbor ipv6-address macaddr
no serviceport ipv6 neighbor
Use this command to remove IPv6 neighbors from the IPv6 neighbor table for the service port.
Format
Mode Privileged EXEC
no serviceport ipv6 neighbor ipv6-address macaddr
show serviceport ipv6 neighbors
Use this command to displays information about the IPv6 neighbor entries cached on the service port. The
information is updated to show the type of the entry.
Default None
Format
Mode Privileged EXEC
Field Description
IPv6 Address The IPv6 address of the neighbor.
MAC Address The MAC Address of the neighbor.
isRtr Shows if the neighbor is a router. If TRUE, the neighbor is a router; if FALSE, it is not a router.
Neighbor State The state of the neighbor cache entry. The possible values are: Incomplete, Reachable,
Age The time in seconds that has elapsed since an entry was added to the cache.
Type The type of neighbor entry. The type is Static if the entry is manually configured and
September 2014 Page 54
show serviceport ipv6 neighbors
Stale, Delay, Probe, and Unknown.
Dynamic if dynamically resolved.
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
Example: The following is an example of the command.
(Routing) #show serviceport ipv6 neighbors
Neighbor Age
IPv6 Address MAC Address isRtr State (Secs) Type
--------------------------------------- ----------------- ----- --------- ------ -------FE80::5E26:AFF:FEBD:852C 5c:26:0a:bd:85:2c FALSE Reachable 0 Dynamic
ping ipv6
Use this command to determine whether another computer is on the network. Ping provides a synchronous
response when initiated from the CLI and Web interfaces. To use the command, configure the switch for
network (in-band) connection. The source and target devices must have the ping utility enabled and running
on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through
the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation. The
terminal interface sends three pings to the target station. Use the
an interface by using the global IPv6 address of the interface. The argument
physical routing interface or VLAN routing interface. The keyword vlan is used to specify the VLAN ID of the
routing VLAN directly instead of a unit/slot/port format. Use the optional
the ping packet.
ipv6-address|hostname parameter to ping
unit/slot/port corresponds to a
size keyword to specify the size of
You can utilize the ping or traceroute facilities over the service/network ports when using an IPv6 global
address
ipv6-global-address|hostname. Any IPv6 global address or gateway assignments to these interfaces
will cause IPv6 routes to be installed within the IP stack such that the ping or traceroute request is routed out
the service/network port properly. When referencing an IPv6 link-local address, you must also specify the
service or network port interface by using the
serviceport or network parameter.
Default • The default count is 1.
• The default interval is 3 seconds.
• The default size is 0 bytes.
Format
ping ipv6 {ipv6-global-address | hostname | {interface {unit/slot/port | vlan 1-4093|
serviceport | network} link-local-address} [count count] [interval 1-60] [size size]
[source {ipv6-address | {unit/slot/port | vlan 1-4093 | serviceport | network}]
Mode •Privileged EXEC
•User Exec
Using the options described below, you can specify the number and size of Echo Requests and the interval
between Echo Requests. You can also specify the interface to ping and the source interface from which the ping
should originate.
Parameter Description
ipv6-global-address Global IPv6 addresses to ping.
hostname The DNS-resolvable host name of the system to ping.
interface Use the interface keyword to ping a link-local IPv6 address over an interface.
link-local-address The link-local IPv6 address to ping over an interface.
CLI Command Reference
September 2014 Page 55
HP Moonshot Switch Module CLI Command Reference
Parameter Description
IPv6 Management Commands
count Use the
count parameter to specify the number of ping packets (ICMP Echo
requests) that are sent to the destination address specified by the ip-address field.
The range for
interval Use the
count is 1 to 15 requests.
interval parameter to specify the time between Echo Requests, in
seconds. Range is 1 to 60 seconds.
size Use the
size parameter to specify the size, in bytes, of the payload of the Echo
Requests sent. Range is 0 to 65507 bytes.
source Use the source parameter to specify the source IP/IPv6 address or interface to use
when sending the Echo requests packets.
Example: IPv6 ping success
(Routing) #ping 2001::1
Pinging 2001::1 with 64 bytes of data:
Send count=3, Receive count=3 from 2001::1
Average round trip time = 3.00 ms
Example: IPv6 ping failure
(Routing) #ping ipv6 2001::4
Pinging 2001::4 with 64 bytes of data:
Send count=3, Receive count=0 from 2001::4
Average round trip time = 0.00 ms
show network ipv6 dhcp statistics
This command displays the statistics of the DHCPv6 client running on the network management interface.
Format
Mode •Privileged EXEC
Field Description
DHCPv6 Advertisement Packets
Received
DHCPv6 Reply Packets Received The number of DHCPv6 Reply packets received on the network interface.
Received DHCPv6
Advertisement Packets
Discarded
Received DHCPv6 Reply Packets
Discarded
DHCPv6 Malformed Packets
Received
Total DHCPv6 Packets Received The total number of DHCPv6 packets received on the network interface.
show network ipv6 dhcp statistics
• User EXEC
The number of DHCPv6 Advertisement packets received on the network
interface.
The number of DHCPv6 Advertisement packets discarded on the network
interface.
The number of DHCPv6 Reply packets discarded on the network interface.
The number of DHCPv6 packets that are received malformed on the network
interface.
CLI Command Reference
September 2014 Page 56
HP Moonshot Switch Module CLI Command Reference
Field Description
IPv6 Management Commands
DHCPv6 Solicit Packets
The number of DHCPv6 Solicit packets transmitted on the network interface.
Transmitted
DHCPv6 Request Packets
Transmitted
DHCPv6 Renew Packets
Transmitted
DHCPv6 Rebind Packets
Transmitted
DHCPv6 Release Packets
Transmitted
Total DHCPv6 Packets
The number of DHCPv6 Request packets transmitted on the network
interface.
The number of DHCPv6 Renew packets transmitted on the network
interface.
The number of DHCPv6 Rebind packets transmitted on the network
interface.
The number of DHCPv6 Release packets transmitted on the network
interface.
The total number of DHCPv6 packets transmitted on the network interface.
Transmitted
Example: The following shows example CLI display output for the command.
(admin)#show network ipv6 dhcp statistics
DHCPv6 Client Statistics
-------------------------
DHCPv6 Advertisement Packets Received................. 0
DHCPv6 Reply Packets Received......................... 0
Received DHCPv6 Advertisement Packets Discarded....... 0
Received DHCPv6 Reply Packets Discarded............... 0
DHCPv6 Malformed Packets Received..................... 0
Total DHCPv6 Packets Received......................... 0
DHCPv6 Solicit Packets Transmitted.................... 0
DHCPv6 Request Packets Transmitted.................... 0
DHCPv6 Renew Packets Transmitted...................... 0
DHCPv6 Rebind Packets Transmitted..................... 0
DHCPv6 Release Packets Transmitted.................... 0
Total DHCPv6 Packets Transmitted...................... 0
CLI Command Reference
September 2014 Page 57
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
show serviceport ipv6 dhcp statistics
This command displays the statistics of the DHCPv6 client running on the serviceport management interface.
Format
show serviceport ipv6 dhcp statistics
Mode •Privileged EXEC
• User EXEC
Field Description
DHCPv6 Advertisement
Packets Received
DHCPv6 Reply Packets
The number of DHCPv6 Advertisement packets received on the service port
interface.
The number of DHCPv6 Reply packets received on the service port interface.
Received
Received DHCPv6
Advertisement Packets
The number of DHCPv6 Advertisement packets discarded on the service port
interface.
Discarded
Received DHCPv6 Reply
The number of DHCPv6 Reply packets discarded on the service port interface.
Packets Discarded
DHCPv6 Malformed
Packets Received
Total DHCPv6 Packets
The number of DHCPv6 packets that are received malformed on the service port
interface.
The total number of DHCPv6 packets received on the service port interface.
Received
DHCPv6 Solicit Packets
The number of DHCPv6 Solicit packets transmitted on the service port interface.
Transmitted
DHCPv6 Request Packets
The number of DHCPv6 Request packets transmitted on the service port interface.
Transmitted
DHCPv6 Renew Packets
The number of DHCPv6 Renew packets transmitted on the service port interface.
Transmitted
DHCPv6 Rebind Packets
The number of DHCPv6 Rebind packets transmitted on the service port interface.
Transmitted
DHCPv6 Release Packets
The number of DHCPv6 Release packets transmitted on the service port interface.
Transmitted
Total DHCPv6 Packets
The total number of DHCPv6 packets transmitted on the service port interface.
Transmitted
Example: The following shows example CLI display output for the command.
(admin)#show serviceport ipv6 dhcp statistics
DHCPv6 Client Statistics
-------------------------
DHCPv6 Advertisement Packets Received................. 0
DHCPv6 Reply Packets Received......................... 0
Received DHCPv6 Advertisement Packets Discarded....... 0
Received DHCPv6 Reply Packets Discarded............... 0
DHCPv6 Malformed Packets Received..................... 0
Total DHCPv6 Packets Received......................... 0
CLI Command Reference
September 2014 Page 58
HP Moonshot Switch Module CLI Command Reference
DHCPv6 Solicit Packets Transmitted.................... 0
DHCPv6 Request Packets Transmitted.................... 0
DHCPv6 Renew Packets Transmitted...................... 0
DHCPv6 Rebind Packets Transmitted..................... 0
DHCPv6 Release Packets Transmitted.................... 0
Total DHCPv6 Packets Transmitted...................... 0
Console Port Access Commands
clear network ipv6 dhcp statistics
Use this command to clear the DHCPv6 statistics on the network management interface.
Format
Mode Privileged EXEC
clear network ipv6 dhcp statistics
clear serviceport ipv6 dhcp statistics
Use this command to clear the DHCPv6 client statistics on the service port interface.
Format
Mode Privileged EXEC
clear serviceport ipv6 dhcp statistics
Console Port Access Commands
This section describes the commands you use to configure the console port. You can use a serial cable to
connect a management host directly to the console port of the switch.
configuration
This command gives you access to the Global Config mode. From the Global Config mode, you can configure a
variety of system settings, including user accounts. From the Global Config mode, you can enter other
command modes, including Line Config mode.
Format
Mode Privileged EXEC
configuration
line
This command gives you access to the Line Console mode, which allows you to configure various Telnet settings
and the console port, as well as to configure console login/enable authentication.
Format
Mode Global Config
September 2014 Page 59
line {console | telnet | ssh}
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
Console Port Access Commands
Term Definition
console Console terminal line.
telnet Virtual terminal for remote console access (Telnet).
ssh Virtual terminal for secured remote console access (SSH).
Example: The following shows an example of the CLI command.
(Routing)(config)#line telnet
(Routing)(config-telnet)#
serial baudrate
This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200.
Default 115200
Format
Mode Line Config
serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200}
no serial baudrate
This command sets the communication rate of the terminal interface.
Format
no serial baudrate
Mode Line Config
serial timeout
This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates
that a console can be connected indefinitely. The time range is 0 to 160.
Default No timeout
Format
Mode Line Config
no serial timeout
This command sets the maximum connect time (in minutes) without console activity.
Format
serial timeout 0-160
no serial timeout
Mode Line Config
CLI Command Reference
September 2014 Page 60
HP Moonshot Switch Module CLI Command Reference
Console Port Access Commands
serial port
This command controls which of the two serial ports is the active serial port. Only one serial port can be active
at a time. The external serial port is the RJ45 port next to the external Ethernet/stacking ports on the switch
uplink module at the rear of the chassis. The internal serial port is accessible from the iLO Chassis Manager
virtual serial port feature. Only one serial port is accessible at a time. By default, the external serial port is
enabled, and the virtual serial port is disabled.
Note: After executing this command to change the active serial port, you must reboot the system for
the change to take effect.
Default External
Format
serial port {internal | external}
Modes Line Config
show serial
This command displays serial communication settings for the switch.
Format
show serial
Modes •Privileged EXEC
• User EXEC
Term Definition
Serial Port Login
Timeout (minutes)
The time, in minutes, of inactivity on a serial port connection, after which the switch
will close the connection. A value of 0 disables the timeout.
Baud Rate (bps) The default baud rate at which the serial port will try to connect.
Character Size (bits) The number of bits in a character. The number of bits is always 8.
Flow Control Whether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is
always disabled.
Stop Bits The number of Stop bits per character. The number of Stop bits is always 1.
Parity The parity method used on the Serial Port. The Parity Method is always None.
Example: The following is an example of the command output.
(Routing) #show serial
Serial Port Login Timeout (minutes)............ 0
Baud Rate (bps)................................ 115200
Character Size (bits).......................... 8
Flow Control................................... Disable
Stop Bits...................................... 1
Parity......................................... none
CLI Command Reference
September 2014 Page 61
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
Telnet Commands
This section describes the commands you use to configure and view Telnet settings. You can use Telnet to
manage the device from a remote management host.
ip telnet server enable
Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode.
This command opens the Telnet listening port.
Default disabled
Format
Mode Privileged EXEC
no ip telnet server enable
Use this command to disable Telnet access to the system and to disable the Telnet Server Admin Mode. This
command closes the Telnet listening port and disconnects all open Telnet sessions.
ip telnet server enable
Format
Mode Privileged EXEC
no ip telnet server enable
telnet
This command establishes a new outbound Telnet connection to a remote host. The host value must be a valid
IP address or host name. Valid values for port should be a valid decimal integer in the range of 0 to 65535,
where the default value is 23. If
line parameter sets the outbound Telnet operational mode as linemode where, by default, the operational
mode is character mode. The localecho option enables local echo.
Format
Modes •Privileged EXEC
telnet ip-address|hostname port [debug] [line] [localecho]
• User EXEC
[debug] is used, the current Telnet options enabled is displayed. The optional
CLI Command Reference
September 2014 Page 62
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
transport input telnet
This command regulates new Telnet sessions. If enabled, new Telnet sessions can be established until there are
no more sessions available. An established session remains active until the session is ended or an abnormal
network error ends the session.
Note: If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established. Use the ip
telnet server enable
Default enabled
Format
transport input telnet
Mode Line Config
no transport input telnet
Use this command to prevent new Telnet sessions from being established.
command to enable Telnet Server Admin Mode.
Format
no transport input telnet
Mode Line Config
transport output telnet
This command regulates new outbound Telnet connections. If enabled, new outbound Telnet sessions can be
established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed.
An established session remains active until the session is ended or an abnormal network error ends it.
Default enabled
Format
Mode Line Config
no transport output telnet
Use this command to prevent new outbound Telnet connection from being established.
Format
Mode Line Config
transport output telnet
no transport output telnet
CLI Command Reference
September 2014 Page 63
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
session-limit
This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0
indicates that no outbound Telnet session can be established.
Default 5
Format
Mode Line Config
no session-limit
This command sets the maximum number of simultaneous outbound Telnet sessions to the default value.
session-limit 0-5
Format
Mode Line Config
no session-limit
session-timeout
This command sets the Telnet session timeout value.The timeout value unit of time is minutes.
Default 5
Format
Mode Line Config
session-timeout 1-160
no session-timeout
This command sets the Telnet session timeout value to the default. The timeout value unit of time is minutes.
Format
Mode Line Config
no session-timeout
telnetcon maxsessions
This command specifies the maximum number of Telnet connection sessions that can be established. A value
of 0 indicates that no Telnet connection can be established. The range is 0-5.
Default 5
Format
Mode Privileged EXEC
September 2014 Page 64
telnetcon maxsessions 0-5
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
no telnetcon maxsessions
This command sets the maximum number of Telnet connection sessions that can be established to the default
value.
Format
no telnetcon maxsessions
Mode Privileged EXEC
telnetcon timeout
This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the
session has not been idle for the value set. The time is a decimal value from 1 to 160.
Note: When you change the timeout value, the new value is applied to all active and inactive sessions
immediately. Any sessions that have been idle longer than the new timeout value are disconnected
immediately.
Default 5
Format
Mode Privileged EXEC
no telnetcon timeout
This command sets the Telnet connection session timeout value to the default.
telnetcon timeout 1-160
Note: Changing the timeout value for active sessions does not become effective until the session is
accessed again. Also, any keystroke activates the new timeout duration.
Format
no telnetcon timeout
Mode Privileged EXEC
CLI Command Reference
September 2014 Page 65
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
show telnet
This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet
connections initiated from the switch to a remote system.
Format
Modes •Privileged EXEC
Term Definition
Outbound Telnet Login Timeout The number of minutes an outbound Telnet session is allowed to remain
Maximum Number of Outbound
Telnet Sessions
Allow New Outbound Telnet
Sessions
show telnet
• User EXEC
inactive before being logged off.
The number of simultaneous outbound Telnet connections allowed.
Indicates whether outbound Telnet sessions will be allowed.
show telnetcon
This command displays the current inbound Telnet settings. In other words, these settings apply to Telnet
connections initiated from a remote system to the switch.
Format
Modes •Privileged EXEC
show telnetcon
• User EXEC
Term Definition
Remote Connection Login
Timeout (minutes)
Maximum Number of Remote
Connection Sessions
Allow New Telnet Sessions New Telnet sessions will not be allowed when this field is set to no. The
Telnet Server Admin Mode The administrative mode of the telnet server on the system.
This object indicates the number of minutes a remote connection session is
allowed to remain inactive before being logged off. May be specified as a
number from 1 to 160. The factory default is 5.
This object indicates the number of simultaneous remote connection
sessions allowed. The factory default is 5.
factory default value is yes.
CLI Command Reference
September 2014 Page 66
HP Moonshot Switch Module CLI Command Reference
Secure Shell Commands
Secure Shell Commands
This section describes the commands you use to configure Secure Shell (SSH) access to the switch. Use SSH to
access the switch from a remote management host.
Note: The system allows a maximum of 5 SSH sessions.
ip ssh
Use this command to enable SSH access to the system. (This command is the short form of the ip ssh server
enable
command.)
Default enabled
Format
Mode Privileged EXEC
ip ssh
ip ssh protocol
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both
SSH 1 and SSH 2 (1 and 2) can be set.
Default 2
Format
Mode Privileged EXEC
ip ssh protocol [1] [2]
ip ssh server enable
This command enables the IP secure shell server. No new SSH connections are allowed, but the existing SSH
connections continue to work until timed-out or logged-out.
Default enabled
Format
Mode Privileged EXEC
no ip ssh server enable
This command disables the IP secure shell server.
ip ssh server enable
Format
Mode Privileged EXEC
September 2014 Page 67
no ip ssh server enable
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
Secure Shell Commands
sshcon maxsessions
This command specifies the maximum number of SSH connection sessions that can be established. A value of
0 indicates that no ssh connection can be established. The range is 0 to 5.
Default 5
Format
Mode Privileged EXEC
no sshcon maxsessions
This command sets the maximum number of allowed SSH connection sessions to the default value.
sshcon maxsessions 0-5
Format
Mode Privileged EXEC
no sshcon maxsessions
sshcon timeout
This command sets the SSH connection session timeout value, in minutes. A session is active as long as the
session has been idle for the value set. The time is a decimal value from 1 to 160.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also,
any keystroke activates the new timeout duration.
Default 5
Format
Mode Privileged EXEC
no sshcon timeout
This command sets the SSH connection session timeout value, in minutes, to the default.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also,
any keystroke activates the new timeout duration.
sshcon timeout 1-160
Format
Mode Privileged EXEC
September 2014 Page 68
no sshcon timeout
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
show ip ssh
This command displays the ssh settings.
Management Security Commands
Format
Mode Privileged EXEC
Term Definition
Administrative Mode This field indicates whether the administrative mode of SSH is enabled or
Protocol Level The protocol level may have the values of version 1, version 2 or both
SSH Sessions Currently Active The number of SSH sessions currently active.
Max SSH Sessions Allowed The maximum number of SSH sessions allowed.
SSH Timeout The SSH timeout value in minutes.
Keys Present Indicates whether the SSH RSA and DSA key files are present on the device.
Key Generation in Progress Indicates whether RSA or DSA key files generation is currently in progress.
show ip ssh
disabled.
versions 1 and version 2.
Management Security Commands
This section describes commands you use to generate keys and certificates, which you can do in addition to
loading them as before.
crypto key generate rsa
Use this command to generate an RSA key pair for SSH. The new key files will overwrite any existing generated
or downloaded RSA key files.
Format
Mode Global Config
no crypto key generate rsa
Use this command to delete the RSA key files from the device.
Format
Mode Global Config
crypto key generate rsa
no crypto key generate rsa
CLI Command Reference
September 2014 Page 69
HP Moonshot Switch Module CLI Command Reference
Access Commands
crypto key generate dsa
Use this command to generate a DSA key pair for SSH. The new key files will overwrite any existing generated
or downloaded DSA key files.
Format
Mode Global Config
crypto key generate dsa
no crypto key generate dsa
Use this command to delete the DSA key files from the device.
Format
Mode Global Config
no crypto key generate dsa
Access Commands
Use the commands in this section to close remote connections or to view information about connections to
the system.
disconnect
Use the disconnect command to close Telnet or SSH sessions. Use all to close all active sessions, or use
session-id to specify the session ID to close. To view the possible values for session-id, use the show
loginsession command.
Format
Mode Privileged EXEC
disconnect {session_id | all}
show loginsession
This command displays current Telnet, SSH and serial port connections to the switch. This command displays
truncated user names. Use the
Format
Mode Privileged EXEC
Term Definition
ID Login Session ID.
User Name The name the user entered to log on to the system.
Connection From IP address of the remote client machine or EIA-232 for the serial port connection.
September 2014 Page 70
show loginsession
show loginsession long command to display the complete usernames.
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Term Definition
Idle Time Time this session has been idle.
Session Time Total time this session has been connected.
Session Type Shows the type of session, which can be HTTP, HTTPS, telnet, serial, or SSH.
show loginsession long
This command displays the complete user names of the users currently logged in to the switch.
Format
show loginsession long
Mode Privileged EXEC
Example: The following shows an example of the command.
(Routing) #show loginsession long
User Name
-----------admin
test1111test1111test1111test1111test1111test1111test1111test1111
User Account Commands
This section describes the commands you use to add, manage, and delete system users. HP Moonshot Switch
Module software has two default users: admin and guest. The admin user can view and configure system
settings, and the guest user can view settings.
Note: You cannot delete the admin user. There is only one user allowed with read/write privileges.
You can configure up to five read-only users on the system.
aaa authentication login
Use this command to set authentication at login. The default and optional list names created with the
command are used with the
authentication login list-name method command, where list-name is any character string used to name this
list. The
method argument identifies the list of methods that the authentication algorithm tries, in the given
sequence.
The additional methods of authentication are used only if the previous method returns an error, not if there is
an authentication failure. To ensure that the authentication succeeds even if all methods return an error,
specify
method after
September 2014 Page 71
none as the fInal method in the command line. For example, if none is specified as an authentication
radius, no authentication is used if the RADIUS server is down.
aaa authentication login command. Create a list by entering the aaa
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Default •
Format
defaultList. Used by the console and only contains the method local.
networkList. Used by telnet and SSH and only contains the method local.
•
aaa authentication login {default | list-name} method1 [method2...]
Mode Global Config
Parameter Definition
default Uses the listed authentication methods that follow this argument as the default list of
methods when a user logs in.
list-name Character string of up to 15 characters used to name the list of authentication methods
activated when a user logs in.
method1...
[method2...]
At least one from the following:
• enable. Uses the enable password for authentication.
• line. Uses the line password for authentication.
• local. Uses the local username database for authentication.
• none. Uses no authentication.
• radius. Uses the list of all RADIUS servers for authentication.
• tacacs. Uses the list of all TACACS servers for authentication.
Example: The following shows an example of the command.
(Routing)(config)# aaa authentication login default radius local enable none
no aaa authentication login
This command returns to the default.
Format
Mode Global Config
aaa authentication login {default | list-name}
CLI Command Reference
September 2014 Page 72
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa authentication enable
Use this command to set authentication for accessing higher privilege levels. The default enable list is
enableList. It is used by console, and contains the method as enable followed by none.
A separate default enable list,
is applied by default for Telnet and SSH, and contains
enableNetList, is used for Telnet and SSH users instead of enableList. This list
enable followed by deny methods. In HP Moonshot
Switch Module, by default, the enable password is not configured. That means that, by default, Telnet and SSH
users will not get access to Privileged EXEC mode. On the other hand, with default conditions, a console user
always enter the Privileged EXEC mode without entering the
The default and optional list names created with the
enable authentication command. Create a list by entering the aaa authentication enable list-name method
command where
list-name is any character string used to name this list. The method argument identifies the
aaa authentication enable command are used with the
enable password.
list of methods that the authentication algorithm tries in the given sequence.
The user manager returns ERROR (not PASS or FAIL) for enable and line methods if no password is configured,
and moves to the next configured method in the authentication list. The method
none reflects that there is no
authentication needed.
The user will only be prompted for an enable password if one is required. The following authentication
methods do not require passwords:
1. none
2. deny
3. enable (if no enable password is configured)
4. line (if no line password is configured)
Example: See the examples below.
a.
aaa authentication enable default enable none
b. aaa authentication enable default line none
c. aaa authentication enable default enable radius none
d. aaa authentication enable default line tacacs none
Examples a and b do not prompt for a password, however because examples c and d contain the radius and
tacacs methods, the password prompt is displayed.
If the login methods include only enable, and there is no enable password configured, then HP Moonshot
Switch Module does not prompt for a username. In such cases, HP Moonshot Switch Module only prompts for
a password. HP Moonshot Switch Module supports configuring methods after the local method in
authentication and authorization lists. If the user is not present in the local database, then the next configured
method is tried.
The additional methods of authentication are used only if the previous method returns an error, not if it fails.
To ensure that the authentication succeeds even if all methods return an error, specify
none as the final method
in the command line.
Use the command “show authorization methods” on page 76 to display information about the authentication
methods.
CLI Command Reference
September 2014 Page 73
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Note: Requests sent by the switch to a RADIUS server include the username $enabx$, where x is the
requested privilege level. For enable to be authenticated on Radius servers, add
$enabx$ users to
them. The login user ID is now sent to TACACS+ servers for enable authentication.
Default default
Format
aaa authentication enable {default | list-name} method1 [method2...]
Mode Global Config
Parameter Description
default Uses the listed authentication methods that follow this argument as the default list of
methods, when using higher privilege levels.
list-name Character string used to name the list of authentication methods activated, when using
access higher privilege levels. Range: 1-15 characters.
method1
[method2...]
Specify at least one from the following:
deny. Used to deny access.
•
enable. Uses the enable password for authentication.
•
line. Uses the line password for authentication.
•
none. Uses no authentication.
•
radius. Uses the list of all RADIUS servers for authentication.
•
tacacs. Uses the list of all TACACS+ servers for authentication.
•
Example: The following example sets authentication when accessing higher privilege levels.
(Routing)(config)# aaa authentication enable default enable
no aaa authentication enable
Use this command to return to the default configuration.
Format
Mode Global Config
no aaa authentication enable {default | list-name}
CLI Command Reference
September 2014 Page 74
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa authorization
Use this command to configure command and exec authorization method lists. This list is identified by default
or a user-specified
notified to a TACACS+ server. If
applicable. A maximum of five authorization method lists can be created for the
Note: Local method is not supported for command authorization. Command authorization with
RADIUS will work if, and only if, the applied authentication method is also radius.
Per-Command Authorization
When authorization is configured for a line mode, the user manager sends information about an entered
command to the AAA server. The AAA server validates the received command, and responds with either a PASS
or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error
message is shown to the user. The various utility commands like tftp, ping, and outbound telnet should also
pass command authorization. Applying the script is treated as a single command apply script, which also goes
through authorization. Startup-config commands applied on device boot-up are not an object of the
authorization process.
list-name. If tacacs is specified as the authorization method, authorization commands are
none is specified as the authorization method, command authorization is not
commands type.
The per-command authorization usage scenario is this:
1. Configure Authorization Method List
aaa authorization commands listname tacacs radius none
2. Apply AML to an Access Line Mode (console, telnet, SSH)
authorization commands listname
3. Commands entered by the user will go through command authorization via TACACS+ or RADIUS server and
will be accepted or denied.
Exec Authorization
When exec authorization is configured for a line mode, the user may not be required to use the enable
command to enter Privileged EXEC mode. If the authorization response indicates that the user has sufficient
privilege levels for Privileged EXEC mode, then the user bypasses User EXEC mode entirely.
The exec authorization usage scenario is this:
1. Configure Authorization Method List
aaa authorization exec listname method1 [method2....]
2. Apply AML to an Access Line Mode (console, telnet, SSH)
authorization exec listname
3. When the user logs in, in addition to authentication, authorization will be performed to determine if the
user is allowed direct access to Privileged EXEC mode.
Format
aaa authorization {commands|exec} {default|list-name} method1[method2]
Mode Global Config
CLI Command Reference
September 2014 Page 75
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Parameter Description
commands Provides authorization for all user-executed commands.
exec Provides exec authorization.
default The default list of methods for authorization services.
list-name Alphanumeric character string used to name the list of authorization methods.
method
TACACS+/RADIUS/Local and none are supported.
Example: The following shows an example of the command.
(Routing) #
(Routing) #configure
(Routing) (Config)#aaa authorization exec default tacacs none
(Routing) (Config)#aaa authorization commands default tacacs none
no aaa authorization
This command deletes the authorization method list.
Format
no aaa authorization {commands|exec} {default|list-name}
Mode Global Config
show authorization methods
This command displays the configured authorization method lists.
Format
Mode Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show authorization methods
Command Authorization Method Lists
-------------------------------------
dfltCmdAuthList : none
Line Command Method List
--------- ---------------------
Console dfltCmdAuthList
Telnet dfltCmdAuthList
SSH dfltCmdAuthList
show authorization methods
Exec Authorization Method Lists
-------------------------------------
dfltExecAuthList : none
CLI Command Reference
September 2014 Page 76
HP Moonshot Switch Module CLI Command Reference
Line Exec Method List
--------- ---------------------
Console dfltExecAuthList
Telnet dfltExecAuthList
SSH dfltExecAuthList
User Account Commands
enable authentication
Use this command to specify the authentication method list when accessing a higher privilege level from a
remote telnet or console.
Format
enable authentication {default | list-name}
Mode Line Config
Parameter Description
default Uses the default list created with the
list-name Uses the indicated list created with the
aaa authentication enable command.
aaa authentication enable command.
Example: The following example specifies the default authentication method when accessing a higher
privilege level console.
(Routing)(config)# line console
(Routing)(config-line)# enable authentication default
no enable authentication
Use this command to return to the default specified by the enable authentication command.
Format
Mode Line Config
no enable authentication
CLI Command Reference
September 2014 Page 77
HP Moonshot Switch Module CLI Command Reference
User Account Commands
username (Global Config)
Use the username command in Global Config mode to add a new user to the local user database. The default
privilege level is 1. Using the
between devices without having to know the passwords. When the
encrypted parameter, the password must be exactly 128 hexadecimal characters in length. If the password
strength feature is enabled, this command checks for password strength and returns an appropriate error if it
fails to meet the password strength criteria. Giving the optional parameter
disables the validation of the password strength.
encrypted keyword allows the administrator to transfer local user passwords
password parameter is used along with
override-complexity-check
Format
username name {password password [encrypted [override-complexity-check] | level level
[encrypted [override-complexity-check]] | override-complexity-check]} | {level level
[override-complexity-check] password}
Mode Global Config
Parameter Description
name The name of the user. Range: 1– 32 characters.
password The authentication password for the user. Range 8-64 characters. This value can
be zero if the
no passwords min-length command has been executed. The
special characters allowed in the password include ! # $ % & ' ( ) * + , - .
/ : ; < = > @ [ \ ] ^ _ ` { | } ~.
level The user level. Level 0 can be assigned by a level 15 user to another user to
suspend that user’s access. Range 0-15. Enter access level 1 for Read Access or
15 for Read/Write Access. If not specified where it is optional, the privilege level
is 1.
encrypted Encrypted password entered, copied from another switch configuration.
override-complexity-check Disables the validation of the password strength.
Example: The following example configures user
(Routing)(config)# username bob password xxxyyymmmm level 15
bob with password xxxyyymmmm and user level 15.
Example: The following example configures user test with password testPassword and assigns a user level
of 1 (read-only). The password strength will not be validated.
(Routing)(config)# username test password testPassword level 1 override-complexity-check
Example: A third example.
(Routing) (Config)#username test password testtest
Example: A fourth example.
(Routing) (Config)# username test password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 level 1 encrypted override-complexity-check
(Routing) (Config)# username test level 15 password
Enter new password:********
Confirm new password:********
CLI Command Reference
September 2014 Page 78
HP Moonshot Switch Module CLI Command Reference
no username
Use this command to remove a user name.
User Account Commands
Format
no username name
Mode Global Config
username name nopassword
Use this command to remove an existing user’s password (NULL password).
Format
username name nopassword [level level]
Mode Global Config
Parameter Description
name The name of the user. Range: 1-32 characters.
password The authentication password for the user. Range 8-64 characters.
level The user level. Level 0 can be assigned by a level 15 user to another user to suspend that
user’s access. Range 0-15.
username name unlock
Use this command to allows a locked user account to be unlocked. Only a user with read/write access can reactivate a locked user account.
Format
username name unlock
Mode Global Config
username snmpv3 accessmode
This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values
readonly or readwrite. The username is the login user name for which the specified access mode applies.
are
The default is
the same case you used when you added the user. To see the case of the
command.
Defaults • admin - readwrite
Format
Mode Global Config
September 2014 Page 79
readwrite for the “admin” user and readonly for all other users. You must enter the username in
username, enter the show users
•other - readonly
username snmpv3 accessmode username {readonly | readwrite}
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no username snmpv3 accessmode
This command sets the snmpv3 access privileges for the specified user as readwrite for the “admin” user and
readonly for all other users. The
Format
no username snmpv3 accessmode username
username value is the user name for which the specified access mode will apply.
Mode Global Config
username snmpv3 authentication
This command specifies the authentication protocol to be used for the specified user. The valid authentication
protocols are
authentication password and therefore must be at least eight characters in length. The
name associated with the authentication protocol. You must enter the
when you added the user. To see the case of the
Default no authentication
Format
Mode Global Config
none, md5 or sha. If you specify md5 or sha, the login password is also used as the snmpv3
username is the user
username in the same case you used
username, enter the show users command.
username snmpv3 authentication username {none | md5 | sha}
no username snmpv3 authentication
This command sets the authentication protocol to be used for the specified user to none. The username is the
user name for which the specified authentication protocol is used.
Format
no username snmpv3 authentication username
Mode Global Config
username snmpv3 encryption
This command specifies the encryption protocol used for the specified user. The valid encryption protocols are
des or none.
If you select
characters long. If you select the
you use the
minimum of eight characters. If you select
username value is the login user name associated with the specified encryption. You must enter the
The
username in the same case you used when you added the user. To see the case of the username, enter the show
users
command.
Default no encryption
Format
des, you can specify the required key on the command line. The encryption key must be 8 to 64
des protocol but do not provide a key, the user is prompted for the key. When
des protocol, the login password is also used as the snmpv3 encryption password, so it must be a
none, you do not need to provide a key.
username snmpv3 encryption username {none | des[key]}
Mode Global Config
CLI Command Reference
September 2014 Page 80
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no username snmpv3 encryption
This command sets the encryption protocol to none. The username is the login user name for which the
specified encryption protocol will be used.
Format
no username snmpv3 encryption username
Mode Global Config
username snmpv3 encryption encrypted
This command specifies the des encryption protocol and the required encryption key for the specified user. The
encryption key
must be 8 to 64 characters long.
Default no encryption
Format
username snmpv3 encryption encrypted username des key
Mode Global Config
show users
This command displays the configured user names and their privilege levels. The show users command displays
truncated user names. Use the
command is only available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if
SNMP is available on the system.
Format
show users
show users long command to display the complete usernames. The show users
Mode Privileged EXEC
Term Definition
User Name The name the user enters to login using the serial port, Telnet or Web.
User Access Mode Shows the privilege level associated with the user. A user with Privilege 15 is able
to change parameters on the switch (Read/Write). A user with Privilege 1 is only
able to view parameters (Read Only). As a factory default, the admin user has Read/
Write access (Privilege 15) and the guest has Read Only access (Privilege 1).
SNMPv3 Access Mode The SNMPv3 Access Mode. If the value is set to
able to set and retrieve parameters on the system. If the value is set to
ReadWrite, the SNMPv3 user is
ReadOnly,
the SNMPv3 user is only able to retrieve parameter information. The SNMPv3
access mode may be different than the CLI and Web access mode.
SNMPv3 Authentication The authentication protocol to be used for the specified login user.
SNMPv3 Encryption The encryption protocol to be used for the specified login user.
Example: The following shows an example of the command.
(Routing) #show users
User
User Name Access Mode
------------------------ -----------
admin Privilege-15
guest Privilege-1
CLI Command Reference
September 2014 Page 81
HP Moonshot Switch Module CLI Command Reference
User Account Commands
show users long
This command displays the complete usernames of the configured users on the switch.
Format
show users long
Mode Privileged EXEC
Example: The following shows an example of the command.
(Routing) #show users long
User Name
------------
admin
guest
test1111test1111test1111test1111
show users accounts
This command displays the local user status with respect to user account lockout and password aging.This
command displays truncated user names. Use the
usernames.
show users long command to display the complete
Format
show users accounts [detail]
Mode Privileged EXEC
Term Definition
User Name The local user account’s user name.
Access Level The user’s access level (1 for read-only or 15 for read/write).
Password Aging Number of days, since the password was configured, until the password expires.
Password Expiry
The current password expiration date in date format.
Date
Lockout Indicates whether the user account is locked out (true or false).
CLI Command Reference
September 2014 Page 82
HP Moonshot Switch Module CLI Command Reference
If the detail keyword is included, the following additional fields display.
Term Definition
User Account Commands
Password Override
Displays the user's Password override complexity check status. By default it is disabled.
Complexity Check
Password Strength Displays the user password's strength (Strong or Weak). This field is displayed only if
the Password Strength feature is enabled.
Example: The following example displays information about the local user database.
(Routing)#show users accounts
UserName Privilege Password Password Lockout
Aging Expiry date
------------------- --------- -------- ------------ -------
admin 15 --- --- False
guest 1 --- --- False
console#show users accounts detail
UserName....................................... admin
Privilege...................................... 15
Password Aging................................. ---
Password Expiry................................ ---
Lockout........................................ False
Override Complexity Check...................... Disable
Password Strength.............................. ---
UserName....................................... guest
Privilege...................................... 1
Password Aging................................. ---
Password Expiry................................ ---
Lockout........................................ False
Override Complexity Check...................... Disable
Password Strength.............................. ---
show users login-history [long]
Use this command to display information about the login history of users.
Format
Mode Privileged EXEC
September 2014 Page 83
show users login-history [long]
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
show users login-history [username]
Use this command to display information about the login history of users.
User Account Commands
Format
show users login-history [username name]
Mode Privileged EXEC
Parameter Description
name Name of the user. Range: 1-20 characters.
Example: The following example shows user login history outputs.
Console>show users login-history
Login Time Username Protocol Location
-------------------- --------- --------- ---------------
Jan 19 2005 08:23:48 Bob Serial
Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8
Jan 19 2005 08:42:31 John SSH 172.16.0.1
Jan 19 2005 08:49:52 Betty Telnet 172.16.1.7
login authentication
Use this command to specify the login authentication method list for a line (console, telnet, or SSH). The default
configuration uses the default set with the command
Format
login authentication {default | list-name}
aaa authentication login.
Mode Line Configuration
Parameter Description
default Uses the default list created with the
list-name Uses the indicated list created with the
aaa authentication login command.
aaa authentication login command.
Example: The following example specifies the default authentication method for a console.
(Routing) (config)# line console
(Routing) (config-line)# login authentication default
no login authentication
Use this command to return to the default specified by the authentication login command.
CLI Command Reference
September 2014 Page 84
HP Moonshot Switch Module CLI Command Reference
User Account Commands
password
This command allows the currently logged in user to change his or her password without having read/write
privileges.
Format
password cr
Mode User EXEC
Example: The following is an example of the command.
console>password
Enter old password:********
Enter new password:********
Confirm new password:********
password (Line Configuration)
Use the password command in Line Configuration mode to specify a password on a line. The default
configuration is no password is specified.
Format
Mode Line Config
Parameter Definition
password [password [encrypted]]
password Password for this level. Range: 8-64 characters
encrypted Encrypted password to be entered, copied from another switch configuration. The
encrypted password should be 128 characters long because the assumption is that this
password is already encrypted with AES.
Example: The following example specifies a password
(Routing)(config-line)# password mcmxxyyy
mcmxxyyy on a line.
Example: The following is another example of the command.
(Routing)(Config-line)# password testtest
(Routing) (Config-line)# password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 encrypted
(Routing) (Config-line)# password
Enter new password:********
Confirm new password:********
CLI Command Reference
September 2014 Page 85
HP Moonshot Switch Module CLI Command Reference
no password (Line Configuration)
Use this command to remove the password on a line.
User Account Commands
Format
no password
Mode Line Config
password (User EXEC)
Use this command to allow a user to change the password for only that user. This command should be used
after the password has aged. The user is prompted to enter the old password and the new password.
Format
password
Mode User EXEC
Example: The following example shows the prompt sequence for executing the password command.
(Routing)>password
Enter old password:********
Enter new password:********
Confirm new password:********
password (aaa IAS User Config)
This command is used to configure a password for a user. An optional parameter [encrypted] is provided to
indicate that the password given to the command is already pre-encrypted.
Format
password password [encrypted]
Mode aaa IAS User Config
no password (aaa IAS User Config)
This command is used to clear the password of a user.
Format
Mode aaa IAS User Config
Example: The following shows an example of the command.
(Routing) #configure
(Routing) (Config)#aaa ias-user username client-1
(Routing) (Config-aaa-ias-User)#password client123
(Routing) (Config-aaa-ias-User)#no password
no password
CLI Command Reference
September 2014 Page 86
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Example: The following is an example of adding a MAB Client to the Internal user database.
(Routing) #
(Routing) #configure
(Routing) (Config)#aaa ias-user username 1f3ccb1157
(Routing) (Config-aaa-ias-User)#password 1f3ccb1157
(Routing) (Config-aaa-ias-User)#exit
(Routing) (Config)#
enable password (Privileged EXEC)
Use the enable password configuration command to set a local password to control access to the privileged
EXEC mode.
Format
enable password [password [encrypted]]
Mode Privileged EXEC
Parameter Description
password Password string. Range: 8-64 characters.
encrypted Encrypted password you entered, copied from another switch configuration. The
encrypted password should be 128 characters long because the assumption is that this
password is already encrypted with AES.
Example: The following shows an example of the command.
(Routing) #enable password testtest
(Routing) #enable password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 encrypted
(Routing) #enable password
Enter old password:********
Enter new password:********
Confirm new password:********
no enable password (Privileged EXEC)
Use the no enable password command to remove the password requirement.
Format
Mode Privileged EXEC
September 2014 Page 87
no enable password
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords min-length
Use this command to enforce a minimum password length for local users. The value also applies to the enable
password. The valid range is 8-64.
Default 8
Format
Mode Global Config
passwords min-length 8-64
no passwords min-length
Use this command to set the minimum password length to the default value.
Format
Mode Global Config
no passwords min-length
passwords history
Use this command to set the number of previous passwords that shall be stored for each user account. When
a local user changes his or her password, the user will not be able to reuse any password stored in password
history. This ensures that users don’t reuse their passwords often. The valid range is 0-10.
Default 0
Format
passwords history 0-10
Mode Global Config
no passwords history
Use this command to set the password history to the default value.
Format
Mode Global Config
no passwords history
passwords aging
Use this command to implement aging on passwords for local users. When a user’s password expires, the user
will be prompted to change it before logging in again. The valid range is 1-365. The default is 0, or no aging.
Default 0
Format
Mode Global Config
no passwords aging
Use this command to set the password aging to the default value.
Format
passwords aging 1-365
no passwords aging
Mode Global Config
CLI Command Reference
September 2014 Page 88
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords lock-out
Use this command to strengthen the security of the switch by locking user accounts that have failed login due
to wrong passwords. When a lockout count is configured, a user that is logged in must enter the correct
password within that count. Otherwise the user will be locked out from further switch access. Only a user with
read/write access can re-activate a locked user account. Password lockout does not apply to logins from the
serial console. The valid range is 1-5. The default is 0, or no lockout count enforced.
Default 0
Format
Mode Global Config
passwords lock-out 1-5
no passwords lock-out
Use this command to set the password lock-out count to the default value.
Format
Mode Global Config
no passwords lock-out
passwords strength-check
Use this command to enable the password strength feature. It is used to verify the strength of a password
during configuration.
Default Disable
Format
Mode Global Config
passwords strength-check
no passwords strength-check
Use this command to set the password strength checking to the default value.
Format
Mode Global Config
no passwords strength-check
passwords strength maximum consecutive-characters
Use this command to set the maximum number of consecutive characters to be used in password strength. The
valid range is 0-15. The default is 0. Minimum of 0 means no restriction on that set of characters.
Default 0
Format
Mode Global Config
passwords strength maximum consecutive-characters 0-15
CLI Command Reference
September 2014 Page 89
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength maximum repeated-characters
Use this command to set the maximum number of repeated characters to be used in password strength. The
valid range is 0-15. The default is 0. Minimum of 0 means no restriction on that set of characters.
Default 0
Format
Mode Global Config
passwords strength maximum consecutive-characters 0-15
passwords strength minimum uppercase-letters
Use this command to enforce a minimum number of uppercase letters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default 2
Format
Mode Global Config
passwords strength minimum uppercase-letters
no passwords strength minimum uppercase-letters
Use this command to reset the minimum uppercase letters required in a password to the default value.
Format
Mode Global Config
no passwords minimum uppercase-letter
passwords strength minimum lowercase-letters
Use this command to enforce a minimum number of lowercase letters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default 2
Format
Mode Global Config
no passwords strength minimum lowercase-letters
Use this command to reset the minimum lower letters required in a password to the default value.
Format
Mode Global Config
passwords strength minimum lowercase-letters
no passwords minimum lowercase-letter
CLI Command Reference
September 2014 Page 90
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength minimum numeric-characters
Use this command to enforce a minimum number of numeric characters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default 2
Format
Mode Global Config
passwords strength minimum numeric-characters
no passwords strength minimum numeric-characters
Use this command to reset the minimum numeric characters required in a password to the default value.
Format
Mode Global Config
no passwords minimum numeric-characters
passwords strength minimum special-characters
Use this command to enforce a minimum number of special characters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default 2
Format
Mode Global Config
passwords strength minimum special-characters
no passwords strength minimum special-characters
Use this command to reset the minimum special characters required in a password to the default value.
Format
Mode Global Config
no passwords minimum special-characters
passwords strength minimum character-classes
Use this command to enforce a minimum number of characters classes that a password should contain.
Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid
range is 0-4. The default is 4.
Default 4
Format
Mode Global Config
no passwords strength minimum character-classes
Use this command to reset the minimum number of character classes required in a password to the default
value.
Format
Mode Global Config
passwords strength minimum character-classes
no passwords minimum character-classes
CLI Command Reference
September 2014 Page 91
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength exclude-keyword
Use this command to exclude the specified keyword while configuring the password. The password does not
accept the keyword in any form (in between the string, case in-sensitive and reverse) as a substring. User can
configure up to a maximum of 3 keywords
Format
Mode Global Config
passwords strength exclude-keyword keyword
.
no passwords strength exclude-keyword
Use this command to reset the restriction for the specified keyword or all the keywords configured.
Format
Mode Global Config
no passwords exclude-keyword [keyword]
show passwords configuration
Use this command to display the configured password management settings.
Format
show passwords configuration
Mode Privileged EXEC
Term Definition
Minimum Password
Length
Password History Number of passwords to store for reuse prevention.
Password Aging Length in days that a password is valid.
Lockout Attempts Number of failed password login attempts before lockout.
Minimum Password
Uppercase Letters
Minimum Password
Lowercase Letters
Minimum Password
Numeric Characters
Maximum Password
Consecutive Characters
Maximum Password
Repeated Characters
Minimum Password
Character Classes
Password ExcludeKeywords
Minimum number of characters required when changing passwords.
Minimum number of uppercase characters required when configuring passwords.
Minimum number of lowercase characters required when configuring passwords.
Minimum number of numeric characters required when configuring passwords.
Maximum number of consecutive characters required that the password should
contain when configuring passwords.
Maximum number of repetition of characters that the password should contain
when configuring passwords.
Minimum number of character classes (uppercase, lowercase, numeric and
special) required when configuring passwords.
The set of keywords to be excluded from the configured password when strength
checking is enabled.
CLI Command Reference
September 2014 Page 92
HP Moonshot Switch Module CLI Command Reference
show passwords result
Use this command to display the last password set result information.
Format
Mode Privileged EXEC
Term Definition
show passwords result
User Account Commands
Last User Whose Password
Shows the name of the user with the most recently set password.
Is Set
Password Strength Check Shows whether password strength checking is enabled.
Last Password Set Result Shows whether the attempt to set a password was successful. If the attempt
failed, the reason for the failure is included.
write memory
Use this command to save running configuration changes to NVRAM so that the changes you make will persist
across a reboot. This command is the same as
confirm keyword to directly save the configuration to NVRAM without prompting for a confirmation.
Format
write memory [confirm]
copy system:running-config nvram:startup-config. Use the
Mode Privileged EXEC
aaa ias-user username
The Internal Authentication Server (IAS) database is a dedicated internal database used for local authentication
of users for network access through the IEEE 802.1X feature.
Use the
database. This command also changes the mode to AAA User Config mode.
Format
aaa ias-user username command in Global Config mode to add the specified user to the internal user
aaa ias-user username user
Mode Global Config
no aaa ias-user username
Use this command to remove the specified user from the internal user database.
Format
Mode Global Config
September 2014 Page 93
no aaa ias-user username user
CLI Command Reference
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa session-id
Use this command in Global Config mode to specify if the same session-id is used for Authentication,
Authorization and Accounting service type within a session.
Default
Format
common
aaa session-id [common | unique]
Mode Global Config
Parameter Description
common Use the same session-id for all AAA Service types.
unique Use a unique session-id for all AAA Service types.
no aaa session-id
Use this command in Global Config mode to reset the aaa session-id behavior to the default.
Format
no aaa session-id [unique]
Mode Global Config
aaa accounting
Use this command in Global Config mode to create an accounting method list for user EXEC sessions, userexecuted commands, or DOT1X. This list is identified by default or a user-specified list_name. Accounting
records, when enabled for a line-mode, can be sent at both the beginning and at the end (start-stop) or only
at the end (stop-only). If none is specified, then accounting is disabled for the specified list. If tacacs is specified
as the accounting method, accounting records are notified to a TACACS+ server. If radius is the specified
accounting method, accounting records are notified to a RADIUS server.
Note: Please note the following:
• A maximum of five Accounting Method lists can be created for each exec and commands type.
• Only the default Accounting Method list can be created for DOT1X. There is no provision to create
more.
• The same list-name can be used for both exec and commands accounting type
• AAA Accounting for commands with RADIUS as the accounting method is not supported.
• Start-stop or None are the only supported record types for DOT1X accounting. Start-stop enables
accounting and None disables accounting.
• RADIUS is the only accounting method type supported for DOT1X accounting.
Format
aaa accounting {exec | commands | dot1x} {default | list_name} {start-stop | stoponly |none} method1 [method2…]
Mode Global Config
CLI Command Reference
September 2014 Page 94
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Parameter Description
exec Provides accounting for a user EXEC terminal sessions.
commands Provides accounting for all user executed commands.
dot1x Provides accounting for DOT1X user commands.
default The default list of methods for accounting services.
list-name Character string used to name the list of accounting methods.
start-stop Sends a start accounting notice at the beginning of a process and a stop accounting notice
at the beginning of a process and a stop accounting notice at the end of a process.
stop-only Sends a stop accounting notice at the end of the requested user process.
none Disables accounting services on this line.
method Use either TACACS or radius server for accounting purposes.
Example: The following shows an example of the command.
(Routing) #
(Routing) #configure
(Routing) #aaa accounting commands default stop-only tacacs
(Routing) #aaa accounting exec default start-stop radius
(Routing) #aaa accounting dot1x default start-stop radius
(Routing) #aaa accounting dot1x default none
(Routing) #exit
For the same set of accounting type and list name, the administrator can change the record type, or the
methods list, without having to first delete the previous configuration.
(Routing) #
(Routing) #configure
(Routing) #aaa accounting exec ExecList stop-only tacacs
(Routing) #aaa accounting exec ExecList start-stop tacacs
(Routing) #aaa accounting exec ExecList start-stop tacacs radius
The first aaa command creates a method list for exec sessions with the name ExecList, with record-type as stoponly and the method as TACACS+. The second command changes the record type to start-stop from stop-only
for the same method list. The third command, for the same list changes the methods list to {tacacs,radius}
from {tacacs}.
no aaa accounting
This command deletes the accounting method list.
Format
Mode Global Config
no aaa accounting {exec | commands | dot1x} {default | list_name default}
CLI Command Reference
September 2014 Page 95
HP Moonshot Switch Module CLI Command Reference
User Account Commands
password (AAA IAS User Configuration)
Use this command to specify a password for a user in the IAS database. An optional parameter encrypted is
provided to indicate that the password given to the command is already pre-encrypted.
Format
password password [encrypted]
Mode AAA IAS User Config
Parameter Definition
password Password for this level. Range: 8-64 characters
encrypted Encrypted password to be entered, copied from another switch configuration.
no password (AAA IAS User Configuration)
Use this command to clear the password of a user.
Format
Mode AAA IAS User Config
Example: The following shows an example of the command.
(Routing) #
(Routing) #configure
(Routing) (Config)#aaa ias-user username client-1
(Routing) (Config-aaa-ias-User)#password client123
(Routing) (Config-aaa-ias-User)#no password
no password
Example: The following is an example of adding a MAB Client to the Internal user database.
(Routing) #
(Routing) #configure
(Routing) (Config)#aaa ias-user username 1f3ccb1157
(Routing) (Config-aaa-ias-User)#password 1f3ccb1157
(Routing) (Config-aaa-ias-User)#exit
(Routing) (Config)#
CLI Command Reference
September 2014 Page 96
HP Moonshot Switch Module CLI Command Reference
User Account Commands
clear aaa ias-users
Use this command to remove all users from the IAS database.
Format
clear aaa ias-users
Mode Privileged Exec
Parameter Definition
password Password for this level. Range: 8-64 characters
encrypted Encrypted password to be entered, copied from another switch configuration.
Example: The following is an example of the command.
(Routing) #
(Routing) #clear aaa ias-users
(Routing) #
show aaa ias-users
Use this command to display configured IAS users and their attributes. Passwords configured are not shown in
the show command output.
Format
Mode Privileged EXEC
show aaa ias-users [username]
Example: The following is an example of the command.
(Routing) #
(Routing) #show aaa ias-users
UserName
-------------------
Client-1
Client-2
Example: Following are the IAS configuration commands shown in the output of show running-config
command. Passwords shown in the command output are always encrypted.
aaa ias-user username client-1
password a45c74fdf50a558a2b5cf05573cd633bac2c6c598d54497ad4c46104918f2c encrypted
exit
CLI Command Reference
September 2014 Page 97
HP Moonshot Switch Module CLI Command Reference
User Account Commands
accounting
Use this command in Line Configuration mode to apply the accounting method list to a line config (console/
telnet/ssh).
Format
accounting {exec | commands } {default | listname}
Mode Line Configuration
Parameter Description
exec Causes accounting for an EXEC session.
commands This causes accounting for each command execution attempt. If a user is enabling
accounting for exec mode for the current line-configuration type, the user will be logged
out.
default The default Accounting List
listname Enter a string of not more than 15 characters.
Example: The following is a example of the command.
(Routing) #configure
(Routing) (Config)#line telnet
(Routing)(Config-line)# accounting exec default
no accounting
Use this command to remove accounting from a Line Configuration mode.
Format
no accounting {exec|commands]
Mode Line Configuration
show accounting
Use this command to display ordered methods for accounting lists.
Format
Mode Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show accounting
Number of Accounting Notifications sent at beginning of an EXEC session: 0
Errors when sending Accounting Notifications beginning of an EXEC session: 0
Number of Accounting Notifications at end of an EXEC session: 0
Errors when sending Accounting Notifications at end of an EXEC session: 0
Number of Accounting Notifications sent at beginning of a command execution: 0
Errors when sending Accounting Notifications at beginning of a command execution: 0
Number of Accounting Notifications sent at end of a command execution: 0
Errors when sending Accounting Notifications at end of a command execution: 0
show accounting
CLI Command Reference
September 2014 Page 98
HP Moonshot Switch Module CLI Command Reference
show accounting methods
Use this command to display configured accounting method lists.
User Account Commands
Format
show accounting methods
Mode Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show accounting methods
AcctType MethodName MethodType Method1 Method2
--------- ---------------- ------------- --------- --------Exec dfltExecList start-stop tacacs
Commands dfltCmdList stop-only tacacs
DOT1X dfltDot1xList start-stop radius
Line EXEC Method List Command Method List
--------- -------------------- -------------------Console none none
Telnet none none
SSH none none
clear accounting statistics
This command clears the accounting statistics.
Format
clear accounting statistics
Mode Privileged Exec
show domain-name
This command displays the configured domain-name.
Format
Mode Privileged Exec
Example: The following shows how to configure and display the domain name information.
(Routing) (Config)#domain-name test.hp.com
(Routing) (Config)#domain-name enable
(Routing) (Config)#exit
(Routing) #show domain-name
User-Domain Enabled : TRUE
User-Domain Name : test.hp.com
show domain-name
CLI Command Reference
September 2014 Page 99
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
SNMP Commands
This section describes the commands you use to configure Simple Network Management Protocol (SNMP) on
the switch. You can configure the switch to act as an SNMP agent so that it can communicate with SNMP
managers on your network.
snmp-server
This command sets the name and the physical location of the switch, and the organization responsible for the
network. The parameters
Default none
Format
Mode Global Config
snmp-server {sysname name | location loc | contact con}
snmp-server community
name, loc and con can be up to 255 characters in length.
This command adds (and names) a new SNMP community, and optionally sets the access mode, allowed IP
address, and create a view for the community.
Note: Community names in the SNMP Community Table must be unique. When making multiple
entries using the same community name, the first entry is kept and processed and all duplicate
entries are ignored.
Default Two communities are created by default:
• public, with read-only permissions, a view name of Default, and allows access from all IP
addresses
• private, with read/write permissions, a view name of Default, and allows access from all IP
addresses.
Format
Mode Global Config
Parameter Description
community-name A name associated with the switch and with a set of SNMP managers that manage
ro | rw | su The access mode of the SNMP community, which can be public (Read-Only/RO),
snmp-server community community-string [{ro | rw |su }] [ipaddress ip-address]
[view view-name]
it with a specified privileged level. The length of
case-sensitive characters.
private (Read-Write/RW), or Super User (SU).
community-name can be up to 16
CLI Command Reference
September 2014 Page 100
Loading...