Manual Chapter : Layer 2

Applies To:

Show Versions Show Versions

ARX

  • 6.3.0
Manual Chapter
blocked-vlan slot/port [to slot/port ]
no blocked-vlan slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports.
Use the show interface summary command to locate all Ethernet ports on the chassis.
bstnA(cfg-vlan[1])# blocked-vlan 2/5 to 2/6
bstnA(cfg-vlan[7])# no blocked-vlan 2/3
A channel is an aggregated group of Ethernet ports that function as one link, as defined in IEEE 802.3ad. You can configure up to eight channels on the ARX. From cfg mode, use the channel command to begin configuring a channel.
channel number
number (1-8) is an ID you choose for the channel. If the channel is already configured, this command edits its configuration. The no form of the command removes the channel configuration.
This command puts you into cfg-channel mode, where you use members (cfg-channel) to configure the channels member ports and no shutdown (cfg-channel) to start traffic on the channel. For a channel that connects a redundant pair, configure the channels member ports with redundancy protocol (cfg-channel). You can optionally use the description (cfg-channel) command to set an optional name for the channel. The vlan (cfg-channel) command assigns the channel to a VLAN, untagged. The vlan-tag command assigns the channel to a VLAN in tagged mode; you can assign the channel to multiple VLANs by invoking this command once for each VLAN.
Use the show channel command to view the channels configuration.
If you use the no channel command on the channel that carries the redundant-pair link (see redundancy protocol (cfg-channel)) while redundancy is enabled (enable (cfg-redundancy)), the command causes the standby peer to reboot. The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with shutting down the link, you should establish a new one as soon as possible: use the redundancy protocol or redundancy protocol (cfg-channel) command on another port or channel to establish a new redundant-pair link.
bstnA(cfg)# channel 1
channel-id (1-8) identifies a single channel to clear. If you omit this option, the command clears the statistics for all channels. Use the show channel summary command to enumerate all configured channels.
Use this command to clear and restart the statistics counter for troubleshooting and monitoring channels. Use show channel ... stats to view these statistics. To view the individual statistics for the channels member ports, which are also cleared with this command, use show interface gigabit stats or show interface ten-gigabit stats.
bstnA# clear counters channel 2
slot/port (2/1-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500) is a Gigabit Ethernet port. Use the show interface summary command to locate all Gigabit-Ethernet ports and their slot(s).
bstnA# clear counters gigabit 2/7
For LACP statistics, use the show channel ... lacp stats command (see the documentation for show channel ... stats). Use this command to clear the current LACP statistics for all channels (or for a specified channel) and restart the count.
id (1-8) identifies a single channel to clear. If you omit this option, the command clears the statistics for all channels. Use the show channel summary command to enumerate all configured channels.
The channel command creates a channel, and the lacp active or lacp passive command enables LACP on the channel. Use this command to clear and restart the statistics counters for LACP. Use show channel ... stats to view a channels statistics (including LACP statistics).
stoweA# clear counters lacp channel 2
slot/port (2/1-2) is a Gigabit Ethernet port. Use the show interface summary command to locate all Gigabit-Ethernet ports and their slot(s).
bstnA# clear counters ten-gigabit 2/2
any except ARX-VE
bstnA# clear counters redundancy network
A link-aggregation channel (IEEE 802.3ad) can optionally have a description to display in its show commands. From cfg-channel mode, use the description command to create a description for the current channel.
Use no description to remove the description.
description description
description (1-15 characters) is a text string description for the current channel. Insert quotation marks around the description if it contains spaces.
bstnA(cfg-channel[1])# description trunk 2
A port can optionally have a description for its show commands. Use the description command to create a description for the current port.
Use no description to remove the description.
description description
description (1-60 characters) is the description you choose for the current port. Quote the description if it contains spaces.
bstnA(cfg-if-gig[2/4])# description link to back-end filers
A ten-gigabit port can optionally have a description for its show commands. Use the description command to create a description for the current ten-gigabit port.
Use no description to remove the description.
description description
description (1-60 characters) is the description you choose for the current ten-gigabit port. Quote the description if it contains spaces.
bstnA(cfg-if-ten-gig[2/2])# description link to big-ip
A VLAN can optionally have a description for its show commands. Use the description command to create a description for the current VLAN.
Use no description to remove the description.
description description
description (up to 80 characters) is the description you choose for the current VLAN. Quote the description if it contains spaces.
any except ARX-VE
bstnA(cfg-vlan[1])# description ARX-defined VLAN
bstnA(cfg-vlan[7])# no description
The Forward Delay is the time for spanning-tree ports to stay in the listen and learn states, waiting for the best BPDU frame to reach the ARX. Use the forward-delay command to set the Forward-Delay time.
Use the no form to revert to the default Forward Delay.
seconds is a number from 4 to 30.
bstnA(cfg-stp)# forward-delay 10
Use the no form to disable flow control.
on | off is a required choice.
On a one-gigabit interface, the speed setting must be 1000-tx-full to enable flow control. Use the speed (cfg-if-gig) command to set the speed on a single-gigabit interface. The show interface gigabit and show interface ten-gigabit commands show the current flow-control setting on a particular one-gigabit or ten-gigabit interface, respectively.
bstnA(cfg-if-gig[2/4])# flowcontrol send on
The Hello Time is the interval (in seconds) between broadcasts of Bridge Protocol Data Units (BPDUs) to neighboring bridges. The BPDUs have spanning-tree topology information that a bridge uses to determine its role in the spanning tree. Use the hello-time command to set the Hello Time.
Use the no form to revert to the default Hello Time.
seconds is a number from 1 to 10.
bstnA(cfg-stp)# hello-time 5
bstnA(cfg-stp)# no hello-time
A layer-2 port is called an interface in the CLI. Use the interface gigabit command to begin configuring an interface.
slot/port (2/1-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500; 1/2 on ARX-500; 1/1 on ARX-VE) is a Gigabit Ethernet port. Use the show interface summary command to show all Gigabit Ethernet ports and their slot(s).
This command puts you into cfg-if-gig mode, where you can set several configuration parameters for the port. Use the speed (cfg-if-gig) command to manually set the port speed and duplex configuration. If the device at the other end of the connection supports flow control, you can use the flowcontrol command to configure it. Use the description (cfg-if-gig) command to set an optional description for the port, for show commands. Use the no shutdown (cfg-if-gig) command to start the port.
By default, port 1/1 on an ARX-1500 or ARX-2500 is configured as an out-of-band (OOB) management interface. You can use the interface mgmt command and its sub commands to manage this interface. The CLI returns an error message if you enter interface gigabit 1/1 while port 1/1 is being used for out-of-band management.
To re-assign this port to client/server traffic, use no interface mgmt to delete the out-of-band management interface. Then use this command on port 1/1 (interface gigabit 1/1) to enter cfg-if-gig mode and edit the port for client/server traffic.
bstnA(cfg)# interface gigabit 2/6
The ARX-4000 supports two ten-gigabit ports, which are called interfaces in the CLI. Use the interface ten-gigabit command to begin configuring a ten-gigabit interface.
slot/port (2/1-2) identifies a ten-Gigabit Ethernet port. Use the show interface summary command to show all Ethernet ports and their slot(s).
This command puts you into cfg-if-ten-gig mode, where you can set several configuration parameters for the port. The speed is fixed at 10 gigabits/second, full duplex. Use the description (cfg-if-ten-gig) command to set an optional description for the port, for show commands. If the device at the other end of the connection supports flow control, you can use the flowcontrol command to configure it. Use the no shutdown (cfg-if-ten-gig) command to start the port.
bstnA(cfg)# interface ten-gigabit 2/1
ip private vlan internal vlan-id [metalog meta-vlan-id] [subnet ip-subnet mask]
vlan-id (1-4095) is the number for the private VLAN.
metalog meta-vlan-id (optional; 1-4095) sets the number for the metalog VLAN. This must be different from the private VLAN, above.
subnet ip-subnet mask (optional) is the IP address and mask for the private subnet (for example, 169.254.14.0). The mask must be 24 bits (255.255.255.0) or less for an ARX-2000 or ARX-4000; it must be 26 bits (255.255.255.192) or less for an ARX-500. 255.255.255.0 defines a large enough subnet for any platform.
You may need to change the ip-subnet in a large RON where two switches have the same private subnet. This is a rare situation, but possible. If it occurs, the current switch can only reach one of the conflicting switches over the RON: the switch that was connected to the current switch first. To reach the other switch, you must make their private subnets unique within the RON. The show ron conflicts command indicates which switches have the conflict, and shows all of the private subnets that are currently in the RON (and should therefore be avoided). The ip private subnet reassign command is designed to fix this by automatically choosing a unique private subnet; alternatively, you can set the subnet manually with this command. Go to the CLI for one of the conflicting switches and use either command to change its private subnet.
bstnA(cfg)# ip private vlan internal 2222
bstnA(cfg)# ip private vlan internal 2222 subnet 169.254.166.0 255.255.255.0
bstnA(cfg)# ip private vlan internal 2222 metalog 2223
prtlndA(cfg)# ip private vlan internal 1002 subnet 169.254.200.0 255.255.255.192
bytes (1530-9198) establishes the size of frames on this VLAN.
any except ARX-VE
Use the no form of the command to disable jumbo-frame transmission on the switch.
bstnA(cfg-vlan[2])# jumbo mtu 9000
Use no lacp to stop sending LACPDUs to the device at the other end of the channel.
no lacp active - static LACP (that is, no LACP) runs by default.
To establish LACP on the channel, enable passive LACP at the peer and use this command on the ARX. If you connect two ARX peers over a channel (see redundancy protocol (cfg-channel)), you can use this command on both ARX peers to establish LACP; one of them assumes the passive LACP role automatically.
Important: The no lacp active command restarts all of the channels member ports. This stops all traffic on the channel for a brief time. This is not recommended for a busy channel; perform this operation only during off hours, or on an inactive channel.

For a channel used in a redundant-pair link (see the documentation for redundancy protocol (cfg-channel)), this causes the backup ARX to reboot. In most cases, the reboot has no effect on client traffic.
Use the channel command to create a channel, and use the members (cfg-channel) command to add a port to the channel. Each end of the channel should have the same LACP timeout settings; you can use the lacp rate command to change this end of the channel to a long timeout. The show channel ... lacp command shows the current configuration and status of LACP on a given channel. For LACP statistics, use the show channel ... lacp stats command (see the documentation for show channel ... stats).
stoweA(cfg)# channel 6
stoweA(cfg)# channel 1
show channel ... lacp
Use no lacp passive to ignore all LACPDUs from the device at the other end of the channel.
no lacp passive - static LACP (that is, no LACP) runs by default.
To establish LACP on the channel, enable active LACP at the peer and use this command on the ARX. If you connect two ARX peers over a channel (see redundancy protocol (cfg-channel)), you can use this command on both ARX peers to establish LACP; one of them assumes the active LACP role automatically.
Important: The no lacp passive command restarts all of the channels member ports. This stops all traffic on the channel for a brief time. This is not recommended for a busy channel; perform this operation only during off hours, or on an inactive channel.

For a channel used in a redundant-pair link (see the documentation for redundancy protocol (cfg-channel)), this causes the backup ARX to reboot. In most cases, the reboot has no effect on client traffic.
Use the channel command to create a channel, and use the members (cfg-channel) command to add a port to the channel. Each end of the channel should have the same LACP timeout settings; you can use the lacp rate command to change this end of the channel to a long timeout. The show channel ... lacp command shows the current configuration and status of LACP on a given channel. For LACP statistics, use the show channel ... lacp stats command (see the documentation for show channel ... stats).
bstnA(cfg)# channel 1
show channel ... lacp
Use no lacp rate to return the timeout to its faster defaults.
Use the channel command to create a channel, and use the members (cfg-channel) command to add a port to the channel. The show channel ... lacp command shows the current configuration and status of LACP on a given channel. For LACP statistics, use the show channel ... lacp stats command (see the documentation for show channel ... stats).
bstnA(cfg-channel[1])# lacp rate long-timeout
show channel ... lacp
src-ip uses only the packets source-IP address in the hash. This may not produce the best hash: the source IPs are limited to a small set of VIPs (see virtual server), proxy IPs (see ip proxy-address), and management IPs (see ip address (cfg-if-vlan) and ip address (cfg-mgmt)).
dst-ip uses the packets destination-IP address, ignoring the source address. Destination addresses are those of clients, filers, and management stations, so this is typically a better hash than one that uses the limited set of source IPs.
src-dst-ip combines the source and destination IPs with a bit-wise XOR operation. This hash typically produces the best traffic distribution within the channel.
Use show channel [load-balance] to view the current load-balancing configuration for all channels. To find the results of the hash for a packet with a particular source and destination IP, use show load-balancing.
bstnA(cfg-channel[9])# load-balance src-ip
Use the no form of the command to revert to the default aging time.
seconds is a number from 300 to 1,000,000.
bstnA(cfg-stp)# mac-address aging-time 600
bstnA(cfg-stp)# no mac-address aging-time
The Max Age is the time (in seconds) to keep BPDU information from a neighboring bridge before declaring the port information stale. If the Max Age is reached for a port, it is considered disconnected by the other bridges in the spanning tree. Use the max-age command to set the Max Age.
Use the no form to revert to the default Max Age.
max-age seconds
seconds is a number from 6 to 40.
The Max Age is typically three times the Hello Time; it must be at least 2 * (Hello Time + 1). Use the hello-time command to set the Hello Time.
From cfg-channel mode, use the members command to add a single port or a range of ports to the current channel.
Use the no members command to remove a port(s) from the channel.
members slot/port [to slot/port ]
no members slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports.
Use the show interface summary command to locate the slot(s) for these ports. ARX-4000 and ARX-2500 devices have ten-gigabit interfaces at ports 2/1 and 2/2 and one-gigabit interfaces at the remaining ports.
A channel can have up to 8 ports. All of the ports must be shut down before you add them with this command (see shutdown (cfg-if-gig) or shutdown (cfg-if-ten-gig)). The ARX can support different speeds amongst the channel members; confirm that the peer at the other end of the channel can support this before you configure your channel this way.
You cannot use the no members command on the last port in the channel; instead, use no channel to remove the entire channel.
On the ARX-1500 and ARX-2500, port 1/1 is the out-of-band management interface by default, and cannot be included in any client/server channel. If you prefer to use an in-band (VLAN) management interface (see interface vlan) for accessing the CLI or GUI, you can use interface mgmt and shutdown (cfg-mgmt) to stop using port 1/1 for out-of-band management. Then you can use this command to include port 1/1 in a client/server channel.
bstnA(cfg-channel[2])# members 2/7 to 2/10
bstnA(cfg-channel[4])# no members 2/13 to 2/14
Use the members command to add a single port or a range of ports to the current VLAN.
Use no members to remove a port(s).
members slot/port [to slot/port ]
no members slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500) is the first (or only) Ethernet port.
to slot/port (optional) is the last port in a range of ports. You cannot use this option on the ARX-2500 or ARX-1500, which allow only a single port to carry each VLAN.
Use the show interface summary command to locate the slot(s) for these ports.
This command adds ports to the VLAN with tagging disabled. A port with tagging disabled does not tag any outgoing frames with the VLAN ID (VID) for this VLAN. Use the tag command to add ports with tagging enabled, or to enable tagging for existing VLAN ports.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or interface ten-gigabit) or channel can carry any given VLAN. That is, you can only select a single member port with this command. This includes VLAN 1; if multiple channels or ports default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
To assign a channel to carry the VLAN, use the vlan (cfg-channel) command. On the ARX-2500 or ARX-1500, this is the method for carrying a VLAN on multiple ports; aggregate the ports into a channel, then assign the desired VLAN to that channel.
In the following circumstances, the no members command causes the backup ARX peer to reboot:
the interface vlan command establishes an in-band (VLAN) management address for this VLAN,
the redundancy (cfg-if-vlan) command establishes the above management address as the local end of the redundancy link,
redundancy is active between the ARX peers, and
the no members command is removing the last port(s) from the VLAN.
bstnA(cfg-vlan[1])# members 2/3 to 2/6
bstnA(cfg-vlan[1])# no members 2/5 to 2/6
bstnA(cfg-vlan[7])# no members 2/11
Use no priority to revert to the default System Priority.
priority number
number (0-65536) is System Priority that you choose for this channel.
In a spanning tree topology, the bridge with the lowest Bridge Priority is elected as the spanning-tree root. From cfg-stp mode, use the priority command to set the Bridge Priority for the ARX.
Use no priority to revert to the default Bridge Priority.
priority number
number (0-61440) is Bridge Priority that you choose for the ARX. Use a multiple of 4096 (such as 0, 4096, 8192, or 12288).
bstnA(cfg-stp)# no priority
From cfg-stp mode, use the protocol command to choose the spanning-tree protocol: the original Spanning Tree Protocol (STP), or Rapid Spanning Tree (RST) protocol.
Use no protocol to revert to the default.
dot1d | rst is a required choice:
dot1d runs the original STP (IEEE 802.1D), ignoring RST-based BPDUs.
rst runs RST from IEEE 802.1w, but is compatible with bridges that run the original STP (above).
For an RST implementation, use the cfg-if-gig spanning-tree edgeport command to identify all the Edge Ports on the ARX.
bstnA(cfg-stp)# protocol dot1d
bstnA(cfg-stp)# no protocol
Use the redundancy protocol command to designate the current interface as one end of a redundant-pair link.
Use the no redundancy protocol command to remove support for a redundant-pair link. This causes the standby peer to reboot; see
At the layer-2 level, this establishes one end of the link between redundant peers. For best performance, a gigabit or ten-gigabit connection is strongly recommended; use the speed (cfg-if-gig) command to set the speed on a single-gigabit interface. We also recommend that the connection be direct (without any intervening bridges or routers), and that the switches are co-located. If the latency is low, an intervening Gigabit L2 switch is permissible.
Alternatively, you can configure a multi-port channel as the redundant-pair link. Use channel to create the channel, then use redundancy protocol (cfg-channel) to add member ports to it. (The ARX-1500 and ARX-2500 use different commands to establish the redundancy link over a channel, described in the documentation for redundancy protocol (cfg-channel).)
For cases where low latency between the peers is impossible, you may need to increase a timeout value when you set up the redundant pair. When you set up redundancy between the peers later, you can use the resilver-timeout command to increase this timeout value. You can also use the show redundancy metalog command to monitor the latency between the peers.
The no redundancy protocol command disables the redundant-pair link (see redundancy protocol), and therefore causes the standby peer to reboot if redundancy is enabled (enable (cfg-redundancy)). The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with shutting down the link, you should establish a new one as soon as possible: use the redundancy protocol or redundancy protocol (cfg-channel) command on another port or channel to establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter yes to proceed with the interface shutdown and the reboot.
Establish a new VLAN for this link. Use the vlan command to create a new VLAN, then use members (cfg-vlan) to assign the current interface to that VLAN.
Use the interface vlan to create a management-IP interface on the VLAN; this puts you into cfg-if-vlan mode.
From cfg-if-vlan mode, use the ip address (cfg-if-vlan) command to establish an in-band (VLAN) IP address. You later use this VLAN-management IP address to identify this ARX to its peer, as described below.
From the same mode, use redundancy (cfg-if-vlan) to designate the interface for exchanging metalog data and heartbeats.
From the same mode, use no shutdown (cfg-if-vlan) to enable the management interface.
prtlndA(cfg-if-gig[2/1])# redundancy protocol
bstnA(cfg-if-gig[2/13])# no redundancy protocol
bstnA(cfg-if-ten-gig[2/2])# redundancy protocol
From cfg-channel mode, use the redundancy protocol command to add a single port or a range of ports to the current redundancy-link channel. This command performs two tasks at once: it adds ports to the channel, and prepares the channel for use as a redundant-pair link.
Use the no redundancy protocol command to remove redundancy-link support along with one or more ports.
redundancy protocol slot/port [to slot/port ]
no redundancy protocol slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-12 on ARX-2000) is a single port or the first port in a range.
to slot/port (optional) is the last port in a range of ports.
Use the show interface summary command to locate the slot(s) for these ports.
Redundancy requires a reliable and fast channel for best performance. We recommend that you enable LACP on the channel to increase its reliability in high packet traffic: use lacp passive or lacp active to enable LACP, depending on your platform. For best performance, a gigabit (or higher-bandwidth) connection is strongly recommended. Use the cfg-if-gig speed (cfg-if-gig) command to set the speed on each port. We also recommend that the connection be direct (without any intervening bridges or routers), and that the switches are co-located. If the latency is low, an intervening Gigabit L2 switch is permissible.
For cases where low latency between the peers is impossible, you may need to increase a timeout value when you set up the redundant pair. When you set up redundancy between the peers later, you can use the resilver-timeout command to increase this timeout value. You can also use the show redundancy metalog command to monitor the latency between the peers.
Use the members (cfg-channel) command to add ports to a standard (non-redundancy-link) channel.
You cannot use the no redundancy protocol command on the last port in the channel; instead, use no channel to remove the entire channel.
Establish a new VLAN for this link. Use the vlan (cfg-channel) command to assign the channel to the VLAN.
Use the interface vlan to create a management-IP interface on the VLAN; this puts you into cfg-if-vlan mode.
From cfg-if-vlan mode, use the ip address (cfg-if-vlan) command to establish an in-band (VLAN) IP address. You later use this VLAN-management IP address to identify this ARX to its peer, as described below.
From the same mode, use redundancy (cfg-if-vlan) to designate the interface for exchanging metalog data and heartbeats.
From the same mode, use no shutdown (cfg-if-vlan) to enable the management interface.
bstnA(cfg-channel[2])# redundancy protocol 2/1 to 2/2
prtlndA(cfg-channel[4])# no redundancy protocol 2/3
A channel is a group of Ethernet ports aggregated into a single flow, as specified in IEEE 802.3ad. Use the show channel command to show the configuration of one channel.
summary | load-balance | channel-id is a required choice.
summary shows a summary for all channels.
load-balance shows the load-balancing algorithm for all channels.
channel-id (1-8) identifies one channel; use this option to show detailed parameters for one channel.
lacp (optional, if you choose a channel-id) displays the configuration and state of the Link Aggregation Control Protocol (LACP) on the given channel.
The show channel summary command outputs one line per channel. Each line contains the following fields:
Ch Id identifies the channel.
* indicates that the channel is used as a redundancy link with the switchs redundant peer (see redundancy protocol (cfg-channel)).
Admin State is set by the shutdown (cfg-channel) command.
Oper Status is Up if the channel has at least one operational port. This is Down if all of the member ports are down.
Speed is the speed of each port in the channel. Before ports can be aggregated into a channel, their speeds must match (see speed (cfg-if-gig) to set a ports speed).
Load-Balancing Algorithm shows the IP address(es) (source and/or destination) that are hashed to choose a port for an outbound packet. This is set by the load-balance command.
LACP is Active, Passive, or Disabled, depending on the lacp active setting (on the ARX-1500 or ARX-2500), or the lacp passive setting (on other platforms that support channels).
Description is set by the description (cfg-channel) command.
The show channel load-balance command shows the load-balancing algorithm for each channel.
Guidelines: channel-id (Detailed)
The show channel channel-id command shows details about the given channel:
Channel Id identifies the channel.
Description is set by the description (cfg-channel) command.
Load Balancing Algorithm shows the IP address(es) or MAC address(es) (source and/or destination) that are hashed to choose a port for an outbound packet. This is set by the load-balance command.
LACP State is Active, Passive, or Disabled. LACP (Link Aggregation Control Protocol) is a control protocol for dynamically adapting member usage to topology changes. On some platforms, you can enable LACP Passive mode with the lacp passive command; on other platforms, you can use the lacp active command to enable LACP Active mode.
LACP Rate is either Short Timeout or Long Timeout. The rate should be the same at both ends of the channel, or the channel may periodically drop out of service. You can set this with the lacp rate command.
Members(Slot/Interface) lists the interfaces (ports) in this channel. Use the members (cfg-channel) command or the redundancy protocol (cfg-channel) command to add members to the channel.
Number of Members counts the ports from the above field.
Admin State is set by the shutdown (cfg-channel) command.
Channel Oper Status is Up if the channel has at least one operational port. This is Down if all of the member ports are down.
Trap Status is set by the trap shutdown command.
Spanning-Tree Forwarding State is discard, forward, or disabled. The channel is typically in discard state when the Spanning-Tree Role is alternate, and it is typically in forward state when the role is designated or root.
Spanning-Tree State is enabled if the channel participates in the spanning tree. You can use the spanning-tree shutdown command to disable spanning tree for the channel.
Spanning-Tree Role is the channels Port Role in the spanning tree: root, designated, or alternate.
Accept Frames is All or Tagged Only. If this is the latter, the channel rejects all ingress frames unless they are tagged for one of the channels VLANs. Tagged Only appears if (and only if) the channel is used in a link between redundant peers; see redundancy protocol (cfg-channel).
Total Vlans Configured counts all VLANs in which this channel participates.
Members VLAN ID is the VLAN (if any) where this channel is a member. The channel does not tag any outgoing frames with the VLAN ID (VID) for this VLAN.
Tag VLAN ID lists one or more VLANs (if any) where this channel is a tagging member; that is, this channel tags its outgoing frames with the VLAN ID (VID) for the destination VLAN.
Guidelines: channel-id (Detailed), Cont.
The next table contains the status of each member port, one per row. Slot/Port identifies each member port, and Link Status its status (up or down).
Spanning-Tree Statistics is a table of counters for the Bridge Protocol Data Units (BPDUs) transmitted and received. The counters are shown for two versions of spanning-tree BPDU: original spanning tree (STP) or rapid spanning-tree (RST).
If you use the optional lacp argument in the command, the output shows LACP parameters and status for the chosen channel.
Channel ID identifies this channel
LACP is Active, Passive, or Disabled, depending on the lacp active setting (on the ARX-1500 or ARX-2500), or the lacp passive setting (on other platforms that support channels).
Time since last state change shows the time that has passed since the last change in channel membership or status.
This is followed by a table of LACP Channel Parameters. This table shows the channel-level configuration for LACP. It is divided into two columns: Local (for the ARX end of the channel) and Peer (for the remote end of the channel):
Admin Key is the numeric key for the channel that was set by its administrative configuration. A channels key is a number used by LACP software to identify the relevant configuration parameters of the channel. This is the same as the Oper Key, below, until or unless a configuration and/or topology change triggers a change in member-port usage. This field only appears in the Local column.
Oper Key is the numeric key that is currently in use for the channel. This key appears in both columns. The peers operational key is the one that was reported in the most-recent Link Aggregation Control Protocol Data Unit (LACPDU) from the peer.
System Priority shows the System Priority of the ARX and its peer. A lower number is considered a higher priority. The system with the higher priority initiates all port-membership changes in the channel, such as putting a port in standby status due to a configuration change. You can use the priority (cfg-channel) command to set the priority for the ARX end of the channel.
System ID is the MAC address used to identify the ARX and its peer.
The final section of the output, LACP Port Parameters, contains one table per channel member. Each table describes one port with its port-level LACP parameters and status. As above, these tables contain one Local column (for the ARX port) and a Peer column (for the corresponding port at the remote end of the channel). On the ARX-1500 and ARX-2500, this table contains the following fields:
Slot/Port identifies the ARX port. This information does not appear for the Peer port.
Oper Key is the key that is currently in use for this port. This number is a code that is only meaningful to the LACP software. It appears for both the local port and the peer port.
Link Status is either up or down. If this link is down, it is not being used for the channels traffic.
Link Failure Count shows the number of transmissions failures on this link, if any.
On all other platforms, the LACP Port Parameters table contains the following fields:
Slot/Port identifies the ARX port. This information does not appear for the Peer port.
Admin Status shows the administratively-set status of the member port. This only appears for an ARX port. Each port may have one or more of the following codes to signify its status:
A or P - A (Active) means that the port is actively running LACP, and P (Passive) indicates that the port is sending LACPDUs but has not yet received proper responses from the peer.
T or L - indicates the timeout between LACPDU transmissions. T is a short timeout (typically, 1 second) and L is a long timeout (typically 30 seconds).
a - means that the port is eligible for Aggregation, or active use in the channel. Ports without this flag cannot be used in the channel; check the configuration at both ends for possible differences that make them incompatible.
S - shows that the LACP process considers this port in Sync with its usage in the channel. If this flag is missing, it may indicate that the LACP software is in the process of changing the port from a standby state to an active one, or from active to standby.
C - indicates that the port is Collecting packets. That is, it can accept incoming traffic.
D - means that the port is Distributing packets. That is, it can send outbound packets to its peer.
d - indicates that the port is using Default information for its peers operational key. This means that the peers configuration information on the ARX does not contradict the latest learned information from LACPDUs.
E - indicates that the latest LACPDU has expired, and the LACP process is waiting for the next one.
Oper State is the current status of the port. This appears for both the Local port and its Peer. This has the same possible values as the Admin Status, described above.
Admin Key is a numeric key used by the LACP software as a code to represent the ports capabilities. This key is based on administrative (CLI) settings. The LACP software may choose a different operational key (described below) for the port based on L2-topology changes or configuration changes at the peer port. This only appears for the ARX port, where administrative parameters are known.
Oper Key is the key that is currently in use for this port. This number is a code that is only meaningful to the LACP software. It appears for both the local port and the peer port.
Port Priority is a number that represents the ports eligibility for use in the channel. A lower priority number represents a higher priority. If ports are excluded from active use in the channel, the LACP software prefers low-priority ports (that is, ports with higher-priority numbers). This appears for both the local and peer ports, and it may be different at both ends.
stoweA# show channel summary
prtlndA# show channel load-balance
prtlndA# show channel 1
bstnA# show channel 1 lacp
stoweA# show channel summary
prtlndA# show channel load-balance
prtlndA# show channel 1
bstnA# show channel 1 lacp
A channel is a group of Ethernet ports aggregated into a single flow, as specified in IEEE 802.3ad. Use the show channel ... stats command to show traffic statistics for one channel.
show channel channel-id [lacp] stats
channel-id (1-8) identifies the channel to show.
lacp (optional) focuses the output on the Link Aggregation Control Protocol (LACP) statistics for the channel.
stats is a required keyword.
For configuration information about the channel, use show channel. To clear the channel statistics in the default output, use clear counters channel. To clear the LACP statistics, use clear counters lacp.
If you omit the optional lacp keyword, the output focuses on frame counts for the overall channel.
Channel Id identifies the channel.
If you use the lacp keyword, a table appears with LACP statistics. To enable LACP on a channel, you use the lacp active command on the ARX-1500 or ARX-2500, or the lacp passive command on other platforms that support channels.
S/P identifies the channel member in slot/port format.
LACP Packets are the numbers of Link Aggregation Control Protocol Data Units (LACPDUs) transmitted from and received on this member port.
Marker Response counts the LACP-marker frames transmitted and received. The LACP software sometimes injects marker frames to find the ends of one or more frame conversations. A marker response frame from the peer indicates that the conversation(s) is/are finished. Once the LACP software receives this marker, it can migrate future conversations to another link in the channel. For details on the Marker Protocol, see EEE802.3ad, Section 43.5.
Illegal is the number of illegal Slow-Protocol PDUs (see IEEE802.3ad, Section 43B.4) received on this member port.
Unknown is the number of unknown Slow-Protocol PDUs received on this member port.
prtlndA# show channel 1 stats
bstnB# show channel 1 lacp stats
prtlndA# show channel 1 stats
bstnB# show channel 1 lacp stats
Use the show interface gigabit command to show the configuration of one Gigabit interface. Add the stats keyword to the end of the command to show the interfaces traffic statistics.
show interface gigabit slot/port [stats]
slot/port (2/3-14 on ARX-4000; 1/1-4 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500; 1/2 on ARX-500; 1/1 on ARX-VE) specifies the interface.
stats (optional) displays statistics for this interface.
Use the show interface summary command to locate slots and ports.
The stats output is a table of counters, separated into Ingress and Egress counts. Use the clear counters gigabit command to clear and restart the statistics count.
PAUSE Frames are notices to control traffic flow: the flowcontrol command determines whether the interface sends or receives these.
bstnA> show interface gigabit 2/6
bstnA> show interface gigabit 2/6 stats
stoweA> show interface gigabit 1/2
stkbrgA# show interface gigabit 1/1 stats
bstnA> show interface gigabit 2/6
bstnA> show interface gigabit 2/6 stats
stoweA> show interface gigabit 1/2
stkbrgA# show interface gigabit 1/1 stats
Use the show interface ten-gigabit command to show the configuration of one ten-Gigabit interface. Add the stats keyword to the end of the command to show the interfaces traffic statistics.
slot/port (2/1-2) specifies the interface. Use the show interface summary command to locate all slots and ports.
stats (optional) displays statistics for this interface.
The stats output is a table of counters, separated into Ingress and Egress counts. Use the clear counters ten-gigabit command to clear and restart the statistics count.
PAUSE Frames are notices to control traffic flow: the flowcontrol command determines whether the interface sends or receives these.
bstnA(cfg)# show interface ten-gigabit 2/2
bstnA(cfg)# show interface ten-gigabit 2/1 stats
bstnA(cfg)# show interface ten-gigabit 2/2
bstnA(cfg)# show interface ten-gigabit 2/1 stats
A channel is a group of Ethernet ports aggregated into a single flow, as specified in IEEE 802.3ad. Each channel uses a hash algorithm to balance the traffic load between its member ports; for each packet, the hash uses some combination of the source and destination IPs to choose a port. Use show load-balancing to show which port is used for a given source and destination IP.
show load-balancing source-ip src destination-ip dest channel chnl-id
src is the source-IP address.
dest is the destination-IP address.
chnl-id (1-8) identifies the channel.
Use the load-balance command to change the algorithm for load-balancing a channel. Use this command to test the channels current hash.
The output shows the Slot Id and Interface (port) that would be chosen for the source and destination IP that you provided.
prtlndA# show load-balancing source-ip 172.16.100.98 destination-ip 192.168.25.23 channel 1
prtlndA# show load-balancing source-ip 172.16.100.98 destination-ip 192.168.25.23 channel 1
Use the show mac-address-table command for a list of MAC addresses used by the ARX.
Slot and
Port show the port where the MAC address is used.
MAC Address is address.
VLAN ID is the VLAN for this MAC, if any.
Channel ID is the 802.3ad channel for this MAC, if any.
Mode is the method by which the MAC was added to the table:
Learned is an address learned from a neighboring bridge.
Management is one of two addresses:
Inband is associated with an in-band (VLAN) management interface, created with the interface vlan command.
Self is an internally-assigned address.
bstnA> show mac-address-table
Use the show mac-address-table summary command for a high-level view of the MAC-address table.
Active MAC Addresses in FDB are counts of addresses in the Forwarding DataBase (FDB), the table that holds all MAC addresses.
Configured Aging Time is the maximum time a learned MAC address is kept in the FDB without any updates; if a MAC address is not re-learned for this many seconds, it is deleted. Use the mac-address aging-time command to set the aging time.
Use the show mac-address-table command to see all the MAC addresses in the FDB.
bstnA> show mac-address-table summary
Use the show redundancy network command to show the layer-2 status of the redundant-pair link.
Network is Client, Server, Private, or Metalog. The redundant-pair link carries the Private and Metalog networks between the redundant peers.
VLAN is the VLAN number for this port. This does not appear on the ARX-500.
Port(s) are in slot/port format (for example, 2/9).
Admin State is Enabled or Disabled. You can set this with the no shutdown (cfg-if-gig) or the no shutdown (cfg-if-ten-gig) command.
Link Status is Up or Down: this is the links operational state.
Spanning-Tree Status is Discard, Learning, Forward, Disabled, Manual Forwarding, or Not Participating. This is the ports current role in the spanning tree.
Count is the total number of transitions. Use the clear counters redundancy network command to clear this counter.
Last is the date and time of the last transition.
Reason explains the nature and cause of the last transition.
Last Cleared is the last time someone used the clear counters redundancy network command.
prtlndA# show redundancy network
Use the show spanning-tree detailed command for a detailed view of the spanning-tree configuration.
Use the show spanning-tree summary command to show a summary of this data.
bstnA(cfg)# show spanning-tree detailed
Use the show spanning-tree interface command to show the spanning-tree configuration for a particular port.
slot/port (2/1-14 on ARX-4000 or 1/1-12 on ARX-2000) is the slot and port number. Use the show interface summary command to show all ports in all slots.
bstnA(cfg)# show spanning-tree interface 2/3
Use the show spanning-tree summary command to show high-level information about the spanning-tree configuration.
Use the show spanning-tree detailed command to show details.
bstnA(cfg)# show spanning-tree summary
Use the show vlan command to show the configuration of one VLAN.
vlanId (1-4009) identifies the VLAN to display.
Information from the show vlan command includes:
Vlan Id identifies the VLAN.
Description is set by the description (cfg-vlan) command.
Frame/MTU is the Ethernet packet size: Use jumbo mtu to change this.
Members S/P lists the ports in this VLAN. Use the members (cfg-vlan) or tag command to add members to the VLAN.
Non-Members (Blocked) S/P lists any ports identified as non-members with the no members command.
Tag S/P lists the ports set to tag outgoing packets with a VLAN ID. Use the tag command to enable tagging for one or more ports.
Use the show vlan summary command to list all configured VLANs.
bstnA# show vlan 1
stoweA# show vlan 1
bstnA# show vlan 1
stoweA# show vlan 1
Use the show vlan summary command to list all configured VLANs.
any except ARX-VE
Vlan ID identifies each VLAN.
Usage is: External for VLANs used outside the box, Internal for private VLANs inside the box, Private for internal communications and communications with redundant peers, and Metalog for metadata exchange between redundant peers.
Channel is set by assigning a channel to this VLAN (with vlan (cfg-channel) or vlan-tag). This is N/A if not set.
Frame/MTU is the packet size, set by jumbo mtu.
Description is set by the description (cfg-vlan) command.
Use the show vlan command to show details about a VLAN.
bstnA# show vlan summary
A channel is a group of aggregated Ethernet ports (IEEE 802.3ad). From cfg-channel mode, use the shutdown command to stop traffic on the current channel.
Use no shutdown to restart traffic on the channel.
no shutdown: link aggregation is enabled on a new channel by default.
If this channel is used as a redundant-pair link (see redundancy protocol (cfg-channel)) and redundancy is enabled (enable (cfg-redundancy)), this command causes the standby peer to reboot. The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with shutting down the link, you should establish a new one as soon as possible: use the redundancy protocol or redundancy protocol (cfg-channel) command on another port or channel to establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter yes to proceed with the interface shutdown and the reboot.
Use no shutdown to start traffic on the current port.
Use the shutdown command to stop the port.
The ARX-1500 and ARX-2500 allow only a single logical interface (port or channel) to carry any given VLAN. That is, any VLAN can only be assigned to one port or channel (interface gigabit, interface ten-gigabit, or channel). The CLI therefore prevents a no shutdown for any port on those chassis types if it carries a VLAN that is already assigned to an active channel or another active port. The CLI returns an error in this case, displaying the VLAN that has the conflict along with the active port(s) that already carry the VLAN. You can use show vlan n to see the port or channel that carries VLAN n.
If this interface is the only one used as a redundant-pair link (through redundancy protocol or redundancy (cfg-if-vlan)) and redundancy is enabled (enable (cfg-redundancy)), this command causes the standby peer to reboot. The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with shutting down the link, you should establish a new one as soon as possible: use the redundancy protocol or redundancy protocol (cfg-channel) command on another port or channel to establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter yes to proceed with the interface shutdown and the reboot.
Use no shutdown to start traffic on the current ten-gigabit port.
Use the shutdown command to stop the port.
The ARX-2500 allows only a single logical interface (port or channel) to carry any given VLAN. That is, any VLAN can only be assigned to one port or channel (interface gigabit, interface ten-gigabit, or channel). The CLI therefore prevents a no shutdown for any port on those chassis types if it carries a VLAN that is already assigned to an active channel or another active port. The CLI returns an error in this case, displaying the VLAN that has the conflict along with the active port(s) that already carry the VLAN. You can use show vlan n to see the port or channel that carries VLAN n.
If this interface is used as a redundant-pair link (see redundancy protocol) and redundancy is enabled (enable (cfg-redundancy)), this command causes the standby peer to reboot. The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with shutting down the link, you should establish a new one as soon as possible: use the redundancy protocol or redundancy protocol (cfg-channel) command on another port or channel to establish a new redundant-pair link.
The CLI prompts for confirmation before shutting down a redundant-pair link; enter yes to proceed with the interface shutdown and the reboot.
From cfg-stp mode, use the shutdown command to stop all spanning-tree processing.
Use no shutdown to restart spanning tree.
shutdown: spanning tree is disabled (along with switch forwarding; see below) by default.
Before you can run no shutdown to start spanning-tree processing, you must use the switch-forwarding enable command. This permits the ARX to forward packets from one client/server port to another. By default, the ARX behaves as an end station rather than a bridge. The switch-forwarding enable command runs no shutdown as a side-effect; conversely, no switch-forwarding enable runs shutdown as a side-effect.
bstnA(cfg-stp)# no shutdown
The Spanning-Tree Protocol (STP) creates a loop-free topology in bridged networks. Use the spanning-tree command to configure the spanning-tree parameters on the ARX.
Use the no form of this command to revert the spanning-tree parameters back to their defaults.
Before the ARX can use STP, you must use the switch-forwarding enable command. This permits the ARX to forward packets from one client/server port to another. By default, the ARX behaves as an end station rather than a bridge.
The spanning-tree command puts you into cfg-stp mode, where you must set the protocol (STP or Rapid STP) with the protocol (cfg-stp) command. There are several spanning-tree options you can set from cfg-stp mode, and there are some port-level options you can set from cfg-if-gig mode; see Related Commands, below.
The no form of the command resets all global parameters to their respective defaults. The global parameters are the protocol, bridge Priority, Hello Time, Max Age, and Forward Delay.
bstnA(cfg)# spanning-tree
bstnA(cfg)# no spanning-tree
IEEE 802.1D defines Port Cost as the relative cost to relay a frame to the root bridge. A lower cost is preferred. The port with the lowest cost is the root port for the ARX. Neighboring bridges compare the Port Costs of spanning-tree ports to designate one of them for their traffic. Use the spanning-tree cost command to set the Port Cost for the current port.
Use no spanning-tree cost to reset the Port Cost to the default.
port-cost (1-200,000) is the Port Cost.
This influences the election of a designated port by neighboring bridges. For installations with multiple ports on the same LAN segment, set the Port Cost lower for the fastest ports.
Use the spanning-tree priority command to set the Port Priority.
bstnA(cfg-if-gig[2/4])# spanning-tree cost 1
bstnA(cfg-if-gig[2/5])# no spanning-tree cost
Rapid Spanning Tree Protocol (RSTP) defines an Edge Port as a port that connects to only one other port, as opposed to several ports on a LAN segment. This applies to RSTP and MSTP configurations only. Use the spanning-tree edgeport command to declare that the current port is an Edge Port.
Use the no form to declare that the current port is not an Edge Port.
bstnA(cfg-if-gig[2/4])# spanning-tree edgeport
bstnA(cfg-if-gig[2/6])# no spanning-tree edgeport
IEEE 802.1D defines Port Priority as the relative priority between ports with equal Port Costs. Neighboring bridges compare the Port Costs of spanning-tree ports to designate one of them for their traffic; if two or more Port Costs are the same, the protocol uses the Port Priority to break the tie. A lower number represents a higher priority. Use the spanning-tree priority command to set the Port Priority for the current port.
Use no spanning-tree cost to reset the Port Priority to the default.
port-priority (0-240) is the Port Priority. 0 (zero) is the highest priority, 240 is the lowest.
This influences the election of a designated port by neighboring bridges. For installations with multiple ports on the same LAN segment, set the Port Priority higher (that is, to a lower number) for the ports that you want to be designated by their neighbors.
Use the spanning-tree cost command to set the Port Cost, which has a greater influence on the election of designated ports.
bstnA(cfg-if-gig[2/3])# spanning-tree priority 0
bstnA(cfg-if-gig[2/4])# no spanning-tree priority
Use no spanning-tree shutdown to put the current port back into the spanning tree.
Use the spanning-tree command to configure spanning-tree on the ARX.
The ARX must be allowed to forward packets (with the switch-forwarding enable command) before you can use this command to enable spanning tree.
bstnA(cfg-if-gig[2/3])# spanning-tree shutdown
bstnA(cfg-channel[1])# spanning-tree shutdown
bstnA(cfg-if-gig[2/3])# no spanning-tree shutdown
bstnA(cfg-if-ten-gig[2/2])# spanning-tree shutdown
From cfg-if-gig mode, use the speed command to set the speed, line-type, and duplex configuration on a specified gigabit port.
auto makes the port auto-negotiate with its peer.
100-tx-half is fast Ethernet, 100 megabits per second (mbps), half-duplex.
100-tx-full is fast Ethernet, 100 mbps, full duplex.
100-fx-full is fiber Ethernet, 100 mbps, full duplex.
1000-full is fiber or copper Ethernet, 1000 mbps, full duplex.
The speed must be set manually (not to auto) for the port to be a member of a channel (see the channel command).
bstnA(cfg-if-gig[2/5])# speed 100-fx-full
By default, the ARX does not forward packets between its client/server ports; it behaves as an end station instead of a MAC bridge. Use the switch-forwarding enable command to enable packet forwarding and start using the ARXs bridging features.
Use the no form of this command to stop all packet forwarding.
If switch forwarding is disabled, you cannot enable the spanning-tree protocol. When you enable switch forwarding with this command, spanning tree is enabled as a side-effect. Conversely, when you disable switch forwarding then spanning tree is disabled. The CLI warns you of these side-effects and prompts for confirmation; enter yes to proceed.
Use the show version command to see the current setting for this ARX.
bstnA(cfg)# switch-forwarding enable
bstnA(cfg)# no switch-forwarding enable
A port with VLAN tagging enabled adds the VLAN ID (VID) to outbound frames, and only accepts ingress packets that are specifically tagged for the current VLAN. This is required to support multiple external VLANs. Use the tag command to add a single tag-enabled port or a range of tag-enabled ports to the current VLAN.
Use the no form of this command to disable tagging on a port(s).
tag slot/port [to slot/port ]
no tag slot/port [to slot/port ]
slot/port (2/1-14 on ARX-4000; 1/1-4 or 2/1-2 on ARX-2500; 1/1-12 on ARX-2000; 1/1-8 on ARX-1500) is a single port or the first port in a range of ports.
to slot/port (optional) is the last port in a range of ports. You cannot use this option on the ARX-2500 or ARX-1500, which allow only a single port to carry each VLAN.
Use the show interface summary command to locate all slots and ports.
Use the members (cfg-vlan) command to add ports with tagging disabled.
A port can be a member of multiple VLANs, as long as each port is tagged for the VLANs. Use vlan to go into cfg-vlan mode for a VLAN, then use tag slot/port ... to tag some ports for that VLAN. You can repeat this for multiple VLANs, tagging the same set of ports for each.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this command to tag a port with a particular VLAN ID, you cannot tag any other port or channel with the same VLAN ID. This includes VLAN 1; if multiple channels or ports default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
In the following circumstances, the no tag command causes the backup ARX peer to reboot:
the interface vlan command establishes an in-band (VLAN) management address for this VLAN,
the redundancy (cfg-if-vlan) command establishes the above management address as the local end of the redundancy link,
redundancy is active between the ARX peers, and
the no tag command is removing the last port(s) from the VLAN.
bstnA(cfg-vlan[1])# tag 2/3 to 2/5
From cfg-channel mode, use the no trap shutdown command to activate SNMP traps for the current channel.
Use the affirmative form, trap shutdown, to stop issuing traps.
bstnA(cfg-channel[1])# no trap shutdown
A Virtual Bridged Local Area Network (VLAN) is a group of physically-separated MAC addresses that appear as a single LAN segment. Devices on the same VLAN appear to be physically co-located even though some of the devices may be on different floors or different buildings. VLAN membership is often driven by human factors like departmental membership in a company. A VLAN often carries a single IP subnet. Use the vlan command to begin configuring a VLAN.
Use the no form of the command to remove a VLAN configuration.
vlan vlan-id
no vlan vlan-id
vlan-id (1-4009) is an ID you choose for the VLAN. If the VLAN is already configured, this command edits its configuration.
another VLAN to carry private IP traffic amongst the internal processes of the ARX.
a third VLAN to carry metalog IP traffic amongst the internal processes of the ARX.
any except ARX-VE
This command puts you into cfg-vlan mode, where you must configure at least one member port with either the members (cfg-vlan) command or the tag command. You can edit the ingress options for the VLAN members through some cfg-if-gig commands. See Related Commands, below, for a complete list of CLI options.
bstnA(cfg)# no vlan 18
From cfg-channel mode, use the vlan command to change the VLAN for the current channel.
Use no vlan to revert the current channel to the default VLAN.
vlan vlan-id
no vlan vlan-id
vlan-id (1-4095) identifies the VLAN to add or remove.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this command to assign a VLAN to the current channel, you cannot assign the same VLAN to any other port or channel. This includes VLAN 1; if multiple channels or ports default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).
A channel with VLAN tagging enabled adds a VLAN ID to every outgoing frame. Use the vlan-tag command to enable VLAN tagging for the current channel. If VLAN tagging is disabled for the channel, the channel can belong to only one VLAN.
Use no vlan-tag to remove a tagged VLAN.
vlan-tag vlan-id
no vlan-tag vlan-id
vlan-id (1-4095) identifies the VLAN to add or remove.
A channel with VLAN tagging enabled adds a VLAN ID to every outgoing frame. Repeat this command with different VLAN IDs to carry multiple VLANs on the channel. Once you tag the channel for one or more VLANs, it only accepts ingress frames that are explicitly tagged for one of the VLANs.
If you remove the last VLAN with the no form of this command, tagging is disabled for the channel and the channel is assigned to VLAN 1.
On the ARX-1500 and the ARX-2500, only a single port (interface gigabit or interface ten-gigabit) or channel can carry any given VLAN. That is, if you use this command to tag a channel with a particular VLAN ID, you cannot tag any other port or channel with the same VLAN ID. This includes VLAN 1; if multiple channels or ports default to VLAN 1, all but one of them must be disabled (with shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), or shutdown (cfg-channel)).