Manual Chapter : Layer 3 Network Layer

Applies To:

Show Versions Show Versions

ARX

  • 6.3.0
Manual Chapter
10 
arp ip-address mac-address [vlan vlan-id]
no arp ip-address
ip-address (for example, 10.125.16.3) is the IP address.
mac-address (for example, 12:34:56:78:9a:bc) is the MAC address you are statically mapping to the ip-address.
vlan vlan-id (optional; 0-4096) applies the mapping to a single VLAN.
Use the show arp command to show all ARP-table entries. Use the clear arp command to clear all dynamic-ARP entries, learned from neighboring equipment.
bstnA(cfg)# arp 192.168.25.38 11:54:d6:2a:95:f2
bstnA(cfg)# arp 10.1.1.159 11:df:45:b3:95:36 vlan 4
bstnA(cfg)# no arp 172.16.209.55
The Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses in an ARP table. Each processor in the ARX has its own ARP table. Use the arp gratuitous command to issue gratuitous ARP entries for a single IP address or all IP addresses on the switch (including virtual IP addresses (VIPs), management IP addresses (MIPs), and proxy IP addresses (XIPs)).
arp gratuitous {ip-address | yes}
ip-address (0.0.0.0. to 255.255.255.255) is the IP address for which you want to add a gratuitous ARP entry. If there is an error, the system displays the error message on the CLI console.
yes specifies to add gratuitous ARP entries for all IP addresses owned by the switch. If there is an error, the system logs the error message (failed GARP) in the syslog.
If you do not enter an IP address or yes at the end of this command, the switch sends a gratuitous ARP for all of its publicly-visible IP addresses (such as VIPs). Before sending all of this traffic, the CLI prompts for confirmation: enter yes to proceed.
Use the show arp command to show all ARP-table entries. Use the clear arp command to clear all dynamic-ARP entries, learned from neighboring equipment.
bstnA# arp gratuitous 192.168.25.38
bstnA# arp gratuitous
bstnA# arp gratuitous yes
The Address-Resolution Protocol (ARP) maps IP addresses to MAC addresses in an ARP table. ARP-table entries are either learned from neighbors (dynamic), set through the CLI (static), or set by internal software (local). Use the clear arp command to clear all dynamic entries form the ARP table.
clear arp [from slot.processor]
from slot.processor (optional) specifies one module processor. This option is not supported on the ARX-1500, ARX-2500, or ARX-VE. Each network-connected processor (the ones behind the client/server ports and the one behind the MGMT port) has its own ARP table.
slot (1-2 for an ARX-4000;1 for all others) is the slot number.
processor is the processor number. Use the show processors command to show all processors and their associated slot.processor IDs.
Use the show arp command to show all ARP-table entries. Use the arp command to create a static-ARP entry.
bstnA# clear arp
bstnA# clear arp from 2.2
Administrators can log into the CLI or GUI through the out-of-band (OOB) management interface. Port 1/1 is used as the OOB management interface on the ARX-1500 and ARX-2500. The show interface mgmt stats command shows packet counters for this management interface. On the ARX-1500 or the ARX-2500, you can use the clear counters mgmt command to reset these counters to 0 (zero).
Use the show interface mgmt stats command to show all ingress and egress counters for the out-of-band management interface.
The ARX-1500 and the ARX-2500 can operate without using port 1/1 as an out-of-band management interface; you can use the no interface mgmt command to designate port 1/1 for client/server traffic instead of management traffic. If the port is not used for out-of-band management statistics, this command is unnecessary. You can use the show interface mgmt command (with or without the stats option) to confirm that port 1/1 is designated as an out-of-band management interface.
stoweA# clear counters mgmt
You can configure one in-band management interface per VLAN. From cfg-if-vlan mode, use the optional description command to create a descriptive string for an in-band-management interface.
Use the no form of the command to delete the interface description.
text (up to 128 characters) is your description. Surround the text with quotation marks () if it contains any spaces.
bstnA(cfg-if-vlan[1])# description management for vlan 1
Use the no form of the command to delete the interface description.
text (up to 128 characters) is your description. Surround the text with quotation marks () if it contains any spaces.
any except ARX-VE
bstnA(cfg-mgmt)# description oob management
On an ARX-1500 or ARX-2500, you can use no interface mgmt to stop using port 1/1 for out-of-band management. You can then use other commands to use the port for client/server traffic.
any except ARX-VE
This command puts you into cfg-mgmt mode, where you can set several configuration parameters for the management interface. Use the ip address (cfg-mgmt) command to change the IP address. Use the description (cfg-mgmt) command to set an optional description for the interface, for show commands. Use the shutdown (cfg-mgmt) command to shut down the interface.
You cannot use no interface mgmt if you are logged into the CLI through the out-of-band management interface; this would abruptly end your CLI session. The CLI also prevents no interface mgmt if the ARX has redundancy configured; on many platforms, this interface is used for important redundancy-related traffic.
On the ARX-1500 and ARX-2500, port 1/1 is set up as the out-of-band management interface by default. For installations with no separate management subnet, you can use the no interface mgmt command to stop using port 1/1 for out-of-band management. You can then edit the port as a standard client/server interface with the interface gigabit 1/1 command.
bstnA(cfg)# interface mgmt
You can configure one in-band management interface per supported VLAN. Use the interface vlan command to begin configuring the management interface for a VLAN.
Use the no form to remove the in-band-management interface for a VLAN.
vlan-id (1-4096) identifies the VLAN. Use the show vlan summary command for a list of all configured VLANs.
This command puts you into cfg-if-vlan mode, where you can set several configuration parameters for the in-band management interface. Use the ip address (cfg-if-vlan) command to set the IP address. Use the description (cfg-if-vlan) command to set an optional description for the interface, for show commands. Use the shutdown (cfg-if-vlan) command to shut down the interface.
You can re-use this interface as a connection to the switchs redundant peer and/or to multiple switches on the same RON. The redundancy (cfg-if-vlan) command makes the interface eligible for the initial rendezvous with a redundant peer; this command is required for the ARX-1500 and ARX-2500, which use this layer-3 connection for exchanging heartbeats and metalog data. The ron tunnel command enters a sub-mode for configuring a RON tunnel to another ARX.
bstnA(cfg)# interface vlan 9
Use the no form of this command to remove the IP address and disable the interface.
Important: In a redundant pair of ARXes, the network software uses an in-band (VLAN) management address as a home address for its communication with the quorum-disk. Without an in-band-management address and an ip route to the quorum disk, a failover is impossible. Additionally, any ron tunnels that use this address will fail if you remove it; a shadow-copy-rule depends on RON tunnels to communicate with other ARXes in the network. Use the no form of the command only on the advice of F5 Support.
ip address address mask
address is the IP address you choose for the VLAN-management interface (for example, 192.168.108.223).
mask defines the network part of the address (for example, 255.255.255.0).
bstnA(cfg-if-vlan[9])# ip address 192.168.25.28 255.255.255.0
Use the no form of this command to remove the IP address and disable the interface.
ip address address mask
address is the IP address you choose for the management interface (for example, 10.1.1.10).
mask defines the network part of the address (for example, 255.255.255.0).
any except ARX-VE
This address must belong to a management network that is entirely distinct from any client subnet (established with virtual server) or the proxy-IP subnet (created by ip proxy-address). The MGMT interface uses a separate IP-routing table; use the ip route ... mgmt command to specify a default route (or any other static route) for the out-of-band management network.
bstnA(cfg-mgmt)# ip address 10.1.1.7 255.255.255.0
bstnA(cfg-mgmt)# no ip address
You can create an optional search list of domain names for the ARX to use in its DNS lookups. Whenever the switch needs to perform a DNS lookup for a hostname (for example, fs5), it appends a domain name (for example, mycompany.com) and tries a DNS lookup; on failure, it appends the next domain name in the list; and so on. Use the ip domain-list command to add one domain name to the search list.
Use the no form of this command to remove a domain name from the search list.
name (1-255 characters) is a name for one local domain (for example, myorg.org).
To identify a DNS server, use the ip name-server command. Use the show ip domain command to view the current DNS-lookup configuration.
bstnA(cfg)# ip domain-list estorage.com
bstnA(cfg)# ip domain-list enet.com
bstnA(cfg)# no ip domain-list enet.com
Use the no form of this command to remove a DNS server from the list.
ip name-server ip-address
ip-address identifies a DNS server (for example, 172.16.98.36). This address must be on the server/proxy-IP subnet (see ip proxy-address) or reachable through a static route (see ip route).
Use the show ip domain command to view the current DNS-lookup configuration.
bstnA(cfg)# ip name-server 192.168.25.201
bstnA(cfg)# no ip name-server 192.168.25.212
Every NSM processor requires a proxy IP address to communicate with back-end devices. Use the ip proxy-address command to add a range of proxy IPs.
Use the no form of the command to remove a range of unused proxy-IP addresses.
ip proxy-address address mask [vlan vlan-id] [count number] [processor slot.proc]
address is the starting IP address for a range of proxy IPs (for example, 192.168.25.0).
mask is the subnet mask (for example, 255.255.255.0).
vlan vlan-id (optional, 1-65535) is the VLAN for this subnet, if there is one. Use show vlan summary for a complete list of configured VLANs.
count number (optional, 1-64) is the number of contiguous IP addresses to assign to the proxy pool.
slot.proc (optional: for example, 1.4) assigns the proxy-IP address to a particular NSM processor. You can only use this option if you specify a single IP.
vlan-id defaults to VLAN 1.
number defaults to 1.
Be sure to assign the correct proxy-IP addresses the first time. Once the proxy IP is assigned to an NSM processor, it is difficult to change. To change an assigned proxy IP, you must save your configuration (with the priv-exec copy startup-config command), remove it from the switch (delete startup-config), reboot (reload), edit the saved configuration with the correct proxy-IP addresses, and replay it (that is, copy it and paste it into the CLI). The CLI prompts for confirmation before making any change to the proxy-IP addresses; please examine your proxy-IP change carefully before you enter yes to proceed.
bstnA(cfg)# ip proxy-address 192.168.25.31 255.255.255.0 vlan 25 count 4
bstnA(cfg)# ip proxy-address 192.168.25.141 255.255.255.0 vlan 25 count 8
Use the ip route command to configure a static IP route.
Use the no form of this command to remove a static route.
ip route ip-subnet ip-mask gateway [distance] [mgmt]
no ip route ip-subnet ip-mask gateway [distance] [mgmt]
ip-subnet is the IP address of a remote subnet (for example, 172.16.151.0).
ip-mask defines the network part of the subnet (for example, 255.255.255.0).
gateway identifies the gateway to the subnet (for example, 192.168.25.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes to the same subnet, the route with the lowest distance is used.
mgmt (optional) is a flag that adds the route to a separate routing table for the out-of-band management network. This option is not available on the ARX-VE, which does not have a separate out-of-band management interface. Also, the option does not apply to any ARX-1500 or an ARX-2500 where port 1/1 is being used for client/server traffic.
distance - 128
Configure a static route for every IP subnet with clients or servers that is outside any client subnet (defined by the virtual server command) or the proxy-IP subnet (see ip proxy-address). For a remote client subnet, the next-hop gateway must be in the subnet where their VIP resides. Similarly, a route to a remote server network must go through the proxy-IP subnet.
If the ARX has a redundant peer, you can use the critical route command to designate that a route is critical. If a critical route fails, the ARX may fail over to its peer.
Use the show ip route command to list all static routes, including the routes in the separate table for management routes.
bstnA(cfg)# ip route 172.16.231.0 255.255.255.0 192.168.25.1
bstnA(cfg)# ip route 172.16.231.0 255.255.255.0 192.168.25.2 255
bstnA(cfg)# ip route 10.16.10.0 255.255.255.0 10.1.1.1 mgmt
bstnA(cfg)# no ip route 10.16.165.0 255.255.255.0 10.1.1.1 mgmt
Some installations have a firewall between the ARX and its clients, and require VIPs on multiple client VLANs. In those situations, the ARXs single default route (created with the ip route command) causes the ARX to send all response packets over the default routes VLAN. If that VLAN is not the same as the VIPs VLAN, the firewall may drop the response packet. For example, if there are VIPs on each of VLANs A, B, and C, the single default route can only go over one of those VLANs (for example, VLAN A). Clients from the other VLANs (B and C) would send requests to those VLANs and get responses from VLAN A. If the firewall is connected to each VLAN through different interfaces, the response packet arrives on a different interface than the request packet. A firewall drops such packets, with different source and destination interfaces. To solve this specific problem, on the advice of F5 Support, you can use the ip route ... per-vlan command to make a separate default route for each client VLAN.
Use the no form of this command to remove a VLAN-specific-default route.
ip route 0.0.0.0 0.0.0.0 gateway [distance] per-vlan vlan-id
no ip route 0.0.0.0 0.0.0.0 gateway [distance] per-vlan vlan-id
0.0.0.0 0.0.0.0 is the IP subnet and mask for a default route. You cannot define a subnet-specific route on a per-VLAN basis.
gateway identifies the gateway to use for this VLAN (for example, 192.168.30.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes to the same subnet, the route with the lowest distance is used.
per-vlan vlan-id (0-4096) identifies the VLAN for this default route. You must choose a VLAN that is already defined on the ARX; use show vlan summary for a list of defined VLANs, and use vlan to define a new one.
distance - 128
Use this command only on the advice of F5 Support. A standard ip route has some features (listed below) that are not supported for the per-VLAN route.
This command is not available on the ARX-1500 or ARX-2500. The ip route ... source-ip command performs a similar function for those platforms.
You cannot designate a per-VLAN route as a critical route, as you can with a standard IP route. If you lose connectivity to the gateway, the ARX does not fail over to its peer (which may have a better connection).
Unlike a standard default route, you are limited to a single gateway for each VLAN. For a standard default route, you can enter multiple ip route commands with different gateways and different values for distance. The ARX attempts to reach the gateway with the lowest distance value and tries a higher-distance gateway if the first is unreachable. This form of the command does not support a distance value, so you cannot establish redundant gateways for the VLANs default route.
bstnA(cfg)# ip route 0.0.0.0 0.0.0.0 192.168.76.1 1 per-vlan 38
prtlndB(cfg)# no ip route 0.0.0.0 0.0.0.0 per-vlan 99
Some installations have a firewall between the ARX and its clients, and require VIPs on multiple client VLANs. In those situations, the ARXs single default route (created with the ip route command) causes the ARX to send all response packets over the default routes VLAN. If that VLAN is not the same as the VIPs VLAN, the firewall may drop the response packet. For example, if there are VIPs on each of VLANs A, B, and C, the single default route can only go over one of those VLANs (for example, VLAN A). Clients from the other VLANs (B and C) would send requests to those VLANs and get responses from VLAN A. If the firewall is connected to each VLAN through different interfaces, the response packet arrives on a different interface than the request packet. A firewall drops such packets, with different source and destination interfaces. To solve this specific problem on an ARX-1500 or ARX-2500, you can use the ip route ... source-ip command to make a separate default route for each VIP; any packet received at the VIP uses this default route with the same VIP as its source IP.
Use the no form of this command to remove a VIP-specific-default route.
ip route 0.0.0.0 0.0.0.0 gateway [distance] source-ip vip
no ip route 0.0.0.0 0.0.0.0 [gateway] [distance] source-ip vip
0.0.0.0 0.0.0.0 is the IP subnet and mask for a default route. You cannot define a subnet-specific route on a per-VIP basis.
gateway identifies the gateway to use for this route (for example, 192.168.30.1).
distance (optional; 1-255) is an arbitrary distance metric; if you configure two routes to the same subnet, the route with the lowest distance is used.
source-ip vip identifies the VIP for this default route. You must choose a VIP that is already defined on the ARX; use show global server for a list of defined VIPs, and use the virtual server command to define a new one.
distance - 128
This command only functions on the ARX-1500 or ARX-2500. The ip route ... per-vlan command performs a similar function on all other platforms.
canbyA(cfg)# ip route 0.0.0.0 0.0.0.0 192.168.121.1 1 source-ip 192.168.121.76
stoweA(cfg)# no ip route 0.0.0.0 0.0.0.0 192.168.90.1 source-ip 192.168.90.29
Use the no form of this command to disconnect from an NTP server.
ntp server ip-address [version {3 | 4}]
no ntp server ip-address
ip-address (1-128 characters) identifies the external NTP server by its IP address.
version {3 | 4} (optional) is the NTP version to use, NTPv3 or SNTPv4.
version - 4 (SNTPv4)
Use show ntp servers to see the current NTP configuration. Use show clock to see the current time/date setting on the ARX.
You can set the internal clock manually with the clock set command. If this setting conflicts with NTP-server time, the NTP time overrides the manual setting.
bstnA(cfg)# ntp server 192.168.25.201
bstnA(cfg)# ntp server 192.168.25.202 version 3
You can connect two identical ARXes as a redundant pair. To initially join, or rendezvous, each switch communicates over one of its management interfaces. This command makes it possible to use the current in-band (VLAN) management interface as the rendezvous interface.
An ARX-1500 or ARX-2500 also use this type of management interface as one end of a redundant-pair link. They use this link to exchange heartbeat messages and metalog data.
Use the no form to disallow the current interface from being used for a redundant-pair rendezvous.
any except ARX-VE
When redundancy is enabled and the ARX-1500 or ARX-2500 is using this interface as a redundant-pair link, the cfg-if-vlan no redundancy command causes the backup peer to reboot. The reboot does not disrupt any storage services, but the ARX peers cannot function as a redundant pair while the link is shut down. Additionally, a quorum-disk failure or disconnection would cause the active peer to reboot, too. If you proceed with removing the link, you should establish a new one as soon as possible: use the redundancy protocol, redundancy protocol (cfg-channel), or this command on another port, channel, or VLAN interface to establish a new redundant-pair link.
show arp from slot.processor [type {dynamic | static | local}]
all (optional) specifies all entries on the switch.
from slot.processor (optional) focuses on the ARP table at one processor. This option is not supported on the ARX-1500, ARX-2500, or ARX-VE:
slot (1-2 for ARX-4000; 1 for all others) is the slot number.
processor is the processor number. Use the show processors command to show all processors on the ARX, along with their associated module name(s) and status.
type {dynamic | static | local} (optional, if you use the from clause) selects one type of ARP-table entry, based on how the entry was learned. You must choose one of the following:
dynamic - learned from neighboring equipment.
static - specified by the arp command.
local - set internally by the switch.
Proc is the processor (in slot.processor format). This only appears if you use an option, all or from, on a platform other than the ARX-1500, ARX-2500, or ARX-VE.
MAC Address are mapped together. If the MAC address is all zeros, the ARX could not find the IP address through ARP; likely the IP address does not exist in this case.
VLAN is the VLAN where the IP address was learned or specified.
dynamic if the entry was learned from neighboring equipment,
static if the entry was specified by the arp command, or
local if the entry is defined by the switch software.
The summary output (from show arp, without any additional arguments) shows only dynamic-ARP entries.
Age (sec) is the time the entry has been in the ARP table, shown in seconds.
Use the arp command to create a static ARP entry. Use the clear arp command to clear all dynamic-ARP entries.
bstnA(cfg)# show arp
bstnA(cfg)# show arp all
bstnA(cfg)# show arp from 1.1
bstnA(cfg)# show arp from 1.1 type local
See Figure 10.5 on page 10-32 for sample output on the ARX-2000.
bstnA(cfg)# show arp
bstnA(cfg)# show arp all
bstnA(cfg)# show arp from 1.1
bstnA(cfg)# show arp from 1.1 type local
prtlndA(cfg)# show arp all
prtlndA(cfg)# show arp from 1.1
prtlndA(cfg)# show arp from 1.1 type dynamic
Use the show interface command to show the full configuration for all interfaces. Use show interface summary to see a single status line for each interface.
summary (optional) reduces the output to a one-line summary for each interface.
The default command, show interface, displays all interface configurations. The output is the same for each individual show command: show interface mgmt, show interface gigabit, show interface vlan, and show ron.
The show interface summary command shows the following fields for each interface:
Type is mgmt (the out-of-band MGMT interface, if it exists on this chassis), gbe (GigaBit Ethernet, an external port), or 10gbe (ten-Gigabit Ethernet, a faster external port on the ARX-4000).
Slot/Port shows the location of the interface. An asterisk (*) indicates that the interface is used as a redundant-pair link.
Admin State is Enabled or Disabled (also called shut down), as set by the administrator. To change this, use [no] shutdown in the interfaces configuration mode: see shutdown (cfg-if-gig), shutdown (cfg-if-ten-gig), shutdown (cfg-mgmt), shutdown (cfg-if-vlan), or shutdown (cfg-if-vlan-ron-tnl). If the interface is a member of a channel, its administrative state is controlled by its channel: therefore, this shows Ch n, where n is the channel number. You can use show channel to see the administrative state of a channel.
Link Status is the actual state of the interface (up or down).
Speed and
Duplex are both set by the speed (cfg-if-gig) command.
Description is set by the description command in the interfaces config mode: description (cfg-mgmt) for fe, description (cfg-if-gig) for gbe, or description (cfg-if-ten-gig) for 10gbe.
bstnA> show interface
prtlndA> show interface summary
canbyA> show interface summary
bstnA> show interface
prtlndA> show interface summary
canbyA> show interface summary
Administrators can log into the CLI or GUI through the out-of-band management interface, typically labeled MGMT. Use the show interface mgmt command to show the configuration and status of the out-of-band management interface.
stats (optional) displays statistics for the interface.
any except ARX-VE
Slot is always 1, and
Interface is also always 1. The 1/1 interface is the MGMT interface for all platforms.
Description is an optional description, set by the description (cfg-mgmt) command.
Admin Status shows whether or not the interface is administratively enabled. You can disable (or restart) this interface with the shutdown (cfg-mgmt) command.
Link Status is the actual state of the interface (up or down).
Duplex, and
Auto Negotiation are all set by the speed (cfg-mgmt) command.
MAC Address is the MAC for the MGMT interface.
MTU Size shows the Maximum Transmission Unit, or maximum packet size, for this interface.
Subnet Mask define the management address and subnet. You can set these with the ip address (cfg-mgmt) command.
The stats output is a table of counters, separated into Ingress and Egress counts. These counts restart when the ARX reboots; use the reload command to reboot the ARX. On an ARX-1500 or an ARX-2500, you can use the clear counters mgmt command to clear the stats, without performing a full reboot.
Use the show interface vlan command to list all of the VLAN-based in-band management interfaces.
bstnA# show interface mgmt
bstnA# show interface mgmt stats
bstnA# show interface mgmt
bstnA# show interface mgmt stats
Vlan is the VLAN ID for the interface.
Admin shows whether or not the interface is administratively enabled. You can disable (or restart) an in-band-management interface with the shutdown (cfg-if-vlan) command.
Subnet Mask define the management address and subnet. You can set these with the ip address (cfg-if-vlan) command.
Description is an optional description, set by the description (cfg-if-vlan) command.
Use the show interface mgmt command to show the configuration for the single out-of-band management interface.
bstnA(cfg)# show interface vlan
bstnA(cfg)# show interface vlan
Use the show ip address command to show configuration details for a Proxy IP, private IP, VIP, or some other IP address on the ARX.
ip-address is the desired IP address (for example, 192.168.25.56).
Slot ID shows the location of the module that processes all packets for the address.
Processor is the network processor that serves the address. Every IP address is assigned to a single network processor. Use the show processors command to show all processors.
Type is any of the following:
External is an IP address not owned by the switch, for example, the IP address of a router or a back-end filer.
Proxy is a proxy-IP address. Use the show ip proxy-addresses command to show all proxy IPs.
VIP is a virtual-IP address. Use the show virtual service command to show all Virtual IPs.
management is the out-of-band-management interface. Use the show interface mgmt command to show this interface.
VLAN is an in-band (VLAN-based) management interface. Use the show interface vlan command to list these interfaces.
MAC Address is the MAC for the IP.
VLAN ID is the VLAN for IPs subnet.
prtlndA(cfg)# show ip address 192.168.74.91
Domain List is analogous to the search list in resolv.conf. To edit this, use the ip domain-list command.
Name Servers is analogous to the nameserver list in resolv.conf. To edit this, use the ip name-server command.
bstnA(cfg)# show ip domain
Every network processor on the ARX has a proxy IP address, used as a home address for communication with filers and servers on the back end. Use the show ip proxy-addresses command to show all configured proxy IPs.
Proxy Address is the IP address.
VLAN is the VLAN where the proxy IP resides.
MAC Address is the layer-2-MAC address for the proxy IP.
Owner is the chassis where the proxy IP was configured. This is relevant in a redundant-switch configuration.
In Use By is the chassis that is currently using the proxy IP. In a redundancy failover, the surviving chassis assumes all proxy IPs from the failed chassis.
Proc identifies the network processor that is using the proxy IP, in slot.processor format.
Use the ip proxy-address command to add a range of proxy-IP addresses.
bstnA# show ip proxy-addresses
See Figure 10.12 on page 10-47 for sample output from a non-redundant peer.
prtlndA# show ip proxy-addresses
See Figure 10.12 on page 10-47 for sample output from a redundant peer.
bstnA# show ip proxy-addresses
prtlndA# show ip proxy-addresses
Use the show ip route command to show the active and static routes on the switch.
show ip route [all | from slot.processor | monitor]
all (optional) specifies all routes on the switch.
from slot.processor (optional) specifies routes from one network processor. This option is not supported on the ARX-1500, ARX-2500, or ARX-VE:
slot (1-2 on an ARX-4000, 1 on any other platform) is the slot number, and
processor is the processor number. Use the show processors command to show a complete list of processors.
monitor (optional) shows the status of the next-hop gateway, and how the ARX is using it.
Every network processor on the ARX has its own IP-routing table. (In addition to the processors behind the client/server Ethernet ports, this includes processor 1.1 because it connects to the out-of-band network.) The show ip route all command shows the routing tables for all processors. Many routes are common to all processors; duplicate routes are removed from the summary command, show ip route.
Use the ip route command to create a static route.
All versions of this command except show ip route monitor have the following fields:
Proc is the number of the module processor with the static route, in slot.processor format. This only appears if you use an option, all or from, on a platform other than the ARX-1500, ARX-2500, or ARX-VE. Each processor has a separate routing table. Use the show processors command to show a complete list of processors and their slots.
Destination/Mask defines the subnet for a route in CIDR format.
Gateway is the next-hop router for the route.
Cost is the relative cost of this route, weighed against any other routes to the same destination. A lower-cost metric is preferred.
Interface is the interface or VLAN that carries packets to this subnet. Mgmt is the out-of-band management interface, labeled MGMT on the front panel.
Age is the time (in seconds) that the ARX has been in continuous contact with the Gateway. The ARX uses periodic ARP requests to monitor the gateway while the route is active; the route is declared Offline if it fails to respond to ARPs. Direct means that the route is directly-connected to the interface. Unacquired applies to a per-VLAN-default route (created with ip route ... per-vlan), where the gateway has not yet responded to ARP requests. Static means that the per-VLAN route has responded to an ARP request and is evidently reachable.
The show ip route monitor command has similar output to show ip route, but it focuses on the status of the connections. It contains the following fields:
Destination/Mask defines the subnet for a route in CIDR format.
Type is the general destination for the route. This is either VLAN (indicating a client/server VLAN) or Mgmt (the out-of-band management subnet). Mgmt routes are created with a special flag in the ip route command.
Gateway is the next-hop router for the route.
Cost is the relative cost of this route, weighed against any other routes to the same destination. A lower-cost metric is preferred.
Details indicate whether or not this route is in use. If it is, this indicates how the switch uses the next-hop gateway. If not, it indicates the problem. Here are the possible conditions in this field:
Up/Current Gateway indicates that the switch uses this route (as opposed to another static route to the same subnet).
VLAN/Current Gateway applies to a per-VLAN-default route, created with the ip route ... per-vlan variant of the ip route command. This indicates that VLAN-default route is configured.
Up/Backup Gateway is a gateway that is available to reach the subnet, but is not being used because some other, preferred gateway is being used instead. Another route should be in the same output with the same Destination/Mask, a different Gateway, and Status/Details of Up/Current Gateway. If this subnets Current Gateway stops responding to ARP packets, this route is a candidate to take its place.
Down/No Reply shows that the gateway is reachable through layer 2 and ICMP, but is not replying to IP packets.
Down/Unreachable says that the gateway is not on a reachable subnet. Use ip route to reset the gateway. A gateway to file servers must be on the same subnet as the proxy-IP addresses (show ip proxy-addresses shows all such addresses), a gateway to clients must be on the same subnet as the clients VIP (use show virtual service for a list of all VIPs), and a gateway to stations in the out-of-band (OOB) management network must be in the same subnet as the OOB management address (show interface mgmt).
bstnA> show ip route
bstnA> show ip route monitor
bstnA> show ip route all
bstnA> show ip route from 2.1
bstnA> show ip route
bstnA> show ip route monitor
bstnA> show ip route all
bstnA> show ip route from 2.1
prtlndA> show ip route
prtlndA> show ip route monitor
prtlndA> show ip route all
prtlndA> show ip route from 1.1
Use the show ntp servers command to display all configured NTP servers.
Use the ntp server command to add an NTP server to the list. Use the show clock command to verify that the switch is getting the correct time from the NTP server(s).
bstnA(cfg)# show ntp servers
Use the show ntp status command to display operational status for each configured NTP server.
(tally code) - the one-character tally code, representing the servers current status (see Table 10.1, Tally Codes, on page 57),
remote - the remote NTP servers hostname or IP address,
refid - the IP address or hostname of the servers reference clock (another NTP server; 0.0.0.0 if unknown),
st - the stratum of the server (1-16, where 1 is ideal, 15 is worst, and 16 means unusable),
t - the type of the NTP server (local, unicast, multicast, or broadcast) when the last packet was received,
when - the time of the last received packet,
poll - the number of seconds between polls,
reach - the reachability register, in octal,
delay - the interval (in milliseconds) to be added to requests that require authentication,
offset - the number of milliseconds between the servers clock and the ARX clock, and
jitter - the estimated time error of the server clock, measured as an exponential average of RMS time differences.
Use the show ntp servers command to get a list of all configured NTP servers. Use the show clock command to verify that the switch is getting the correct time from the NTP server(s).
bstnA(cfg)# show ntp status
Table 10.1 Tally Codes
From cfg-if-vlan mode, use the shutdown command to shut down the in-band management interface for a VLAN.
Important: In a redundant pair of ARXes, the network software uses an in-band (VLAN) management address as a home address for its communication with the quorum-disk. Without an in-band-management address and an ip route to the quorum disk, a failover is impossible. If this interface has redundancy (cfg-if-vlan) enabled, the shutdown command causes the backup to reboot. Additionally, any ron tunnels that use this address will fail if you shut it down; a shadow-copy-rule depends on RON tunnels to communicate with other ARXes in the network.

Use the shutdown command only on the advice of F5 Support.
Use no shutdown to restart the management interface.
An ARX in a redundant pair has additional issues. A redundant ARX requires an in-band (VLAN) management interface on the same VLAN as its quorum disk. This is required so that the ARX can reach its quorum disk while in the backup role. Refer to the quorum-disk documentation for more details. If this interface has redundancy (cfg-if-vlan) enabled, the interface is even more vital to redundancy; in this case, a shutdown causes the backup ARX to reboot. Do not shut down this interface if this ARX has a quorum disk on the current VLAN or if the interface is used as the redundancy link.
From cfg-mgmt mode, use the shutdown command to shut down the out-of-band management interface.
Use no shutdown to restart the management interface.
no shutdown: the interface is enabled by default after you go through the initial-boot process.
any except ARX-VE
From cfg-mgmt mode, use the speed command to set the speed and duplex configuration on the fast Ethernet port for the switchs out-of-band (OOB) management interface.
auto is auto-negotiate (the default) 10/100 megabits-per-second (mbps), half/full duplex. Makes the port auto-negotiate with its peer. Use this setting to enable MDI/MDIX cross-over on the OOB-management port.
100-half is fast Ethernet, 100 mbps, half duplex.
100-full is fast Ethernet, 100 mbps, full duplex.
10-half is fast Ethernet, 10 mbps, half duplex.
10-full is fast Ethernet, 10 mbps, full duplex.
1000-full is Gigabit Ethernet, 1000 mbps, full duplex.
any except ARX-VE
bstnA(cfg)# interface mgmt
bstnA(cfg-mgmt)# speed 100-half
Use the wait-for ip-routes command to wait until all of your configured static routes are operational.
timeout (optional, 1-2096) is the timeout value in seconds.
timeout - none, wait indefinitely
After you have established one or more static routes with the ip route command, you can use the wait-for ip-routes command to wait for all of those routes to come online. This can be useful for CLI scripts, which you can copy onto the switch (with copy ftp, copy scp, copy {nfs|cifs}, or copy tftp), and run.
If you set a timeout and it expires before the last static route is up, the command exits with a warning. To interrupt the wait-for ip-routes command, press <Ctrl-C>. You can use the show ip route monitor command to see the current status of all static routes.
stkbrgA# wait-for ip-routes
stkbrgA# wait-for ip-routes timeout 30