Using the CLI on SteelConnect and SteelHead SD
This topic describes the SteelHead SD appliance and SteelConnect gateway command-line interface (CLI). It includes these sections:
Using the CLI on SteelHead SD appliances
The SteelHead SD CLI applies to SteelHead SD 570-SD, 770-SD, and 3070-SD appliances, and SteelConnect SDI-2030 and SDI-5030 gateways.
The SteelHead SD CLI provides:
• abbreviations for commands. For example, the abbreviation for show cluster_info could be show clust, or show clus, or show clu.
SteelHead SD commands are case sensitive.
• autocompletion of commands using the Tab key.
• a list of high-level commands and a short description when you enter a question mark (?) at the system prompt:
XN<serial-number>-CLI:>?
traceroute traceroute utility.
configure Commands to perform configuration.
show Show (get) info.
netstat Netstat utility.
clear Clear screen
dig Dig utility.
ping Ping utility.
reboot WARNING. Reboot the appliance. This will disrupt data traffic.
log Show system logs.
start_shell Starts unrestricted shell.
sysdump Generate and manage system dumps. Usage "sysdump -h"
date Show appliance current date and time
factory_reset WARNING. Reset the appliance to factory settings. This reboots the appliance and disrupts data traffic.
tcpdump Run tcpdump. Note. Max 1 file is stored with 10MB Max size. Kills previous existing tcpdump running command and del.
troubleshoot Troubleshoot related commands.
nslookup Nslookup utility.
• a list of high-level show commands and a short description when you enter show ? at the system prompt.
XN<serial-number>-CLI:>show
uplinks Show Uplink information
SCM_info Show SCM information if available on appliance
connections Show connection information
images Show all images currently created.
classicVPNInfo Show classicVPN tunnels configurations
keepalived_resources Show keepalived resources information
system_information Show system information
rvm_config Show RVM configuration
fib Show Routing Cache
mgmt_host_ip_map Show management host (i.e. SCM/Core) ip information
nodes Show all VM nodes currently running.
core_info Show Core information
tunnels Show Tunnel information
flows Show flows switch configuration.
portmap Show all physical and virtual interface map
ha_info Show HA information if configured
path Show path information
physical_ports_config Show current physical ports configuration if available
ports_config Show Control VM ports configuration if available
last_working_config Show last known network configuration able to connect to SCM
SCM_connectivity_state Show connectivity to SCM state if available on appliance
cluster_info Show Cluster information if configured
overlay_route Show Overlay Route information
For details on additional levels of commands, type the command followed by a question mark (?):
XN<serial-number>-CLI:>show system_information network ?
route Show routing info.
interfaces Show interface info.
DNS Show current configured DNS
• configuration commands for configuring static network uplinks and the core hostname when an appliance is offline from SCM:
XN<serial-number>-CLI:>configure core
NOTICE. This setting is applicable for appliances running in airgap mode. Please make appropriate changes to network and DNS to ensure connectivity before changing core host name. Usage "core --host <host name> [ --port <port>, default value is 443 ]"
XN<serial-number>-CLI:>configure network
NOTICE. Please make appropriate configuration changes for the same uplink on SCM before running this command on the appliance. Configure a static network uplink. Usage "network <physical interface> <ip/netmask> <gateway> [dns1,dns2,...]"
• a troubleshoot command for the controller virtual machine (CVM) and hypervisor. The troubleshooting tool runs on all uplink ports.
XN<serial-number>-CLI:>troubleshoot ?
hyp Run on hypervisor
run Run troubleshoot diagnostics on all interfaces.
export Export troubleshoot logs to USB.
logfile Give custom logfile name.
list Give custom logfile name.
• support for the dig, netstat, nslookup, ping, sysdump, traceroute, and tcpdump utilities.
Root shell (bash shell) access is available on SteelHead SD appliances and the SteelConnect SDI-2030 and SDI-5030 gateways using either the
start_shell command or a challenge/response process. For details on the challenge/response process, contact Riverbed Support at
https://support.riverbed.com.
Connecting to the SteelHead SD CLI
You can connect to the SteelHead SD CLI via a telnet session, reverse SSH tunnel, SSH, or using an active uplink primary IP address.
To connect to the SteelHead SD using reverse SSH tunnel in SCM
1. In SCM, choose Organization > SSH > Public SSH keys to add your public SSH keys.
2. Choose Appliances and select the SteelHead SD appliance. The page opens in the Live tab.
3. Scroll to Tunneled Shell Access and click Start Tunnel. SCM provides you with a string that you can use to log in to the appliance. For example:
ssh -o "UserKnownHostsFile=/dev/null" -o "ServerAliveInterval=30" -o "StrictHostKeyChecking=no" -o "ProxyCommand=nc -X connect -x abc-xyz.riverbed.cc:3903 %h %p" root@XN<serial-number>.abc-xyz.riverbed.cc
4. Paste the string in your terminal emulation program, such as PuTTY or Tera Term Pro. After you are connected you will see:
Warning: Permanently added 'xn<serial-number>.abc-xyz.riverbed.cc' (RSA) to the list of known hosts.
Last login: Fri May 10 21:29:16 2019 from 127.0.0.1
This appliance is managed by abc-xyz.riverbed.cc
Riverbed Technology, Inc. 2018. Auto-CLI
XN<serial-number>-CLI:>
To connect to the SteelHead SD CLI via telnet
1. Plug the serial cable into the console port and a terminal.
2. Start your terminal emulation program, such as PuTTY or Tera Term Pro. The terminal device must have these settings:
Baud rate: 9600 bps
Data bits: 8
Parity: none
Stop bits: 1
vt100 emulation
No flow control
3. Enter this command at the command prompt:
telnet <console-server-name> <port-connected-to-appliance>
[05/13 10:28:27] [LOG]: creating NBT::DB::ResourceTouchInfo(75)
[05/13 10:28:27] [LOG]: Created row with id 1146424 from table 'resource_touch_info'
Trying xx.xx.xxx.xx...
Connected to test.example.com.
Escape character is '^]'.
SteelOS Linux 7 (austenite)
Kernel 3.10.0-693.17.1.el7.x86_64 on an x86_64
xn<serial-number> login: admin <======== Telnet takes you directly to the appliance login prompt. Users should use admin as username.
Password:
Last login: Thu May 9 12:46:19 on ttyS0
This appliance is managed by steelconnect-cc.test.local
Riverbed Technology, Inc. 2018. Auto-CLI
XN<serial-number>-CLI:> <============= SteelHead SD appliance CLI.
To connect to the SteelHead SD CLI via a SSH
1. Start an SSH session. (for example: ssh admin@<SCM_IP_address>) and enter the password.
Using username "root".
root@xx.x.xx.xx's password:
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-116-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
110 packages can be updated.
0 updates are security updates.
Last login: Sat May 11 13:43:15 2019 from xx.x.xx.xxx
2. At the system prompt, as user root, connect via SSH to the SteelHead SD appliance primary IP address.
root@testbox:~# ssh root@xx.xx.x.xxx:
XN<serial-number>-CLI:>
You can view the appliance primary IP address in SCM under Appliances > Overview: IPs tab. (Any of the IP addresses can be used to log in to the appliance.)
challenge_shell
Clears the screen.
Syntax
clear
Example
XN<serial-number>-CLI:>clear
clear
Clears the screen.
Syntax
clear
Example
XN<serial-number>-CLI:>clear
configure core
Configures the core name, and optionally, the port. The default port is 443. This command should be run only when the appliance is in Airgap mode. Please make appropriate changes to network and DNS server to ensure connectivity before changing core host name.
You should apply the corresponding configuration on SCM first, even though appliance is offline, before running configure core command on the appliance.
Syntax
configure core [<host-name> | <port>]
Parameters
<host-name> | Name of the host. |
<port> | The port number. The default value is 443. |
Example
XN<serial-number>-CLI:>configure core saturn.example.net
configure network
Configures static network uplinks when you telnet to the appliance.
You must telnet to the appliance to run this command. You can only run this command if the appliance is not connected to SCM. Make the appropriate configuration changes for the same uplink on SCM before running this command on the appliance.
Syntax
configure network [<physical-interface> <ip> <netmask> <gateway> [dns1, dns2, ...]]
Parameters
<physical-interface> | Interface name: for example wan0_0. |
<ip> | Static IP address. |
<netmask> | Netmask address. |
gateway [<dns1>, <dns2>, ...] | Gateway address, and optionally, the DNS server. |
Usage
Allow a few minutes for the SCM to reflect connectivity. If connectivity is not established, check your IP configuration again or try running the troubleshoot utility from the console menu.
Example
XN<serial-number>-CLI:>configure network wan0_0 100.100.120.33/24 100.100.120.1 8.8.8.8
INFO:network:deleted key prefix: /Riverbed/DHCPInterface/knet5
Configuration successfully updated!
Please allow a few minutes for the SCM to reflect connectivity. If
connectivity is not established, check your IP configuration again or
try running troubleshoot from the console menu.
date
Displays the appliance’s current date and time.
Syntax
date
Example
XN<serial-number>-CLI:>date
Fri Feb 8 13:50:42 PST 2019
dig
The Domain Information Groper (dig) utility queries Domain Name System (DNS) servers.
Syntax
dig [options]
Parameters
[options] | The dig utility takes the standard Linux options. For detailed information, see the Linux manual (man) page. |
Example
XN<serial-number>-CLI:>dig riverbed.com +short
10.16.4.128
factory_reset
Resets the appliance to factory settings and reboots the appliance. This command disrupts data traffic.
Syntax
factory_reset
Example
XN<serial-number>-CLI:>factory_reset
log
Displays current system logs.
Syntax
log [show --params <regular journalctl parameters>] | [show_on_specific_system --system_ip <VM | Hyp IP> --params <regular journalctl parameters>”.
Parameters
[show --params <regular journalctl parameters>] | Displays system journal logs. |
[show_on_specific_system --system_ip <VM | Hyp IP> --params <regular journalctl parameters> | Displays system journal logs on a specified VM or hypervisor. |
Example
XN<serial-number>-CLI:>log
netstat
The network statistics (netstat) utility displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Syntax
netstat [options]
Parameters
[options] | The netstat utility takes the standard Linux options. For detailed information, see the Linux manual (man) page. |
Example
XN<serial-number>-CLI:>netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 1xx.0.0.x:6666 0.0.0.0:* LISTEN 1529/python
.
.
.
XN<serial-number>-CLI:>netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 knet7
.
.
.
nslookup
The name server lookup (nslookup) utility performs DNS lookups. It displays DNS details, such as the IP address, the MX records for a domain or the NS servers of a domain.
Syntax
nslookup [-option] [name | -] [server]
Parameters
[-options] [name] -] [server] | The nslookup utility takes the standard Linux options. For detailed information, see the Linux manual (man) page. |
Example
XN<serial-number>-CLI:>nslookup riverbed.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: riverbed.com
Address: 10.16.4.128
ping
The ping utility sends a Internet Control Message Protocol (ICMP) ECHO_REQUEST packets to network hosts for troubleshooting.
Syntax
ping [options]
Parameters
[options] | The ping utility takes the standard Linux options. For detailed information, see the Linux manual (man) page. |
Example
XN<serial-number>-CLI:>ping riverbed.com -c 1
PING riverbed.com (10.16.4.128) 56(84) bytes of data.
64 bytes from 10.16.4.128 (10.16.4.128): icmp_seq=1 ttl=54 time=10.3 ms
--- riverbed.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.366/10.366/10.366/0.000 ms
reboot
Reboots the appliance. This command disrupts data traffic.
Syntax
reboot
Example
XN<serial-number>-CLI:>reboot
show classicVPNInfo
Displays classic VPN tunnel information.
Syntax
show classicVPNInfo
Example
XN<serial-number>-CLI:>show classicVPNInfo
show cluster_info
Displays cluster information, if configured.
Syntax
show cluster_info
Example
XN<serial-number>-CLI:>show cluster_info
show connections
Displays flow information.
Syntax
show connections
Example
XN<serial-number>-CLI:>show connections
Seq Dir Proto SrcIP:SrcPort DstIP:DstPort App TxPath Uplink TprID Interface SrcTEP DstTEP NextHopNATed
--- --- ------ ------------------ ------------------ -------------- --------- --- ----- ----- ------------ -- -----------
1 Rply ICMP 100.100.120.1:0 100.XXX.XXX.X:8482 - Underlay None 0 - -No
2 Orig ICMP 100.XXX.XXX.X:8482 100.100.120.1:0 - Underlay None 0 - -No
3 Rply ICMP 100.100.120.1:0 100.XXX.XXX.X:8475 ACTVSYNC Internet None 0 wan0_0 - 100.XXX.XXX.X No
4 Orig ICMP 100.XXX.XXX.X:8475 100.100.120.1:0 ACTVSYNC Internet None 0 wan0_0 - - 100.100.120.1 No
5 Rply ICMP 100.100.120.1:0 100.XXX.XXX.X:8468 ACTVSYNC MPLS None 0 wan0_1 --100.XXX.XXX.X No
6 Orig ICMP 100.XXX.XXX.X:8468 100.100.120.1:0 ACTVSYNC MPLS None 0 wan0_1 - - 100.100.120.1 No
show core_info
Displays core information.
Syntax
show core_info
Example
XN<serial-number>-CLI:>show core_info
{"corehost": "core.riverbed.cc", "coreport": "443"}
show fib
Displays forwarding information base (FIB) routing information.
Syntax
show fib
Example
XN<serial-number>-CLI:>show fib
FIB Table
Prefix/len Gateway SrcMac DstMac RT mtu vlan OutPort SVMPort RoutingPod
10.150.46.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
172.16.7.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
100.100.150.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.1.2/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.2.2/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
10.150.42.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.2.3/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.2.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
10.150.43.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
100.100.120.0/24 100.XXX.XXX.X fa:16:3e:4d:7a:77 fa:16:3e:4d:7a:77 C 1500 0 WAN0_0 knet23 knet18
10.150.45.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
172.16.2.0/24 172.16.2.1 fa:16:3e:51:06:b6 fa:16:3e:51:06:b6 C 1500 0 LAN0_0 knet21 knet15
172.16.6.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.1.3/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
172.16.5.0/24 172.16.3.2 fa:16:3e:90:8b:fb fa:16:3e:0f:6f:0a O 1500 0 LAN0_1 knet22 knet14
10.150.44.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
100.100.120.0/24 100.XXX.XXX.X fa:16:3e:a5:4d:45 fa:16:3e:a5:4d:45 C 1500 0 WAN0_1 knet19 knet17
40.1.1.1/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
172.16.4.0/24 172.16.2.2 fa:16:3e:51:06:b6 fa:16:3e:6c:00:db O 1500 0 LAN0_0 knet21 knet15
10.150.41.0/24 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
100.100.0.0/16 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
40.1.2.1/32 100.100.120.1 fa:16:3e:a5:4d:45 fa:16:3e:59:c8:a7 eB 1500 0 WAN0_1 knet19 knet17
show flows
Displays traffic flows configuration.
Syntax
show flows
Example
XN<serial-number>-CLI:>show flows
Filter mask 01 dmac=ff:ff:ff:ff:ff:ff vlan=0xffff
Filter mask 02 dmac=ff:ff:ff:ff:ff:ff
Filter mask 03 etype=0xffff
Filter mask 04 sp=65535
Filter mask 05 sip=255.255.255.255 dp=61440
Filter mask 06 dp=65535
Filter mask 07 sip=255.255.255.255 dp=65535
Filter mask 08 etype=0xffff dip=255.255.255.255 proto=0xff sp=65535
Filter mask 09 etype=0xffff dip=255.255.255.255 proto=0xff dp=65535
Filter mask 10 etype=0xffff dip=255.255.255.255 proto=0xff
Filter mask 11 etype=0xffff dip=255.255.255.255
Filter mask 12 sip=255.255.255.255 sp=65535
show ha_info
Displays high availability (HA) configuration.
Syntax
show ha_info
Example
XN<serial-number>-CLI:>show ha_info
show images
Displays all images currently created.
Syntax
show images
Example
XN<serial-number>-CLI:>show images
Image Name : Product Name
image-steelos-cvm-2.0-436 : steelos-cvm
image-vsh-2.0-226 : vsh
image-ns-1.5-svm-1.5-436 : ns-1.5-svm
show keepalived_resources
Displays keep-alive resource information.
Syntax
show keepalived_resources
Example
XN<serial-number>-CLI:>show keepalived_resources
--------------------------------------------------------------------------------
box_down weight=-76
box_down ttl=0
box_down status=None
box_down fall=6
box_down rise=2
box_down fall_cnt=0
box_down rise_cnt=0
--------------------------------------------------------------------------------
preferred_master weight=40
preferred_master ttl=0
preferred_master status=None
preferred_master fall=1
preferred_master rise=1
preferred_master fall_cnt=0
preferred_master rise_cnt=0
--------------------------------------------------------------------------------
no_preempt weight=13
.
.
.
--------------------------------------------------------------------------------
vsh weight=25
.
.
.
show last_working_config
Displays last known network configuration able to connect to SCM.
Syntax
show last_working_config
Example
XN<serial-number>-CLI:>show last_working_config
{"gw": "100.100.120.1", "intf": "knet5", "ip": "100.XXX.XXX.X", "broadcast": "100.XXX.XXX.X55",
"netmask": "255.255.255.0", "mode": "non-bootstrap", "dns": ["XXX.XXX.1.2"]}
show mgmt_host_ip_map
Displays management host IP address (that is, the SCM core).
Syntax
show mgmt_host_ip_map
Example
XN<serial-number>-CLI:>show mgmt_host_ip_map
{"test-automation.local": "200.xxx.1.4", "core.riverbed.cc": "200.xxx.1.3"}
show nodes
Displays all virtual machines (VMs) currently running.
Syntax
show nodes
Example
XN<serial-number>-CLI:>show nodes
Node ID | Node Name | Image | IP Address | Status
133b2877-0a5b-4701-9965-908300a56050 | ns-1.5-svm-1 | image-ns-1.5-svm-1.5-436 | 169.254.xxx.3 | running
8cd1a291-5159-4a30-91db-ca1c8fd2ea67 | ns-1.5-svm-2 | image-ns-1.5-svm-1.5-436 | 169.254.xxx.4 | running
show overlay_route
Displays overlay route information.
Syntax
show overlay_route
Example
XN<serial-number>-CLI:>show overlay_route
+----------------+---------------+----------+-----------------------------+-----------------+--------------+-----------+
| Prefix/len | Site Name | Wan name | Local uplink name | Remote TEP | Tunnel state | Reachable |
+----------------+---------------+----------+-----------------------------+-----------------+--------------+-----------+
| 172.16.7.0/24 | branch-site-4 | Internet | catfish-2-Internet-Uplink-1 | "100.100.xxx.2" |up | True |
| | branch-site-4 | MPLS | catfish-2-MPLS-Uplink-2 | "100.100.xxx.2" |up | |
| 10.150.46.0/24 | dc-site-1 | MPLS | catfish-2-MPLS-Uplink-2 | "40.1.2.1" |up | True |
| | dc-site-1 | Internet | catfish-2-Internet-Uplink-1 | "40.1.1.1" |up | |
show path
Displays path information. In SCM, the path test displays details for up to 50 active flows. When there are more than 50 flows for this filter, a message tells you that they can’t all be shown. To view up to 100 flows, run this CLI command.
Syntax
show paths {dst_prefix <prefix> | appid <id>} [-scm] [-verbose] [-h] [-v]
Parameters
dst_prefix <prefix> | Displays the destination IP address. |
app_id <id> | Displays the application ID. |
-scm | Displays SCM and trims flow output to 50 lines. |
-version | Prints verbose output. |
-h | Displays the help message and exits. |
-v | Displays the path version number. |
Usage
• The destination prefix is restricted to /24 or more specific.
• When only a destination prefix is specified, the output includes all possible paths for that destination and all flows for that destination.
• When only an application ID is specified, the output displays paths and flows only when there are flows on that application. If there are no flows on the application, there is no output.
• When both the destination prefix and the application ID are specified, the output displays all possible paths and active flows for that destination prefix and application ID. If no flows for the application are present, the output shows all possible paths based on the destination prefix.
• Transit or multiple hop use cases are not supported. For every flow, SCM shows outgoing and incoming WAN data.
• IPv6 is not supported.
• Overlay paths don’t include path metrics.
Example
XN<serial-number>-CLI:>show path
show physical_ports_config
Displays current physical ports configuration, if available.
Syntax
show physical_ports_config
Example
XN<serial-number>-CLI:>show physical_ports_config
{"ports": {"wan0_1": {"aneg": 1}, "wan0_0": {"aneg": 1}}}
show ports_config
Displays controller VM (CVM) ports configuration, if available.
Syntax
show ports_config
Example
XN<serial-number>-CLI:>show ports_config
{"site_level_dns": [], "ports": {"knet5": {"dhcp": "1", "is_backup": 0}, "knet7"
: {"is_backup": 0, "ha": null, "static": {"netmask": "255.255.255.0", "ipaddr":
"100.XXX.XXX.X", "gateway": "100.100.XXX.1", "dns": ["8.8.8.8", "8.8.4.4"]}}
show portmap
Displays all physical and virtual interface maps.
Syntax
show portmap
Example
XN<serial-number>-CLI:>show portmap
Node Name | Interface Name | Physical Port
cvm | knet2 | aux
cvm | knet3 | primary
cvm | knet4 | lan0_0
cvm | knet5 | wan0_0
cvm | knet6 | lan0_1
cvm | knet7 | wan0_1
catfish_secure_node0 | knet19 | wan0_1
catfish_secure_node0 | knet20 | aux
catfish_secure_node0 | knet21 | lan0_0
catfish_secure_node0 | knet22 | lan0_1
catfish_secure_node0 | knet23 | wan0_0
routing_pod0 | knet14 | lan0_1
routing_pod0 | knet15 | lan0_0
routing_pod0 | knet16 | aux
routing_pod0 | knet17 | wan0_1
routing_pod0 | knet18 | wan0_0
show rvm_config
Displays routing VM (RVM) configuration information.
Syntax
show rvm_config
Example
XN<serial-number>-CLI:>show rvm_config
Warning: Permanently added 'XXX.XXX.XXX.X' (ECDSA) to the list of known hosts.
----------RVM ZebOS Running Configuration----------
!
no service password-encryption
!
logging monitor 7
log file /var/log/zebos.log
!
debug vrrp events
debug vrrp packet
debug ospf ifsm
debug ospf nfsm
debug ospf lsa
debug ospf nsm
debug ospf rib
debug ospf bfd
debug ospf events
debug ospf route
debug ospf database-timer rate-limit
debug bgp
debug bgp nsm
debug bgp nht
show SCM_connectivity_state
Displays SCM connectivity state on the appliance.
Syntax
show SCM_connectivity_state
Example
XN<serial-number>-CLI:>show SCM_connectivity_state
{"scm_connectivity_state": true}
show SCM_info
Displays SCM information on the appliance.
Syntax
show SCM_info
Example
XN<serial-number>-CLI:>show SCM_info
{"ccport": "3900", "cchost": "test-automation.local", "ccid": "CC481E022407E3DC"
}
show system_information memory
Displays system memory information.
Syntax
show system_information memory [info Hypervisor]
Parameters
info Hypervisor | Displays current hypervisor memory information. |
Example
XN<serial-number>-CLI:>show system_information memory info Hypervisor
MemTotal: 8009684 kB
MemFree: 178988 kB
MemAvailable: 3241328 kB
Buffers: 139976 kB
Cached: 2971716 kB
SwapCached: 58964 kB
Active: 4764236 kB
Inactive: 2344656 kB
Active(anon): 3197432 kB
Inactive(anon): 931896 kB
Active(file): 1566804 kB
Inactive(file): 1412760 kB
Unevictable: 2320 kB
Mlocked: 2320 kB
SwapTotal: 6291452 kB
.
.
.
show system_information network
Displays system network information.
Syntax
show system_information network [route | interfaces | DNS]
Parameters
route | Displays routing information. |
interfaces | Displays interfaces information. |
DNS | Displays current configured DNS. |
Example
XN<serial-number>-CLI:>show system_information network interfaces
knet5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet XXX.XXX.XXX.XX netmask 255.255.255.0 broadcast XXX.XXX.XXX.XXX
inet6 fe80::f816:3eff:fee4:c6da prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:e4:c6:da txqueuelen 1000 (Ethernet)
RX packets 1214 bytes 118305 (115.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 376 bytes 42355 (41.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
knet7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet XXX.XXX.XXX.X netmask 255.255.255.0 broadcast XXX.XXX.XXX.XXX
inet6 fe80::f816:3eff:fe9e:2064 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:9e:20:64 txqueuelen 1000 (Ethernet)
RX packets 13621 bytes 4324526 (4.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15162 bytes 6423922 (6.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
.
.
.
XN<serial-number>-CLI:>show system_information network route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 100.100.xxx.1 0.0.0.0 UG 0 0 0 knet5
100.100.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 knet5
100.100.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 knet7
169.xxx.0.0 0.0.0.0 255.255.255.0 U 0 0 0 port1
169.xxx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 port2
show tunnels
Displays tunnel information.
Syntax
show tunnels
Example
XN<serial-number>-CLI:>show tunnels
Exception TypeError: TypeError("'NoneType' object is not callable",) in <bound method Client.__del__ of <etcd.client.Client object at 0x1e3e390>> ignored
Seq Dir SrcTEP DstTEP Status Uplink WAN Interface SPI ActivationTime (UTC) ExpirationTime (UTC)
-- ---- ------------- ------------- ----- ----------------- ----- ---------- ----------- ------------------- -------------------
1 Out 100.XXX.XXX.X 40.1.2.1 up None MPLS None 0xdb589df 2019-02-15 13:31:31 2019-02-16 17:31:31
2 In 40.1.2.1 100.XXX.XXX.X - catfish-2-MPLS-Uplink-2 MPLS None 0x67a315a 2019-02-15 13:31:31 2019-02-16 17:31:31
3 Out 100.XXX.XXX.X 100.100.xxx.2 up catfish-2-MPLS-Uplink-2 MPLS None 0xc18aed1 2019-02-15 13:31:32 2019-02-16 17:31:32
4 In 100.100.xxx.2 100.XXX.XXX.X - catfish-2-MPLS-Uplink-2 MPLS None 0x7187643 2019-02-15 13:31:32 2019-02-16 17:31:32
5 Out 100.XXX.XXX.X 100.100.xxx.2 up None MPLS None 0x28b3a33 2019-02-15 13:31:31 2019-02-16 17:31:31
6 In 100.100.xxx.2 100.XXX.XXX.X - catfish-2-MPLS-Uplink-2 MPLS None 0x86d5b43 2019-02-15 13:31:31 2019-02-16 17:31:31
7 Out 100.XXX.XXX.X 100.100.xxx.2 up None RouteVPN None 0xcdc2b29 2019-02-15 12:15:55 2019-02-16 16:15:55
show uplinks
Displays all uplinks.
Syntax
show uplinks
Example
XN<serial-number>-CLI:>show uplinks
+-------------------------------------------+-------+--------+-------------+-------------+----------+---------+----------------+-----------+-------------+
| Uplink name | State | In Use | IPv4 | Ipv4 Public | Ipv4 NAT | Latency | Throughput In | Throughput Out| UP\Down Time |
+-------------------------------------------+-------+--------+-------------+-------------+----------+---------+----------------+-----------+-------------+
| uplink-catfish2MPLSUplink2-1ccdf0a8f0b099bc_v4 | up | 1 | 100.XXX.XXX.X | 100.XXX.XXX.X | 0 | 0 | 0 | 0 | 545009 |
| uplink-catfish2InternetUplink1-03cc497aaed7202c_v4 | up | 1 | 100.XXX.XXX.X | 100.XXX.XXX.X | 0 | 0 | 0 | 0| 545015 |
+--------------------------------------------------+-----+----+-------------+-------------+-----+-----+---------+----------------+--------------+
start_shell
Enables access to the unrestricted shell so that you can run commands as root user.
Syntax
start_shell
Example
XN<serial-number>-CLI:>start_shell
XN<serial-number>-CVM:>
sysdump
Generates and manages the system dump utility.
Syntax
sysdump {create | upload | list | delete | cleanup} [-h] [-v]
Arguments and options
create | Creates a system dump. |
upload | Uploads a system dump to a URL. |
list | Lists information about the system dumps generated for the appliance. A maximum of five system dumps are stored. |
delete | Deletes the system dumps available on the system. |
cleanup | Cleans up all system dumps and their metadata. |
-h | Displays online help. |
-v | Sets logging level to debug (default = False). |
Usage
The information in a system dump can help you diagnose problems. By default, when you request a system dump, it is uploaded to riverbed.support.com. You can specify an external server for uploads in SCM under Organization > System Dump tab.
A maximum of five system dumps can be stored. If a new system dump creation request is received, the appliance will rollover the existing system dumps.
Example
XN<serial-number>-CLI:>sysdump create
tcpdump
Executes the tcpdump utility on any VM interface. You can quickly diagnose problems and take traces for Riverbed Support.
Syntax
tcpdump [run --params <options>] [status] [export] [stop] [list]
Parameters
run --params <options> | The tcpdump utility takes the standard Linux options. For detailed information, see the Linux man page. |
status | Displays status of previous tcpdump command. |
export | Exports stored tcpdump files to a USB drive. |
stop | Stops the tcpdump utility. |
list | Lists all tcpdump files. |
Example
XN<serial-number>-CLI:>tcpdump run --params –nni knet25 -c 10
traceroute
The traceroute utility tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.
Syntax
traceroute [options]
Parameters
Parameters
[options] | The traceroute utility takes the standard Linux options. For detailed information, see the Linux manual (man) page. |
Example
XN<serial-number>-CLI:>traceroute riverbed.com
traceroute to riverbed.com (10.16.4.128), 30 hops max, 60 byte packets
1 gateway (100.xxx.xxx.x) 1.879 ms 2.395 ms 2.525 ms
2 200.200.1.1 (200.xxx.x.x) 210.881 ms 214.168 ms 214.173 ms
3 10.0.xx.x (10.0.xx.x) 214.180 ms 10.0.64.3 (10.0.xx.x) 214.180 ms 10.0.64.2 (10.0.xx.x) 214.178 ms
.
.
.
troubleshoot
Runs the troubleshooting tool on the CVM or hypervisor to provide connectivity information about the core or SCM on all physical ports on the appliance. You can export log files via a USB drive, create log files with a specific name, and list all log files.
Syntax
troubleshoot {[run] | [hyp run] | [export] | [logfile <filename>] | [list]}
Parameters
run | Runs troubleshooting diagnostics on all interfaces. |
hyp run | Runs troubleshooting diagnostics on hypervisor. |
export | Exports the logs to a USB drive. |
logfile <filename> | Specify a custom name to save a log file of the output. |
list | Lists all log files. |
Usage
The troubleshooting tool runs connectivity tests on the core and all SCM uplink-capable ports. For example, the troubleshoot tool tests the available AUX port and two available uplink ports on a 3070-SD appliance, regardless of whether the IP addresses are configured or whether the cables are connected. Some tests might fail if the IP address isn’t configured or the port isn’t cabled.
Example
XN<serial-number>-CLI:>troubleshoot run
Running command "troubleshoot run". Please wait for the command to complete.
WARNING: This troubleshoot run will delete old default name troubleshoot log tar file.
Health check has started. Detailed logs will be available at /tmp/troubleshoot/troubleshoot_logs_XN<serial-number>_2019-02-12T12.00.29 after the run.
Running Startup tests :
Test | Result | Recovery Action
CVM Initialization | PASSED |
Certs Presence | PASSED |
Config Database Status | PASSED |
SCM Client Status | PASSED |
Running SCM Connectivity tests :
*Running health check on following uplink capable ports: aux wan0_0 wan0_1
Test | Result | Recovery Action
aux:
Default Gateway Configuration | PASSED |
Internal Interface Status | FAILED | Check wan-select service for errors by "journalctl -u wan-select", restart if needed by "systemctl restart .
External Interface Link Status | FAILED | Check to make sure network cable is plugged in and remote device is up.
IP Discovery Client | PASSED |
IP Offer Status | PASSED |
IP Configured | PASSED |
Gateway Reachable | FAILED | Check L2 connectivity to the Gateway. Verify if Gateway is up and running.
DNS Reachable | FAILED | Check DNS address by "cat /etc/resolv.conf" command on CVM. Verify DNS server reachability and if it is up .
Core DNS Resolution | FAILED | Check DNS server health and verify if it is listening on port 53.
Core Reachable | FAILED | Check firewall settings to allow traffic to Core IP address and verify TCP port 443 is open. Check ztpd ser.
Core Validation | PASSED |
SCM DNS Resolution | FAILED | Check DNS server health and verify if it is listening on port 53.
SCM Reachable | FAILED | Check firewall settings to allow traffic to SCM IP address and verify TCP port 3900 is open. Check ztpd ser.
wan0_0:
Default Gateway Configuration | PASSED |
Internal Interface Status | PASSED |
External Interface Link Status | PASSED |
IP Discovery Client | PASSED |
IP Offer Status | PASSED |
IP Configured | PASSED |
.
.
.
Using the CLI on SteelConnect gateways
The SteelConnect gateway CLI applies to SteelConnect SDI-130, SDI-330, SDI-1030, and virtual SDI gateways. It provides show commands to help you debug issues and display information about the gateways.
The SteelConnect CLI supports abbreviations for commands. Root shell (bash shell) access is no longer available on SteelConnect gateways. For details on obtaining root shell access, contact Riverbed Support at https://support.riverbed.com.
To display a list of the show commands
• At the command prompt enter:
root@XN<serial-number>:/storage# show
show <tunnels> or <frontal substr of tunnels>, the same below
show <flows|connections>
show <paths> --dst_prefix <prefix|host> --appid <id>
show <paths> -d <prefix|host> -a <id>
show help
Connecting to the SteelConnect gateway CLI
You can connect to the SteelConnect gateway CLI using these methods:
• You can also SSH to the appliance as root@<gateway-uplink-ip>.
These procedures describe how to connect to the gateway CLI as root@<gateway-uplink-ip>.
To connect to the SteelConnect gateway CLI
1. Plug the serial cable into the console port and a terminal.
2. Start your terminal emulation program, such as Tera Term Pro. The terminal device must have these settings:
Baud rate: 9600 bps
Data bits: 8
Parity: none
Stop bits: 1
vt100 emulation
No flow control
3. In your terminal emulation program, begin a SSH session as user admin (for example, ssh admin@<SCM_IP_address>) and enter the password.
Using username "admin".
admin@XX.X.XX.XX's password:
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-62-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
7 packages can be updated.
7 updates are security updates.
Last login: Mon Feb 18 10:37:20 2019 from XX.XX.XX.XXX
4. At the system prompt, as user root, connect via SSH to the root@<gateway-uplink-ip>
root@docker-server-eng-nx-steeloc-mvp1-1856:~# ssh root@XXX.XXX.XXX.X
BusyBox v1.25.1 () built-in shell (ash)
_ __ __
_____(_) _____ _____/ /_ ___ ____/ /
/ ___/ / | / / _ \/ ___/ __ \/ _ \/ __ /
/ / / /| |/ / __/ / / /_/ / __/ /_/ /
/_/ /_/ |___/\___/_/ /_.___/\___/\__,_/
_____ __ ___ __ __
/ ___// /____ ___ / / | / /____/ /_
\__ \/ __/ _ \/ _ \/ /| | /| / / ___/ __/
___/ / /_/ __/ __/ / | |/ |/ / / / /_
/____/\__/\___/\___/_/ |__/|__/_/ \__/
2.12.0.70-yogi
This device is managed by: https://test-automation.local/admin/RVBD
root@XN<serial-number>:/storage#
You can view the gateway primary IP address in SCM under Appliances > Overview: IPs tab.
SteelConnect gateway commands
Use these commands to troubleshoot the SteelConnect gateway.
check system
Checks system connectivity.
Syntax
check system
Example
root@XN<serial-number>:/storage# check system
check tunnels
Checks tunnel connectivity.
Syntax
check tunnels
Example
root@XN<serial-number>:/storage# check tunnels
show connections
Displays gateway connections.
Syntax
show connections
Example
root@XN<serial-number>:/storage# show connections
Seq Type Dir Proto Src Dst App WAN Uplink TprID Interface SrcTEP DstTEP
--------------------------------------------------------------------------------------------------------------------------------------------------------------
1 local orig udp 100.100.100.3:42884 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
2 local rply udp 8.8.8.8:53 100.100.100.3:42884 n/a Internet Uplink 0 eth0
3 local orig udp 100.100.100.3:51723 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
4 local rply udp 8.8.8.8:53 100.100.100.3:51723 n/a Internet Uplink 0 eth0
5 local orig udp 100.100.100.3:34439 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
6 local rply udp 8.8.8.8:53 100.100.100.3:34439 n/a Internet Uplink 0 eth0
7 local orig udp 100.100.100.3:38075 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
8 local rply udp 8.8.8.8:53 100.100.100.3:38075 n/a Internet Uplink 0 eth0 2
show help
Displays help for the show commands.
Syntax
show help
Example
root@XN<serial-number>:/storage# show help
show_path -h
Show packet routing path and flow
Platform: SDI appliance
Usage
-a <appId>: look up flows with matching appId
-d <network>: get lpm route/tunnel/ifs to reach dest prefix
show matching flows and paths
eg: "-d 100.100.60.2" lpm lookup and flow matching
"-d 100.100.60.0/24" find path and flow to a network
"-d 100.100.60.0/24 -a 309" find path using (prefix logical and appId)
-h: this usage
-H: detailed usage
-v: verbose
------------------------------------------------------------------------
show_flow -h
Show nf_conntrack flow
Platform: SDI appliance
Usage
-h: this usage
-H: detailed usage
-N <flowMax>: max # of bi-directional connection flows to be shown
-v: verbose
------------------------------------------------------------------------
show_tunnel -h
Show vpn tunnel
Platform: SDI appliance
Usage
-h: this usage
-H: detailed usage
-v: verbose
show flows
Displays traffic flows. Flows displayed are matched flows. If there is no matching traffic, then no flows are listed.
Syntax
show flows [-h] [-H] [-N <max-flows>] [-v]
Options
-h | Displays help for this usage. |
-H | Displays detailed help. |
-N <max-flows> | Specify the maximum number of flows to display. |
-v | Displays verbose usage. |
Example
root@XN<serial-number>:/storage# show flows
Seq Type Dir Proto Src Dst App WAN Uplink TprID Interface SrcT
----------------------------------------------------------------------------------------------------------------------------------
1 local orig udp 100.100.100.3:47458 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
2 local rply udp 8.8.8.8:53 100.100.100.3:47458 n/a Internet Uplink 0 eth0
3 local orig udp 100.100.100.3:55066 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
4 local rply udp 8.8.8.8:53 100.100.100.3:55066 n/a Internet Uplink 0 eth0
5 local orig udp 100.100.100.3:52010 8.8.8.8:53 n/a Internet Uplink 0 eth0 2
6 local rply udp 8.8.8.8:53 100.100.100.3:52010 n/a Internet Uplink 0 eth0
7 local orig icmp 100.100.111.3:0 8.8.8.8:0 n/a internet2 Champaign-internet2 0 eth5 2
8 local rply icmp 8.8.8.8:0 100.100.111.3:0 n/a internet2 Champaign-internet2 0 eth5
show paths
Displays packet paths for gateways by IP address or application ID.
You can also display gateway packet path information in SCM under Appliances > Appliances Overview: Tools tab.
Syntax
show paths {-a <app-id> | -d <dst-prefix>} [-h] [H] [-v]
Parameters
-a <app-id> | Specify the application ID. If the application ID and the destination prefix are specified, a logical AND is used in the command: show paths -a <app-id> AND -d <dst-prefix> |
-d <dst-prefix> | Specify the destination routing prefix or hostname: xxx.xxx.xxx.xxx/24 saturn.example.net If the destination prefix and the application ID are specified, a logical AND is used in the command: show paths -a <app-id> AND -d <dst-prefix> |
-h | Displays the help for this usage. |
-H | Displays detailed help. |
-v | Displays verbose usage. |
Example
root@XN<serial-number>:/storage# show paths -d xxx.xxx.xx.x/24
Overlay Paths:
Uplink Status Interface SrcTEP DstTEP
--------------------------------------------------------------------
Uplink up eth0 1xx.xxx.xxx.x xxx.xxx.xxx.x
Champaign-mpls up eth2 1xx.xxx.xx.x xxx.xxx.xxx.x
Champaign-mpls2 up eth4 1xx.xxx.xxx.x xxx.xxx.xxx.x
Champaign-internet2 up eth5 1xx.xxx.xxx.x xxx.xxx.xxx.x
Underlay Paths:
Uplink Status Interface NextHop
-----------------------------------------------------
Champaign-mpls up eth2 1xx.xxx.xx.x
Active Flows:
.
.
.
show tunnels
Displays tunnel information.
Syntax
show tunnels [-h] [-H] [-v]
Options
-h | Displays help for this usage. |
-H | Displays detailed help. |
-v | Displays verbose usage. |
Example
root@XN<serial-number>:/storage# show tunnels
Seq Dir SrcTEP DstTEP Status Uplink WAN Interface SPI ActivationTime (UTC) ExpirationTime (UTC)
---------------------------------------------------------------------------------------------------------------------------------------
1 out 100.100.100.3 100.100.100.5 up Uplink RouteVPN eth0 187330067 2019-02-19 13:42:48 2019-02-20 13:42:48
2 in 100.100.100.5 100.100.100.3 Uplink RouteVPN eth0 26448546 2019-02-19 13:42:48 2019-02-20 13:42:48
3 out 100.100.11.3 100.100.61.3 up Champaign-mpls mpls eth2 59447129 2019-02-19 13:40:39 2019-02-20 13:40:39
4 in 100.100.61.3 100.100.11.3 Champaign-mpls mpls eth2 185990486 2019-02-19 13:40:39 2019-02-20 13:40:39
5 out 100.100.130.3 100.100.131.3 up Champaign-mpls2 mpls2 eth4 17576942 2019-02-19 13:40:40 2019-02-20 13:40:40
6 in 100.100.131.3 100.100.130.3 Champaign-mpls2 mpls2 eth4 229971365 2019-02-19 13:40:40 2019-02-20 13:40:40