To turn off the LEDs on all ports on a device, use the disable ports leds Global Configuration mode command.

To set the LEDs of all the ports on the device to their current operational status of the port, use the no disable ports leds command.

Syntax

disable ports leds

no disable ports leds

Parameters

This command has no arguments or keywords.

Default Configuration

The default is no disable port leds; that is the LEDs of all the ports reflect their current status.

Command Mode

Global Configuration mode

Examples

The following example turns off the port LEDs.

switchxxxxxx(config)# disable ports leds

To specify or modify the device host name, use the hostname Global Configuration mode command. To remove the existing host name, use the no form of the command.

Syntax

hostname name

no hostname

Parameters

Name—Specifies the device host name. (Length: 1-58 characters). The hostname must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens.

Default Configuration

No host name is defined.

Command Mode

Global Configuration mode

Example

The following example specifies the device host name as ‘enterprise’.

switchxxxxxx(config)# hostname enterprise
enterprise(config)#

To activate the LED of the specified interface(s), use the interface beacon-light Privileged EXEC mode command. Use the interface beacon-light stop command to stop interface beacon-light operation.

Syntax

interface beacon-light [duration seconds] {interface-id | interface-id-list}

interface beacon-light stop

Parameters

• duration seconds – (optional) The duration in seconds for port LED activation. If unspecified, the LED activity duration is 60 seconds. (Range: 5–3600 seconds)

• interface-id – Specified the interface to locate. The specified interface can be one ofthe following types: Ethernet port, or port-channel

• interface-id-list – Specifies multiple interfaces. The list can include one or more of the following interface types: Ethernet port or port-channel.

• stop—Terminates. on all ports, the LED activity triggered previously by the command.

Default configuration

If the command does not include the duration parameter, then the LED activity duration will be set to 60 seconds.

Command Mode

Privileged EXEC mode

User Guidelines

This command is used to indicate the location of the interface(s) specified in the command by activating the port LED of the specified interfaces. If a port-channel is specified in the command then all the interfaces that are member in the port channel (active and not active) will provide LED indication.

Each activation of the command terminates the LED indication(s) generated by the previous command (if it is still active), and the new LED action is applied according to the parameters of the new command (interfaces and duration).

The interface beacon-light stop command stops on all of the interfaces the LED activity related to port, and resumes regular port LED activity.

Examples

Example 1: The following example activates the LED on interface gi1 for the default duration of 60:

02-Apr-2023 12:30:14 %Environment-I-PORT-BEACON-CHNG: Interface beacon operation activated for 60 seconds

Example 2: The following example activates the LED on a list of interfaces for the duration of 10 minutes (600 seconds):

switchxxxxxx# interface beacon-light duration 600 gi1,gi9, po2

02-Apr-2023 12:30:02 %Environment-I-PORT-BEACON-CHNG: Interface beacon operation activated for 600 seconds

Example 3: The following example terminates LED activity related to port locate (if active) on all the device interfaces:

switchxxxxxx# interface beacon-light stop

02-Apr-2023 12:54:22 %Environment-I-PORT-BEACON-CHNG: Interface beacon operation terminated – user intervention

To create an On-board Packet Capture (OPC) session, use the monitor capture Privileged EXEC mode command. Use the no form of the command to deleted an OPC session.

Syntax

monitor capture capture-name

no monitor capture capture-name

Parameters

• capture-name - Specifies the name of the OPC session (Range: 1-32 characters)

Default configuration

OPC sessions do not exist by default.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to create an OPC session. Up to 4 OPC sessions are supported.

An OPC session will also be created by configuring one of the OPC settings on a new OPC session.

The monitor capture control-plane and monitor capture match settings are mandatory in order to activate/start the capture session (command monitor capture start). The other OPC session settings are optional.

Use the no monitor capture capture-name command to delete the OPC session and all its settings.

Examples

Example 1: In the following example OPC session cap1 is created:

switchxxxxxx# monitor capture cap1

Example 2: In the following example the user attempts to create OPC session cap1 which already exists:

switchxxxxxx# monitor capture cap1

Entry already exists

Example 3: In the following example the creation of cap5 OPC session fails since 4 other capture sessions have already been defined:

switchxxxxxx# monitor capture cap5

Unable to create capture - maximum supported capture point count reached

Example 4: The following example deletes OPC session cap1:

switchxxxxxx# no monitor capture cap1

To configure the buffer settings for an On-board Packet Capture (OPC) session, use the monitor capture buffer Privileged EXEC mode command. Use the no form of the command to restore the buffer settings to the default values.

Syntax

monitor capture capture-name buffer {circular [size buffer-size] | size buffer-size [circular]}

monitor capture capture-name buffer [size] [circular]

Parameters

• capture-name - Specifies the name of the OPC session (Range: 1-32 characters)

• circular [size buffer-size] - Sets the buffer mode to circular and optionally also defines the buffer size. If the size parameter is not specified the default buffer size will be used. (buffer size range: 1- 20 MB)

• size buffer-size [circular] - Sets the buffer size and optionally also sets the buffer mode to circular. If the circular parameter is not specified the linear buffer mode will be used. (buffer size range: 1- 20 MB (megabyte))

Default configuration

The default buffer mode is linear.

The default buffer size is 5 MB.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to define the buffer mode and/or the buffer size for an OPC session. If the circular parameter is not defined then the default buffer mode will be used (linear mode).

When capturing packets in linear buffer mode - once the buffer is full, the capture session is terminated. When the buffer is full in this mode, the capture session cannot be restarted.

When capturing packets in circular buffer mode - packet capture continues even if the buffer is full. Existing packet data will be overwritten by the new packets (FIFO)

If the size parameter is not defined then the default buffer size will be used (5 MB).

This command can be applied only for an OPC session that is not active.

If the OPC session named by the user already exists then this command will apply the buffer settings to the existing OPC session. If the OPC session named by the user does not exist, then this command will create the OPC session with the specified buffer settings. Up to 4 OPC sessions are supported.

Use the no monitor capture capture-name buffer form of the command to return both buffer mode and size to the default settings.

Use the no monitor capture capture-name buffer size circular form of the command to return both buffer mode and size to the default settings.

Use the no monitor capture capture-name buffer circular form of the command to return the OPC session buffer mode to the default setting (linear mode).

Use the no monitor capture capture-name buffer size form of the command to return the OPC session buffer size to the default settings (5 MB).

Examples

Example 1: The following command sets the buffer mode of OPC session cap2 to circular. If cap2 does not exist, this command will also create the OPC session:

switchxxxxxx# monitor capture cap2 buffer circular

Example 2: The following example defines the maximum buffer size (20 MB) for OPC session cap2. If cap2 does not exist, this command will also create the OPC session:

switchxxxxxx# monitor capture cap2 buffer size 20

Example 3: In the following example buffer size allocation failed because the size allocated to all buffers exceeds the total memory allocated for all OPC buffers (20 MB):

switchxxxxxx# monitor capture cap2 buffer size 10

Unable to allocate buffer - maximum supported buffer size reached

Example 4: The following example sets the cap2 OPC session buffer size to the default size:

switchxxxxxx# no monitor capture cap2 buffer size

To clear the On-board Packet Capture (OPC) session buffer, use the monitor capture clear

Privileged EXEC mode command.

Syntax

monitor capture capture-name clear

Parameters

• capture-name - The name of the OPC session (Range: 1-32 characters)

Default configuration

None

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to clear the buffer of an an OPC session. This OPC session buffer can be cleared for both active and in-active OPC sessions. A confirmation message will require the user to confirm the buffer clear operation.

Examples

Example 1: The following command clears the buffer of OPC session cap1:

switchxxxxxx# monitor capture cap1 clear

Captured data will be deleted [clear]? (Y/N)[Y] Y

To configure the control plane as a source for an On-board Packet Capture (OPC) session, and to define the direction of the capture, use the monitor capture control-plane Privileged EXEC mode command. Use the no form of the command to remove the control plane or a capture direction from the capture session.

Syntax

monitor capture capture-name control-plane {in | out | both}

no monitor capture capture-name control-plane [in | out | both]

Parameters

• capture-name - The name of the OPC session (Range: 1-32 characters)

• control-plane - Specifies the control plane as a source for the OPC session.

• {in | out | both} - Defines the direction of the traffic to capture

Default configuration

The control plane is not defined as a source for an OPC session.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to define that the control plane is a source for an OPC session, and to define the direction of traffic to capture. The control plane is the control traffic to and from the system CPU. This command is mandatory for an OPC session. If the control plane is not defined as a source for an OPC session then the activation of the session (command monitor capture start) will fail.

Use the in, out, or both keyword to define the direction of the traffic that will be captured. The in direction means that only the traffic to the CPU will be captured. The out direction means that only the traffic from the CPU will be captured. The both direction means that both traffic from and to the CPU will be captured.

If the command is defined multiple times, the direction defined in the most recent command will be the used as the capture direction.

This command can be applied only for an OPC session that is not active.

If the OPC session named by the user already exists then this command will enable control plane packet capture for the existing OPC session. If the OPC session named by the user does not exist, then this command will create the OPC session and enable control plane packet capture for it. Up to 4 OPC sessions are supported.

Use the no monitor capture capture-name control-plane command to disable control-plane capturing.

Use the no monitor capture capture-name control-plane both command to disable control-plane capturing.

Use the no monitor capture capture-name control-plane in command to disable ingress traffic control-plane capturing. If only the in direction was defined for this OPC session, then monitor capture for the control plane will be disabled. If the out or both direction were defined for this capture session, then the capture will continue on the output traffic direction of the control plane.

Use the no monitor capture capture-name control-plane out command to disable egress traffic control-plane capturing. If only the out direction was defined for this OPC session, then monitor capture for the control plane will be disabled. If the in or both direction were defined for this capture session, then the capture will continue on the ingress traffic direction of the control plane.

Examples

Example 1: The following command enables packet capture on both directions of the control plane for OPC session cap3. If cap3 does not exist, this command will also create the OPC session:

switchxxxxxx# monitor capture cap3 control-plane both

Example 2: The following example enables traffic capture on the ingress control plane traffic for an existing OPC session cap3. If cap3 does not exist, this command will also create the OPC session:

switchxxxxxx# monitor capture cap3 control-plane in

Example 3: The execution of the command in the next example fails because the capture has been activated on OPC session cap3:

switchxxxxxx# monitor capture cap3 control-plane out

Cannot modify - Capture point is currently active.

Example 4: The following example disables control plane traffic capture for cap3 OPC session:

switchxxxxxx# no monitor capture cap3 control-plane

Example 5: The following example disables traffic capture only for the control plane egress direction:

switchxxxxxx# no monitor capture cap3 control-plane out

To define the USB storage device the as the destination for the packet capture file related to a system crash use the monitor capture crash-export Privileged EXEC mode command. Use the no form of the command to return the destination storage location to the local flash device.

Syntax

monitor capture crash-exort usb

no monitor capture crash-exort

Parameters

N/A

Default configuration

A packet capture file related to a system crash is saved to the local flash.

Command Mode

Privileged EXEC mode

User Guidelines

If an active OPC session is capturing packets during the time that a software related system crash occurs, then the contents of the capture buffer will be automatically saved to a file in the main directory of the local flash. The file name format is "crash_dd-MMM-YYYY hhmm.pcap". The ToD is provided by the system clock.

Use the monitor capture crash-exort usb command to define the USB storage device, as the destination storage device instead of the flash.

To return the destination location to the local flash use the no monitor capture crash-exort command.

Examples

Example 1: The following command defines the USB as the destination storage device for a capture file that was active during a software related device crash:

switchxxxxxx# monitor capture crash-export usb

Example 2: The following command returns the local flash as the destination storage device:

switchxxxxxx# no monitor capture crash-export

To export the packets in an On-board Packet Capture (OPC) buffer to a file use the monitor capture export Privileged EXEC mode command.

Syntax

monitor capture capture-name export dst-url

Parameters

• capture-name— The name of the OPC session (Range: 1-32 characters)

• dst-url—The URL of the destination file. Only the local flash path or the USB path can be specified.

Default configuration

None

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to export packets from an OCP buffer to a pcap capture file. An OPC buffer memory can be exported only while if the capture session is the in-active state. The Export operation does not clear the capture buffer.

The destination-url can be specify a path on the local flash or a path on the USB storage device. If a filename is specified without a path then the packets will be copied to a file in the current flash directory.

If the file name specified in the command does not exist then it will be created automatically at the specified path. If the file name specified in the command already exists, then the user will be prompted to confirm the overwrite of the existing file.

Examples

Example 1: The following command exports the packets of the cap1 OPC session buffer to a new file on the local flash:

switchxxxxxx# monitor capture cap1 export flash:/cap1.pcap

29-May-2024 18:57:04 %COPY-I-FILECPY: Files Copy - source URL capture://cap1 destination URL flash://cap1.pcap

29-May-2024 18:57:05 %COPY-N-TRAP: The copy operation was completed successfully

Copy: 1048529 bytes copied in 00:00:01 [hh:mm:ss]

Example 2: The following command exports the packets of the cap1 OPC session buffer to an existing file on the local flash:

switchxxxxxx# monitor capture cap1 export flash:/cap1.pcap

Overwrite file [flash://cap1.pcap].... (Y/N)[N] ?Y

29-May-2024 18:58:56 %COPY-I-FILECPY: Files Copy - source URL capture://cap1 destination URL flash://cap1.pcap

29-May-2024 18:58:57 %COPY-N-TRAP: The copy operation was completed successfully

Copy: 1048529 bytes copied in 00:00:01 [hh:mm:ss]

Example 3: The execution of the export operation in the next example fails because the capture buffer of cap2 OPC session does not contain any packets:

switchxxxxxx# monitor capture cap2 export flash:/cap2.pcap

29-May-2024 19:02:35 %COPY-I-FILECPY: Files Copy - source URL capture://cap2

destination URL flash://cap2.pcap

29-May-2024 19:02:35 %COPY-W-TRAP: The copy operation has failed

Copy: Unable to export capture - cap2 buffer has no packets

To define a capture filter for an On-board Packet Capture (OPC) session, use the monitor capture match Privileged EXEC mode command. Use the no form of the command to remove the capture filter.

Syntax

monitor capture capture-name match any

no monitor capture capture-name match

Parameters

• capture-name - The name of the OPC session (Range: 1-32 characters)

• any - Specifies that all packets types will be captured

Default configuration

Monitor capture traffic filter is not configured.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to define a filter for the packets that the specified OPC session will capture.

Only packets matching the filter will be captured. The only filter that is supported is any which will capture packet types.

This command is mandatory for an OPC session. If the capture filter is not defined then the activation of the session (command monitor capture start) will fail.

This command can be applied only for an OPC session that is not active.

If the OPC session named by the user already exists then this command will define the capture filter for the existing OPC session. If the OPC session named by the user does not exist, then this command will create the OPC session and apply to it the specified capture filter. Up to 4 OPC sessions are supported.

Use the no monitor capture capture-name match command to remove the filter from the capture session. If the filter is removed the OPC session cannot be activated (command monitor capture start).

Examples

Example 1: The following command applies the any traffic filter to OPC session cap4. If cap4 does not exist, this command will also create the OPC session:

switchxxxxxx# monitor capture cap4 match any

Example 2: The following example removes the any packet filter from OPC session cap4:

switchxxxxxx# no monitor capture cap4 match

To start the capture operation for an On-board Packet Capture (OPC) session, use the monitor capture start Privileged EXEC mode command.

Syntax

monitor capture capture-name start

Parameters

• capture-name - The name of the OPC session (Range: 1-32 characters)

Default configuration

The OPC session is not active.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to activate/ start the packet capture for the specified OPC session. It is recommended to check CPU utilization before activating a OPC session. Only one session can be activate. This means that an attempt to activate more than one OPC session will fail.

An OPC session can be activated only if it is defined with a capture filter (command monitor capture match) and capture source (command monitor capture control-plane).

An OPC session that was stopped (command monitor capture stop) can be re-started after it was stopped, unless the buffer is full and the buffer mode is set to linear. In case a capture is restarted then the packets captured in the new capture session will be appended to the existing packets stored in the buffer. If the capture buffer is cleared (command monitor capture clear) then the capture can be re-started even if the buffer was previously full and the buffer mode was linear.

Examples

Example 1: In the following example the command successfuly starts the packet capture for

OPC session cap1:

switchxxxxxx# monitor capture cap1 start

29-May-2024 11:14:37 %BUFCAP-I-ENABLE: Capture Point cap1 enabled

Started capture point : cap1

Example 2: In the following example the command to start the packet capture for OPC session cap2 fails because cap1 session is still active:

switchxxxxxx# no monitor capture cap2 start

Capture cap1 is already active - cannot start the capture.

Example 3: In the following example the command to start the packet capture for OPC

session cap3 fails because a source interface (the control plane) was not defined:

switchxxxxxx# no monitor capture cap3 start

Unable to activate capture - A source interface is not defined on the capture point

Example 4: In the following example the command to start the packet capture for OPC

session cap4 fails because the buffer for this OPC session is full (buffer mode is linear):

switchxxxxxx# no monitor capture cap4 start

Unable to activate capture - capture buffer is full (linear mode)

To stop the capture operation of an On-board Packet Capture (OPC) session, use the monitor capture stop Privileged EXEC mode command.

Syntax

monitor capture capture-name stop

Parameters

• capture-name - The name of the OPC session (Range: 1-32 characters)

Default configuration

Not applicable.

Command Mode

Privileged EXEC mode

User Guidelines

Use this command to stop the capture of packets that was started using the monitor capture start command.

An OPC session can be re-started (command monitor capture start) after it was stopped, unless the buffer is full and the buffer mode is set to linear. In case a capture is restarted then the packets captured in the new capture session will be appended to the existing packets stored in the buffer. If the capture buffer is cleared (command monitor capture clear) then the capture can be re-started even if the buffer was previously full and buffer mode was linear.

Examples

Example 1: In the following example packet capture is stopped for OPC session cap1:

switchxxxxxx# monitor capture cap1 stop

Stopped capture point : cap1

Example 2: In the following example the command to stop the packet capture for OPC session cap2 fails because cap2 session is not active:

switchxxxxxx# no monitor capture cap2 stop

Capture cap2 is not active

Example 3: In the following example the command to stop the packet capture for OPC session cap6 fails because cap6 does not exit (was not created):

switchxxxxxx# no monitor capture cap6 stop

No such instance exists.

To reload the operating system at a user-specified time, use the reload Privileged EXEC mode command.

Syntax

reload [in [hhh:mm | mmm] | at hh:mm [day month]] | cancel]

Parameters

• in hhh:mm | mmm—(Optional) Schedules a reload of the software to take effect in the specified minutes or hours and minutes. The reload must take place within approximately 24 days.

• at hh:mm—(Optional) Schedules a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, the reload takes place at the specified time on the current day (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The reload must take place within 24 days.

• day—(Optional) Number of the day in the range from 1 to 31.

• month—(Optional) Month of the year.

• cancel—(Optional) Cancels a scheduled reload.

Default Usage

None

Command Mode

Privileged EXEC mode

User Guidelines

The at keyword can be used only if the system clock has been set on the device. To schedule reloads across several devices to occur simultaneously, synchronize the time on each device with SNTP.

When you specify the reload time using the at keyword, if you specify the month and day, the reload takes place at the specified time and date. If you do not specify the month and day, the reload takes place at the specified time on the current day (if the specified time is later than the current time), or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The reload must take place within 24 days.

To display information about a scheduled reload, use the show reload command.

Use the reload factory-default Privileged EXEC mode command to reload the stack or a specific unit in a stack and return the settings to factory default.

Syntax

reload factory-default [unit unit-id]

Parameters

This command does not support any keywords or parameters.

Default Usage

None.

Command Mode

Privileged EXEC mode

User Guidelines

This command will reset to factory default settings all of the units in the stack. If the [unit unit-id] parameter is specified only the specified unit will be reset to factory defaults. The command has the same effect as pressing the device reset button to initiate a factory default reset and device reload. The stack settings, configuration files, syslog files and other configuration related files will be erased. Units that are reset to factory default will disconnect from the stack and stack topology will change. This may create a disconnection between units in the stack.

If the command specifies the Active Unit in the [unit unit-id] parameter, then the stack will continue to operate only if one of the remaining units is a Standby Unit.

Examples

Example 1: The following example resets to factory default and reloads all of the units in the stack.

switchxxxxxx> reload factory-default
This command will reset to factory default and reload all of the units in the
stack. It is highly recommended to backup the stack configuration before
applying this command.

To enable switching to another open Telnet session, use the resume EXEC mode command.

Syntax

resume [connection]

Parameters

connection—(Optional) Specifies the connection number. (Range: 1-4 connections.)

Default Configuration

The default connection number is that of the most recent connection.

Command Mode

Privileged EXEC mode

Example

The following command switches to open Telnet session number 1.

switchxxxxxx> resume 1

To enable measuring CPU utilization, use the service cpu-utilization Global Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

service cpu-utilization

no service cpu-utilization

Parameters

This command has no arguments or keywords.

Default Configuration

Measuring CPU utilization is enabled.

Command Mode

Global Configuration mode

User Guidelines

Use the service cpu utilization command to measure information on CPU utilization.

Example

The following example enables measuring CPU utilization.

switchxxxxxx(config)# service cpu-utilization

To display the device CPLD code version, use the show cpld version User EXEC mode command.

Note	This is relevant to stackable systems only.

Syntax

show cpld version [unit unit-id]

Parameters

This command has no arguments or keywords.

Command Mode

User EXEC mode

Examples

To display the rate of input frames to the CPU in packets per seconds (pps), use the show cpu input rate User EXEC mode command.

Syntax

show cpu input rate

Parameters

This command has no arguments or keywords.

Command Mode

User EXEC mode

Example

The following example displays CPU input rate information.

switchxxxxxx> show cpu input rate
Input Rate to CPU is 1030 pps.

To display information about CPU utilization, use the show cpu utilization Privileged EXEC mode command.

Syntax

show cpu utilization

Parameters

This command has no arguments or keywords.

Default Usage

None

Command Mode

Privileged EXEC mode

User Guidelines

Use the show cpu-utilization command to enable measuring CPU utilization.

Example

The following example displays CPU utilization information.

switchxxxxxx> show cpu utilization
CPU utilization service is on.
CPU utilization
--------------------------------------------------
five seconds: 5%; one minute: 3%; five minutes: 3%

To display environment information, use the show environment User EXEC mode command.

Syntax

show environment {all | fan | temperature {status} | stack [switch-number]}

Parameters

• all—Displays the fan and temperature general status. If this parameter is used - a fault situation will be reported if it exists on any one of the stack units

• fan—Displays the fan(s) status

• temperature {status}—Displays the temperature status

• stack [switch-number]—(Optional) Displays detailed environment status of a stack, per each stack unit. If the switch-number is specified, the environment status of the selected device number is displayed. (Range: 1 – 4)

Command Mode

User EXEC mode

User Guidelines

The fan and temperature status parameters are available only on devices on which fan and/or temperature sensor are installed.

Fan status can be one of:

• OK - The fan/s functions correctly.

• Failure - One or more of the fans failed.

• Fan read fail - Reading information from one or more fans failed.

• NA - No fan is installed.

Temperature can be one of:

• OK - The temperature is below the warning threshold.

• Warning- The temperature is between the warning threshold and the critical threshold.

• Critical - the temperature is above the critical threshold.

Sensor status can be one of:

• OK - All Sensors on device are functioning properly.

• Failure - One or more of the sensors failed.

• NA - No sensor installed.

To display product inventory list, use the show inventory User EXEC mode command.

Syntax

show inventory [entity]

Parameters

entity—Specifies the entity to be displayed. It can be a number (1 - 4) for a specific unit number in a stack, or an interface (Ethernet) name.

Command Mode

User EXEC mode

User Guidelines

Use the show inventory command to retrieve and display inventory information about the device, unit in stack, and connected entities such as SFPs.

In case no entity is specified the command will display information for all units in stack and all connected entities.

If the specified entity is an interface (Ethernet) name, and an SFP is not inserted into the port - Only the NAME & DESCR fields will be displayed, and DESCR will be “No SFP Inserted”.

Examples

switchxxxxxx>  show inventory
NAME: "1", DESCR: "48-Port Gigabit with 4-Port 10-Gigabit Managed Switch"
PID: xx350-4x-K9, VID: V01, SN: 123456789

Example 2 - The following example displays a specific entity in a standalone system.

switchxxxxxx> show inventory gigabitethernet1/0/49
NAME: "GigabitEthernet1/0/49", DESCR: "1000M base-LX Mini-GBIC SFP Transceiver"
PID: MGBLX1,VID: V01, SN: AGC1525UR7G

switchxxxxxx> show inventory gi1/0/1
NAME: "gi1/0/1", DESCR: "SFP-1000Base-LX"
PID: SFP-1000-LX ,VID: Information Unavailable , SN: 613bbgr8

switchxxxxxx> show inventory gi1/0/2
NAME: "gi1/0/2", DESCR: "SFP not inserted"

switchxxxxxx> show inventory
NAME: "2", DESCR: "48-Port Gigabit with 4-Port 10-Gigabit Managed Switch"
PID: xx350-4x-K9 , VID: V01, SN: 123456789
NAME: "GigabitEthernet2/0/49", DESCR: "1000M base-LX Mini-GBIC SFP Transceiver"
PID: MGBLX1,  VID: V01, SN: AGC1525UR7G
NAME: "4", DESCR: "48-Port Gigabit with 4-Port 10-Gigabit Managed Switch"
PID: xx350-4x-K9 , VID: V01, SN: 123456789

Example 6- The following example displays information for unit 1 of the stack.

switchxxxxxx> show inventory 1
NAME: "1"  DESCR: "48-Port Gigabit with 4-Port 10-Gigabit Managed Switch"
PID: xx350-4x-K9  VID:  V02  SN: 402

Use the show platform certificate Privileged EXEC mode command to display the Active unit SUDI certificate or AIK certificate and optionally a signature over the certificates.

Syntax

show platform {sudi | attestation} certificate [sign [nonce <nonce value>]]

Parameters

• {sudi | attestation} - display either SUDI or Attestation (AIK - Attestation Identity Key) certificate.

• sign—(Optional) display a signature over the certificate

• [nonce <nonce value>]—(Optional) provide a nonce to use with the signature to protect from replay attacks. (range 0-4,294,967,295)

Default Usage

The certificate is displayed without a signature. If the sign parameter is specified without a nonce value then the signature will be generated without using a nonce.

Command Mode

Privileged EXEC mode

User Guidelines

The show platform certificate command displays the device SUDI or AIK (Attestation Identity Key) certificate.

The command output includes the certificate chain in PEM format, where the first certificate that is displayed is the Cisco Root CA, and the second certificate that is displayed is the Cisco published on https://www.cisco.com/security/pki/. The third certificate is the SUDI or AIK leaf certificate.

If the optional sign parameter is used, then the command output will display a signature over the certificates using either the SUDI (if sudi keyword is used) or AIK (if attestation keyword is used) private key.

The command also supports an optional [nonce <nonce value>] parameter used as part of the signature inputs to prevent replay attacks. If the [nonce <nonce value>] parameter is not provided the signed data will not include the nonce.

The command output includes a signature version. Signature value of 1 indicates that the SUDI private key was used for signing, while a signature value of 2 indicates that the AIK private key was used for signing.

Examples

Example 1: The following example displays the SUDI certificate chain without a signature:

switchxxxxxx> show platform sudi certificate
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAZozWHjOFsHBMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODA5
MjA1ODI4WhgPMjA5OTA4MDkyMDU4MjhaMC0xDjAMBgNVBAoTBUNpc2NvMRswGQYD
VQQDExJDaXNjbyBSb290IENBIDIwOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDTtuM1fg0+9Gflik4axlCK1I2fb3ESCL8+tk8kOXlhfrJ/zlfRbe60
xRP0iUGMKWKBj0IvvWFf4AW/nyzCR8ujTt4a11Eb55SAKXbXYQ7L4YMg+lmZmg/I
v3GJEc3HCYU0BsY8g9LuLMvqwiNmAwM2jWzNq0EPArt/F6RiQKq6Ta3e7VIfDZ7J
65OA2xASA2FrSe9Vj97KpQReDcm6G7cqFH5f+CrdQ4qwAa4zWNyM3kOpUb637DNd
9m+n6WECyc/IUD+2e+yp21kBZIKH7JvDpu2U7NBPfr52mFX8AfCZgkXV69bp+iYf
saH1DvXIfPpNp93zGKUSXxEj4w881t2zAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ4lVcPNCNO86EmILoUkcdBiB2j
WzANBgkqhkiG9w0BAQsFAAOCAQEAjeKZo+4xd05TFtq99nKnWA0J+DmydBOnPMwY
lDrKfBKe2wVu5AJMvRjgJIoY/CHVPaCOWH58UTqfji95eUaryQ/s36RKrBgMMlwr
WNItxE625PHuaN6EjD1WdWiRMZ2hy8F4FCKz5hgUEvN+PUNZwsPnpU6q3Ay0+11T
4TriwCV8kJx3cWu0NvTypYCCXMscSfLFQR13bo+1z6XNm30SecmrxkmQBVMqjCZM
VvAxhxW1iGnYdPRQuNqt0xITzCSERqg3QVVqYnFJUkNVN6j0dmmMVKZh17HgqLnF
PKkmBlNQ9hQcNM3CSzVvEAK0CCEo/NJ/xzZ6WX1/f8Df1eXbFg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEZzCCA0+gAwIBAgIJCmR1UkzYYXxiMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODEx
MjAyODA4WhgPMjA5OTA4MDkyMDU4MjdaMDExHzAdBgNVBAMTFkhpZ2ggQXNzdXJh
bmNlIFNVREkgQ0ExDjAMBgNVBAoTBUNpc2NvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvdzeSWdDI6lRZDYRvA6JqaRvQyy6Dx1WaqI82UeKR4ZRn0ef
xMGvp4c88/VMS8WSjQO1qolMfMxqHkcSiFBOULx6Trquw4TrEf9sIuzvgJvDaEa8
IllXPwtPtNqZEIWi8jlinz2uGam93KuGPcioHfruzbDKWHL/HWFGYMgz+OKwhD3J
4NRySknQvUovfV8eWLeVOqW8rbnG3TZxv5VexOiK4jL3ObvsQPuAWUwUoo7nuFlE
GTG/VCeyCe/H8+afIScbZOkI9xejtckflnBYFVCyFxzm2H3YZatb6ohbyRXLtOPj
T3SJ+OOoYMlSLd28z727LpRbFFLGYhyWxEXDuQIDAQABo4IBgjCCAX4wDgYDVR0P
AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwfwYIKwYBBQUHAQEEczBxMEEG
CCsGAQUFBzAChjVodHRwczovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2Nl
cnRzL2NyY2EyMDk5LmNlcjAsBggrBgEFBQcwAYYgaHR0cDovL3BraWN2cy5jaXNj
by5jb20vcGtpL29jc3AwHwYDVR0jBBgwFoAUOJVXDzQjTvOhJiC6FJHHQYgdo1sw
UgYDVR0gBEswSTBHBgorBgEEAQkVAR4AMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93
d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9wb2xpY2llcy8wQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2NybC9jcmNh
MjA5OS5jcmwwHQYDVR0OBBYEFOpro7nBE5d+G/s6jWhgBzlfh0j6MA0GCSqGSIb3
DQEBCwUAA4IBAQBcqYEOgAHhGWKndwM901XX2Enh4hjXR5avDg7G/f6Tb9H509dt
QW+AeZGEghhwUrw1EeG79tHkncAe+m+64xMC1ttyI1RSyn8rBqQYkXnnCRbtF/Nw
pQe5fjvdeIFWJhUI16TOt/ZlkNnWnLsUU1alZmN+J/FhSr8VTJWGRM9gY8hefH8f
5U7LMiDXxsFVHB7R6KGNjvtawrl6W6RKp2dceGxEIIvMahgMWWHHiWOQAOtVrHuE
NEjYR/7klLLwdgQF/NNCA2z47pSfMFnBcr8779GqVIbBTpOP2E6+1pBrE2jBNNoc
uBG1fgvh1qtJUdBbTziAKNoCo4sted6PW2/U
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEITCCAwmgAwIBAgIKBgEgAwc2RDFGxTANBgkqhkiG9w0BAQsFADAxMR8wHQYD
VQQDExZIaWdoIEFzc3VyYW5jZSBTVURJIENBMQ4wDAYDVQQKEwVDaXNjbzAgFw0y
MjA4MDExMDEwMDhaGA8yMDk5MDgwOTIwNTgyNlowYjEoMCYGA1UEBRMfUElEOkMx
MjAwLTE2UC0yRyBTTjpEVFkyNjMxMDAxNTEOMAwGA1UEChMFQ2lzY28xETAPBgNV
BAsTCFRQTSBTVURJMRMwEQYDVQQDEwpMSUdIVFNBQkVSMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxHlUxYHK+BoQ3N7sL2u0Tgc3aJuJGnfJbrMHtow3
S8EmyyebeZpdWbfpn/zFH8TC3J9cr1NA4EvYi1Qli9ioSuBlLTjDujhAIPVqZnmy
cEDjDG0QI2xPYz+nL83ULkYWWTejarfz4jIPYb9po1veMavEqcEtBQHmPAlbzZyL
adRSrj32ph+XlnZ8BKU1BzXq52zcXsz2fICd0evw4O9f2LOMTvzMkn/i8dLx4gy1
oP95/EgJLgTydtpZyuA8TG9fy23qrWdJJzM+ZS+6cYrl20Eu7j5t5oN3IfAYxMwk
1MRaR+Ft5QWgK/ZBvAd3emelLB7K48h/nxKBLrtD6aobiQIDAQABo4IBBjCCAQIw
DgYDVR0PAQH/BAQDAgXgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU6mujucET
l34b+zqNaGAHOV+HSPowgaEGA1UdEQSBmTCBlqBQBgorBgEEAQkVAwQCoEITQDFG
OTlBMDQ5Qzk1MjgxRjU1RjhBNjhBNzJFMjA0OURCQzgyOTAwNjREMjUzMjdEMUI3
RDkzQ0IxNDc3MzdBMTmgQgYJKwYBBAEJFQIDoDUTM0NoaXBJRD1Vd0lDQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQkh3PTAdBgNVHQ4EFgQUDyWO
Gy2I7j1nREZxpDmwbA5+hcQwDQYJKoZIhvcNAQELBQADggEBAA2KBFfaQf5kFaMJ
DJtGTyMNfu0hYjELDCwMK04iepo1w8bg9Rlb25LXYX+Rkk1/ZlIo3wLmRYNIddow
NQbJwt8Ch27kYyjnHcBWgz/M/DWOfKgEpNlS/Lw3ssLiAN67Y4dqUycUq7QVwG/I
zHO8oMu4sWjarkpiMTibJbw6w5PbJhd8meHoaJA1AV0pNKASvsIKoCZI1cRP/RFZ
dnRMM9LQUqeVob9hn5WRQ5PrweuALXMkUpmqeHsxSxa0M9w2u7dDYq/oeGZuUk93
9JaBqW4nwZ50MkwK9qLzYFzR5HD+YfJup22DoSdXZhO+gz4MzVCqDp5zsEyDPZl6
XLN5ZZ4=
-----END CERTIFICATE-----

Example 2: The following example displays the SUDI certificate chain with a signature over the certificates using a nonce of 12345:

switchxxxxxx> show platform sudi certificate sign nonce 12345
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAZozWHjOFsHBMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODA5
MjA1ODI4WhgPMjA5OTA4MDkyMDU4MjhaMC0xDjAMBgNVBAoTBUNpc2NvMRswGQYD
VQQDExJDaXNjbyBSb290IENBIDIwOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDTtuM1fg0+9Gflik4axlCK1I2fb3ESCL8+tk8kOXlhfrJ/zlfRbe60
xRP0iUGMKWKBj0IvvWFf4AW/nyzCR8ujTt4a11Eb55SAKXbXYQ7L4YMg+lmZmg/I
v3GJEc3HCYU0BsY8g9LuLMvqwiNmAwM2jWzNq0EPArt/F6RiQKq6Ta3e7VIfDZ7J
65OA2xASA2FrSe9Vj97KpQReDcm6G7cqFH5f+CrdQ4qwAa4zWNyM3kOpUb637DNd
9m+n6WECyc/IUD+2e+yp21kBZIKH7JvDpu2U7NBPfr52mFX8AfCZgkXV69bp+iYf
saH1DvXIfPpNp93zGKUSXxEj4w881t2zAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ4lVcPNCNO86EmILoUkcdBiB2j
WzANBgkqhkiG9w0BAQsFAAOCAQEAjeKZo+4xd05TFtq99nKnWA0J+DmydBOnPMwY
lDrKfBKe2wVu5AJMvRjgJIoY/CHVPaCOWH58UTqfji95eUaryQ/s36RKrBgMMlwr
WNItxE625PHuaN6EjD1WdWiRMZ2hy8F4FCKz5hgUEvN+PUNZwsPnpU6q3Ay0+11T
4TriwCV8kJx3cWu0NvTypYCCXMscSfLFQR13bo+1z6XNm30SecmrxkmQBVMqjCZM
VvAxhxW1iGnYdPRQuNqt0xITzCSERqg3QVVqYnFJUkNVN6j0dmmMVKZh17HgqLnF
PKkmBlNQ9hQcNM3CSzVvEAK0CCEo/NJ/xzZ6WX1/f8Df1eXbFg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEZzCCA0+gAwIBAgIJCmR1UkzYYXxiMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODEx
MjAyODA4WhgPMjA5OTA4MDkyMDU4MjdaMDExHzAdBgNVBAMTFkhpZ2ggQXNzdXJh
bmNlIFNVREkgQ0ExDjAMBgNVBAoTBUNpc2NvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvdzeSWdDI6lRZDYRvA6JqaRvQyy6Dx1WaqI82UeKR4ZRn0ef
xMGvp4c88/VMS8WSjQO1qolMfMxqHkcSiFBOULx6Trquw4TrEf9sIuzvgJvDaEa8
IllXPwtPtNqZEIWi8jlinz2uGam93KuGPcioHfruzbDKWHL/HWFGYMgz+OKwhD3J
4NRySknQvUovfV8eWLeVOqW8rbnG3TZxv5VexOiK4jL3ObvsQPuAWUwUoo7nuFlE
GTG/VCeyCe/H8+afIScbZOkI9xejtckflnBYFVCyFxzm2H3YZatb6ohbyRXLtOPj
T3SJ+OOoYMlSLd28z727LpRbFFLGYhyWxEXDuQIDAQABo4IBgjCCAX4wDgYDVR0P
AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwfwYIKwYBBQUHAQEEczBxMEEG
CCsGAQUFBzAChjVodHRwczovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2Nl
cnRzL2NyY2EyMDk5LmNlcjAsBggrBgEFBQcwAYYgaHR0cDovL3BraWN2cy5jaXNj
by5jb20vcGtpL29jc3AwHwYDVR0jBBgwFoAUOJVXDzQjTvOhJiC6FJHHQYgdo1sw
UgYDVR0gBEswSTBHBgorBgEEAQkVAR4AMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93
d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9wb2xpY2llcy8wQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2NybC9jcmNh
MjA5OS5jcmwwHQYDVR0OBBYEFOpro7nBE5d+G/s6jWhgBzlfh0j6MA0GCSqGSIb3
DQEBCwUAA4IBAQBcqYEOgAHhGWKndwM901XX2Enh4hjXR5avDg7G/f6Tb9H509dt
QW+AeZGEghhwUrw1EeG79tHkncAe+m+64xMC1ttyI1RSyn8rBqQYkXnnCRbtF/Nw
pQe5fjvdeIFWJhUI16TOt/ZlkNnWnLsUU1alZmN+J/FhSr8VTJWGRM9gY8hefH8f
5U7LMiDXxsFVHB7R6KGNjvtawrl6W6RKp2dceGxEIIvMahgMWWHHiWOQAOtVrHuE
NEjYR/7klLLwdgQF/NNCA2z47pSfMFnBcr8779GqVIbBTpOP2E6+1pBrE2jBNNoc
uBG1fgvh1qtJUdBbTziAKNoCo4sted6PW2/U
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEITCCAwmgAwIBAgIKBgEgAwc2RDFGxTANBgkqhkiG9w0BAQsFADAxMR8wHQYD
VQQDExZIaWdoIEFzc3VyYW5jZSBTVURJIENBMQ4wDAYDVQQKEwVDaXNjbzAgFw0y
MjA4MDExMDEwMDhaGA8yMDk5MDgwOTIwNTgyNlowYjEoMCYGA1UEBRMfUElEOkMx
MjAwLTE2UC0yRyBTTjpEVFkyNjMxMDAxNTEOMAwGA1UEChMFQ2lzY28xETAPBgNV
BAsTCFRQTSBTVURJMRMwEQYDVQQDEwpMSUdIVFNBQkVSMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxHlUxYHK+BoQ3N7sL2u0Tgc3aJuJGnfJbrMHtow3
S8EmyyebeZpdWbfpn/zFH8TC3J9cr1NA4EvYi1Qli9ioSuBlLTjDujhAIPVqZnmy
cEDjDG0QI2xPYz+nL83ULkYWWTejarfz4jIPYb9po1veMavEqcEtBQHmPAlbzZyL
adRSrj32ph+XlnZ8BKU1BzXq52zcXsz2fICd0evw4O9f2LOMTvzMkn/i8dLx4gy1
oP95/EgJLgTydtpZyuA8TG9fy23qrWdJJzM+ZS+6cYrl20Eu7j5t5oN3IfAYxMwk
1MRaR+Ft5QWgK/ZBvAd3emelLB7K48h/nxKBLrtD6aobiQIDAQABo4IBBjCCAQIw
DgYDVR0PAQH/BAQDAgXgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU6mujucET
l34b+zqNaGAHOV+HSPowgaEGA1UdEQSBmTCBlqBQBgorBgEEAQkVAwQCoEITQDFG
OTlBMDQ5Qzk1MjgxRjU1RjhBNjhBNzJFMjA0OURCQzgyOTAwNjREMjUzMjdEMUI3
RDkzQ0IxNDc3MzdBMTmgQgYJKwYBBAEJFQIDoDUTM0NoaXBJRD1Vd0lDQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQkh3PTAdBgNVHQ4EFgQUDyWO
Gy2I7j1nREZxpDmwbA5+hcQwDQYJKoZIhvcNAQELBQADggEBAA2KBFfaQf5kFaMJ
DJtGTyMNfu0hYjELDCwMK04iepo1w8bg9Rlb25LXYX+Rkk1/ZlIo3wLmRYNIddow
NQbJwt8Ch27kYyjnHcBWgz/M/DWOfKgEpNlS/Lw3ssLiAN67Y4dqUycUq7QVwG/I
zHO8oMu4sWjarkpiMTibJbw6w5PbJhd8meHoaJA1AV0pNKASvsIKoCZI1cRP/RFZ
dnRMM9LQUqeVob9hn5WRQ5PrweuALXMkUpmqeHsxSxa0M9w2u7dDYq/oeGZuUk93
9JaBqW4nwZ50MkwK9qLzYFzR5HD+YfJup22DoSdXZhO+gz4MzVCqDp5zsEyDPZl6
XLN5ZZ4=
-----END CERTIFICATE-----
Signature version: 1
Signature:
6ca45d415eace3b6cc09d84026dfcb4d1fbf614c319d3d28a3b924f6f432b26254aeca9c22aa150c
cfadd78bf2c4326d89f863eb52893e2cf3b9ddcd6d1f8ff00ea5830eec1281446c5ab5c92eee0030
6d25a1c75a6b0deaf9fee88b2b62d5e341bbe2fdbfb4cf4b5720d74f4e63f16c2012baadb5251a9d
bc871c4977335b8152715a95b48003d139e9e7e19fb7aa84f62e1a8c0e007a15f2a312c839b96170
e05e58a0e0f9ee78a28ffc9ddeb73fc7fdde0cbb556fa17aeb0d984bb4afa435fe40599de1c222bd
d132112ecb23ea1ca7ea78b40b2fb39d04867c05b0a7965e2180ba79688da06864be541f4956db96
3e48ad26f817bb56465f11e5ff89e128

Example 3: The following example displays the attestation (AIK) certificate chain with a signature over the certificates using a nonce of 67890:

switchxxxxxx> show platform attestation certificate sign nonce 67890
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAZozWHjOFsHBMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODA5
MjA1ODI4WhgPMjA5OTA4MDkyMDU4MjhaMC0xDjAMBgNVBAoTBUNpc2NvMRswGQYD
VQQDExJDaXNjbyBSb290IENBIDIwOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDTtuM1fg0+9Gflik4axlCK1I2fb3ESCL8+tk8kOXlhfrJ/zlfRbe60
xRP0iUGMKWKBj0IvvWFf4AW/nyzCR8ujTt4a11Eb55SAKXbXYQ7L4YMg+lmZmg/I
v3GJEc3HCYU0BsY8g9LuLMvqwiNmAwM2jWzNq0EPArt/F6RiQKq6Ta3e7VIfDZ7J
65OA2xASA2FrSe9Vj97KpQReDcm6G7cqFH5f+CrdQ4qwAa4zWNyM3kOpUb637DNd
9m+n6WECyc/IUD+2e+yp21kBZIKH7JvDpu2U7NBPfr52mFX8AfCZgkXV69bp+iYf
saH1DvXIfPpNp93zGKUSXxEj4w881t2zAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ4lVcPNCNO86EmILoUkcdBiB2j
WzANBgkqhkiG9w0BAQsFAAOCAQEAjeKZo+4xd05TFtq99nKnWA0J+DmydBOnPMwY
lDrKfBKe2wVu5AJMvRjgJIoY/CHVPaCOWH58UTqfji95eUaryQ/s36RKrBgMMlwr
WNItxE625PHuaN6EjD1WdWiRMZ2hy8F4FCKz5hgUEvN+PUNZwsPnpU6q3Ay0+11T
4TriwCV8kJx3cWu0NvTypYCCXMscSfLFQR13bo+1z6XNm30SecmrxkmQBVMqjCZM
VvAxhxW1iGnYdPRQuNqt0xITzCSERqg3QVVqYnFJUkNVN6j0dmmMVKZh17HgqLnF
PKkmBlNQ9hQcNM3CSzVvEAK0CCEo/NJ/xzZ6WX1/f8Df1eXbFg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEXzCCA0egAwIBAgIJCsCKA1bCuHJDMA0GCSqGSIb3DQEBCwUAMC0xDjAMBgNV
BAoTBUNpc2NvMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwOTkwIBcNMTYwODEx
MjAzMjQyWhgPMjA5OTA4MDkyMDU4MjdaMCkxFzAVBgNVBAMTDkF0dGVzdGF0aW9u
IENBMQ4wDAYDVQQKEwVDaXNjbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPH9/H1Cno5OxJ7xqpZZmnnfuuHKhhXQTjz6dUkjmbJmUXsFHMCNikbkLgTj
qgsbSfeOG0kVFAJCC2XkMsWgjuLV8laHXAY/tRWrgyHJ7RkqqUTh7ZLmhNFPxQaj
DdaqaPDNyKplgl8KhXwF+n1n4PQuH45dUE3Tp4P80AVZ4fNmow5n409ZIpcjOYfS
iLiQ8fID9hhY3GAVh5ugfLbLKhojCojCNgT+gzR4IM6amzHku1Ysuf7mUFd8vJtd
AWekGtr1XUB2gJ72vXwqV0lf4uFw7GHO+hREqogRLhtF/7uH6CoVO/fmcUFYIT+C
MSKzxJAbeITSd13WCNzSXYiXrTMCAwEAAaOCAYIwggF+MA4GA1UdDwEB/wQEAwIB
BjASBgNVHRMBAf8ECDAGAQH/AgEAMH8GCCsGAQUFBwEBBHMwcTBBBggrBgEFBQcw
AoY1aHR0cHM6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9jZXJ0cy9jcmNh
MjA5OS5jZXIwLAYIKwYBBQUHMAGGIGh0dHA6Ly9wa2ljdnMuY2lzY28uY29tL3Br
aS9vY3NwMB8GA1UdIwQYMBaAFDiVVw80I07zoSYguhSRx0GIHaNbMFIGA1UdIARL
MEkwRwYKKwYBBAEJFQEcADA5MDcGCCsGAQUFBwIBFitodHRwOi8vd3d3LmNpc2Nv
LmNvbS9zZWN1cml0eS9wa2kvcG9saWNpZXMvMEMGA1UdHwQ8MDowOKA2oDSGMmh0
dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9jcmwvY3JjYTIwOTkuY3Js
MB0GA1UdDgQWBBQAHroP19nnPZCyDOSo7cfzLETspjANBgkqhkiG9w0BAQsFAAOC
AQEAhyXlbLYZRW6CxRvVobb4Gvt8HFHKCaqx0yPbnDAjktzq3/yrb6TevdITFt2U
VZjO78/yJRACGffz8dlaBnVp8LEMcBZTzs2tvP6gkjgptqC+FFV0+8lCdxzoeRx6
vaVgpd9CPbpfLRp4wewp/phXonRshNxWXdVgk2lK/o3njguc/5jI5SPzejFMMJOF
ZgrExhmcKRDVap9fJi/JOizO+1Qwp9hPEthBElv9UksA4NKEdiwNjTOhPB6GU7wU
XrSFE5Svf5YVAPxKl0Gkw5ulSTiWM7UsnS1RaXfBPqrsR1SlzIQQlr4B85EzTBuK
HvlCRCEPQZcg3CItn3b8UtPLLQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEGTCCAwGgAwIBAgIKA4Nld5RVSDU2ozANBgkqhkiG9w0BAQsFADApMRcwFQYD
VQQDEw5BdHRlc3RhdGlvbiBDQTEOMAwGA1UEChMFQ2lzY28wIBcNMjIwODAxMTAx
MDA4WhgPMjA5OTA4MDkyMDU4MjZaMGIxKDAmBgNVBAUTH1BJRDpDMTIwMC0xNlAt
MkcgU046RFRZMjYzMTAwMTUxDjAMBgNVBAoTBUNpc2NvMREwDwYDVQQLEwhUUE0g
U1VESTETMBEGA1UEAxMKTElHSFRTQUJFUjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJtUHXzPGFhzrlJ251GUrGuL8Ek3axTdrurLqzNslvkx5Ystp2VM
Q5qDua2ovRcESrSxTfNMwUDm9+FX8EipsxgIRX5+oZZ8ka8oNVEKyTPyB5upl7Xi
9G15wvVBUHceVERCX33LqV2wHiA2hMdsgDsSeGlJteQi3zjeokXeojW9MDyJsMTp
CBQHCGNS+GgKXSqMt3k54K8S3RSi/P/R/oPKoA0z2ZUsu9/bOHTAwX/ZGMJ8U48X
C93adaOef1J0grt5scL073jZ1SbI4NS2ind8DGS2f059pdKHZvCetNJMcGugnapx
S6jOkf4qiTVSpbuEos8VDMgubaWf7KUUSB8CAwEAAaOCAQYwggECMA4GA1UdDwEB
/wQEAwIF4DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAAeug/X2ec9kLIM5Kjt
x/MsROymMIGhBgNVHREEgZkwgZagUAYKKwYBBAEJFQMEAqBCE0AxRjk5QTA0OUM5
NTI4MUY1NUY4QTY4QTcyRTIwNDlEQkM4MjkwMDY0RDI1MzI3RDFCN0Q5M0NCMTQ3
NzM3QTE5oEIGCSsGAQQBCRUCA6A1EzNDaGlwSUQ9VXdJQ0FBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUJIdz0wHQYDVR0OBBYEFC2RwVIJl3l6EDvF
+2jc19Vq6mIdMA0GCSqGSIb3DQEBCwUAA4IBAQB0U1fS7UQaHdkhB/X44U+fOt0U
1wW/L5yPuDc7zWGHcxFkdZBP+4e4M491dKI8B0ULdFhZThHNf/WeQ2c9TftPc0kI
f3gqo9ez7oBlM/2Y1luG0D3WigAyZjonqmW3/tikYiVKGs7eGGylO22S9y5jXxjz
qqtz5LU+S9d18NGtKD1rYhA12ZZ9ikUhBUPDpbG0JanGaYOLpwVl7wkynYnI5bhn
gjAylgV5RqBRN6luvDWTN02LvXCKYChSMJxH8VN8d75D68qg/XcL0zcTUVViENsi
grZkZxpqU3cRJqSUVBsPXSSKhgryuVv0wcZcMAU1Bg7elM67bTzet+d1YvWH
-----END CERTIFICATE-----
Signature version: 2
Signature:
33bf4ff78bf66930494bc2376244e9b022931b7c0519a5d123e5571287a5b1ddcc4b90a80870d263
ec9f5a38b9f4c44973527b4ddcb6c8d515e64c9862362884671fff7e1e279fa6d1d8b3d81604930a
0a94b6ba8f6224ce6b60172b105ced211120528af39362269f0b4bbf7adcc9532e108b4035d2d139
62ffd5792ac1565f7e04932938b942e90ca9aefb8bf4a3cd0f804494486e1b579934aac8f42a57e9
40069463151d5e01c1d5e8b8e66b4f300c05e01aadcfaf3dc0588b6e699f1367af4fcfe19bc58a21
55d02592a7fbe158558937b9c642d90c39ce9f7a8f759cc8ec230443410dd668f3a9383bc89cc546
650902fbc637f921b4a3d17007ee98bb

Use the show platform hardware integrity Privileged EXEC mode command to display chip protection information, including the content of PCR-15 (PCR - Platform Configuration Register) of the Active unit, and optionally a signature over the PCR or the PCR Quote included in command output display.

Syntax

show platform hardware integrity [[attestation] [sign [nonce <nonce>]]]

Parameters

• sign—(Optional) display a signature over PCR-15 or PCR-15 Quote.

• attestation - (Optional) use the attestation (AIK) private key to sign the PCR-15 Quote. If the attestation is not specified then the SUDI private key is used to sign PCR-15.

• [nonce <nonce value>]—(Optional) provide a nonce to use with the signature to protect from replay attacks. (range 0-4,294,967,295)

Default Usage

PCR information is displayed without a signature. If the sign keyword is specified without a nonce value then the signature will be generated without using a nonce. If the attestation keyword is not specified then the SUDI private key will be used to sign the PCR.

Command Mode

Privileged EXEC mode

User Guidelines

The show platform hardware integrity command provides on demand chip protection attestation. The command displays the content of the Active unit PCR (Platform Configuration Register) 15. PCR-15 is the extension of the device unique chip IDs. If the sign keyword is used, then the command output will display a signature over PCR-15. If the attestation keyword is used then the command output will include also a PCR Quote and the signature will be over the quote.

The command also supports an optional [nonce <nonce value>] parameter used as part of the signature inputs to prevent replay attacks. If the [nonce <nonce value>] parameter is not provided the signed data will not include the nonce.

The command output includes a signature version. A signature value of 1 indicates that the SUDI private key was used for signing PCR-15. A signature value of 2 indicates that the attestation (AIK) private key was used for signing the PCR Quote.

Examples

Example 1: The following example displays the contents of PCR-15 without a signature:

switchxxxxxx> show platform hardware integrity
PCR15: b45f34da34c6b142569f2c4f36264f3d0dfadde33f7721ed4bfd7b329ec71e6c

Example 2: The following example displays PCR-15 with a signature over PCR-15 using the SUDI private key with no nonce:

switchxxxxxx> show platform hardware integrity sign
PCR15: b45f34da34c6b142569f2c4f36264f3d0dfadde33f7721ed4bfd7b329ec71e6c
Signature Version: 1
Signature:
aba857b3c4a00191d6bc01617b5e73755810f0f4f67230e96de7a305f6882d94da9bdd2df3f12472
33f42fe0137b11971c128252e3a9813ec78d8640d87f284fc427db96b3412a07c24c78cda2242bd5
96c69ea06beb28feabfa014c48b96f420d65ffa725221319791e1f7c094acf743bbd48b7aafe088b
147894de42ca0e0634155432d8092b0ca82eb246ddb2de9a0bbd9a7914fdd7a1628dd5a29bbc4d02
9ddf846938e0b47f63bc488cf3dd2f439e684989ff39e834ac7534f5bc2187b293cfc5445af9a905
c8a3a5366fbc2cd74868912105ef4880a203772946ffae2de126cd769d111b362210bb9ce7a2af7b
f423360a90ac8dde4aacc2b47a7cc923

Example 3: The following example displays PCR-15, PCR-15 Quote and the signature over the quote using the attestation (AIK) key with a nonce of 613:

switchxxxxxx> show platform hardware integrity sign attestation nonce 613
PCR15: b45f34da34c6b142569f2c4f36264f3d0dfadde33f7721ed4bfd7b329ec71e6c
Signature Version: 2
Quote:
ff54434780180022000b9f2c580f14cf6f157964c1dc9fb17f8a9504b50976a120fb870831db9242
e5ac00207e5fab8920a8bbcd214d7ade666c74fc07f2aa41298ac81177dc9ba7f5af978100000000
002be9b5000000240000000001000201100000000000000001000b030080000020f508f73aab654d
716ae4a511616843ca53bdef8bb7959a26226dd4d477e7170b
Signature:
36e4f4d5fecaa820cd9dfb879b170007e35eeb2edb1ddb9736580c3bd7aefc1312e6bb946573b8ef
45b9f97084b1648c704d4e54ff6aa854e2ebd4389c880b2c060be391e14d14a411cc675fe6cde688
cf3d688570eaf5bd08b69185f7dfcbbe2a5329939096aa47b0bea5fc0f1907029789f67fbb187d88
2dc69bf24dda351fc55846be38d233d40a164f30a82482f72733c9c33decb06376527034ab19490b
fccbd8f4e108910fa0a923047f98e8c45ba9d9d8e28d134662c52d6ed5616d6fc33e40985b6c3921
644d3e53570c5bc17a7f4289cd46fb3f72a7e440720751889a2552395e9ef66ba9a6d8fe9b9a6aeb
a74e43129fa5447ad9b7158401cd9174

Use the show platform integrity Privileged EXEC mode command to display Boot Integrity Visibility (BIV) information for the Active unit, and optionally a signature over the PCR or the PCR Quote included in command output display.

Syntax

show platform integrity [sign [attestation] [nonce <nonce>]]

Parameters

• sign—(Optional) display a signature over the PCRs displayed in the command output or over the PCR Quote displayed in the command output.

• attestation—(Optional) use the attestation (AIK) private key to sign the PCR Quote. If the attestation is not specified then the SUDI private key is used to sign the PCRs.

• [nonce <nonce value>]—(Optional) provide a nonce to use with the signature to protect from replay attacks. (range 0-4,294,967,295)

Default Usage

PCR information is displayed without a signature. If the sign keyword is specified without a nonce value then the signature will be generated without using a nonce. If the attestation keyword is not specified then the SUDI private key will be used to sign the PCRs.

Command Mode

Privileged EXEC mode

User Guidelines

The show platform integrity command provides on demand Boot Integrity Visibility (BIV) attestation. The command displays the boot-up measurements of the Active unit boot-loader image and OS image. The measurements are displayed as hash values. In addition, the command output displays the contents of PCR-0 and PCR-8. PCR-0 is the extension of the boot-loader image hash, and PCR-8 is the extension of the OS image hash. If the sign keyword is used, then the command output will display a signature over PCR-0 and PCR-8. If the attestation keyword is used then the command output will include also a PCR Quote and the signature will be over the quote.

The command also supports an optional [nonce <nonce value>] parameter used as part of the signature inputs to prevent replay attacks. If the [nonce <nonce value>] parameter is not provided the signed data will not include the nonce.

The command output includes a signature version. Signature value of 1 indicates that the SUDI private key was used for signing PCR-0 and PCR-8, while a signature value of 2 indicates that the attestation (AIK) private key was used for signing the PCR Quote.

Examples

Example 1: The following example displays the measurements of the images and the contents of PCR-0 and PCR-8 without a signature:

switchxxxxxx> show platform integrity
Platform: C1300-48P-4X
Boot Loader Version: 1.0.74
Boot Loader Hash:
810ca3abed75aec7fe3aeb5baa452e7577d2cd15970dae948368f23ee17575b2ae47701e5
OS Version: 4.0.0.76
OS Hash: 26F68EE9341A4CBB552D1A3D9B02920DF126287F12EEEADFC47BD0A8EE8B7D04
PCR0: ca153e2fddadb6af4b08721421c336d874f0a950c7f9699c1509a5fcb86017d6
PCR8: 9c26a9a7ca8033bb050df2b6974cbe0d3f17d65302feb637b40a37aff976e8b9

Example 2: The following example displays the measurements of the images and the contents of PCR-0 and PCR-8 with a signature over PCR-0 and PCR-8 using the SUDI private key and a nonce value of 248:

switchxxxxxx> show platform integrity sign nonce 248
Platform: C1300-48P-4X
Boot Loader Version: 1.0.74
Boot Loader Hash:
810ca3abed75aec7fe3aeb5baa452e7577d2cd15970dae948368f23ee17575b2ae47701e5
OS Version: 4.0.0.76
OS Hash: 26F68EE9341A4CBB552D1A3D9B02920DF126287F12EEEADFC47BD0A8EE8B7D04
PCR0: ca153e2fddadb6af4b08721421c336d874f0a950c7f9699c1509a5fcb86017d6
PCR8: 9c26a9a7ca8033bb050df2b6974cbe0d3f17d65302feb637b40a37aff976e8b9
Signature Version: 1
Signature:
74c2795731dad3fd9cb35310e3d3070dc666ec0ced60ad1b4586f08c18a7d6f5c82db6ac755794ca
810ca3abed75aec7fe3aeb5baa452e7577d2cd15970dae948368f23ee17575b2ae47701e5cac3d89
838696745bfbc620a95523574c6cc6128fbfcbaf86df88d5f56bda32d9f82f3b10ca8d170eac17f0
526194afd80c7880f8074de85eb81777bc94a6ef748f04737bb1ed29debb2d1c0a71074e8e4513b6
ba9253460c205cdd641bfe7976d16d13857db0115a9efd427ce0ccd86c1832b6ad3408640fec4a6f
ca40baebca3a0e2ab395774223776ebebc279e7ec7c759e949fee756f47cb6ca6c326edf68a35444
33f3ef8befcaac78b631188204191745

Example 3: The following example displays the measurements of the images, the contents of PCR-0 and PCR-8, a PCR Quote and a signature over the quote using the attestation (AIK) key and a nonce value of 365:

switchxxxxxx> show platform integrity sign attestation nonce 365
Platform: C1300-48P-4X
Boot Loader Version: 1.0.74
Boot Loader Hash:
810ca3abed75aec7fe3aeb5baa452e7577d2cd15970dae948368f23ee17575b2ae47701e5
OS Version: 4.0.0.76
OS Hash: 26F68EE9341A4CBB552D1A3D9B02920DF126287F12EEEADFC47BD0A8EE8B7D04
PCR0: ca153e2fddadb6af4b08721421c336d874f0a950c7f9699c1509a5fcb86017d6
PCR8: 9c26a9a7ca8033bb050df2b6974cbe0d3f17d65302feb637b40a37aff976e8b9
Signature Version: 2
Quote:
ff54434780180022000b9f2c580f14cf6f157964c1dc9fb17f8a9504b50976a120fb870831db9242
e5ac0008000000000000016d00000000002d085b0000002400000000010002011000000000000000
01000b0301010000200bf8a79c7d864c5556976737edc9a8e870e767d371cf6239892401f76e377e
64
Signature:
14d9b51c83185e790d6485ca76d58bfaab925ba0bc1f1a5ea4590d244b5206c69f53c84d8fc6d715
3af67ab747c7aebd3ba81bf36fbb11e45097adbcd6ec2d924496165505c52dc6a77c386156188e9e
0ce03d58cdbe1babe45141760a8b965440a82af1d3751e9f0b8e8570564c416a407fee901c175594
b7b2a556985c8df924b576f9d898e84db344af19aa724b20f5832d18c1ba2b0c501ef57670dfa643
31970179ea8415aaf2424abdf197386a8b6018c75f2346b930c982eba309aef350075812b894c2ac
36af9594d0d27b0c9aab0e6be17575ba1fc90d898cf70ed6e0a1ccdb15592b9ba8f08d6fb98f70a2
33905b820c64c08247e5ea2a81849b11

To display whether there is a pending reload for status of the device, use the show reload Privileged EXEC mode command.

Syntax

show reload

Parameters

This command has no arguments or keywords.

Command Mode

Privileged EXEC mode

User Guidelines

You can use this command to display a pending software reload. To cancel a pending reload, use this command with the cancel parameter.

Example

The following example displays that reboot is scheduled for 00:00 on Saturday, April-20.

switchxxxxxx> show reload
Reload scheduled for 00:00:00 UTC Sat April 20 (in 3 hours and 12 minutes)

To display open Telnet sessions, use the show sessions User EXEC mode command.

Syntax

show sessions

Parameters

This command has no arguments or keywords.

Default Usage

None

Command Mode

User EXEC mode

User Guidelines

The show sessions command displays Telnet sessions to remote hosts opened by the current Telnet session to the local device. It does not display Telnet sessions to remote hosts opened by other Telnet sessions to the local device.

Example

The following example displays open Telnet sessions.

The following table describes significant fields shown above.

To display system software version information use the following, show software versions Privileged EXEC mode command.

Syntax

show software versions [unit unit-id] [detailed]

Parameters

• Detailed - (optional) Display additional software version also related to BootRom booton, CPLD, PoE controller, OpenSSH and OpenSSL.

Defaults

Displays the following software version info - image, bootloader and kernel.

Command Mode

Privileged EXEC mode

User Guidelines

The show software versions command displays the version information of device image, BootRom, booton, bootloader and kernel as well as relevant software modules.

Examples

Example 1: The following example displays basic device software version information:

switchxxxxxx# show software versions

Example 2: The following example displays detailed device software version information

switchxxxxxx# show software versions detailed

To display the list of supported languages, use the show system languages User EXEC mode command.

Syntax

show system languages

Parameters

This command has no arguments or keywords.

Default Usage

None

Command Mode

User EXEC mode

Example

The following example displays the languages configured on the device. Number of Sections indicates the number of languages permitted on the device.

switchxxxxxx> show system languages
 Language Name   Unicode Name   Code
--------------- -------------- ------
    English        English     en-US
   Japanese       µùѵ£¼F¬P    ja-JP

To light the networks port LEDs of a device, or of a specific unit in stack, use the system light EXEC mode command.

Syntax

system light [duration seconds]

system light stop

Parameters

• duration seconds—The number of seconds to light the LEDs. If unspecified, defaults to 60 seconds. (Range: 5–3600)

• stop—Stop lighting the LEDs.

Command Mode

User EXEC mode

Example

The following example lights the system LED for 6 seconds.

switchxxxxxx> system light duration 65

To set the system to automatically recover from temperature that reached the critical threshold, use the system recovery Global Configuration mode command.

To return to disable automatic recovery, use the no form of the command.

Syntax

system recovery

no system recovery

Parameters

This command has no arguments or keywords.

Default Configuration

System recovery is enabled by default.

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# no system recovery

Use the system reset-button disable Global Configuration mode command to disable the reset functionality of the device reset button. To re-enable the reset button functionality use the no form of the command.

Syntax

system reset-button disable

no system reset-button disable

Parameters

This command has no arguments or keywords.

Default Configuration

By default the device reset button functionality is enabled.

Command Mode

Global Configuration mode

User Guidelines

Use the system reset-button disable command to disable the reset functionality of the device reset button. When this command is applied the device will not reload or reset to factory default even if the reset button is pressed. This is useful to prevent unwanted device reload or setting to factory defaults due to accidental pressing of the button. The command disables the functionality of the reset button on all of the units in a stack.

If the reset button has other functionalities, besides reload and reset to factory default, they will not be effected by this setting.

Use the no form of command to re-activate the reset button and allow device reload and reset to factory default by pressing the button.

Examples

switchxxxxxx(config)# system reset-button disable