Network Configuration CLI Commands

Use the network configuration CLI commands to set IP addresses, handle bonding and failover, handle secondary functionality, and reset networking.

Use the network configuration CLI commands to perform the following tasks:
  • Identify a connector on the back of the machine (show network interface port).
  • Reset networking after you install or move a network card (store network interface reset) .
  • Set IP addresses (store network interface ip, store network interface mask, store network resolver, store network routes).
  • Enable or disable high-availability (store network interface high-availability).
  • Configure the network card if the switch it attaches to does not auto-negotiate the settings (store network interface auto-negotiation, store network interface speed, store network interface duplex).

Guardium uses predictable network interface names. The primary network interface is set during installation and can be changed by using the store network interface role command.

restart network

Restarts just the network configuration. For example, change the IP address, then run this CLI command.

Syntax
restart network

show network interface all

This command shows settings for the network interface that is used to connect the Guardium® appliance to the desktop LAN. This command displays the IP address, mask, state (enabled or disabled), and high availability status. If IP high-availability is enabled, the system displays two interfaces. Otherwise, only one interface is displayed.

Syntax

show network interface all

show network interface inventory

Use the show command to display the port names and MAC addresses of all installed network interfaces.

Syntax

show network interface inventory

Example

CLI> show network interface inventory
Current network card configuration:
Device     | Mac Address        | Member of
--------------------------------------------
ens32      | 00:50:56:B8:18:75  |
ens33      | 00:50:56:3b:c3:73  |
ens34      | 00:50:56:8a:0d:fb  |
ok

The Member of column shows the NICs that are in the bond pair, if a bonding exists.

show network routes operational

Display the IP routing configuration in use.

Syntax
show network routes operational

Example

CLI> show net rout operational
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 nic1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 nic2
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 nic1
ok

show network verify

Display the current network configuration.

Syntax
show network verify
CLI> show network verify
Current Network Configuration
------------------------------------------------------------------------------------------------------------------------
Hostname = test_system.guardium.ibm.com
------------------------------------------------------------------------------------------------------------------------
Device     | Address                                    | Prefix     | Gateway                                    | Member of
------------------------------------------------------------------------------------------------------------------------
ens256     | --                                         | None       | --                                         | br3
--         | --                                         | None       | --                                         | --
ens224     | --                                         | None       | --                                         | br2
--         | --                                         | None       | --                                         | --
ens160     | --                                         | None       | --                                         | br0
--         | --                                         | None       | --                                         | --
ens34      | 9.70.165.96                                | 24         | 9.70.165.1                                 | --
--         | 2002:920:c000:3165:9:70:165:96             | 64         | --                                         | --
ens192     | --                                         | None       | --                                         | br1
--         | --                                         | None       | --                                         | --
------------------------------------------------------------------------------------------------------------------------
Ethtool Options
------------------------------------------------------------------------------------------------------------------------
Device     | Options (speed,autoneg,duplex)
------------------------------------------------------------------------------------------------------------------------
ens256     |
ens224     |
ens160     |
ens34      |
ens192     |
------------------------------------------------------------------------------------------------------------------------
DNS Servers
------------------------------------------------------------------------------------------------------------------------
Index      | DNS Server
------------------------------------------------------------------------------------------------------------------------
1          | 9.32.193.11
------------------------------------------------------------------------------------------------------------------------
Static Routes
------------------------------------------------------------------------------------------------------------------------
Device     | Index      | Address                                    | Prefix     | Gateway
------------------------------------------------------------------------------------------------------------------------
ens34      | 0          | 9.32.145.0                                 | 24         | 9.32.145.1
------------------------------------------------------------------------------------------------------------------------

store network interface auto-negotiation

If auto-negotiation is available on the switch to which a Guardium port is connected, auto-negotiation is used, and only the restart option of this command has any effect. Use this command to enable, disable, or restart auto-negotiation for the specified network interface (NIC). Use show network interface inventory to display all port names.

Syntax

store network interface auto-negotiation <NIC> <on | off | restart>

Show command

show network interface auto-negotiation

store network interface duplex

Use this command only when auto-negotiation is not available on the switch to which the Guardium port is connected. This command configures duplex mode for the port. Use the show network interface inventory command to display all port names.

Syntax

store network interface duplex <NIC> <half | full>

Show command

show network interface duplex <NIC>

store network interface high-availability

Enables or disables IP Teaming (also known as bonding), which provides a fail-over capability for the Guardium system primary IP address.

The two ports used (the primary and secondary interfaces) must be connected to the same network. A slight delay might occur if the switch needs to relearn the port configuration. The default setting is off.

When the high-availability option is enabled, the Guardium system automatically fails over, as needed, to the specified secondary interface, which transfers the primary IP address to the secondary interface.

Note: You can specify either IP Teaming and Secondary Interface, but not both.
Syntax
store network interface high-availability [on <NIC> [mode <1|4>]|off] ]
If high-availability is enabled, you can optionally specify the NIC mode, which can be:
  • 1 - active-backup - Provide fault tolerance features by using an active-backup policy.
  • 4 - lacp/802.3ad - Provide load balancing and fault tolerance based on the 802.3ad specification.

store network interface ip

Sets the primary IP address for the Guardium appliancein CIDR (Classless Inter-Domain Routing) format. You might need to change the subnet mask when you change the network interface IP address. For more information, see store network interface mask .

See store network interface secondary to create and manage a secondary IP address. Bonding or failover is managed from the store network interface high-availability CLI command.

Syntax

store network interface ip <ip address>

store network interface mask

Sets the subnet mask for the primary IP address. If you change the network interface mask, you might also need to change its IP address. See store network interface ip.
Note: The subnet mask for a secondary IP address can be assigned only from Setup > Tools and Views > System.
Note: This command supports IPv4 addresses only.

Syntax

store network interface mask <ip mask>

store network interface mtu

Use this CLI command to set the maximum transfer unit (MTU).

CLI> store network interface mtu
Usage: store network interface mtu <interface> <mtu>]

Where interface is the interface name (ens32) and mtu is the number of transfer units (between 1000 and 9000).

Show command

show network interface mtu 

show network interface port

Use this command to locate a physical connector on the back of the appliance. After you display all port names with show network interface inventory, use this command to flash the light on the physical port specified by NIC (for example, ens32) 20 times.

Syntax

show network interface port <nic>

Example

CLI> show network interface port ens32
The orange light on interface ens32 will now blink 20 times.

store network interface reset

Use this CLI command to wipe the existing OS network configuration. This command also detects and builds configuration for the on-board NIC cards within the Guardium appliance.

Syntax

CLI> store network interface reset
WARNING: This command will clear existing network interface configuration.
Network will be disconnected due to this operation.
Are you SURE you want to continue? (y/n)

store network interface restore

Use this command to restore all of the network settings from your Guardium database settings. Restoring the settings can be useful if, for example, a patch introduces an error into the network configuration. In this case, the information in the database is still correct and you can quickly restore all of your settings.
Note: Static route settings are not saved in the database and are not restored.

Syntax

CLI> store network interface restore
WARNING: This command will overwrite the network configuration with the stored Guardium network settings.
         It may disconnect your current ssh session.
Are you SURE you want to continue? (y/n)

store network interface role

Use this command to assign a role to a physical network interface. A network interface role can be primary, secondary or no role (undefined). Use undefined (undef) to clear the role of an interface that is currently set to secondary.

Syntax

store network interface role <NIC> <undef | primary | secondary>

Show command

show network interface role

store network interface secondary

Use this command to configure a port on the Guardium system as a secondary management interface with a different IP address, network mask, and gateway from the primary.

Note: You cannot use IP Teaming and Secondary Interface at the same time.
Syntax
store network interface secondary [on <interface> <ip[/prefix]> <gateway> | off [ipv4|ipv6]]
Where
  • interface is a valid interface.
  • ip and gateway are valid IP addresses.
  • /prefix is the IP address prefix length in CIDR. /prefix is optional. The default values are 24 for ipv4 or 64 for ipv6.
  • ipv4 and ipv6 are the IP versions.

Show command

show network interface secondary

store network interface speed

Use this command only when auto-negotiation is not available on the switch to which the Guardium port is connected. This command configures the speed setting for the port. Use the show network interface inventory command to display all port names.

Syntax

store network interface speed <NIC> <auto | 10 | 100 | 1000>

Show command

show network interface speed <NIC>

show network interface status

Use this command to display the physical link status of a network interface.

Syntax

show network interface status <NIC>

Example

show network interface status ens32
Network Interface Status
        Link detected: yes
ok

show network arp-table

Displays the address resolution protocol (ARP) table, which is an operational system value. This command is provided for support purposes only.

Syntax

show network arp-table

Example

CLI> sho net arp
IP address HW type Flags HW address Mask Device
192.168.3.1 0x1 0x2 00:0E:D7:98:07:7F * nic1
192.168.3.20 0x1 0x2 00:C0:9F:40:33:30 * nic1
ok
CLI>

show network macs

Displays a list of MAC addresses (like the show network interface inventory command).

Syntax

show network macs

Example

CLI> show network macs

ens32:     00:50:56:b8:18:75
lo:        00:00:00:00:00:00

store network resolvers

Sets the IP address for the first, second, or third DNS server to be used by the Guardium appliance. Each resolver address must be unique.

Syntax

store network resolvers <IP address 1 [IP address 2] [IP address 3] | null>
Enter a maximum of three space-separated IP addresses. To remove the DNS servers, enter null.
Note: This command replaces existing DNS settings.
For example,
  • IPv4
    store network resolvers 192.0.2.0 192.0.2.1 192.0.2.2
    This change will take effect after restart network.
    ok
    
  • IPv6
    store network resolvers 2001:0DB8:0:0:0:0:0:0 2001:0DB8:0:0:0:0:0:1 2001:0DB8:0:0:0:0:0:3
    This change will take effect after restart network.
    ok
    
  • Dual mode (IPv4 and IPv6)
    store network resolvers 2001:0DB8:0:0:0:0:0:1 192.0.2.0 2001:0DB8:0:0:0:0:0:3
    This change will take effect after restart network.
    ok
    

Show command

show network resolvers

store network routes defaultroute

Sets the IP address for the default router to the specified value.

Syntax

store network routes defaultroute <ip address>

Show commands

show network routes defaultroute

store network routes static

Allow the user to have only one IP address per appliance (through the primary interface) and direct traffic through different routers that use static routing tables. Add line to static routing table.

Syntax

store network routes static

Show command

List the current static routes, with IDs - Device, Index, Address, Netmask, Gateway.

show network routes static

Delete command

delete network routes static

store system domain

Sets the system domain name to the specified value.

Syntax

store system domain <value>

Show command

show system domain

store system hostname

Sets the system's hostname to the specified value.

Syntax

store system hostname <value>

Show command

show system hostname