This command is used to create port associations and assign policies to them. Port association groups are used to enable switch failover. It requires a 10G link between two switches.
Caution!Using the virtual-wire parameter places the switch into the Virtual Wire mode and disables other features on the switch. This parameter requires a license. Please contact your sales person or local partner for more information.
Syntax port-association-create
name name-string |
Specify a name for the port association. |
master-ports port-list |
Specify a list of ports to act as master ports. |
slave-ports port-list |
Specify a list of ports to act as slave ports. |
virtual-wire|no-virtual-wire |
Specify if you want the associated ports to form a “virtual wire”. Once you put the switch into virtual wire mode, you disable all other features on the switch. |
bidir|no-bidir |
Specify if you want the port state tracking to be bi-directional or not. |
policy all-masters|any-master |
Specify a policy for the port association. The default is all-masters. |
monitor-ports port-list |
Specify a list of ports not used by port association to monitor. |
enable|no-enable |
Specify if you want to enable port association in hardware. |
Defaults None
Access CLI
History
Version 2.2.6 |
Command introduced. |
Version 2.4 |
The parameter, virtual-wire, and bidir added. |
Version 2.5.2 |
The parameter, monitor-ports port-list, added. |
Version 3.0.0 |
The parameter, enable, added. |
Usage Use this command to create port associations.
Examples To create a port association, ports-assoc, with a master port list of ports 11-12, and slave port list of 45-46, use the following command:
CLI network-admin@switch > port-association-create name ports-assoc master-ports 11-12 slave-ports 45-46
port-association-delete
This command is used to delete port associations.
Syntax port-association-delete name name-string
Defaults None
Access CLI
History Command added in Version 2.2.6.
Usage Use this command to delete port associations.
Examples To delete a port association, ports-assoc, use the following command:
CLI network-admin@switch > port-association-delete name ports-assoc
port-association-modify
This command is used to modify port associations.
Syntax port-association-modify
name name-string |
Specify a name for the port association. |
Specify one or more of the following options: |
|
master-ports port-list |
Specify a list of ports to act as master ports. |
slave-ports port-list |
Specify a list of ports to act as slave ports. |
policy all-masters|any-master |
Specify a policy for the port association. The default is all-masters. |
virtual-wire|no-virtual-wire |
Specify if you want the associated ports to form a “virtual wire”. Once you put the switch into virtual wire mode, you disable all other features on the switch. |
bidir|no-bidir |
Specify if you want the port state tracking to be bi-directional or not. |
monitor-ports port-list |
Specify a list of ports not used by port association to monitor. |
enable|no-enable |
Specify if you want to enable port association in hardware. |
Defaults None
Access CLI
History
Version 2.2.6 |
Command introduced. |
Version 2.4 |
The parameter, virtual-wire, and bidir added. |
Version 2.5.2 |
The parameter, monitor-ports port-list, added. |
Version 3.0.0 |
The parameter, enable, added. |
Usage Use this command to modify port associations.
Examples To modify a port association, ports-assoc, and change the slave port list to 71-72, use the following command:
CLI network-admin@switch > port-association-modify name ports-assoc slave-ports 71-72
port-association-show
Use this command to display port associations.
Syntax port-association-show
name name-string |
Specify a name for the port association. |
master-ports port-list |
Specify a list of ports to act as master ports. |
slave-ports port-list |
Specify a list of ports to act as slave ports. |
policy all-masters|any-master |
Specify a policy for the port association. |
virtual-wire|no-virtual-wire |
Specify if you want the associated ports to form a “virtual wire”. Once you put the switch into virtual wire mode, you disable all other features on the switch. |
bidir|no-bidir |
Specify if you want the port state tracking to be bi-directional or not. |
monitor-ports port-list |
Specify a list of ports not used by port association to monitor. |
enable|no-enable |
Specify if you want to enable port association in hardware. |
Defaults None
Access CLI
History
Version 2.2.6 |
Command introduced. |
Version 2.4 |
The parameter, virtual-wire, and bidir added. |
Version 2.5.2 |
The parameter, monitor-ports port-list, added. |
Version 3.0.0 |
The parameter, enable, added. |
Usage Use this command to display port associations.
Examples To display a port association, ports-assoc, with a master port list of ports 11-12, and slave port list of 45-46, use the following command:
CLI network-admin@switch > port-association-show name ports-assoc
port-association-service-add
The Inline Service feature manages service chains for Layer 1 Virtual Wire switches. The term, Inline Services, refers to services attached to a Layer 1 Virtual Wire switch such as Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Distributed Denial of Service attack (DDoS) Prevention.
When an Inline Service fails, a policy determines if traffic is allowed to bypass the Inline Services or if the traffic is blocked until the Inline Services recovers.
This command is used to add a port association service.
Syntax port-association-service-add
port-association-name name-string |
Displays the name of the port association to apply the service. |
switch name-string |
Displays the switch name where the service is located. |
inline-service inline-service-name |
Displays the name of the Inline Service. |
order number |
Displays a number to designate the order of the service. This is a value between 1 and 65535 |
policy-action fail-open|fail-closed |
Displays a policy action when the service fails on the network. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to add a port association service.
Examples To add a port association service on leaf1, inline-service, NGFW, order 1, and fail-policy fail-open, use the following syntax:
CLI network-admin@switch > port-association-service-add port-association-name CHAIN switch leaf1 inline-service NGFW order 1 fail-policy fail-open
port-association-service-modify
The Inline Service feature manages service chains for Layer 1 Virtual Wire switches. The term, Inline Services, refers to services attached to a Layer 1 Virtual Wire switch such as Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Distributed Denial of Service attack (DDoS) Prevention.
When an Inline Service fails, a policy determines if traffic is allowed to bypass the Inline Services or if the traffic is blocked until the Inline Services recovers.
This command is used to modify a port association service.
Syntax port-association-service-modify
port-association-name name-string |
Displays the name of the port association to apply the service. |
switch name-string |
Displays the switch name where the service is located. |
inline-service inline-service-name |
Displays the name of the Inline Service. |
order number |
Displays a number to designate the order of the service. This is a value between 1 and 65535 |
policy-action fail-open|fail-closed |
Displays a policy action when the service fails on the network. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to add a port association service.
Examples To modify a port association service and change the inline-service to IDS, use the following syntax:
CLI network-admin@switch > port-association-service-modify port-association-name CHAIN inline-service NGFW
port-association-service-remove
The Inline Service feature manages service chains for Layer 1 Virtual Wire switches. The term, Inline Services, refers to services attached to a Layer 1 Virtual Wire switch such as Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Distributed Denial of Service attack (DDoS) Prevention.
When an Inline Service fails, a policy determines if traffic is allowed to bypass the Inline Services or if the traffic is blocked until the Inline Services recovers.
This command is used to remove a port association service.
Syntax port-association-service-add
port-association-name name-string |
Displays the name of the port association to apply the service. |
switch name-string |
Displays the switch name where the service is located. |
inline-service inline-service-name |
Displays the name of the Inline Service. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to remove a port association service.
Examples To remove a port association service on leaf1, inline-service, NGFW, use the following syntax:
CLI network-admin@switch > port-association-service-remove port-association-name CHAIN switch leaf1 inline-service NGFW
port-association-service-show
The Inline Service feature manages service chains for Layer 1 Virtual Wire switches. The term, Inline Services, refers to services attached to a Layer 1 Virtual Wire switch such as Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Distributed Denial of Service attack (DDoS) Prevention.
When an Inline Service fails, a policy determines if traffic is allowed to bypass the Inline Services or if the traffic is blocked until the Inline Services recovers.
This command is used to display information about a port association service.
Syntax port-association-service-show
port-association-name name-string |
Displays the name of the port association to apply the service. |
switch name-string |
Displays the switch name where the service is located. |
inline-service inline-service-name |
Displays the name of the Inline Service. |
order number |
Displays a number to designate the order of the service. This is a value between 1 and 65535 |
policy-action fail-open|fail-closed |
Displays a policy action when the service fails on the network. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to display information about a port association service.
Examples To display information about a port association service, use the following syntax:
CLI network-admin@switch > port-association-service-show