CLI Cheat Sheet: Networking
Table of Contents
Expand all | Collapse all
CLI Cheat Sheet: Networking
Use the following table to quickly locate commands for
common networking tasks:
If you want to .
. . | Use . . . |
---|---|
General Routing Commands | |
| > show routing route |
| > show routing fib virtual-router <name> | match <x.x.x.x/Y> |
| > set system setting arp-cache-timeout <60-65536> |
| > show system setting arp-cache-timeout |
AE Interfaces | |
| > set ae-frag redistribution-policy hash |
NAT | |
| > show running nat-policy |
| > test nat-policy-match |
| > show running ippool > show running global-ippool |
IPSec | |
| > show vpn flow |
| > show vpn gateway |
| > show vpn ike-sa |
| > show vpn ipsec-sa |
| > show vpn tunnel |
LSVPN (LSVPN Cookie Expiry Extension) (PAN-OS 10.2.4 and
later 10.2 releases)
| |
|
> request global-protect-portal set-satellite-cookie-expiration value <0-5>
|
|
> show global-protect-portal satellite-cookie-expiration
|
|
> show global-protect-satellite satellite
|
LSVPN (Serial number and IP Address Authentication Method)
(PAN-OS 10.2.8 and later 10.2 releases)
| |
|
> set global-protect global-protect-portal portal <portal_name> satellite-serialnumberip-auth satellite-ip-allowlist entry <value>
Where <value> is the IPv4 address, IPv6 address,
IP range, or IP subnet of the new satellite device you want to
add.
|
|
> set global-protect global-protect-portal portal <portal_name> satellite-serialnumberip-auth satellite-ip-exclude-from range <ip-address> exclude-list <value>
Where satellite-ip-exclude-from range
<ip-address> is the IPv4 or IPv6 subnet or range of
the IP address that you want to exclude from configuring as a
satellite device. The IP address that you want to exclude must be
within the IP address range that you configured in the
satellite-ip-allowlist.
|
|
> set global-protect global-protect-portal portal <name> satellite-serialnumberip-auth retry-interval <5-8600>
The retry interval range is 5 to 86,400 seconds and the default value
is 5 seconds.
|
|
> set global-protect-portal satellite-serialnumberip-auth enable
|
|
> set global-protect-portal satellite-serialnumberip-auth disable
|
|
> show global-protect-portal global-protect-portal <name> satellite-serialnumberip-auth all
|
|
> show global-protect-portal satellite-serialnumberip-auth status
|
|
> show global-protect-portal global-protect-portal portal <name> satellite-serialnumberip-auth retry-interval
|
|
> show global-protect-portal global-protect-portal portal <name> satellite-serialnumberip-auth satellite-ip-allowlist
|
|
> delete global-protect global-protect-portal portal <portal_name> satellite-ip-list allowlist-entry ip-address <value>
Where <value> is the IPv4 address, IPv6 address,
IP range, or IP subnet of the satellite device you want to
delete.
|
|
> delete global-protect global-protect-portal portal <portal_name>
satellite-ip-list excludelist-entry ip <value>
Where <value> is the IPv4 address, IPv6 address,
IP range, or IP subnet of the satellite device you want to delete
from the exclude list entry.
|
|
> delete global-protect global-protect-portal portal <name> satellite-ip-allowlist satellite-ip-allowlist-all
|
BFD | |
| > show routing bfd active-profile [<name>] |
| > show routing bfd details [interface <name>] [local-ip <ip>] [multihop][peer-ip <ip>] [session-id] [virtual-router <name>] |
| > show routing bfd drop-counters session-id <session-id> |
| > show counter global | match bfd |
| > clear routing bfd counters session-id all | <1-1024> |
| > clear routing bfd session-state session-id all | <1-1024> |
PVST+ | |
| > set session pvst-native-vlan-id <vid> |
| > set session drop-stp-packet |
| > show vlan all |
| > show counter global Look
at the flow_pvid_inconsistent counter. |
Troubleshooting | |
| > ping host <destination-ip-address> |
| > ping source <ip-address-on-dataplane> host <destination-ip-address> |
| > show netstat statistics yes |
Advanced Routing | |
| > show advanced-routing fib > show advanced-routing fib afi <ipv4|ipv6|both> > show advanced-routing fib ecmp <no|yes> |
| > show advanced-routing route > show advanced-routing route afi <ipv4|ipv6|both> > show advanced-routing route destination <ip/netmask> > show advanced-routing route logical-router <logical-router-name> > show advanced-routing route type <bgp|connect|ospf|ospfv3|static> |
| > show advanced-routing logical-router <logical-router-name> |
| > show advanced-routing resource logical-router <logical-router-name> |
| > show advanced-routing static-route-path-monitor |
| > show advanced-routing ospf area > show advanced-routing ospf dumplsdb > show advanced-routing ospf graceful-restart > show advanced-routing ospf interface > show advanced-routing ospf lsdb > show advanced-routing ospf neighbor > show advanced-routing ospf summary > show advanced-routing ospf virt-link > show advanced-routing ospf virt-neighbor |
| > show advanced-routing ospfv3 area > show advanced-routing ospfv3 dumplsdb > show advanced-routing ospfv3 graceful-restart > show advanced-routing ospfv3 interface > show advanced-routing ospfv3 lsdb > show advanced-routing ospfv3 neighbor > show advanced-routing ospfv3 summary > show advanced-routing ospfv3 virt-link > show advanced-routing ospfv3 virt-neighbor |
| > show advanced-routing bgp summary logical-router <logical-router-name> > show advanced-routing bgp peer detail peer-name <peer-name> logical-router <logical-router-name> > show advanced-routing bgp peer received-routes peer-name <peer-name> afi <ipv4|ipv6|both> logical-router <logical-router-name> > show advanced-routing bgp peer filtered-routes peer-name <peer-name> afi <ipv4|ipv6|both> logical-router <logical-router-name> > show advanced-routing bgp peer advertised-routes peer-name <peer-name> afi <ipv4|ipv6|both> logical-router <logical-router-name> > show advanced-routing bgp peer dampened-routes peer-name <peer-name> afi <ipv4|ipv6|both> logical-router <logical-router-name> > show advanced-routing bgp peer status peer-name <peer-name> logical-router <logical-router-name> > show advanced-routing bgp peer-groups group-name <group-name> logical-router <logical-router-name> > show advanced-routing bgp filters route-map logical-router <logical-router-name> [ipv4|ipv6] name <route-map-name> |
| > show advanced-routing bgp filters access-list logical-router <logical-router-name> [ipv4|ipv6] name <access-list-name> > show advanced-routing bgp filters prefix-list logical-router <logical-router-name> [ipv4|ipv6] name <prefix-list-name> > show advanced-routing bgp route afi <ipv4|ipv6|both> logical-router <logical-router-name> > show advanced-routing bgp peer advertised-routes peer-name <peer-name> afi <ipv4|ipv6|both> logical-router <logical-router-name> |
QoS (PAN-OS 10.2.5 and later 10.2 releases)
| |
|
> set lockless-qos yes
|
|
> set lockless-qos no
|
|
> show lockless-qos enable
|
|
> show lockless-qos if-core-mapping
|