This article will show you what CLI commands that can be used on your Nebula devices for troubleshooting and monitoring your Nebula device.
The Remote Access tool available in Nebula Professional Pack allows you to connect to remotely connect to the device Command Line Interface (CLI) without the need of having a port forwarding in your firewall (NSG, USG FLEX, ATP).
The followings are the recommend CLI commands for Nebula Security Gateways, Switches and Access Points:
(You may use Ctrl+F to search)
Note that the CLI is only for troubleshooting and debugging purposes and should not be used for any configuration changes.
Firewall (USG FLEX & ATP Series)
| Command | Description |
| show version | Show the device model, firmware and build information |
| show mac | Shows the available MAC-addresses for that device |
| ping [ip-address/DNS] | Checks the availability of a host/server |
| traceroute [ip-address/DNS] | Checks the path of reaching a host/server |
| nslookup [ip-address/DNS] | Queries DNS records for a given domain name |
| show sdwan interface | Show all interfaces configured |
| debug sdwan show [FunctionName] running-config |
shows the running config on a specific function (Function Name examples - bpolicy = policy routes, firewall = security policy rules) |
| debug system ps | Show current device configuration |
|
debug system show cpu status
|
Show the device model, firmware and build information |
| packet-trace interface [interface name] port [port number] etc. | Packet trace on a specific interface. tip - type show sdwan interface before to see the name of your interfaces |
| show clock date | Shows the NTP status |
| show nativemode cert file status | Shows if the device has the ZTP certificate installed - if installed - Native mode can be executed instead of ZTP |
Nebula Security Gateways (NSG Series)
| Command | Description |
| show running-config | Show current device configuration |
| show version | Show the device model, firmware and build information |
| show system uptime | Show how long the device has been running since its last boot up |
| show port status | Show statistics for the Ethernet ports |
| show isakmp policy | Show all VPN IKE SAs |
| show crypto map | Show VPN phase 2 setting |
| show sa monitor | Show VPN tunnel uptime |
| show logging entries | Show last logs entries |
| show interface all | Show interface information |
| show ip dhcp pool | Show DHCP pool configuration |
| show ip dhcp binding | Show current DHCP client |
| show arp-table | Show device current ARP table |
| show secure-policy | Show firewall configuration |
| show zon lldp neighbor | Show LLDP information |
| ping <ip|hostname> | Ping ip address or domain name |
| traceroute <ip|hostname> | Execute traceroute from the device |
| nslookup <hostname> | Resolve domain name |
Switches
| Command | Description |
| show running-config | Show current device configuration |
| show version | Show the device model, firmware and build information |
| show system-information | Show how long the device has been running since its last boot up |
| show interface status | Show all ports link speed and up-time |
| show tech-support all | Show the tech-support file in CLI |
| show mac address-table all | Show device current MAC address table |
| show pwr | Show current status and configuration of PoE |
| show lldp info remote | Show neighbor LLDP information |
| show logging | Show last logs entries |
| show ip | Show current management IP |
| show ip name-server | Show current DNS server configuration |
| show ip arp | Show device current ARP table |
| ping <ip|hostname> | Ping ip address or domain name |
| traceroute <ip|hostname> | Execute traceroute from the device |
| mac-flush | Flush MAC address table |
Access Points
| Command | Description |
| show running-config | Show current device configuration |
| show version | Show the device model, firmware and build information |
| show system uptime | Show how long the device has been running since its last boot up |
| show port status | Show statistics for the Ethernet ports |
| show logging entries | Show last logs entries |
| show users all | Show all current users logged in to the AP |
| show wireless-hal station info | Show connected clients |
| show cpu all | Check CPU status |
| show interface all | Check interface status |
| show mem status | Check memory status |
| ping <ip|hostname> | Ping ip address or domain name |
| nslookup <hostname> | Resolve domain name |
| packet-trace interface br0 | Capture tcp packets |
| sshcon enable | Enables SSHcon which will allow tech-support to be gotten |
| show tech-support | Show tech-support file on AP |
Comments
0 comments
Please sign in to leave a comment.