Aruba CLI Cheatsheet

Step 1: Config Files and Flash Files

• #show config --- Show config file
• #show running config --- Show running config file
• #copy config config1 usb <file name> --- Copy active config file to USB drive
• #copy config config1 tftp <IP> <file name> --- Copy your config to file to TFTP server.
• #copy tftp config <fileneme> <IP> ---Copy your config from TFTP server to switch
• #show flash --- Displays info about flash (version etc.) -#copy tftp flash <IP> <file name> <primary|secondary> --- Download and update your flash with from TFTP server
• #copy flash usb <file name> <primary|secondary> --- Copy flash to USB drive
• #copy flash tftp <IP> <file name> <primary|secondary> --- Copy flash to TFTP server
• #write memory --- Save config

Step 2: Event Logs

• log [<port>] [-r] --- Display log events of port [most recent first]
• log <IP address> --- Display log events of a specific IP

Step 3: Miscellaneous

• hostname <hostname> --- Set switch hostname
• link-test <destination switch MAC> --- Test connectivity between switches (local switch and destination switch)
• ping <IP address> --- Ping IP 192.168.0.1
• chassislocate --- Turn on/off switch locator led or blink it (30 minutes)
• chassislocate blink <time> --- Blink switch locator led set time in minutes
• ntp1 <time server name> --- Add time server to NTP server list
• timesync ntp --- Enable NTP synchronization with servers
• password operator --- Set operator password (Normal user / read-only )
• password manager --- Set manager password (Admin user / read-write)
• password all --- Set operator and manager password
• enable --- Switch to manager lever from operator level
• exit --- Exit current level
• logout --- Logout out of the switch

Step 4: PoE

• show power-over-ethernet brief [<port>] --- To show PoE
• no interface <port> power-over-ethernet --- To turn off for a port
• interface <port> power-over-ethernet --- To turn on for a port

Step 5: Ports and LACP Trunks

• interface <port> name <port-name> --- Assign a port name to port-list
• show name --- Show port name
• show interface --- Show port statistics
• interface <port> lacp active --- Configure dynamic LACP trunk on c1-c4
• no interface <port> lacp --- Remove port from dynamic LACP (returns to passive LACP)
• show trunks [<port>] --- Show trunk status (port optional)
• show lacp --- Show data for LACP configured ports
• trunk <port> <trk1...trk36> <trunk|lacp> --- Configure static trunk or LACP
• no trunk <port> --- Remove trunk
• [no] int <port> rate-limit all <0...100> --- Set (or remove) rate limit on port according to selected percentage
• show rate-limit all [<port>] --- Show rate limit on all or selected ports
• [no] int <port> rate-limit icmp <0...100> --- Set (or remove) rate limit to all ICMP traffic
• show rate-limit icmp [<port>] --- Show ICMP rate limit on all or selected ports
• loop-protect <port range> --- Turn on loop protection
• show loop-protect --- Display loop protection

Step 6: Security

• port-security <port number> learn-mode configured address-limit 1 mac-address <MAC address> --- Enable MAC address restriction and limit port access to one MAC address.
• dhcp-snooping authorized-server <IP address> --- Set authorized DHCP server(s)
• dhcp-snooping trust <port> --- Set ports authorized to pass DHCP
• dhcp-snooping vlan <VLAN ID range> --- Enable DHCP on specified VLANs
• dhcp-snooping --- Enable DHCP globally
• dhcp-snooping option 82 --- Enable option 82 (on edge switches)
• crypto key generate ssh --- Generate an SSH key
• ip ssh --- Enable SSH
• no telnet-server --- Disable Telnet
• no web-management --- Disable web interface
• arp-protect trust <port> --- Set arp-protect trusted ports
• arp-protect vlan <VLAN ID range> --- Enable arp-protect on specified VLANs
• arp-protect --- Enable arp-protect globally

Step 7: Show Information Commands

• show system-information --- Show system information
• show name --- Show port name
• show config --- Show config file
• show mac <port> --- Show MAC-address of the device on specified port
• show mac <mac address> --- Show which port device with MAC-address is connected to
• show int d --- Show real time port traffic
• show int custom --- Show a custom view of port information
• show flash --- Displays info about flash (version etc.)
• show interface --- Show port statistics
• show run --- Show running config
• show lacp --- Show LACP information
• show trunks --- Show trunk information
• show spanning-tree --- Show STP information
• show rate-limit all [<port>] --- Show rate limit on all or selected ports
• show rate-limit icmp [<port>] --- Show ICMP rate limit on all or selected ports
• show snmpv3 <group|user> --- Show SNMPv3 groups or users

Step 8: SNMPv3

• snmpv3 enable --- Enable SNMP version 3
• snmpv3 only --- Restrict SNMP to only version 3
• snmpv3 user <user name> --- Adds an SNMP user and creates an optional password
• snmpv3 group <group> user <user> sec-model ver3 --- Adds a user to a desired access group
• show snmpv3 <group|user> --- Show SNMPv3 groups or users

Step 9: VLANs

• vlan <vlan ID> name <vlan name> --- Create VLAN and set its ID and name
• no vlan <port> --- Remove vlan setting on port
• vlan <vlan ID> <tagged|untagged> <port> --- Set port as tagged on vlan
• show vlan --- Show information about VLAN on this swtich
• show vlan ports <port> --- Show VLAN ID and status of specific port
• show vlan <VLAN ID> --- Show ports on this VLAN and port status