Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.6 Administration Guide
    7.2.6
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Using the alias commands

    Using the alias commands

    Previously, you could use the Add Profile page or the config system accprofile command to control the view access, edit access, and no access to groups of menu commands for an administrator account. Starting in FortiSwitchOS 7.0.0, you can use the alias CLI commands to grant an administrator access to individual configuration attributes or CLI commands, instead of having to grant access to large groups of CLI commands and configuration attributes.

    Notes:
    • Configuration-type aliases cannot create or delete table entries. For example, under the config switch interface command, you cannot create a new interface name with the edit <interface_name> command.
    • Configuration-type aliases cannot act on child tables or child objects. For example, the configuration-type alias for config system interface can affect attributes (set commands) under config system interface but not config ipv6 under config system interface or attributes (set commands) under both config ipv6 and config system interface.
    • The super_admin administrator profile has access to all command aliases.
    • You can use the sleep <1-172800 seconds> command to add a delay in a script.

    Procedure

    1. Do one of the following:
      • Specify a configuration-type alias for each configuration attribute you want to control access to.
      • Specify a script-type alias for CLI commands or groups of CLI commands that you want to control access to.
      • Specify alias groups to bundle different alias commands together for easy assignment.
    2. Create an access profile that uses the aliases and alias groups that you created.
    3. Create an administrator account and assign the access profile that you created.
    4. Run the alias command or script.

    Step 1: Create a configuration-type alias or script-type alias

    To specify a configuration-type alias for a command that you want to control access to:

    config system alias command

    edit <alias_name>

    set description <string>

    set type configuration

    set path <path>

    set attribute <attribute-name>

    set table-listing {allow | deny}

    set permission {read | read-write}

    set limit-shown-attributes {disable | enable}

    set read-only-attributes <attribute-name>

    set table-ids-allowed <table-ID-value>

    end

    Variable

    Description

    Default
    <alias_name>

    Enter an alias name for the command in this configuration.

    The alias name cannot be all or match an alias group name.

    		 No default
    description <string>

    Enter a description of the command or a help message. It can be up to 80-characters long. The description is displayed with the alias name when you enter execute alias configure {get | show | show-full-configuration | set | unset} ?.

    		No default
    type configuration

    The configuration type provides configuration-specific functionality to control get, show, show-full-configuration, set, and unset commands. You can also use the configuration type to limit accessible table entries and limit displayed attributes.

    		 configuration
    path <path>

    Required. Enter the period-separated path to the CLI command.

    For example, enter set path switch.lldp.profile to apply the configuration to the config switch lldp profile command. Enter set path system.interface to apply the configuration to the config system interface command. You can specify only top-level objects, such as system.interface, router.bgp, or system.snmp.settings. If you specify child objects or child tables (such as system.interface.ipv6, router.bgp.neighbor, or switch.lldp.profile.custom-tlv), FortiSwitch returns an error.

    		 No default

    attribute <attibute-name>

    Required. Enter the attribute that can be retrieved or modified.

    Enter set attribute ? to see the list of valid attributes. If you enter an invalid value, FortiSwitchOS returns an error.

    This option is available only when path has been set.

    No default

    permission {read | read-write}

    Select read to allow this alias to be used by the execute alias configure {get | show | show-full-configuration} command. Select read-write to allow this alias to be used by the execute alias configure {get | show | show-full-configuration | set | unset} command.

    read

    table-listing {allow | deny}

    Allow or prevent the listing of all entries by the execute alias configure {get | show | show-full-configuration} command commands.

    • Select allow to permit all entries to be listed.

    • Select deny to prevent the entries from being listed except for the entries specified in the table-ids-allowed setting. If table-ids-allowed is empty, a valid entry must be provided for listing.

    This option is available only when path has been set.

    deny

    limit-shown-attributes {disable | enable}

    Enable or disable whether to limit the attributes displayed with the show and get commands. Selecting disable displays all attributes for the show and get commands. Selecting enable displays only the attributes listed in attributes and read-only-attributes.

    enable

    read-only-attributes <attribute-name>

    When limit-shown-attributes is enabled, you can enter additional attributes to display with the show and get commands. When you enter read-only-attributes ? to see a list of valid attributes, more attributes are available than when you enter set attribute ?. Read-only attributes can include child tables, child objects, and get-only attributes. You can list up to 31 attributes.

    No default

    table-ids-allowed <table-ID-value>

    Specify which entries can be accepted by the execute alias configure {get | show | show-full-configuration | set | unset} command.

    Enter set table-ids-allowed ? to see a list of valid entries. You can specify entries that do not currently exist; they can be created later.

    If table-listing is set to deny, the table-ids-allowed entries are displayed when the user runs the execute alias configure {get | show | show-full-configuration} command without specifying any entry.

    This option is available only when path has been set.

    No default

    The following example creates two aliases for the config switch physical-port command.

    • The port-description alias allows an administrator to change the set description value; when running a get or show command, the administrator will see only the description configuration.
    • The port-status alias allows an administrator to change the set status value; the administrator will see both the description and port status configuration when running get or show commands.

    config system alias command

    edit "port-status"

    set description "View or change the port status."

    set type configuration

    set path "switch.physical-port"

    set attribute "status"

    set permission read-write

    set limit-shown-attributes enable

    set read-only-attributes "description"

    next

    edit "port-description"

    set description "View or change the port description."

    set type configuration

    set path "switch.physical-port"

    set attribute "description"

    set permission read-write

    set limit-shown-attributes enable

    next

    end

    To create a script:

    config system alias command

    edit <script_name>

    set description <string>

    set type script

    set command <string>

    set table-entry-create {allow | deny}

    config script-arguments

    edit <argument_ID>

    set type {integer | string | table-id}

    set name <string>

    set help <string>

    set optional {enable | disable}

    set range {enable | disable}

    set range-delay <0-172800>

    set allowed-values <string>

    next

    end

    next

    end

    Variable

    Description

    Default
    <script_name>

    Enter a script name.

    The script name cannot be all or match an alias group name.

    		 No default
    description <string>

    Enter a description of the script. It can be up to 80-characters long. The description is displayed with the script name when you enter execute alias script ?.

    		 No default
    type script

    The script type allows the administrator to create a list of CLI commands to run.

    		 configuration

    command <string>

    Enter the script command (within quotation marks) to be run. You can use the Enter key to separate command lines. Enter set command ? for formatting details.

    This option is available only when type has been set to script.

    No default

    table-entry-create {allow | deny}

    Allow or deny the creation of new table (or sub-table) entries.

    This option is available only when type has been set to script. When type has been set to configuration, you cannot create any new table entries.

    deny

    config script-arguments

    <argument_ID>

    Enter an identifier for the argument. The identifier must match the identifier used in the script.

    No default

    type {integer | string | table-id}

    Enter the data type that the argument accepts.

    string

    name <string>

    Enter the display name for the argument. You can use uppercase and lowercase letters, numbers, and hyphens. The display name is shown when the user runs the execute alias script command.

    No default

    help <string>

    Enter a help message for the argument. You can use uppercase and lowercase letters, numbers, slashes, parentheses, brackets, commas, underscores, and hyphens. The help message is displayed when the user runs the execute alias script command.

    No default

    optional {enable | disable}

    Enable this option to allow the user to omit entering a value for this argument. Disable this option to force the user to specify a value for this argument.

    disable

    range {enable | disable}

    Enable this option to allow a range of integers, a range of table identifiers, or a comma-separated list of strings. Disable this option to allow only a single value for this argument.

    disable

    range-delay <0-172800>

    Enter the number of seconds to delay between values when executing.

    This option is available only when range has been set to enable.

    0

    allowed-values <string>

    Enter the values allowed for this argument.

    • If type is set to string, separate values with a space. For example: set allowed-values port1 port3 port7
    • If type is set to integer, you can use ranges and comma-separated values, such as “1-10” or “1-10,3,11,55”.
    • If type is set to table-id and the table identifiers are integers, you can use both ranges and comma-separated values, such as “1-10” or “1-10,3,11,55”.

    No default

    The following example creates two scripts. Both scripts list the switch mac-address table.

    • The mac-list script is more flexible because it requires that the user specify the VLANs to list the MAC addresses from.
    • The list-mac-by-port-and-vlan-customer-AAA script is more controlled because it allows the user to see the MAC addresses learned on the specified VLANs.

    config system alias command

    edit "list-mac-by-port-and-vlan-customer-AAA"

    set description "List MAC addresses on your VLANs and ports."

    set type script

    set command "diag switch mac-address filter clear

    diag switch mac-address filter port-id-map 3-8

    diag switch mac-address filter vlan-map 1000-1010

    diag switch mac-address list

    diag switch mac-address filter clear"

    next

    edit "mac-list"

    set description "List MAC addresses learned on the provided VLANs"

    set type script

    set command "diag switch mac-address filter clear

    diag switch mac-address filter vlan-map $1

    diag switch mac-address list | grep -i mac

    diag switch mac-address filter clear"

    config script-arguments

    edit 1

    set name "VLAN-ID-map"

    set help "List of VLANs to check"

    next

    end

    next

    end

    To create a group of configuration-type aliases:

    config system alias group

    edit <alias_group_name>

    set description <string>

    set commands <alias_command_list>

    end

    Variable

    Description

    Default
    <alias_group_name> Enter a name for the alias group. The name cannot be all or match an alias name. No default
    description <string> Enter a description of the command alias group. It can be up to 80-characters long. No default
    commands <alias_command_name> Enter a list of command aliases. Use a space to separate them. No default

    The following example creates a group of two command aliases.

    config system alias group

    edit aliasgroup1

    set description "Alias group for config switch physical-port."

    set commands port-status port-description

    end

    Step 2: Create the access profile

    To create an access profile for aliases or alias groups:

    config system accprofile

    edit <profile_name>

    set alias-commands {all | <list>}

    set exec-alias-grp {none | read | read-write}

    end

    The following example creates an access profile with read-write access to all the execute alias commands for the alias commands from the aliasgroup1 alias group and for the list-mac-by-port-and-vlan-customer-AAA script:

    config system accprofile

    edit newaccprofile

    set alias-commands list-mac-by-port-and-vlan-customer-AAA

    set exec-alias-grp read-write

    end

    Step 3: Create the administrator account

    Using the GUI:

    Go to System > Admin > Administrators, click Add Administrator, and select the access profile that you created.

    Using the CLI:

    config system admin

    edit <admin_name>

    set password <password>

    set accprofile <profile_name>

    end

    For example:

    config system admin

    edit newadmin

    set password newpassword

    set accprofile newaccprofile

    end

    Step 4: Run the alias command or script

    To run an alias command:

    execute alias configure set <alias_name> <table-entry-id-if-needed> <attribute-value>

    Note: If the alias has a multi-value attribute (for example, set allowaccess under the config system interface command or set members under the config switch trunk command), you can enter up to 31 values for it. If the alias does not reference a table and no table entry ID is needed, you can enter up to 32 values.

    The following example changes the value for the port2 table entry to up.

    S548DF5018000776 # execute alias configure set port-status port2 up

    Command to be run:

    ------------------------------------------------------------------------------

    config switch physical-port

    edit "port2"

    set status "up"

    next

    end

    ------------------------------------------------------------------------------

    Do you want to continue? (y/n)y

    To run a script:

    execute alias script <script_name> <values…>

    The following example shows how to run the mac-list script for VLAN 4092.

    S524DF4K15000024 # execute alias script mac-list 4092

    Command to be run:

    ------------------------------------------------------------------------------

    diag switch mac-address filter clear

    diag switch mac-address filter vlan-map "4092"

    diag switch mac-address list | grep -i mac

    diag switch mac-address filter clear

    ------------------------------------------------------------------------------

    Do you want to continue? (y/n)y

    MAC: 08:5b:0e:f1:95:e5 VLAN: 4092 Port: internal(port-id 31)

    Previous
    Next

    Using the alias commands

    Using the alias commands

    Previously, you could use the Add Profile page or the config system accprofile command to control the view access, edit access, and no access to groups of menu commands for an administrator account. Starting in FortiSwitchOS 7.0.0, you can use the alias CLI commands to grant an administrator access to individual configuration attributes or CLI commands, instead of having to grant access to large groups of CLI commands and configuration attributes.

    Notes:
    • Configuration-type aliases cannot create or delete table entries. For example, under the config switch interface command, you cannot create a new interface name with the edit <interface_name> command.
    • Configuration-type aliases cannot act on child tables or child objects. For example, the configuration-type alias for config system interface can affect attributes (set commands) under config system interface but not config ipv6 under config system interface or attributes (set commands) under both config ipv6 and config system interface.
    • The super_admin administrator profile has access to all command aliases.
    • You can use the sleep <1-172800 seconds> command to add a delay in a script.

    Procedure

    1. Do one of the following:
      • Specify a configuration-type alias for each configuration attribute you want to control access to.
      • Specify a script-type alias for CLI commands or groups of CLI commands that you want to control access to.
      • Specify alias groups to bundle different alias commands together for easy assignment.
    2. Create an access profile that uses the aliases and alias groups that you created.
    3. Create an administrator account and assign the access profile that you created.
    4. Run the alias command or script.

    Step 1: Create a configuration-type alias or script-type alias

    To specify a configuration-type alias for a command that you want to control access to:

    config system alias command

    edit <alias_name>

    set description <string>

    set type configuration

    set path <path>

    set attribute <attribute-name>

    set table-listing {allow | deny}

    set permission {read | read-write}

    set limit-shown-attributes {disable | enable}

    set read-only-attributes <attribute-name>

    set table-ids-allowed <table-ID-value>

    end

    Variable

    Description

    Default
    <alias_name>

    Enter an alias name for the command in this configuration.

    The alias name cannot be all or match an alias group name.

    		 No default
    description <string>

    Enter a description of the command or a help message. It can be up to 80-characters long. The description is displayed with the alias name when you enter execute alias configure {get | show | show-full-configuration | set | unset} ?.

    		No default
    type configuration

    The configuration type provides configuration-specific functionality to control get, show, show-full-configuration, set, and unset commands. You can also use the configuration type to limit accessible table entries and limit displayed attributes.

    		 configuration
    path <path>

    Required. Enter the period-separated path to the CLI command.

    For example, enter set path switch.lldp.profile to apply the configuration to the config switch lldp profile command. Enter set path system.interface to apply the configuration to the config system interface command. You can specify only top-level objects, such as system.interface, router.bgp, or system.snmp.settings. If you specify child objects or child tables (such as system.interface.ipv6, router.bgp.neighbor, or switch.lldp.profile.custom-tlv), FortiSwitch returns an error.

    		 No default

    attribute <attibute-name>

    Required. Enter the attribute that can be retrieved or modified.

    Enter set attribute ? to see the list of valid attributes. If you enter an invalid value, FortiSwitchOS returns an error.

    This option is available only when path has been set.

    No default

    permission {read | read-write}

    Select read to allow this alias to be used by the execute alias configure {get | show | show-full-configuration} command. Select read-write to allow this alias to be used by the execute alias configure {get | show | show-full-configuration | set | unset} command.

    read

    table-listing {allow | deny}

    Allow or prevent the listing of all entries by the execute alias configure {get | show | show-full-configuration} command commands.

    • Select allow to permit all entries to be listed.

    • Select deny to prevent the entries from being listed except for the entries specified in the table-ids-allowed setting. If table-ids-allowed is empty, a valid entry must be provided for listing.

    This option is available only when path has been set.

    deny

    limit-shown-attributes {disable | enable}

    Enable or disable whether to limit the attributes displayed with the show and get commands. Selecting disable displays all attributes for the show and get commands. Selecting enable displays only the attributes listed in attributes and read-only-attributes.

    enable

    read-only-attributes <attribute-name>

    When limit-shown-attributes is enabled, you can enter additional attributes to display with the show and get commands. When you enter read-only-attributes ? to see a list of valid attributes, more attributes are available than when you enter set attribute ?. Read-only attributes can include child tables, child objects, and get-only attributes. You can list up to 31 attributes.

    No default

    table-ids-allowed <table-ID-value>

    Specify which entries can be accepted by the execute alias configure {get | show | show-full-configuration | set | unset} command.

    Enter set table-ids-allowed ? to see a list of valid entries. You can specify entries that do not currently exist; they can be created later.

    If table-listing is set to deny, the table-ids-allowed entries are displayed when the user runs the execute alias configure {get | show | show-full-configuration} command without specifying any entry.

    This option is available only when path has been set.

    No default

    The following example creates two aliases for the config switch physical-port command.

    • The port-description alias allows an administrator to change the set description value; when running a get or show command, the administrator will see only the description configuration.
    • The port-status alias allows an administrator to change the set status value; the administrator will see both the description and port status configuration when running get or show commands.

    config system alias command

    edit "port-status"

    set description "View or change the port status."

    set type configuration

    set path "switch.physical-port"

    set attribute "status"

    set permission read-write

    set limit-shown-attributes enable

    set read-only-attributes "description"

    next

    edit "port-description"

    set description "View or change the port description."

    set type configuration

    set path "switch.physical-port"

    set attribute "description"

    set permission read-write

    set limit-shown-attributes enable

    next

    end

    To create a script:

    config system alias command

    edit <script_name>

    set description <string>

    set type script

    set command <string>

    set table-entry-create {allow | deny}

    config script-arguments

    edit <argument_ID>

    set type {integer | string | table-id}

    set name <string>

    set help <string>

    set optional {enable | disable}

    set range {enable | disable}

    set range-delay <0-172800>

    set allowed-values <string>

    next

    end

    next

    end

    Variable

    Description

    Default
    <script_name>

    Enter a script name.

    The script name cannot be all or match an alias group name.

    		 No default
    description <string>

    Enter a description of the script. It can be up to 80-characters long. The description is displayed with the script name when you enter execute alias script ?.

    		 No default
    type script

    The script type allows the administrator to create a list of CLI commands to run.

    		 configuration

    command <string>

    Enter the script command (within quotation marks) to be run. You can use the Enter key to separate command lines. Enter set command ? for formatting details.

    This option is available only when type has been set to script.

    No default

    table-entry-create {allow | deny}

    Allow or deny the creation of new table (or sub-table) entries.

    This option is available only when type has been set to script. When type has been set to configuration, you cannot create any new table entries.

    deny

    config script-arguments

    <argument_ID>

    Enter an identifier for the argument. The identifier must match the identifier used in the script.

    No default

    type {integer | string | table-id}

    Enter the data type that the argument accepts.

    string

    name <string>

    Enter the display name for the argument. You can use uppercase and lowercase letters, numbers, and hyphens. The display name is shown when the user runs the execute alias script command.

    No default

    help <string>

    Enter a help message for the argument. You can use uppercase and lowercase letters, numbers, slashes, parentheses, brackets, commas, underscores, and hyphens. The help message is displayed when the user runs the execute alias script command.

    No default

    optional {enable | disable}

    Enable this option to allow the user to omit entering a value for this argument. Disable this option to force the user to specify a value for this argument.

    disable

    range {enable | disable}

    Enable this option to allow a range of integers, a range of table identifiers, or a comma-separated list of strings. Disable this option to allow only a single value for this argument.

    disable

    range-delay <0-172800>

    Enter the number of seconds to delay between values when executing.

    This option is available only when range has been set to enable.

    0

    allowed-values <string>

    Enter the values allowed for this argument.

    • If type is set to string, separate values with a space. For example: set allowed-values port1 port3 port7
    • If type is set to integer, you can use ranges and comma-separated values, such as “1-10” or “1-10,3,11,55”.
    • If type is set to table-id and the table identifiers are integers, you can use both ranges and comma-separated values, such as “1-10” or “1-10,3,11,55”.

    No default

    The following example creates two scripts. Both scripts list the switch mac-address table.

    • The mac-list script is more flexible because it requires that the user specify the VLANs to list the MAC addresses from.
    • The list-mac-by-port-and-vlan-customer-AAA script is more controlled because it allows the user to see the MAC addresses learned on the specified VLANs.

    config system alias command

    edit "list-mac-by-port-and-vlan-customer-AAA"

    set description "List MAC addresses on your VLANs and ports."

    set type script

    set command "diag switch mac-address filter clear

    diag switch mac-address filter port-id-map 3-8

    diag switch mac-address filter vlan-map 1000-1010

    diag switch mac-address list

    diag switch mac-address filter clear"

    next

    edit "mac-list"

    set description "List MAC addresses learned on the provided VLANs"

    set type script

    set command "diag switch mac-address filter clear

    diag switch mac-address filter vlan-map $1

    diag switch mac-address list | grep -i mac

    diag switch mac-address filter clear"

    config script-arguments

    edit 1

    set name "VLAN-ID-map"

    set help "List of VLANs to check"

    next

    end

    next

    end

    To create a group of configuration-type aliases:

    config system alias group

    edit <alias_group_name>

    set description <string>

    set commands <alias_command_list>

    end

    Variable

    Description

    Default
    <alias_group_name> Enter a name for the alias group. The name cannot be all or match an alias name. No default
    description <string> Enter a description of the command alias group. It can be up to 80-characters long. No default
    commands <alias_command_name> Enter a list of command aliases. Use a space to separate them. No default

    The following example creates a group of two command aliases.

    config system alias group

    edit aliasgroup1

    set description "Alias group for config switch physical-port."

    set commands port-status port-description

    end

    Step 2: Create the access profile

    To create an access profile for aliases or alias groups:

    config system accprofile

    edit <profile_name>

    set alias-commands {all | <list>}

    set exec-alias-grp {none | read | read-write}

    end

    The following example creates an access profile with read-write access to all the execute alias commands for the alias commands from the aliasgroup1 alias group and for the list-mac-by-port-and-vlan-customer-AAA script:

    config system accprofile

    edit newaccprofile

    set alias-commands list-mac-by-port-and-vlan-customer-AAA

    set exec-alias-grp read-write

    end

    Step 3: Create the administrator account

    Using the GUI:

    Go to System > Admin > Administrators, click Add Administrator, and select the access profile that you created.

    Using the CLI:

    config system admin

    edit <admin_name>

    set password <password>

    set accprofile <profile_name>

    end

    For example:

    config system admin

    edit newadmin

    set password newpassword

    set accprofile newaccprofile

    end

    Step 4: Run the alias command or script

    To run an alias command:

    execute alias configure set <alias_name> <table-entry-id-if-needed> <attribute-value>

    Note: If the alias has a multi-value attribute (for example, set allowaccess under the config system interface command or set members under the config switch trunk command), you can enter up to 31 values for it. If the alias does not reference a table and no table entry ID is needed, you can enter up to 32 values.

    The following example changes the value for the port2 table entry to up.

    S548DF5018000776 # execute alias configure set port-status port2 up

    Command to be run:

    ------------------------------------------------------------------------------

    config switch physical-port

    edit "port2"

    set status "up"

    next

    end

    ------------------------------------------------------------------------------

    Do you want to continue? (y/n)y

    To run a script:

    execute alias script <script_name> <values…>

    The following example shows how to run the mac-list script for VLAN 4092.

    S524DF4K15000024 # execute alias script mac-list 4092

    Command to be run:

    ------------------------------------------------------------------------------

    diag switch mac-address filter clear

    diag switch mac-address filter vlan-map "4092"

    diag switch mac-address list | grep -i mac

    diag switch mac-address filter clear

    ------------------------------------------------------------------------------

    Do you want to continue? (y/n)y

    MAC: 08:5b:0e:f1:95:e5 VLAN: 4092 Port: internal(port-id 31)

    Previous
    Next