Nokia Networking/SR Linux Commands
This page has some useful commands for interacting with Nokia SR-Linux based devices
Basics
Display configuration
Show the configuration from the current place in the config tree down:
info
Show the config in "set" format:
info flat
Show the config in json format:
info | as json
Show the config including all the defaults:
info detail
Show the config AND the state of each element (including for instance interface counters)
info from state
You can also specify a part of the config in an info command to just see that part:
info flat interface ethernet-1/1
Show logs
show system logging buffer messages
Log ACL / filter drops
Right now we are not logging these by default, but in a troubleshooting situation you can enable it as follows:
set / system logging buffer messages subsystem acl
Ping
For instance from loopback to loopback in the default network instance:
A:lsw1-e2-codfw# ping network-instance default -I 10.192.255.34 10.192.255.44 Using network instance default PING 10.192.255.44 (10.192.255.44) from 10.192.255.34 : 56(84) bytes of data. 64 bytes from 10.192.255.44: icmp_seq=1 ttl=63 time=5.30 ms 64 bytes from 10.192.255.44: icmp_seq=2 ttl=63 time=8.29 ms
L1 Stuff
Interface transceiver states
Use 'info from state' to get these, i.e.:
info from state interface ethernet-1/1
It produces a lot of output, one jq filter that is useful for light levels is:
info from state interface ethernet-1/3 | as json | jq '.interface[].transceiver.channel[] | {index, latest_value: ."input-power"."latest-value"}'
Show LLDP neighbor
show system lldp neighbor interface ethernet-1/56
Clear interface counters
tools interface ethernet-1/1 statistics clear
tools interface ethernet-1/1 subinterface 2057 statistics clear
Reboot the system
tools platform chassis reboot
Upgrade software
The software upgrade process can be run passing a URL to the command, so there is no need to copy the image to the device first.
tools system deploy-image http://<apt_server_ip>:8080/srlinux/<image_filename> reboot
For example:
tools system deploy-image http://208.80.154.10:8080/srlinux/srlinux-24.10.4-244.bin reboot
The system will reboot into the new image. If it finds statements in the old config no longer supported (deprecated commands, or new commands if downgrading), it won't load the old config. But with automation this is not a big worry. Once rebooted the starup and rescue configurations should be saved again:
save startup save rescue
L2 Stuff
Show MAC address table for a vlan
A:cmooney@lsw2-a8-codfw# show network-instance vlan-2051 bridge-table mac-table all ------------------------------------------------------------------------------------------------------------------------------------------ Mac-table of network instance vlan-2051 ------------------------------------------------------------------------------------------------------------------------------------------ +--------------------+-----------------------------------+------------+-----------+---------+--------+-----------------------------------+ | Address | Destination | Dest Index | Type | Active | Aging | Last Update | +====================+===================================+============+===========+=========+========+===================================+ | 2C:EA:7F:3F:EA:94 | ethernet-1/1.2051 | 1 | learnt | true | 1159 | 2025-03-31T11:38:37.000Z | | 78:1F:7C:A8:11:D4 | irb-interface | 0 | irb- | true | N/A | 2025-03-31T11:38:33.000Z | | | | | interface | | | | | BC:97:E1:28:79:00 | ethernet-1/10.2051 | 2 | learnt | true | 1159 | 2025-04-08T16:14:06.000Z | +--------------------+-----------------------------------+------------+-----------+---------+--------+-----------------------------------+
Find MAC across all vlans
A:lsw1-c3-eqiad# show network-instance * bridge-table mac-table mac E4:3D:1A:12:B4:20 ---------------------------------------------------------------------------------------- Mac-table of network instance vlan-1019 ---------------------------------------------------------------------------------------- Mac : E4:3D:1A:12:B4:20 Destination : vxlan-interface:vxlan0.1019 vtep:10.64.128.21 vni:2001019 Dest Index : 5736442 Type : evpn Programming Status : Success Aging : N/A Last Update : 2025-11-06T16:58:43.000Z Duplicate Detect time : N/A Hold down time remaining: N/A ----------------------------------------------------------------------------------------
Look up the VTEP IP in netbox (it is loopback of source switch).
Show ARP entries for a given L3 interface
A:cmooney@lsw4-a8-codfw# show arpnd arp-entries interface irb0 subinterface 2057 +----------+----------+----------------+----------+-------------------+-------------------------------------+ | Interfac | Subinter | Neighbor | Origin | Link layer | Expiry | | e | face | | | address | | +==========+==========+================+==========+===================+=====================================+ | irb0 | 2057 | 10.192.54.3 | evpn | 78:1F:7C:A8:3B:D4 | | | irb0 | 2057 | 10.192.54.4 | evpn | BC:97:E1:28:54:51 | | +----------+----------+----------------+----------+-------------------+-------------------------------------+
Clear ARP entries for a given interface
tools interface irb0 subinterface 2057 ipv4 arp delete-dynamic
Show LAG interface status
show lag lag1 lacp-state show system network-instance ethernet-segments LAG1
L3 Stuff
General
Show network-instance routing table
show network-instance default route-table ipv4-unicast prefix
Show route to a given destination IP
show network-instance default route-table ipv4-unicast route 10.192.252.38
show network-instance default route-table ipv4-unicast route 10.192.252.38 include-inactive
Verify state of routes and next-hop groups
You can see a RIB entry by running commands like these (the cli will auto-complete the last few elements as there is normally only one):
info from state network-instance default route-table ipv4-unicast route 10.192.252.37/32 id 0 route-type ospfv2 route-owner ospf_mgr origin-network-instance default
info from state network-instance PRODUCTION route-table ipv4-unicast route 0.0.0.0/0 id 0 route-type bgp-evpn route-owner bgp_evpn_mgr origin-network-instance PRODUCTION
Take the 'next-hop-group' from the output and check that as follows:
info from state network-instance PRODUCTION route-table next-hop-group 6469006
This will list all active next-hops being used, each of which can be checked with:
info from state network-instance default route-table next-hop 6429208
Resource utilisation
info from state platform linecard 1 forwarding-complex 0 datapath asic resource *ecmp*
OSPF
show neighbor state
A:lsw1-e2-codfw# show network-instance default protocols ospf neighbor ========================================================================================= Net-Inst default OSPFv2 Instance ospfv2 Neighbors ========================================================================================= +---------------------------------------------------------------------------------------+ | Interface-Name Rtr Id State Pri RetxQ Time Before Dead | +=======================================================================================+ | ethernet-1/55.0 10.192.255.41 full 128 0 31 | | ethernet-1/56.0 10.192.255.40 full 128 0 34 | +---------------------------------------------------------------------------------------+ ----------------------------------------------------------------------------------------- No. of Neighbors: 2
BGP
show ip bgp summary
A:cmooney@ssw2-a8-codfw# show network-instance default protocols bgp neighbor ----------------------------------------------------------------------------------------------------- BGP neighbor summary for network-instance "default" Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow ----------------------------------------------------------------------------------------------------- +---------------------+------------------------------+---------------------+-------+-----------+-----------------+-----------------+---------------+------------------------------+ | Net-Inst | Peer | Group | Flags | Peer-AS | State | Uptime | AFI/SAFI | [Rx/Active/Tx] | +=====================+==============================+=====================+=======+===========+=================+=================+===============+==============================+ | default | 10.192.252.35 | evpn_ibgp | S | 64812 | connect | - | | | | default | 10.192.252.36 | evpn_ibgp | S | 64812 | established | 2d:3h:25m:33s | evpn | [34/10/2119] | | default | 10.192.252.37 | evpn_ibgp | S | 64812 | established | 1d:4h:21m:27s | evpn | [28/8/2125] | | default | 10.192.252.38 | evpn_ibgp | S | 64812 | established | 10d:7h:49m:38s | evpn | [34/10/2119] | | default | 10.192.252.39 | evpn_ibgp | S | 64812 | established | 10d:7h:49m:33s | evpn | [28/8/2125] | +---------------------+------------------------------+---------------------+-------+-----------+-----------------+-----------------+---------------+------------------------------+
A:cmooney@ssw2-a8-codfw# show network-instance PRODUCTION protocols bgp neighbor ----------------------------------------------------------------------------------------------------- BGP neighbor summary for network-instance "PRODUCTION" Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow ----------------------------------------------------------------------------------------------------- +---------------------+------------------------------+---------------------+-------+-----------+-----------------+-----------------+---------------+------------------------------+ | Net-Inst | Peer | Group | Flags | Peer-AS | State | Uptime | AFI/SAFI | [Rx/Active/Tx] | +=====================+==============================+=====================+=======+===========+=================+=================+===============+==============================+ | PRODUCTION | 10.192.254.14 | core | S | 14907 | established | 10d:7h:49m:3s | ipv4-unicast | [1121/1120/14] | | PRODUCTION | 2620:0:860:137::1 | core | S | 14907 | established | 10d:7h:48m:58s | ipv6-unicast | [906/905/14] | +---------------------+------------------------------+---------------------+-------+-----------+-----------------+-----------------+---------------+------------------------------+
Show routes BGP rib
show network-instance PRODUCTION protocols bgp routes ipv4 summary
show network-instance default protocols bgp routes evpn route-type 2 summary
Show BGP routes advertised/received
show network-instance PRODUCTION protocols bgp neighbor 10.192.46.21 received-routes ipv4 show network-instance PRODUCTION protocols bgp neighbor 10.192.46.21 received-routes ipv6
show network-instance PRODUCTION protocols bgp neighbor 10.192.46.21 advertised-routes ipv4 show network-instance PRODUCTION protocols bgp neighbor 10.192.46.21 advertised-routes ipv6
Configuration Operations
Show diff from running configuration
diff # shows diffs from current location down
/ diff # shows full diff from root of config down
/ diff flat # shows diff in 'flat' set-command format
Validate Configuration
commit validate
Commit confirmed
Commit confirmed with 5 min rollback:
commit stay confirmed timeout 300
Confirm commit and cancel rollback timer:
commit confirmed accept
Discard changes
discard now
List previous configuration checkpoints
info from state system configuration checkpoint *
info flat from state system configuration checkpoint * | grep "created\|username"
Load a previous configuration config
From candidate mode
tools system configuration checkpoint 0 load
Checkpoint files are stored in /etc/opt/srlinux/checkpoint. If you downgrade a device to an older OS version and it won't load the last checkpoint you can drop to a root shell and hack at the old config to remove the incompatible lines (the system will tell you what it doesn't like when you try to load it). Try not to end up in that situation like the person who wrote this though.
Save rescue configuration
tools system configuration rescue-save