Configure Boot Flags
Before you begin
-
If you enable the hsecure flag, you cannot enable the flags for the web server or SSH password-authentication.
Important
After you change certain configuration parameters using the boot config flags command, you must save the changes to the configuration file.
About this task
Configure the boot flags to enable specific services and functions for the chassis.
Note
Flag support can vary across hardware models.
Procedure
Examples
Switch:1>enable Switch:1#configure terminal
Activate High Secure mode:
Switch:1(config)# boot config flags hsecure Switch:1(config)# save config Switch:1(config)# reset
Activate High Availability mode:
Switch:1(config)#boot config flags ha-cpu Switch:1(config)#save config
Variable Definitions
The following table defines parameters for the boot config flags command.
Variable |
Value |
---|---|
advanced-feature-bandwidth-reservation [low | high | vim] Note:
Exception: only supported on 5420 Series, 5520 Series, VSP 7400 Series, and XA1480. Exception: only low level supported on 5420 Series. Exception: only low level and vim level is supported on 5520 Series. |
Enables the switch to support advanced features by reserving ports as loopback ports. When disabled, you can use all ports on the switch, but advanced features do not work. The default varies depending on the platform: The default for XA1400, VSP 7400 and 5420 Series is enabled with low level. The default for 5520 Series is enabled with vim level if Versatile Interface Module (VIM) is not installed, else low level is enabled.
If you change this parameter, you must restart the switch. |
block-snmp |
Activates or disables Simple Network Management Protocol management. The default value is false (disabled), which permits SNMP access. |
debug-config [console] | [file] |
Enables you to debug the configuration file during loading configuration at system boot up. The default is disabled. You do not have to restart the switch after you enable debug-config, unless you want to immediately debug the configuration. After you enable debug-config and save the configuration, the debug output either displays on the console or logs to an output file the next time the switch reboots. The options are:
|
debugmode |
Enables a TRACE on any port by prompting the selection on the console during boot up. This allows the user start trace for debugging earlier on specified port. Works on console connection only. The default is disabled. Important:
Do not change this parameter unless directed by technical support. |
dvr-leaf-mode |
Enables an SPB node to be configured as a DvR Leaf. A node that has this flag set cannot be configured as a DvR Controller. The boot flag is disabled by default. |
enhancedsecure-mode {jitc | non-jitc} |
Enables enhanced secure mode in either the Joint Interoperability Test Command (JITC) or non-JITC sub-modes. Note:
As a best practice, enable the enhanced secure mode in the non-JITC sub-mode, because the JITC sub-mode is more restrictive and prevents the use of some CLI commands that are commonly used for troubleshooting. When you enable enhanced secure mode in either the JITC or non-JITC sub-modes, the switch provides role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use. |
factorydefaults |
Specifies whether the switch uses the factory default settings at startup. The default value is disabled. This flag is automatically reset to the default setting after the CPU restarts. If you change this parameter, you must restart the switch. Note:
The factorydefaults flag deletes the runtime, primary and backup configuration files, local password files, authentication keys, and certificates. After a factory default, you must change the password on first login. |
flow-control-mode Note:
Exception: not supported on VSP 8600 Series. |
Enables or disables flow control globally. When disabled, the system does not generate nor configure the transmission of flow control messages. The system always honors received flow control messages regardless of the flow control mode status. You must enable this mode before you configure an interface to send pause frames. The default is disabled. |
ftpd |
Activates or disables the FTP server on the switch. The default value is disabled. To enable FTP, ensure that the tftpd flag is disabled. |
ha-cpu Note:
Exception: only supported on VSP 8600 Series. |
Activates or disables High Availability-CPU (HA-CPU) mode. Switches with two CPUs use HA mode to recover quickly from a failure of one of the CPUs. If you enable or disable HA mode, the secondary CPU resets automatically to load settings from the saved configuration file. |
hsecure |
Activates or disables High Secure mode. The hsecure command provides the following password behavior:
The default value is disabled. If you enable High Secure mode, you must restart the switch to enforce secure passwords. If you operate the switch in High Secure mode, the switch prompts a password change if you enter invalid-length passwords. |
ipv6-egress-filter Note:
Exception: not supported on VSP 8600 Series and XA1400 Series. |
Enables IPv6 egress filters. The default is disabled. If you change this parameter, you must restart the switch. |
ipv6–mode
Note:
Exception: not supported on VSP 4450 Series, VSP 8600 Series, and XA1400 Series. |
Enables IPv6 mode on the switch. |
linerate-directed-broadcast {true | false} Note:
Exception: only supported on VSP 4450 Series. |
Enables or disables support for IP Directed Broadcast in hardware without requiring CPU intervention. Setting this boot flag will put port 1/46 into loopback mode, making it unusable for external connections, so you need to move any existing connections on this port first. After setting this boot flag, save the configuration, and then restart the switch. The default value is disabled. Important:
The software cannot be upgraded or downgraded to a software release that does not contain this directed broadcast hardware assist functionality without first disabling this feature and saving the configuration. |
logging |
Activates or disable system logging. The default value is enabled. The system names log files according to the following:
The system generates multiple sequence numbers for the same chassis and same slot if the system reaches the maximum log file size. |
macsec Note:
Exception: only supported on 5420 Series. |
Enables Media Access Control Security (MACsec) globally. |
nni-mstp Note:
Exception: not supported on VSP 8600 Series and XA1400 Series. |
Enables MSTP and VLAN configuration on NNI ports. The default is disabled. Note:
Spanning Tree is disabled on all NNIs. You cannot add an SPBM NNI port or MLT port to any non SPBM B-VLAN. You cannot add additional C-VLANs to a brouter port. |
reboot |
Activates or disables automatic reboot on a fatal error. The default value is activated. Important:
Do not change this parameter unless directed by technical support. |
rlogind Note:
Exception: rlogin and rsh are only supported on VSP 8600 Series. |
Activates or disables the rlogin and rsh server. The default value is disabled. |
savetostandby Note:
Exception: only supported on VSP 8600 Series. |
Activates or disables automatic save of the configuration file to the standby CPU. The default value is enabled. If you operate a dual CPU system, enable this flag for ease of operation. |
spanning-tree-mode <mstp|rstp> |
Specifies the Multiple Spanning Tree Protocol or Rapid Spanning Tree Protocol mode. If you do not specify a protocol, the switch uses the default mode. The default mode is mstp. If you change the spanning tree mode, you must save the current configuration and restart the switch. |
spbm-config-mode |
Enables you to configure SPB and IS-IS, but you cannot configure PIM and IGMP either globally or on an interface. Use the no operator so that you can configure PIM and IGMP. The boot flag is enabled by default. To set this flag to the default value, use the default operator with the command. |
sshd |
Activates or disables the SSHv2 server service. The default value is disabled. |
syslog-rfc5424-format |
Controls the format of the syslog output and logging. By default, the switch uses the RFC5424 format. If the RFC based format is disabled, the older format is used. |
telnetd |
Activates or disables the Telnet server service. The default is disabled. |
tftpd |
Activates or disables Trivial File Transfer Protocol server service. The default value is disabled. |
trace-logging |
Activates or disables the creation of trace logs. The default value is disabled. Important:
Do not change this parameter unless directed by technical support. |
urpf-mode Note:
Exception: not supported on VSP 8600 Series and XA1400 Series. |
Enables Unicast Reverse Path Forwarding (uRPF) globally. You must enable uRPF globally before you configure it on a port or VLAN. The default is disabled. |
verify-config |
Activates syntax checking of the configuration file. The default is enabled.
As a best practice, disable the verify-config flag. |
vrf-scaling |
Increases the maximum number of VRFs and Layer 3 VSNs that the switch supports. This flag is disabled by default. Important:
If you enable both this flag and the spbmconfig-mode flag, the switch reduces the number of configurable VLANs. For more information about maximum scaling numbers, see VSP 8600 Release Notes. |
vxlan-gw-full-interworking-mode Note:
Exception: only supported on VSP 7200 Series, VSP 7400 Series, VSP 8200 Series, and VSP 8400 Series. |
Enables VXLAN Gateway in Full Interworking Mode, which supports SPB, SMLT, and vIST. By default, the Base Interworking Mode is enabled and Full Interworking Mode is disabled. You change modes by enabling this boot configuration flag. The no operator is the default Base Interworking Mode. In this mode, VXLAN Gateway supports Layer 2 gateway communication between VXLAN and traditional VLAN environments. For more information about feature support, see VOSS Feature Support Matrix. |