Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Contributor II

AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

 

-N

 

-----
# Thanks # Gracias # Merci # ありがとう # Danke # Spasiba # 감사합니다 # Toda # Cheers # Dhanyawaad # Ahsante # Xièxiè # shukran #

 

 

 

MVP Expert

Re: AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

Hi @i-r-AOSCX-noob,

 

Access to (Linux) bash shell via start-shell from ArubaOS-CX (or from ServiceOS) is not publicly documented very well (except for very basic citations appeared "here and there")...this doesn't mean it isn't undocumented (which clearly it isn't...that is simply part of Aruba internal documentation normally not available externally to us)...just remember you are going to deal with a Linux OS bash shell so you should be very cautious in jumping in to playing with commands...especially for changing parameters instead of simply displaying logs (in other terms...damaging due to misconfiguration could force you to zeroize the switch, as example)...consider that after ArubaOS-CX 10.02.0020 IIRC Aruba implemented bash access tracking via a shell-enable(d) flag in ServiceOS called SE so Aruba support engineers are able to check (and understand) if a switch was accessed through start-shell [*] and they could - potentially - ask the customer to zeroize the switch to bring it back to a default known state before starting any further support action for a reported issue (that's to avoid diagnoising an altered system).

 

[*] SE flag can be reset only via zeroization...so you can't easily hide the fact you accessed the Linux shell at least one time (even if you didn't perform anything special once accessed...just accessed to see what the shell has to offer).

Re: AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

As Davide said, start-shell gives you possibility of root access on the underlying linux Kernel. Some support commands might be provided from time to time in this blog to help deep troubleshooting that would be conducted by Aruba support. The CLI development aims to provide all the in-depth command as well (like diag command). Note that in ServiceOS there is the secure mode setting that prevents access to start-shell if desired. Changing this mode requires zeroization. The swtich by default is set with secure mode being standard (with start-shell access enabled). With enhanced setting, start-shell won't be allowed.

SVOS> secure-mode enhanced
############################WARNING############################
This will set the switch into enhanced secure mode. Before
enhanced secure mode is enabled, the switch must securely erase
all customer data and reset the switch to factory defaults.
This will initiate a reboot and render the switch unavailable
until the zeroization is complete.
############################WARNING############################

Continue (y/n)?

 

If you have very specific points where you think start-shell is required, do not hesitate to raise them.

I hope this helps.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: