Why can I not see the interface config in the show or show full-configuration CLI outputs?
There seems to be a relationship between the following 2 command formats:
show <<pathway>>
config <<pathway>>
So for instance
config vpn ipsec phase1-interface
show vpn ipsec phase1-interface
The <<pathway>> paragraph can also (usually?/Always?) be found in the show and/or show full-configuration CLI output. This relationship holds for the <<system interface>> pathway but this configu is missing from from the show and show full-configuration.
I am speaking of the production VDOM in this case (FG-traffic) as you can see below) but I have checked the root VDOM as well. Nothing.
What am I missing?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.
Toshi
Not sure what are missing in the output of "show system interface" you posted. Those are all I would expect on your 40F regardless which VDOM you're in. "system interface" is under global so the output is the same.
Toshi
To clarify this is my question:
Why can I not see the interface config in the show or show full-configuration CLI outputs?
I still don't understand what you mean. If you go to "config system interface" then "show" or "show full" shows the all interfaces' config.
Or, do you happen to be talking about those lan1-4, which are the members of the default "lan" hard-switch interface?
Hi @slouw,
The system interface configurations are there in your screenshot. What configuration are you looking for?
Regards,
Yes @hbac thank you the config is there is the screenshot.
show system interface <------ Config is there
show full-configuration <------- Config is NOT IN HERE
show <------------------------------ Config is NOT IN HERE
Would you expect the interface config to be present in the show full-configuration? (Or the show output?)
Created on 12-11-2023 03:10 PM Edited on 12-11-2023 03:16 PM
As I said above, you have to get down to the "config system interface" config mode first to execute show or show full. It's same as "config vpn ipsec phase1-interface". You have to get down to the the config mode in the CLI command tree.
Otherwise, "show" shows the entire VDOM config.
Oh, I see what you mean. Since "config system interface" is under global, if you do "show" without getting into the config mode (which is inside of "global" not inside of a vdom), you wouldn't see the interface config at all. It shows just vdom config.
Is that what you meant? If you get in "config global", instead of "config vdom"->"edit FG-traffic", when you run "show" you can see the entire "global" config including the interface config.
<edit>In other words, the entire config consists of three sections:
1. global
2. vdom "root"
3. vdom "FG-traffic"
And the interface config is in the section 1. You have to be in there to see the content when you run "show" or "show full".
You can easily understand that when you back up the entire config into a file and exiamine it in a text editor to see those three sections. </edit>
Toshi
All commands are executed from my production VDOM as shown:
FG40-Lab-6954S (FG-traffic) # show <--- No interface config
FG40-Lab-6954S (FG-traffic) # show full-configuration <--- No interface config
FG40-Lab-6954S (FG-traffic) # show system interface <--- Interface config visible
Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.