Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

system interface config missing from show and show full-configuration

Why can I not see the interface config in the show or show full-configuration CLI outputs?

 

There seems to be a relationship between the following 2 command formats:

show <<pathway>>

config <<pathway>>

So for instance

config vpn ipsec phase1-interface

show vpn ipsec phase1-interface

The <<pathway>> paragraph can also (usually?/Always?) be found in the show  and/or show full-configuration CLI output.  This relationship holds for the <<system interface>> pathway but this configu is missing from from the show and show full-configuration.

I am speaking of the production VDOM in this case (FG-traffic) as you can see below) but I have checked the root VDOM as well. Nothing.

What am I missing?

2023-12-11 15h20m20 6954S show system interfaces.png

1 Solution
Toshi_Esumi
Esteemed Contributor III

Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.

 

Toshi

View solution in original post

11 REPLIES 11
Toshi_Esumi
Esteemed Contributor III

Not sure what are missing in the output of "show system interface" you posted. Those are all I would expect on your 40F regardless which VDOM you're in. "system interface" is under global so the output is the same.

 

Toshi

slouw

To clarify this is my question:

Why can I not see the interface config in the show or show full-configuration CLI outputs?

Toshi_Esumi
Esteemed Contributor III

I still don't understand what you mean. If you go to "config system interface" then "show" or "show full" shows the all interfaces' config.

Toshi_Esumi
Esteemed Contributor III

Or, do you happen to be talking about those lan1-4, which are the members of the default "lan" hard-switch interface?

hbac
Staff
Staff

Hi @slouw,

 

The system interface configurations are there in your screenshot. What configuration are you looking for?

 

Regards, 

slouw

Yes @hbac thank you the config is there is the screenshot.

show system interface <------ Config is there

show full-configuration <------- Config is NOT IN HERE

show  <------------------------------ Config is NOT IN HERE

 

Would you expect the interface config to be present in the show full-configuration? (Or the show output?)

Toshi_Esumi
Esteemed Contributor III

As I said above, you have to get down to the "config system interface" config mode first to execute show or show full. It's same as "config vpn ipsec phase1-interface". You have to get down to the the config mode in the CLI command tree.
Otherwise, "show" shows the entire VDOM config.

Oh, I see what you mean. Since "config system interface" is under global, if you do "show" without getting into the config mode (which is inside of "global" not inside of a vdom), you wouldn't see the interface config at all. It shows just vdom config.

Is that what you meant? If you get in "config global", instead of "config vdom"->"edit FG-traffic", when you run "show" you can see the entire "global" config including the interface config.

 

<edit>In other words, the entire config consists of three sections:
1. global
2. vdom "root"

3. vdom "FG-traffic"

And the interface config is in the section 1. You have to be in there to see the content when you run "show" or "show full".
You can easily understand that when you back up the entire config into a file and exiamine it in a text editor to see those three sections. </edit>

 

Toshi

slouw

All commands are executed from my production VDOM as shown:

FG40-Lab-6954S (FG-traffic) # show     <--- No interface config
FG40-Lab-6954S (FG-traffic) # show full-configuration  <--- No interface config
FG40-Lab-6954S (FG-traffic) # show system interface  <--- Interface config visible

Toshi_Esumi
Esteemed Contributor III

Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.

 

Toshi

Top Kudoed Authors