Using Nokia community SONiC
Learn about the management interface connectivity options, SONiC CLI, and how to verify the Nokia community SONiC image that is running on your hardware platform.
Connecting to the management interface and verifying the image
Connecting to the management interface using the CLI
If the Nokia community SONiC device is connected to a network with a DHCP server, the Nokia community SONiC device automatically obtains an IP address for its management interface from the DHCP server. If a user's terminal device is connected to the same network, the terminal device can use DHCP to obtain the management IP address for the user's terminal device.
When the user logs into the Nokia community SONiC device, the system automatically enters into the command line interface (CLI). See the SONiC CLI guide available from the SONiC GitHub repository for more information about the SONiC CLI.
Management connectivity with no DHCP
If the Nokia community SONiC device does not have a management IP address automatically assigned, the user must first connect to the device through a console to assign a temporary management IP address. This allows the user to fetch or copy the upgrade image.
SONiC provides the CLI for configuring a static IP address for the management interface. There are different ways to configure the IP address. The following example shows how to use the config interface ip add eth0 Linux command.
IP address configuration using config interface ip add eth0
admin@sonic:~$ sudo config interface ip add eth0 192.168.0.0/16 192.168.0.1See the SONiC CLI guide available from the SONiC GitHub repository for more information about the SONiC CLI.
Verifying the Nokia community SONiC image
To verify the Nokia community SONiC image for the target platform, use the show version command. The following example shows output for a 7215 IXS-A1 platform running a SONiC 202411 software version.
Version information for a 7215 IXS-A1 platform
admin@router:~$ show version
SONiC Software Version: SONiC-OS-HEAD.1086978-202411-ce988a8c
SONiC OS Version: 13
Distribution: Debian 13.1
Kernel: 6.12.41+deb13-sonic-armmp
Build commit: 95bc89dec
Build date: Fri Nov 7 18:51:44 UTC 2025
Built by: gitlab-runner@sonic-armv01
Platform: arm64-nokia_ixs7215_52xb-r0
HwSKU: Nokia-7215-A1
ASIC: marvell
ASIC Count: 1
Serial Number: 123460XXXX
Model Number: 3HE18723AAXXXX
Hardware Revision: 0
Uptime: 23:16:39 up 4 min, 1 user, load average: 4.73, 3.26, 1.38
Date: Fri 15 Aug 2025 23:16:39Using the SONiC CLI
Nokia community SONiC fully supports configuration using the SONiC CLI.
See the SONiC CLI Guide at the SONiC GitHub for more information about the SONiC CLI.
Configuring Nokia community SONiC
This section provides an overview and guidelines for configuring Nokia community SONiC on supported Nokia platforms. See the SONiC CLI guide available from the SONiC GitHub repository for more information about the SONiC CLI commands and parameters.
Management interface IP configuration
Use the management interface configuration commands to display the current interface settings and assign an IP address for the management interface.
Display the current management interface configuration
admin@sonic:~$ show ip interface
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
------- ------ ------------------- ---------- ------------ -----------
eth0 10.0.0.1/24 up/up N/A N/A
Configure an IP address and default gateway for the management interface
admin@sonic:~$ sudo config interface ip add eth0 10.0.0.1/24 10.0.0.254Layer 2 configuration
Use the VLAN configuration commands to create VLANs and add member ports.
Create a Layer 2 VLAN
admin@sonic:~$ sudo config vlan add 200Add a tagged member port to VLAN 200
The member port is tagged by default.
admin@sonic:~$ sudo config vlan member add 200 Ethernet0Add an untagged member port to VLAN 200
To add an untagged member port, include the -u option.
admin@sonic:~$ sudo config vlan member add 200 Ethernet0 -uPort channel configuration
Use the port-channel configuration commands to configure port channels and add physical interfaces as members.
Add a port channel
admin@sonic:~$ sudo config portchannel add PortChannel101Add a member interface to a port channel
admin@sonic:~$ sudo config portchannel member add PortChannel101 Ethernet0Switchport modes
Use switch-port mode configuration commands to configure a port or port channel in access, trunk, or routed mode.
Change an interface to routed mode
admin@sonic:~$ sudo config switchport mode routed Ethernet0Layer 3 configuration
Use the IP interface configuration commands to assign IP addresses to routed ports, VLAN interfaces, and port channels.
Assign an IP address to a routed port
admin@sonic:~$ sudo config interface ip add Ethernet0 192.168.0.1/24Assign an IP address to a VLAN interface
admin@sonic:~$ sudo config interface ip add Vlan200 192.168.0.1/24Assign an IP address to a port channel
admin@sonic:~$ sudo config interface ip add PortChannel101 192.168.0.1/24Static routes
Use the route configuration commands to add static IPv4 routes to the system routing table.
Add an IPv4 static route
admin@sonic:~$ config route add prefix 192.168.2.0/24 nexthop 192.168.0.2BGP configuration using CONFIG_DB
The BGP configuration is stored by default in the config_db.json file under /etc/sonic/.
Configure the device BGP ASN
"DEVICE_METADATA": {
"localhost": {
"bgp_asn": "65001"
}
}The following example shows a BGP peer configuration.
Configure a BGP peer
"BGP_NEIGHBOR": {
"10.0.0.1": {
"admin_status": "up",
"asn": "65200",
"holdtime": "180",
"keepalive": "60",
"local_addr": "10.0.0.0",
"name": "peer1",
"nhopself": "0",
"rrclient": "0"
}
}BGP configuration using FRR
By default, SONiC does not support BGP configuration using FRRouting (FRR). To enable FRR-based configuration of BGP for SONiC, the user must set the docker_routing_config_mode parameter to the value split-unified in the config_db.json file. The following example shows how to enable split-unified mode.
Enable split-unified mode
"DEVICE_METADATA": {
"localhost": {
"docker_routing_config_mode": "split-unified"
}
}In split-unified mode, users can use the FRR IP routing commands to configure the routing protocols. The following examples show how to configure and save a BGP router instance using FRR. See the FRR open-source documentation for a full list of FRR CLI commands.
Enter the FRR CLI
admin@sonic:~$ vtysh
sonic# config terminal
sonic(config)#Configure a BGP router instance
sonic(config)# router bgp 65250Add a BGP neighbor
sonic(config-router)# neighbor 10.0.0.1 remote-as 65200Configure BGP timers
sonic(config-router)# neighbor 10.0.0.1 timers 60 180Save the FRR configuration
sonic(config-router)# end
sonic# writeACL configuration
Configure an ACL table by creating an ACL table and then applying rules to that table.
Create an ACL table
admin@sonic:~$ sudo config acl add table DATAACL L3 -p Ethernet0 -s ingressUpdate ACL rules using a JSON file
admin@sonic:~$ sudo config acl update full DATAACL_rules.jsonSample ACL JSON file
The following JSON file adds a single ACL rule that forwards traffic from the source IP address 10.0.0.2/32.
{
"acl": {
"acl-sets": {
"acl-set": {
"DATAACL": {
"acl-entries": {
"acl-entry": {
"1": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 1
},
"ip": {
"config": {
"source-ip-address": "10.0.0.2/32"
}
}
}
}
}
}
}
}
}
}Security configuration
Use the commands shown in the following examples to configure TACACS+, AAA authentication, and AAA fail-through.
Configure a TACACS+ server using a shared key
admin@sonic:~$ sudo config tacacs add 10.0.0.50 -t 10 -k testing123 -a papConfigure AAA authentication using TACACS+
config aaa authentication tacacs+Enable AAA fail-through
AAA fail-through is disabled by default.
config aaa authentication failthrough enableNTP configuration
Configure an NTP server.
Configure an NTP server
admin@sonic:~$config ntp add 192.168.0.10Syslog configuration
Configure a remote syslog server.
Configure a remote syslog server
admin@sonic:~$config syslog add 192.168.0.10