Posted on

Arista EOS Configuration Cheat Sheet

Arista Switch Configuration

Enter Global Configuration Mode

switch> enable
switch# configure terminal
switch(config)#

Configure a hostname

hostname switch-1

Configure plain-text enable password

enable password <password>

Configure enable password with MD5 encryption

enable secret <password>

Configure local account with privilege 15 and MD5 password encryption

username admin privilege 15 secret <password>

Configure role-based local account with MD5 password encryption

username admin role network-admin secret <password>

Enable SSH management mode for encrypted remote management access

ip domain-name network.arista.com
management ssh
idle-timeout 5
no shutdown

Enable Telnet management for unencrypted remote management access

management telnet
idle-timeout 5
no shutdown

Enables HTTPS interface for web management access to devices

management api http-commands
protocol https
no shutdown

Configure management console access

management console
idle-timeout 5

Configure data VLAN on a switch port and assign name

vlan 10
name wireless

Configure switch port access mode and assign VLAN 

interface Ethernet1
switchport mode access
switchport access vlan 10

Suspend a VLAN on a switch port to block all traffic

vlan 10
state suspend

Configure an IP Phone voice VLAN on a switch interface and untagged data VLAN 10

vlan 200
name voice

interface Ethernet1
switchport trunk native vlan 10
switchport phone vlan 200
switchport mode trunk phone

Configure trunk interface with nondefault native VLAN and allow only VLAN 10-12

interface Ethernet1/1
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 10-12

Configure LACP EtherChannel with interface range Ethernet1 and Ethernet2 trunking enabled

interface Ethernet 1-2
switchport mode trunk
switchport trunk allowed vlan 10-12
channel-group 1 mode active

interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan 10-12

Configure Layer 3 Port Channel with Ethernet1 and Ethernet2 bundled interfaces

interface Port-Channel 1
no switchport
ip address 192.168.1.1/24

interface Ethernet 1-2
channel-group 1 mode active

Configure Per VLAN Rapid Spanning Tree (PVRST) on a switch

spanning-tree mode rapid-pvst

Configure PortFast and BPDU Guard enhancements on a switch access port

interface Ethernet1/1
switchport mode access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable

Configure port security on a switch interface

interface Ethernet1
switchport port-security
switchport port-security persistent shutdown
switchport port-security maximum 1

Configure a default gateway on L2 access switch

ip default-gateway 172.16.1.3

Enable LLDP globally on a switch port

lldp run

Disable LLDP service on an Ethernet switch port

interface Ethernet1
no lldp transmit
no lldp receive

Assign the primary root bridge and secondary root bridge for specific VLANs

SW1
spanning-tree vlan 1,10 priority 0
spanning-tree vlan 11,12 priority 4096

SW2
spanning-tree vlan 11,12 priority 0
spanning-tree vlan 1,10 priority 4096

Configure DHCP Snooping on a switch VLAN and enable on an interface

ip dhcp snooping
ip dhcp snooping vlan 10
ip dhcp snooping information option

interface Ethernet1
ip dhcp snooping trust

Configure Dynamic ARP Inspection (DAI) on a switch VLAN and enable on an interface

ip arp inspection
ip arp inspection vlan 10

interface Ethernet1
ip arp inspection trust

Configure an IPv4 static route with next-hop IP address

ip route 172.16.1.0/24 172.16.2.1

Configure an IPv4 static route with next-hop exit interface

ip route 172.16.1.0/24 Ethernet1/1

Configure a fully-specified IPv4 static route

ip route 172.16.1.0/24 172.16.2.1 Ethernet1/1

Configure an IPv4 default route

ip route 0.0.0.0/0 172.33.1.2

Configure an IPv4 floating static route

ip route 192.168.3.0/24 192.168.2.2 200

Enable IPv6 routing and autoconfiguration (SLAAC) on a Layer 3 interface

ipv6 unicast-routing
interface Ethernet1/1
ipv6 address autoconfig
no shutdown

Configure an IPv6 static route

ipv6 route 2001:db8:3c4d:1::/64 2001:db8:3c4d:2::1

Configure an IPv6 default route

ipv6 unicast-routing
ipv6 route ::/0 2001:db8:3c4d:2::1

Configure OSPFv2 using global method and advertise subnets to neighbors

router ospf 1
router-id 172.16.255.1
network 192.168.0.0/16 area 0
network 172.16.1.0/24 area 1

Enable OSPFv2 routing directly on a specific interface

interface Ethernet1/1
ip ospf 1 area 0

Configure OSPF passive interface to prevent OSPF from sending hello packets to neighbor

router ospf 1
passive-interface <interface>

Configure OSPF default passive interface alternate method

router ospf 1
passive-interface default
no passive-interface <interface>

Configure point-to-point network type on an Ethernet interface

interface Ethernet1/1
ip ospf network point-to-point

Configure OSPF reference bandwidth to 10 Gbps

router ospf 1
auto-cost reference-bandwidth 10000

Configure OSPF cost metric on an interface to influence route selection

interface Ethernet1/1
ip ospf cost 10

Configure OSPF priority on an interface to influence DR/BDR Election

interface Ethernet1/1
ip ospf priority 100

Configure OSPFv3 and enable on an Ethernet interface that advertises to area 0

ipv6 router ospf 1
router-id 192.168.1.1

interface Ethernet1/1
no ip address
ipv6 enable
ipv6 address autoconfig
ipv6 ospf 1 area 0

Configure external BGP (eBGP) and advertise a network prefix (subnet) to neighbors

router bgp 65001
neighbor 192.168.1.2 remote-as 65000
network 192.168.1.0/24

Configure an SVI for VLAN 10 on a switch

interface vlan 10
ip address 172.16.1.1/24
no shutdown

Configure router-on-a-stick for inter-VLAN communication

interface Ethernet1.10
encapsulation dot1q 10
ip address 192.168.10.254/24

interface Ethernet1.11
encapsulation dot1q 11
ip address 192.168.11.254/24

interface Ethernet1.12
encapsulation dot1q 12
ip address 192.168.12.254/24

Configure VRRP first hop default gateway redundancy

interface Ethernet1/1
ip address 172.16.1.2/24
 vrrp 1
  ip 172.16.1.3
  priority 110
  preempt

Configure DNS Server

ip name-server 172.16.1.2

Configure local time zone for network services

clock timezone PST -8

Configure out-of-band management interface

interface Management1
ip address 192.168.1.1/24
no shutdown

Configure SNMPv2 community strings

snmp-server community arista ro
snmp-server community network rw

Configure SNMPv3

snmp-server group <groupname> v3 priv
snmp-server user <username> <groupname> v3 auth md5 <auth-password> priv aes-128 <priv-password>
snmp-server host <ip> version 3 <username> traps

Configure Syslog Server to send system messages and specify severity level

logging host 192.168.3.1
logging console <severity level>

Configure NTP Server and specify preference

ntp server 172.16.1.1 prefer

Configure AAA for SSH or management console access and fallback to local account

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

Configure standard numbered ACL

ip access-list standard 99
deny host 172.33.1.1
permit any

Configure standard named ACL

ip access-list standard internet
deny host 192.168.1.0/24
permit any

Configure extended numbered ACL and apply to an interface

ip access-list extended 100
remark Permit HTTPS to web server
permit tcp 192.168.10.0/24 host 172.33.1.1 eq 443
deny ip 192.168.10.0/24 172.33.2.0/24
permit ip any any

interface Ethernet1/1
ip access-group 100 in

Configure named extended ACL and apply to an interface

ip access-list extended HTTPS-FILTER
remark Permit HTTPS to web server
permit tcp 192.168.1.0/24 host 172.33.1.1 eq 443
deny tcp 192.168.1.0/24 any eq 23
permit ip any any

interface Ethernet1/1
ip access-group HTTPS-FILTER in

Configure an IPv6 ACL (traffic filter)

ipv6 access-list TELNET
deny ipv6 2001:db8:3c4d:1::/64 any
permit ipv6 any any

interface Ethernet1/1
ipv6 traffic-filter TELNET in

Arista EOS Configuration Notes

  • CIDR format (/24) used for interface addressing, SVIs, routing protocols, and ACLs.
  • Support for adding or omitting ip keyword for routing protocol show commands.
  • Interface naming uses Ethernet (Et1, Et2, etc.) only and does NOT include speed.
  • Arista uses port-channel naming instead of EtherChannel (LACP or static LAG only).
  • EOS flash is a Linux file system. (Arista Linux custom distro).
  • EOS command to verify trunking: show interfaces switchport
  • Port security is more limited in EOS compared to Cisco IOS.
  • EOS does not track DHCP conflicts.
  • NAT support is limited and often not enabled (platform specific).
  • VRRP is implemented instead of HSRP.
  • EOS session configuration test and rollback before running configuration update.
  • EOS supports STP, RSTP, MSTP, and custom PVRST (Cisco RPVST+ not supported).
  • Bash top command available for real-time view.

Arista EOS Configuration Examples

Verify Trunk Interface
switch# show interfaces Ethernet1 switchport
Name: Ethernet1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Trunking Native Mode VLAN: 1
Access Mode VLAN: 1 (default)
Trunking VLANs Enabled: 10-20

Layer 3 Interface Configuration
switch> enable
switch# configure terminal
switch(config)# interface Ethernet1
switch(config-if-Et1)# ip address 192.168.1.1/24
switch(config-if-Et1)# no shutdown
switch(config-if-Et1)# end
switch# write memory (or copy run start)

ACL Configuration
ip access-list standard VTY_ACL
permit 10.1.1.0/24
ip access-list extended WEB-FILTER
permit tcp 192.168.1.0/24 any eq 80

CLI Navigation

Command Line Enhancements in Arista
Command pipelining:
Example: show running-config include hostname
JSON or structured output for automation:
Example: show interfaces json