Manual 18119192

Manual 18119192
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
CH A P T E R
1
Cisco Nexus 1000V Series Switch Commands
This chapter provides information about the Cisco Virtual Security Gateway (VSG) related commands
on the Cisco Nexus 1000V Series switch and the Cisco Nexus 1010 networking appliance.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-1
Chapter 1
Cisco Nexus 1000V Series Switch Commands
clear vsn connection
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
clear vsn connection
To clear Cisco VSG connections, use the clear vsn connection command.
clear vsn connection [module module-number]
Syntax Description
module
(Optional) Clears a specific module.
module-number
Module number. The range is from 3 to 66.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
This example shows how to clear Cisco VSG connections:
vsm# clear vsn connection
Related Commands
Command
Description
show vsn
Displays Cisco VSG information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-2
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
clear vsn statistics
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
clear vsn statistics
To clear Cisco VSG statistics, use the clear vsn statistics command.
clear vsn statistics [module module-number | vlan vlan-number ip ip-address [module
module-number]]
Syntax Description
module
(Optional) Clears a module.
module-number
Module number. The range of values is from 3 to 66.
vlan
(Optional) Clears a VLAN.
vlan-number
VLAN number.
ip
(Optional) Clears a device at a specific IP address.
ip-address
IP address. The format is A.B.C.D.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
This example shows how to clear Cisco VSG statistics:
vsm# clear vsn statistics
Related Commands
Command
Description
show vsn
Displays Cisco VSG information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-3
Chapter 1
Cisco Nexus 1000V Series Switch Commands
switchport mode
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
switchport mode
To set the port mode of an interface, use the switchport mode command. To remove the port mode
configuration, use the no form of this command.
switchport mode {access | private-vlan {host | promiscuous} | trunk}
no switchport mode {access | private-vlan {host | promiscuous} | trunk}
Syntax Description
access
Sets the port mode access.
private-vlan
Sets the port mode to private VLAN.
host
Sets the port mode private VLAN to host.
promiscuous
Sets the port mode private VLAN to promiscuous.
trunk
Sets the port mode to trunk.
Defaults
Switchport mode is not set.
Command Modes
Interface configuration (config-if)
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to set the port mode of an interface:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# switchport mode private-vlan host
vsm(config-if)#
This example shows how to remove the mode configuration:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# no switchport mode private-vlan host
vsm(config-if)#
Related Commands
Command
Description
show interface
Displays interface information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-4
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
switchport access vlan
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
switchport access vlan
To set the access mode of an interface, use the switchport access vlan command. To remove the access
mode configuration, use the no form of this command.
switchport access vlan vlan-id
no switchport access vlan vlan-id
Syntax Description
vlan-id
Defaults
Access mode is not set.
Command Modes
Interface configuration (config-if)
VLAN identification number. The range of values is from 1 to 3967.
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to set the access mode of an interface:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# switchport access vlan 100
vsm(config-if)#
This example shows how to remove the access mode configuration:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# no switchport access vlan
vsm(config-if)#
Related Commands
Command
Description
show interface
Displays interface information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-5
Chapter 1
Cisco Nexus 1000V Series Switch Commands
state (port profile)
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
state (port profile)
To enable the operational state of a port profile, use the state command. To disable the operational state
of a port profile, use the no form of the command.
state enabled
no state enabled
Syntax Description
enabled
Defaults
Disabled
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
Enables or disables the port profile.
This example shows how to enable the operational state of a port profile:
vsm# configure
vsm(config)# port-profile testprofile
vsm(config-port-prof)# state enabled
vsm(config-port-prof)#
Related Commands
Command
Description
show port-profile
Displays port profile information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-6
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
copy running-config startup-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
copy running-config startup-config
To copy the running configuration to the startup configuration, use the copy running-config
startup-config command.
copy running-config startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Use this command to save configuration changes in the running configuration to the startup
configuration in persistent memory. When a device reload or switchover occurs, the saved configuration
is applied.
Examples
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config
[########################################] 100%
Related Commands
Command
Description
show running-config
Displays the running configuration.
show running-config diff Displays the differences between the running configuration and the startup
configuration.
show startup-config
Displays the startup configuration.
write erase
Erases the startup configuration in the persistent memory.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-7
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vnm-policy-agent
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vnm-policy-agent
To enter Cisco Virtual Network Management Center (VNMC) policy agent mode, use the
vnm-policy-agent command.
vnm-policy-agent
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Use the Cisco VNMC policy agent configuration mode to configure policy agents.
Examples
This example shows how enter policy agent mode:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)#
Related Commands
Command
Description
configure
Enters global configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-8
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
log-level
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
log-level
To set logging severity levels for the Cisco Virtual Network Management Center (VNMC) policy agent,
use the log-level command. To reset logging levels, use the no form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
Syntax Description
critical
Sets the logging level to critical.
debug0
Sets the logging level to debug 0.
debug1
Sets the logging level to debug 1.
debug2
Sets the logging level to debug 2.
debug3
Sets the logging level to debug 3.
debug4
Sets the logging level to debug 4.
info
Sets the logging level to information.
major
Sets the logging level to major.
minor
Sets the logging level to minor.
warn
Sets the logging level to warning.
Command Default
None
Command Modes
Cisco VNMC policy agent configuration (config-vnm-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to set the logging level to critical:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# log-level critical
Related Commands
Command
Description
vnm-policy-agent
Enables the Cisco VNMC policy agent configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-9
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
ping vsn
To ping the virtual service nodes (VSN) (including the Cisco VSG) from the vPath, use the ping vsn
command. There is no no form of this command.
ping vsn {ip vsn-ip-addr [vlan vsn-vlan-num] | all} {src-module {module-num | all | vpath-all}
[timeout secs] [count count]
Syntax Description
ip
Designates that a specific IP address is to be pinged.
vsn-ip-addr
IP address of the specific VSN.
vlan
(Optional) Designates a specific VLAN is to be pinged.
vsn-vlan-num
Specific VLAN number.
all
Indicates that all VSNs must be pinged.
src-module
Designates the source module for the ping.
module-num
Module number for the source path.
vpath all
Designates that all source vPaths will be used.
timeout
(Optional) Designates a timeout.
secs
Duration of the pinging operation in seconds.
count
(Optional) Designates a count of pings.
count
Number of pings to be counted.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
There is no no form of this command.
Examples
This example show how to ping a Cisco VSG.
vsm# ping ?
<CR>
A.B.C.D or Hostname IP address of remote system
WORD
Enter Hostname
mpls
Ping an MPLS network
multicast
Multicast ping
vsn
VSNs to be pinged
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-10
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vsm# ping vsn
Input parameters:
•
vsn : VSNs to be pinged.
o
all : All VSNs that are currently associated to at least one VM. In other words, all
VSNs specified in port-profiles that are bound to at least one VM.
o
ip-addr <ip-addr> : All VSNs configured with this IP address.
o
vlan <vlan-num> : All VSNs configured on this VLAN.
•
src-module : Source modules to orginate ping request from.
o
all : All online modules.
o
vpath-all : All modules having VMs associated to port-profiles that has vn-service
defined.
o
<module-num> : A online module number.
•
timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec.
•
count : Number of ping packets to be sent.
o
<count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max
2147483647.
o
unlimited : Send ping packets until command is stopped.
Specify both ip-addr and vlan if the VSN to be ping is not associated to any VMs yet.
In the output, status of ping request for each VSN for each module is shown. On success, round-trip-time
of ping request/response for a VSN, is shown in micro-seconds next to module number. On failure,
failure message is shown next to module number.
Various forms:
ping vsn all src-module all
ping vsn all src-module vpath-all
ping
ping
ping
ping
vsn
vsn
vsn
vsn
ping vsn
(Ping all VSNs from all modules)
(Ping all VSNs from all modules having
VMs associated to VSNs)
all src-module 3
(Ping all VSNs from the specified module)
ip 106.1.1.1 src-module all
(Ping specified VSN from all modules)
ip 106.1.1.1 vlan 54 src-module all (Ping specified VSN from all modules)
ip 106.1.1.1 src-module vpath-all
(Ping specified VSN from all modules
having VMs associated to VSNs)
ip 106.1.1.1 vlan 54 src-module 3
(Ping specified VSN from specified
module)
Options timeout & count are applicable to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10
ping vsn all ip 106.1.1.1 count unlimited
ping vsn ip 106.1.1.1 vlan 54 src-vpath 3 count 10
Errors:
VSN response timeout – VSN is down, not reachable or not responding.
VSN ARP not resolved – VEM couldn’t resolve MAC address of VSN.
no response from VEM – VEM is not sending ping response to VSM. Can happen when VEM
is down and VSM not detected it yet.
The following example shows the ping vsn command being used to display all of the source module
traffic.
vsm# ping vsn all src-module all
ping vsn 106.1.1.1 vlan 54 from module 3 5, seq=0 timeout=1-sec
module(usec)
: 3(156) 5(160)
ping vsn 110.1.1.1 vlan 54 from module 3 5, seq=0 timeout=1-sec
module(failed) : 3(VSN ARP not resolved) 5(VSN ARP not resolved)
ping vsn 106.1.1.1 vlan 54 from module 3 5, seq=1 timeout=1-sec
module(usec)
: 3(230) 5(151)
ping vsn 110.1.1.1 vlan 54 from module 3 5, seq=1 timeout=1-sec
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-11
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
module(failed) :
3(VSN ARP not resolved)
5(VSN ARP not resolved)
ping vsn 106.1.1.1 vlan 54 from module 3 5, seq=2 timeout=1-sec
module(usec)
: 3(239) 5(131)
ping vsn 110.1.1.1 vlan 54 from module 3 5, seq=2 timeout=1-sec
module(failed) : 3(VSN ARP not resolved) 5(VSN ARP not resolved)
ping vsn 106.1.1.1 vlan 54 from module 3 5, seq=3 timeout=1-sec
module(usec)
: 3(248) 5(153)
ping vsn 110.1.1.1 vlan 54 from module 3 5, seq=3 timeout=1-sec
module(failed) : 3(VSN ARP not resolved) 5(VSN ARP not resolved)
ping vsn 106.1.1.1 vlan 54 from module 3 5, seq=4 timeout=1-sec
module(usec)
: 3(259) 5(126)
ping vsn 110.1.1.1 vlan 54 from module 3 5, seq=4 timeout=1-sec
module(failed) : 3(VSN ARP not resolved) 5(VSN ARP not resolved)
Related Commands
Command
Description
ping
Activates a signal to verify connections with other devices on a path.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-12
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
policy-agent-image
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
policy-agent-image
To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To
remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
Syntax Description
bootflash:
Command Default
None
Command Modes
VNMC policy agent configuration (config-vnm-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
Designates the policy agent image local URL as bootflash.
This example shows how to designate the local URL that contains the policy agent image:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# policy-agent-image bootflash:
Related Commands
Command
Description
vnm-policy-agent
Enables the VNM policy agent configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-13
Chapter 1
Cisco Nexus 1000V Series Switch Commands
pop
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
pop
To pop a mode off the stack or to restore a mode, use the pop command.
pop file-name
Syntax Description
file-name
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
File name.
This example shows how to restore from a file called file1:
vsm# pop file1
Related Commands
Command
Description
push
Pushes the current mode onto the stack.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-14
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
push
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
push
To push the current mode onto stack or to save it, use the push command.
push file-name
Syntax Description
file-name
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
File name.
This example shows how to push file1 onto the stack:
vsm# push file1
Related Commands
Command
Description
pop
Pops the current mode off the stack.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-15
Chapter 1
Cisco Nexus 1000V Series Switch Commands
registration-ip
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
registration-ip
To set the service registry IP address, use the registration-ip command. To discard the service registry
IP address, use the no form of this command.
registration-ip ip-address
no registration-ip ip-address
Syntax Description
ip-address
Command Default
None
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
Service registry IP address. The format is A.B.C.D.
This example shows how to set the service registry IP address:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# registration-ip 209.165.200.233
vsm(config-vnm-policy-agent)#
Related Commands
Command
Description
vnm-policy-agent
Enters the Cisco VNMC policy agent configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-16
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
shared-secret
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
shared-secret
To set the shared secret password for communication between the Cisco Virtual Security Gateway
(VSG), the Virtual Supervisor Module (VSM), and the Cisco Virtual Network Management Center
(VNMC), use the shared-secret command. To discard the shared secret password, use the no form of
this command.
shared-secret shared-secret-password
no shared-secret shared-secret-password
Syntax Description
shared-secret-password Shared secret password. The range of valid values is from 1 to 64. You must
use at least one uppercase character.
Command Default
None
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to set the shared secret password:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# shared-secret Password123
vsm(config-vnm-policy-agent)#
Related Commands
Command
Description
vnm-policy-agent
Enters VNM policy agent configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-17
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vnm-pa status
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vnm-pa status
To display the installation status of a policy agent, use the show vnm-pa status command.
show vnm-pa status
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
You can use the following operators with the show vnm-pa status command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the installation status of the policy agent:
vsm# configure
vsm(config)# show vnm-pa status
VNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsm
vsm(config)#
Related Commands
Command
Description
vnm-policy-agent
Enters the Cisco VNMC policy agent configuration mode.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-18
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
port-profile
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
port-profile
To create a port profile and enter port profile configuration mode, use the port-profile command. To
remove the port profile configuration, use the no form of this command.
port-profile profile-name
no port-profile profile-name
Syntax Description
profile-name
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Port profile name. The range of valid values is from 1 to 80.
Usage Guidelines
The port profile name must be unique for each port profile.
Examples
This example shows how to create a port profile called AccessProf:
vsm# configure
vsm(config)# port-profile AccessProf
vsm(config-port-prof)#
This example shows how to remove the port profile called AccessProf:
vsm# configure
vsm(config)# no port-profile AccessProf
vsm(config)#
Related Commands
Command
Description
show port-profile
Displays information about the port profiles.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-19
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show running-config
To display the running configuration, use the show running-config command.
show running-config [aaa | aclmgr | all | am | arp | cdp | diff | exclude | expand-port-profile |
icmpv6 | igmp | interface | ip | ipqos | ipv6 | l3vm | license | monitor | ntp | port-profile |
port-security | radius | rpm | security | snmp | vdc-all | vlan | vshd]
Syntax Description
aaa
(Optional) Displays the Authentication, Authorization and Accounting
(AAA) configuration.
aclmgr
(Optional) Displays the running configuration for Access Control List
(ACL) manager.
all
(Optional) Displays the current operating configurations.
am
(Optional) Displays Application Management (AM) information.
arp
(Optional) Displays Address Resolution Protocol (ARP) information.
cdp
(Optional) Displays the Cisco Discovery Protocol (CDP) configuration.
diff
(Optional) Displays the difference between the running and startup
configurations.
exclude
(Optional) Excludes the running configuration of specified features.
expand-port-profile
(Optional) Displays port profile information.
icmpv6
(Optional) Displays Internet Control Message Protocol (ICMPv6)
information.
igmp
(Optional) Displays Internet Group Management Protocol (IGMP)
information.
interface
(Optional) Displays interface configurations.
ip
(Optional) Displays Internet Protocol (IP) information.
ipqos
(Optional) Displays the running configuration for the IP Quality of Service
(QoS) manager.
ipv6
(Optional) Displays IPv6 information.
l3vm
(Optional) Displays Layer 3 Virtual Machine (L3VM) information.
license
(Optional) Displays the licensing configuration.
monitor
(Optional) Displays Ethernet Switched Port Ananlyzer (SPAN) session
information.
ntp
(Optional) Displays Network Time Protocol (NTP) information.
port-profile
(Optional) Displays port-profile configurations.
port-security
(Optional) Displays port-security configurations.
radius
(Optional) Displays the Remote Authentication Dial In User Service
(RADIUS) configuration.
rpm
(Optional) Displays RPM information.
security
(Optional) Displays the security configurations.
snmp
(Optional) Displays the Simple Network Management Protocol (SNMP)
configuration.
vdc-all
(Optional) Displays all Virtual Device Context (VDC) configurations.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-20
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vlan
(Optional) Displays virtual large area network (VLAN) information.
vshd
(Optional) Displays the running configuration for virtual shared hardware
device (VSHD).
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
You can use the following operators with the show running-config command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the running configuration:
vsm# show running-config
!Command: show running-config
!Time: Tue Jan 4 17:20:05 2011
version 4.2(1)SV1(4)
no feature telnet
username admin password 5 $1$z3M0/3no$j77mpF9f/mqmd7/mEZ6RR1 role network-admin
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na. role network-operator
banner motd #Nexus 1000v Switch#
ip domain-lookup
ip domain-lookup
switchname vsm
vem 3
host vmware id 765186a7-eb7c-11de-b059-8843e1389748
vem 4
host vmware id 90a97ac6-31d7-11df-ad65-68efbdf622ca
vem 5
host vmware id 833fe152-3f8b-11df-bd70-68efbdf64970
snmp-server user admin network-admin auth md5 0x5ed3cfea7c44550ac3d18475f28b118b
priv 0x5ed3cfea7c44550ac3d18475f28b118b localizedkey
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-21
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vrf context management
ip route 0.0.0.0/0 10.193.72.1
vlan 1,61-65
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile default port-binding static
port-profile type vethernet vm-clear
vmware port-group
switchport mode access
switchport access vlan 63
no shutdown
state enabled
port-profile type vethernet vsn-service
vmware port-group
switchport mode access
switchport access vlan 64
no shutdown
max-ports 1024
state enabled
port-profile type ethernet system-uplink
vmware port-group
switchport trunk allowed vlan 61-70
switchport mode trunk
no shutdown
system vlan 61-62
state enabled
port-profile type vethernet vsg129-2
vmware port-group
switchport mode access
switchport access vlan 63
org root/Canon
vn-service ip-address 10.10.129.2 vlan 64 security-profile sp-vsg2-1
no shutdown
state enabled
port-profile type vethernet vsg134-1
vmware port-group
switchport mode access
switchport access vlan 63
vn-service ip-address 10.10.134.1 vlan 64 mgmt-ip-address 10.10.73.132 security-profile
sp1
no shutdown
state enabled
port-profile type vethernet vsg136-1
vmware port-group
switchport mode access
switchport access vlan 63
vn-service ip-address 10.10.136.1 vlan 64 mgmt-ip-address 10.10.73.137 security-profile
sp1
no shutdown
state enabled
port-profile type vethernet vsg129_2-svc-vlan65
vmware port-group
switchport mode access
switchport access vlan 65
vn-service ip-address 10.10.129.2 vlan 64 mgmt-ip-address 10.10.73.131 security-profile
sp1
no shutdown
state enabled
port-profile type vethernet vm-clear-vlan65
vmware port-group
switchport mode access
switchport access vlan 65
no shutdown
state enabled
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-22
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet vm-clear-vlan63
vmware port-group
switchport mode access
switchport access vlan 63
no shutdown
state enabled
vdc vsm id 1
limit-resource
limit-resource
limit-resource
limit-resource
limit-resource
limit-resource
limit-resource
limit-resource
vlan minimum 16 maximum 2049
monitor-session minimum 0 maximum 2
vrf minimum 16 maximum 8192
port-channel minimum 0 maximum 768
u4route-mem minimum 32 maximum 32
u6route-mem minimum 16 maximum 16
m4route-mem minimum 58 maximum 58
m6route-mem minimum 8 maximum 8
interface mgmt0
ip address 10.10.73.130/21
interface Vethernet1
inherit port-profile vm-clear-vlan63
description UD134-1,Network Adapter 2
vmware dvport 7489 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0029
interface Vethernet2
inherit port-profile vsg136-1
description UD136-1,Network Adapter 2
vmware dvport 7458 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0032
interface Vethernet3
inherit port-profile vm-clear-vlan63
description US136-1,Network Adapter 2
vmware dvport 7492 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0030
interface Vethernet4
inherit port-profile vsg129-2
description US129-1,Network Adapter 2
vmware dvport 6563 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.003E
interface Vethernet5
inherit port-profile vm-clear-vlan63
description US129-2,Network Adapter 2
vmware dvport 7491 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0040
interface Vethernet6
inherit port-profile vsn-service
description VSG134-1,Network Adapter 1
vmware dvport 3683 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-23
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vmware vm mac 0050.56BB.002C
interface Vethernet7
inherit port-profile vsn-service
description VSG129-2,Network Adapter 1
vmware dvport 3686 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0037
interface Vethernet8
inherit port-profile vsn-service
description VSG136-1,Network Adapter 1
vmware dvport 3684 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0034
interface Ethernet3/2
inherit port-profile system-uplink
interface Ethernet4/6
inherit port-profile system-uplink
interface Ethernet5/6
inherit port-profile system-uplink
interface control0
line console
boot kickstart bootflash:/ks.bin sup-1
boot system bootflash:/sys.bin sup-1
boot kickstart bootflash:/ks.bin sup-2
boot system bootflash:/sys.bin sup-2
svs-domain
domain id 61
control vlan 61
packet vlan 62
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 10.10.79.32 port 80
vmware dvs uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" datacenter-name NAME/S
connect
vnm-policy-agent
registration-ip 10.193.73.144
shared-secret **********
policy-agent-image bootflash:/vnmc-vsmpa.1.0.0.512.bin
log-level
vsm#
Related Commands
Command
Description
show aaa
Displays AAA information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-24
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
tcp state-checks
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
tcp state-checks
To configure the switch to perform TCP state checks, use the tcp state-checks command. To disable TCP
state checks, use the no form of this command.
tcp state-checks
no tcp state-checks
Syntax Description
This command has no arguments or keywords.
Defaults
TCP state checks are enabled.
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
system-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines‘
Because TCP state checks in vPath are enabled by default, use the no form of the tcp state-checks
command to disable the state checks.
Examples
This example shows how to enter the TCP statechecks submode:
vsm# config
vsm(config)# vsn type vsg global
vsm(config-vsn)#
Related Commands
Command
Description
tcp state-checks
Enables tcp state checks in the vPath.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-25
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vn-service ip-address
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vn-service ip-address
To assign a data IP address, a VLAN number, and a profile to a Cisco VSG, use the vn-service
ip-address command. To disable the data IP address, use the no form of the command.
vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile
profile-name]
no vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile
profile-name]
Syntax Description
ip-address
IP address. The format is A.B.C.D.
vlan vlan-number
Specifies the service VLAN number. The range of values is from 1
to 3967 and 4048 to 4093.
fail
(Optional) Sets states to be in either fail close or fail open.
close
Drops packets if the Cisco VSG is down.
open
Passes packets through if the Cisco VSG is down.
security-profile profile-name
(Optional) Specifies the security profile name.
Command Default
Fail close
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Use the vn-service ip-address command to configure the IP address, VLAN, and security profile for the
Cisco VSG, and optionally to allow for a fail-safe configuration.
The fail mode specifies what the behavior is when the virtual ethernet module (VEM) does not have
connectivity to the Cisco VSG. The default fail mode is close, which means that the packets are dropped.
The open fail mode means that packets are passed.
The security profile name must match one of the security profiles created on the Cisco VSG.
The IP address must match the data interface IP address on the Cisco VSG.
Examples
This example shows how to assign the IP address and VLAN number and how to specify that packets are
to be passed when the Cisco VSG fails:
vsm# configure
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-26
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vn-service ip-address
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# vn-service ip-address 209.165.200.236 vlan 2 fail open
vsm(config-port-prof)#
Related Commands
Command
Description
show
virtual-service-domain
Displays virtual service domain information.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-27
Chapter 1
Cisco Nexus 1000V Series Switch Commands
org
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
org
To create a Cisco VNMC organization (domain), use the org command. To delete a Cisco VNMC
organization, use the no form of the command.
org organization-name
no org [organization-name]
Syntax Description
organization-name
Command Default
None
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Organization name. The range of values is from 1 to 251.
Cisco VNMC organizations are Cisco VNMC domains.
You can hierarchically manage Cisco VNMC organizations. A user that is assigned at a top level
organization has automatic access to all organizations under it. For example, an engineering organization
can contain a software engineering organization and a hardware engineering organization. A locale
containing only the software engineering organization has access to system resources only within that
organization. However, a locale that contains the engineering organization has access to the resources
for both the software engineering and hardware engineering organizations.
Examples
This example shows how to create an organization:
vsm# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# org orgpP1
vsm(config-port-prof)#
Related Commands
Command
Description
vn-service
Sets the IP address for a virtual firewall.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-28
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn brief
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vsn brief
To display a brief amount of information about the Cisco Virtual Security Gateway (VSG), use the show
vsn brief command.
show vsn brief
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
You can use the following operators with the show vsn brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display information about Cisco VSGs:
vsm# show vsn brief
VLAN
64
64
vsm#
Related Commands
IP-ADDR
192.168.136.1
192.168.129.2
MAC-ADDR
00:50:56:bb:00:34
00:50:56:bb:00:37
FAIL-MODE
Close
Close
STATE
Up
Up
Command
Description
show vsn port
vethernet
Displays information about the Cisco VSG.
MODULE
5
3
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-29
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn connection
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vsn connection
To display Cisco VSG connections, use the show vsn connection command.
show vsn connection [vlan vlan-num | ip ip-addr | module module-num]
Syntax
Description
vlan
(Optional) Displays connections to a specific VLAN.
vlan-num
Specifies the VLAN number for the connection.
ip
(Optional) Displays connections to a specific IP address.
ip-addr
Specifies the IP address of the connection.
module
(Optional) Displays connections to a specific module.
module-num
Specifies the module number for the connection.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
4.2(1)VSG1(2)
This command was modified to show more organized and explained output.
4.0(4)SV1(1)
This command was introduced.
You can use the following operators with the show vsn connection command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display Cisco VSG connections:
vsm# show vsn connection
Flags:
P - policy at src
O - conn offloaded to vPath at src
S - seen syn from src
A - seen ack for syn/fin from src
F - seen fin from src
R - seen rst from src
E - tcp conn established (SasA done)
p
o
s
a
f
r
T
-
policy at dst
conn offloaded to vPath at dst
seen syn from dst
seen ack for syn/fin from dst
seen fin from dst
seen rst from dst
tcp conn torn down (FafA done)
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-30
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn connection
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
VSG IP 106.1.1.1 VLAN 54
#Module 5
Proto SrcIP[:Port]
tcp 100.1.1.70:32785
udp 100.1.1.70:5636
icmp 100.1.1.70
VWAAS IP 110.1.1.1 VLAN 54
#Module 3
Proto SrcIP[:Port]
tcp 100.1.1.70:32785
udp 100.1.1.70:4785
vsm#
Related Commands
DstIP[:Port]
100.1.1.80:80
100.1.1.80:4525
100.1.1.80
VLAN
53
53
53
Flags
PpOoE
PpOo
PpOo
Bytes
452
4324
5432
DstIP[:Port]
100.1.1.80:80
100.1.1.80:4553
VLAN Action Flags
53 permit PpOoE
53 permit PpOo
Bytes
543
2343
Command
Description
show vsn port
vethernet
Displays port information.
Action
permit
permit
permit
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-31
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn detail
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vsn detail
To display detailed information about the Cisco Virtual Security Gateway (VSG), use the show vsn
detail command.
show vsn detail
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
You can use the following operators with the show vsn detail command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display detailed information about Cisco VSGs:
vsm# show vsn detail
#VSN VLAN: 64, IP-ADDR: 192.168.136.1
Module: 5
#VSN VLAN: 64, IP-ADDR: 192.168.129.2
Module: 3
ankaa-vsm-master# show vsn detail
#VSN VLAN: 64, IP-ADDR: 192.168.136.1
MODULE
VSN-MAC-ADDR FAIL-MODE
5 00:50:56:bb:00:34
Close
#VSN VLAN: 64, IP-ADDR: 192.168.129.2
MODULE
VSN-MAC-ADDR FAIL-MODE
3 00:50:56:bb:00:37
Close
VSN-STATE
No-License
VSN-STATE
No-License
#VSN Ports, Port-Profile, Org and Security-Profile Association:
#VSN VLAN: 64, IP-ADDR: 192.168.136.1
Port-Profile: vsg136-1, Security-Profile: default, Org: Not-Available
Module Vethernet
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-32
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn detail
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
5 2
#VSN VLAN: 64, IP-ADDR: 192.168.129.2
Port-Profile: vsg129-2, Security-Profile: default, Org: Not-Available
Module Vethernet
3 10, 4
vsm#
Related Commands
Command
Description
show vsn port
vethernet
Displays information about the Cisco VSG.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-33
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn port vethernet
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vsn port vethernet
To display information about virtual Ethernet (vEth) ports, use the show vsn port vethernet command.
show vsn port vethernet port-number
Syntax Description
port-number
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Examples
Port number. The range is from 1 to 1048575.
You can use the following operators with the show vsn port vethernet command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display information about vEth port 2:
vsm# show vsn port vethernet 2
Veth
VM Name
VM uuid
DV Port
DVS uuid
Flags
VSN Data IP
Security Profile
Org
VNSP id
IP addresses:
vsm#
:
:
:
:
:
:
:
:
:
:
Veth2
UD136-1
42 3b e1 60 17 e6 92 c4-3b 47 f4 b7 4c a0 be 1b
7458
90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c
0x148
192.168.136.1
sp1
Not set
1
Related Commands
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-34
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn port vethernet
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
Command
Description
show vsn statistics
Displays Cisco VSG statistics.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-35
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn statistics
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
show vsn statistics
To display Cisco VSG statistics, use the show vsn statistics command.
show vsn statistics [ip | module | vlan]
Syntax Description
ip
(Optional) Displays IP statistics.
mode
(Optional) Displays module statistics.
vlan
(Optional) Displays VLAN statistics.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Examples
You can use the following operators with the show vsn statistics command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display statistics for a module:
vsm# show vsn statistics module 3
#VSN VLAN: 64, IP-ADDR: 192.168.129.2
Module: 3
#VPath Packet Statistics
Ingress
Total Seen
8249
Policy Redirects
7796
No-Policy Passthru
441
Policy-Permits Rcvd
7796
Policy-Denies Rcvd
0
Permit Hits
10
Deny
Hits
0
Decapsulated
7796
Fail-Open
0
Badport Err
0
VSN Config Err
0
ARP Resolve Err
2
Egress
24572
23260
1267
23260
0
45
0
23260
0
0
0
0
Total
32821
31056
1708
31056
0
55
0
31056
0
0
0
2
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-36
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vsn statistics
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
Encap Err
All-Drops
Total Rcvd From VSN
Non-Cisco Encap Rcvd
VNS-Port Drops
Policy-Action Err
Decap Err
L2-Frag Sent
L2-Frag Rcvd
L2-Frag Coalesced
#VPath Flow Statistics
Active Flows
Forward Flow Create
Reverse Flow Create
Flow ID Alloc
Connection ID Alloc
L2 Flow Create
L3 Flow Create
L4 TCP Flow Create
L4 UDP Flow Create
L4 Oth Flow Create
Embryonic Flow Create
L2 Flow Timeout
L3 Flow Timeout
L4 TCP Flow Timeout
L4 UDP Flow Timeout
L4 Oth Flow Timeout
Flow Lookup Hit
Flow Dual Lookup
Flow Classify Err
Conn ID Alloc Err
Flow Exist
Flow Removal Err
Flow Entry Miss
Bad Action Receive
Invalid Connection
Hash Alloc
InvalFID Lookup
Deferred Delete
0
2
0
7799
7799
15598
7799
0
4
0
15594
0
0
0
5
0
23393
0
23314
38912
0
0
0
0
0
0
0
0
0
0
0
0
Active Connections
Forward Flow Destroy
Reverse Flow Destroy
Flow ID Free
Connection ID Free
L2 Flow Destroy
L3 Flow Destroy
L4 TCP Flow Destroy
L4 UDP Flow Destroy
L4 Oth Flow Destroy
Embryonic Flow Bloom
L2 Flow Offload
L3 Flow Offload
L4 TCP Flow Offload
L4 UDP Flow Offload
L4 Oth Flow Offload
Flow Lookup Miss
L4 TCP Tuple-reuse
Flow ID Alloc Err
Hash Alloc Err
Flow Entry Exhaust
Bad Flow ID Receive
Flow Full Match Err
Invalid Flow Pair
Hash Free
InvalFID Lookup Err
0
2
31056
0
0
0
0
0
0
0
0
7799
7799
15598
7799
0
4
0
15594
0
0
0
2
0
31054
0
15598
0
0
0
0
0
0
0
0
0
vsm#
Related Commands
Command
Description
show vsn port
vethernet
Displays information about the Cisco VSG.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-37
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vlan
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vlan
To create a VLAN and enter the VLAN configuration mode, use the vlan command. To remove a VLAN,
use the no form of this command.
vlan {id | dot1Q tag native}
no vlan {id | dot1Q tag native}
Syntax Description
id
VLAN identification number. The range is from 1 to 4094.
dot1Q tag native
Specifies an IEEE 802.1Q virtual LAN.
Defaults
VLAN 1
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Specify a VLAN range by using a dash. For example, 1-9 or 20-30.
Examples
This example shows how to create a VLAN and enter the VLAN configuration mode:
vsm# configure
vsm (config)# vlan 100
vsm (config-vlan)#
This example shows how to remove a VLAN:
switch# configure
switch(config)# no vlan 100
switch(config)#
Related Commands
Command
Description
show vlan
Displays the VTP VLAN status.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-38
OL-25094-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vmware port-group
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vmware port-group
To create a VMware port group, use the vmware port-group command. To remove the VMware port
group, use the no form of this command.
vmware port-group name
no vmware port-group name
Syntax Description
name
Defaults
None
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
Name of the VMware port group.
Usage Guidelines
To create the VMware port group, you must be in port profile configuration mode.
Examples
This example shows how to create a VMware port group:
vsm# configure
vsm(config)# port-profile testprofile
vsm(config-port-prof)# vmware port-group testgroup
vsm(config-port-prof)#
The following example shows how to remove the VMware port group:
vsm# configure
vsm(config)# port-profile testprofile
vsm(config-port-prof)# no vmware port-group testgoup
vsm(config-port-prof)#
Related Commands
Command
Description
show port-profile name
Displays configuration information about a particular port profile.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
OL-25094-01
1-39
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vsn type vsg global
Se n d d o c u m e n t c o m m e n t s t o v s g - d o c f e e d b a ck @ c i s c o . c o m .
vsn type vsg global
To enter the tcp state-checks configuration submode, use the vsn type vsg global command.
vsn type vsg global
Syntax Description
This command has no arguments or keywords.
Defaults
TCP state checks are enabled.
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
system-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines‘
Because TCP state checks in vPath are enabled by default, use the no form of the tcp state-checks
command to disable the state checks.
Examples
This example shows how to enter the VSN configuration submode:
vsm# config
vsm(config)# vsn type vsg global
vsm(config-vsn)#
Related Commands
Command
Description
tcp state-checks
Enables TCP state checks in the vPath.
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(2)
1-40
OL-25094-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising