2 Cisco Virtual Security Gateway Commands

2 Cisco Virtual Security Gateway Commands
CH A P T E R
2
Cisco Virtual Security Gateway Commands
This chapter provides information about Cisco Virtual Security Gateway (VSG) commands.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-1
Chapter 2
Cisco Virtual Security Gateway Commands
action
action
To specify the actions to be executed when traffic characteristics match with an associated rule, use the
action command. To remove the binding of the action with the given rule, use the no version of this
command.
action {drop | permit | log | inspection protocol-type}
Syntax Description
drop
Drops the incoming packets.
permit
Permits the incoming packets.
log
Logs the policy evaluation event.
inspection
Specifies the protocol be inspected.
protocol-type
Specific protocol type to be inspected. FTP, RSH, and TFTP are supported.
Command Default
None
Command Modes
Policy configuration (config-policy)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
Use the action command to specify the actions to be executed when traffic characteristics match with
the associated rule. The command can be entered multiple times until the upper bound limit is reached.
Examples
This example shows how to specify that the policy is to drop packets:
vsg(config-rule)# action drop
Related Commands
Command
Description
rule
Enters the rule configuration submode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-2
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
attach
attach
To access a module or the console of a module, use the attach command.
attach {console module module-number | module module-number}
Syntax Description
console module
Specifies the console.
module-number
Module number. The range is from 1 to 66.
module
Specifies a module.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to attach to a module:
VSG# attach module 1
Attaching to module 1 ...
To exit type 'exit', to abort type '$.'
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Related Commands
Command
Description
show terminal
Displays information about the terminal.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-3
Chapter 2
Cisco Virtual Security Gateway Commands
attribute
attribute
To specify the particular attribute characteristics of a policy that is to be tested, use the attribute
command.
attribute attr-seq-num attr-name value attr-value
Syntax Description
attr-seq-num
Attribute input sequence number.
attr-name
Name of a VM or network attribute (for example, src.vm.name).
value
Designates the use of the following attribute value.
attr-value
Value of a VM or network attribute (for example, engg).
Command Default
None
Command Modes
Test policy-engine (test-policy-engine)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Examples
This example shows how to specify an attribute for a policy.
vsg(test-policy-engine)# attribute 1 src.vm.name value engg
vsg(test-policy-engine)# attribute 2 src.net.ip-address value 10.10.10.1
vsg(test-policy-engine)# exit
Result: DROP, Policy: p1, Rule: r1
Related Commands
Command
Description
test policy-engine
Enters the test policy-engine submode.
simulate-pe-req policy
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-4
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
banner motd
banner motd
To configure a message of the day (MOTD) banner, use the banner motd command.
banner motd [delimiting-character message delimiting-character]
no banner motd [delimiting-character message delimiting-character]
Syntax Description
delimiting-character
(Optional) Character used to signal the beginning and end of the message
text. For example, in the following message, the delimiting character is #:
#Testing the MOTD#
message
(Optional) Banner message. Up to 40 lines with a maximum of 80
characters in each line.
Defaults
“User Access Verification” is the default message of the day.
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
The MOTD banner is displayed on the terminal before the login prompt whenever you log in.
The message is restricted to 40 lines and 80 characters per line.
To create a multiple-line MOTD banner, press Enter before typing the delimiting character to start a new
line. You can enter up to 40 lines of text.
Follow these guidelines when choosing your delimiting character:
Examples
•
Do not use the delimiting-character in the message string.
•
Do not use " and % as delimiter.
This example shows how to configure and then display a banner message with the text, “Testing the
MOTD”:
vsg(config)# banner motd #Testing the MOTD#
vsg(config)# show banner motd
Testing the MOTD
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-5
Chapter 2
Cisco Virtual Security Gateway Commands
banner motd
This example shows how to configure and then display a multiple-line MOTD banner:
vsg(config)# banner motd #Welcome to authorized users.
> Unauthorized access prohibited.#
vsg(config)# show banner motd
Welcome to authorized users.
Unauthorized access prohibited.
This example shows how to revert to the default MOTD banner:
vsg(config)# no banner motd
vsg(config)# show banner motd
User Access Verification
Related Commands
Command
Description
show banner motd
Displays the MOTD banner.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-6
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
boot
boot
To configure boot images, use the boot command. To revert to default settings, use the no form of this
command.
boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
no boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
Syntax Description
asm-sfn
Specifies a boot variable.
auto-copy
Enables or disables automatic copying of boot images to the standby Cisco
VSG.
kickstart bootflash
Specifies the boot variable URI for the kickstart image.
ssi
Specifies a boot variable.
system bootflash
Specifies the boot variable URI for the system image.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to configure a boot variable:
vsg(config)# boot asm-sfn bootflash module 6
Related Commands
Command
Description
show boot
Displays the current boot variables.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-7
Chapter 2
Cisco Virtual Security Gateway Commands
cd
cd
To change to a different directory, use the cd command.
cd {bootflash: | volatile:}
Syntax Description
bootflash:
Specifies the bootflash directory.
volatile:
Specifies the volatile directory.
Defaults
bootflash:
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Use the pwd command to verify the name of the directory you are currently working in.
Examples
This example shows how to change to the volatile directory:
vsg# cd volatile
vsg#
Related Commands
Command
Description
pwd
Displays the name of the directory you are currently working in.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-8
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
cdp
cdp
To configure the Cisco Discovery Protocol (CDP), use the cdp command. To remove the CDP
configuration, use the no form of this command.
cdp {advertise {v1 | v2} | enable | format device-id | holdtime seconds | timer seconds}
no cdp {advertise | enable | format device-id | holdtime seconds | timer seconds}
Syntax Description
advertise
Specifies the CDP version to advertise.
v1
Specifies CDP Version 1.
v2
Specifies CDP Version 2.
enable
Enables CDP globally on all interfaces and port channels.
format device-id
Specifies the device ID format for CDP.
holdtime seconds
Sets the maximum amount of time that CDP holds onto neighbor information
before discarding it. The range is from 10 to 255.
timer seconds
Sets the refresh time for CDP to send advertisements to neighbors. The range
is from 5 to 254.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set CDP Version 1 as the version to advertise:
vsg(config)# cdp advertise v1
This example shows how to remove CDP Version 1 as the version to advertise:
vsg(config)# no cdp advertise v1
Related Commands
Command
Description
show cdp global
Displays the CDP configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-9
Chapter 2
Cisco Virtual Security Gateway Commands
clear accounting
clear accounting
To clear the accounting log, use the clear accounting command.
clear accounting log
Syntax Description
log
Defaults
None
Command Modes
EXEC
Clears the accounting log.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the accounting log:
vsg# clear accounting log
Related Commands
Command
Description
show accounting log
Displays the accounting log.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-10
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ac-driver
clear ac-driver
To clear Application Container (AC) driver statistics, use the clear ac-driver command.
clear ac-driver statistics
Syntax Description
statistics
Defaults
None
Command Modes
EXEC
Clears AC driver statistics.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear AC driver statistics:
vsg# clear ac-driver statistics
Related Commands
Command
Description
show ac-driver
statistics
Displays AC driver statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-11
Chapter 2
Cisco Virtual Security Gateway Commands
clear bootvar
clear bootvar
To clear the boot variables log, use the clear bootvar command.
clear bootvar log
Syntax Description
log
Defaults
None
Command Modes
EXEC
Clears the boot variables log.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the boot variables log:
vsg# clear bootvar log
Related Commands
Command
Description
show bootvar log
Displays the accounting log.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-12
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear cdp
clear cdp
To clear Cisco Discovery Protocol (CDP) information, use the clear cdp command.
clear cdp {counters [interface {ethernet slot-number / port-number [. subinterface-number]}] |
mgmt 0}] | table [interface {ethernet slot-number / port-number [. subinterface-number]}]}
Syntax Description
counters
Clears the CDP counters.
interface
(Optional) Clears interfaces.
ethernet
Clears Ethernet interfaces.
slot-number
Slot. The range is from 1 to 66.
port-number
Port number. The range is from 1 to 128.
. sub-interface
(Optional) Subinterface number. The range of values is from 1 to 4094.
mgmt 0
Clears the management 0 interface.
table
Clears the CDP statistics table.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear CDP counters on all interfaces:
vsg# clear cdp counters
Related Commands
Command
Description
show cdp all
Displays all interfaces that are CDP enabled.
show cdp entry
Displays CDP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-13
Chapter 2
Cisco Virtual Security Gateway Commands
clear cli
clear cli
To clear command-line interface (CLI) command history, use the clear cli command.
clear cli history
Syntax Description
history
Defaults
None
Command Modes
EXEC
Clears the CLI command history.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the CLI command history:
vsg# clear cli history
Related Commands
Command
Description
show cli history
Displays the CLI command history.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-14
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear cores
clear cores
To clear the core files, use the clear cores command.
clear cores [archive file file-name]
Syntax Description
archive file
(Optional) Clears the archived core files.
file-name
Core filename.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all core files:
vsg# clear cores
Related Commands
Command
Description
show cores
Displays the core filename.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-15
Chapter 2
Cisco Virtual Security Gateway Commands
clear counters
clear counters
To clear interface loopback counters, use the clear counters command.
clear counters [interface {all | data | ethernet slot / port [.{sub-interface}] | loopback
virtual-interface-number | mgmt 0 | port-channel port-channel-number}]
Syntax Description
interface
(Optional) Clears interface counters.
all
Clears all interface counters.
ethernet
Clears Ethernet interface counters.
slot
Slot. The range is from1 to 66.
port
Port. The range is from 1 to 128.
sub-interface
(Optional) Subinterface number. The range of values is from 1 to 4094.
loopback
Clears loopback interface counters.
virtual-interface-number Virtual interface number. The range is from 0 to 1023.
mgmt 0
Clears the management interface.
port-channel
Clears port-channel interfaces.
port-channel-number
Port channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a counter on a specific Ethernet interface:
vsg# clear counters ethernet 2/1
Related Commands
Command
Description
show interface
counters
Displays the interface status, which includes the counters.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-16
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear debug-logfile
clear debug-logfile
To clear the contents of the debug log, use the clear debug-logfile command.
clear debug-logfile log-name
Syntax Description
log-name
Defaults
None
Command Modes
EXEC
Name of the debug log.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the debug log:
vsg# clear debug-logfile syslog_debug
Related Commands
Command
Description
show debug logfile
Displays the contents of the debug logfile.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-17
Chapter 2
Cisco Virtual Security Gateway Commands
clear event-log policy_engine
clear event-log policy_engine
To clear the event log buffer for the policy engine, use the clear event-log policy_engine command.
clear event-log policy_engine
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(4.1)
This command was introduced.
This example shows how to clear the event logs for the policy engine:
vsg# clear event-log policy_engine
Related Commands
Command
Description
event-log policy_engine
Enables logging debugs for the policy engine.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-18
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear event-log service-path
clear event-log service-path
To clear the event-log buffer for the service path, use the clear event-log service-path command.
clear event-log service-path
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(4.1)
This command was introduced.
This example shows how to clear the event logs for the service path:
vsg# event-log service-path
Related Commands
Command
Description
event-log service-path
Enables logging debugs for the service-path process.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-19
Chapter 2
Cisco Virtual Security Gateway Commands
clear frame
clear frame
To clear Layer 2 traffic statistics, use the clear frame command.
clear frame statistics
Syntax Description
statistics
Defaults
None
Command Modes
EXEC
Clears Layer 2 traffic statistics.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the Layer 2 traffic statistics:
vsg# clear frame statistics
Related Commands
Command
Description
show vlan
Displays VLAN information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-20
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear fs-daemon
clear fs-daemon
To clear the file sharing (FS) daemon log, use the clear fs-daemon command.
clear fs-daemon log
Syntax Description
log
Defaults
None
Command Modes
EXEC
Clears the FS daemon log.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the FS daemon log:
vsg# clear fs-daemon log
Related Commands
Command
Description
show logging
Displays the logging configuration and the contents of the log file.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-21
Chapter 2
Cisco Virtual Security Gateway Commands
clear inspect
clear inspect
To clear the File Transfer Protocol (FTP) inspection statistics, use the clear inspect command.
clear inspect ftp statistics [svs-domain-id domain-id module module-number]
Syntax Description
ftp statistics
Clears FTP statistics.
svs-domain-id
(Optional) Clears FTP statistics in the SVS domain.
domain-id
SVS domain ID.
module
(Optional) Clears FTP statistics on a specific module.
module-number
Module number.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the FTP inspection statistics:
vsg# clear inspect ftp statistics svs-domain-id 2 module 63
Related Commands
Command
Description
show vsg
Displays Cisco VSG information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-22
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear install
clear install
To clear the installation log, use the clear install command.
clear install {all failed-standby | failure-reason | status}
Syntax Description
all failed-standby
Clears all the installation logs.
failure-reason
Clears the installation failure reason log.
status
Clear the installation status log.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all the installation logs:
vsg# clear install all failed-standby
Related Commands
Command
Description
show install all status
Displays the status of the current or last installation.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-23
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip adjacency statistics
clear ip adjacency statistics
To clear IP address adjacency statistics, use the clear ip adjacency statistics command.
clear ip adjacency statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear IP adjacency statistics:
vsg# clear ip adjacency statistics
Related Commands
Command
Description
show ipv6 adjacency
Displays IP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-24
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp
clear ip arp
To clear specific Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp
command.
clear ip arp ip-address [vrf {vrf-name | all | default | management}]
Syntax Description
ip-address
IP address. The format is A.B.C.D.
vrf
Clears all virtual routing and forwarding (VRF) ARP IP address statistics.
vrf-name
VRF name. The range for number of characters is from 1 to 32.
all
Clears all ARP IP address statistics.
default
Clears default VRF ARP IP address statistics.
management
Clears management VRF ARP IP address statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a specific ARP IP address in EXEC mode:
vsg# clear ip arp 209.165.200.229
This example shows how to clear a specific ARP IP address in configuration mode:
vsg#(config) clear ip arp 209.165.200.229
Related Commands
Command
Description
show ip arp
Displays IP ARP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-25
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp data
clear ip arp data
To clear Address Resolution Protocol (ARP) IP address statistics on the data 0 interface, use the clear
ip arp data command.
clear ip arp data 0 [vrf {vrf-name | all | default | management}]
Syntax Description
0
Clears data 0 interface ARP IP address statistics.
vrf
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address
statistics.
vrf-name
VRF name. The range for number of characters is from 1 to 32.
all
Clears all ARP IP address statistics.
default
Clears default ARP IP address statistics.
management
Clears management interface ARP IP address statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all ARP IP address statistics on the data 0 interface:
vsg# clear ip arp data 0 all
Related Commands
Command
Description
show ip arp
Displays IP ARP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-26
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp ethernet
clear ip arp ethernet
To clear Address Resolution Protocol (ARP) IP address statistics on Ethernet interfaces, use the clear ip
arp ethernet command.
clear ip arp ethernet slot-number / port-number [. | vrf vrf-name]
Syntax Description
slot-number
Slot number.
port-number
Port number.
vrf
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address
statistics.
vrf-name
VRF name. The range for number of characters is from 1 to 32.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ARP IP address statistics on an Ethernet interface:
vsg# clear ip arp ethernet 1 / 1
Related Commands
Command
Description
show ip arp
Displays IP ARP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-27
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp loopback
clear ip arp loopback
To clear Address Resolution Protocol (ARP) IP address statistics on loopbacks, use the clear ip arp
loopback command.
clear ip arp loopback loopback-number [vrf vrf-name]
Syntax Description
loopback-number
Loopback number.
vrf
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address
statistics.
vrf-name
VRF name. The range is from 1 to 32.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ARP IP address statistics on a loopback:
vsg# clear ip arp loopback 10
Related Commands
Command
Description
show ip arp
Displays ARP IP address information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-28
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp mgmt
clear ip arp mgmt
To clear Address Resolution Protocol (ARP) IP address statistics on the management interface, use the
clear ip arp mgmt command.
clear ip arp mgmt 0 [vrf {vrf-name} | all | default | management}]
Syntax Description
0
Clears management 0 interface ARP IP address statistics.
vrf
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address
statistics.
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
all
Clears all ARP IP address statistics.
default
Clears default ARP IP address statistics.
management
Clears management interface ARP IP address statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ARP IP address statistics on the management interface:
vsg# clear ip arp mgmt all
Related Commands
Command
Description
show ip arp
Displays IP ARP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-29
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp port-channel
clear ip arp port-channel
To clear Address Resolution Protocol (ARP) IP address statistics on port channels, use the clear ip arp
port-channel command.
clear ip arp port-channel port-channel-number [. sub-interface | vrf vrf-name]
Syntax Description
port-channel-number
Port channel number.
sub-interface
(Optional) Subinterface number.
vrf
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address
statistics.
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ARP IP address statistics on a port channel:
vsg# clear ip arp port-channel 2
Related Commands
Command
Description
show port-channel
Displays port-channel information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-30
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp statistics
clear ip arp statistics
To clear Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp statistics
command.
clear ip arp statistics {data 0 | ethernet | loopback | mgmt | port-channel | vrf}
Syntax Description
data 0
Clears the data 0 interface.
ethernet
Clears the Ethernet interface.
loopback
Clears the loopback interface.
mgmt
Clears the management interface.
port-channel
Clears the port channel interface.
vrf
Clears the virtual routing and forwarding (VRF) interface.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ARP IP address statistics on data 0:
vsg# clear ip arp statistics data 0
Related Commands
Command
Description
show ip
Displays IP information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-31
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip arp vrf
clear ip arp vrf
To clear Address Resolution Protocol (ARP) virtual routing and forwarding (VRF) IP address statistics,
use the clear ip arp vrf command.
clear ip arp vrf {vrf-name | all | default | management}
Syntax Description
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
all
Clears all ARP IP address statistics.
default
Clears default ARP IP address statistics.
management
Clears management interface ARP IP address statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear IP ARP VRF IP address statistics:
vsg# clear ip arp vrf vrf1
Related Commands
Command
Description
show vrf
Displays VRF information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-32
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip igmp event-history
clear ip igmp event-history
To clear Internet Group Management Protocol (IGMP) IP address event history entries, use the clear ip
igmp event-history command.
clear ip igmp event-history {cli | debugs | events | ha | igmp-internal | mtrace | policy | vrf}
Syntax Description
cli
Clears the command-line interface (CLI) IGMP IP address event history
entries.
debugs
Clears debug IGMP IP address event history entries.
events
Clears events IGMP IP address event history entries.
ha
Clears high-availability (HA) IGMP IP address event history entries.
igmp-internal
Clears internal IGMP IP address event history entries.
mtrace
Clears Mtrace IGMP IP address event history entries.
policy
Clears policy IGMP IP address event history entries.
vrf
Clears virtual routing and forwarding (VRF) IGMP IP address event history
entries.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear HA IGMP IP address event history entries:
vsg# clear ip igmp event-history ha
Related Commands
Command
Description
show ip igmp
Displays the IGMP status and the IGMP configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-33
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip igmp snooping
clear ip igmp snooping
To clear Internet Group Management Protocol (IGMP) IP address snooping entries, use the clear ip
igmp snooping command.
clear ip igmp snooping {event-history [VPC | igmp-snoop-internal | mfdm | mfdm-sum | vlan |
vlan-events] | explicit-tracking vlan vlan-id | statistics vlan [vlan-id | all]}
Syntax Description
event-history
Clears event history IGMP IP address snooping entries.
VPC
(Optional) Clears virtual port channel (vPC) IGMP IP address snooping
entries.
igmp-snoop-internal
(Optional) Clears internal IGMP IP address snooping entries.
mfdm
(Optional) Clears MFDM IGMP IP address snooping entries.
mfdm-sum
(Optional) Clears MFDM-sum IGMP IP address snooping entries.
vlan
(Optional) Clears VLAN IGMP IP address snooping entries.
vlan-events
(Optional) Clears VLAN event IGMP IP address snooping entries.
explicit-tracking
Clears explicit tracking IGMP IP address snooping entries.
vlan-id
(Optional) VLAN identification number. The range is from 1 to 3967 or 4048
to 4093.
statistics vlan
Clears VLAN statistical IGMP IP address snooping entries.
all
(Optional) Clears all IGMP IP address snooping entries.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IGMP IP address snooping entries:
vsg# clear ip igmp snooping all
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-34
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip igmp snooping
Related Commands
Command
Description
show ip igmp
Displays the IGMP status and configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-35
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip interface
clear ip interface
To clear IP address statistics on interfaces, use the clear ip interface command.
clear ip interface statistics [data 0 | ethernet slot-number / port-number [. sub-interface-number]
| loopback loopback-number | mgmt | port-channel port-channel-number
[. sub-interface-number]]
Syntax Description
statistics
Clears IP address statistics on interfaces.
data 0
(Optional) Clears IP address statistics on the data 0 interface.
ethernet
(Optional) Clears IP address statistics on Ethernet interfaces.
slot-number
Slot number. The range is from 1 to 66.
port-number
Port number. The range is from 1 to 128.
subinterface-number
(Optional) Subinterface number. The range is 1 to 4094.
loopback
(Optional) Clears IP address statistics on the loopback interface.
loopback-number
Loopback number. The range is from 0 to 123.
mgmt 0
(Optional) Clears IP address statistics on the management 0 interface.
port-channel
(Optional) Clears IP address statistics on the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear IP address statistics on an Ethernet interface:
vsg# clear ip interface statistics ethernet 1 / 2
Related Commands
Command
Description
show ip interface
Displays IP interface information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-36
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip route
clear ip route
To clear IP routing information, use the clear ip route command.
clear ip route {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot / port | loopback loopback-number |
port-channel portchannel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot / port |
loopback loopback-number | port-channel portchannel-number}] | vrf {vrf-name | default |
management 0}}
Syntax Description
*
Clears all IP routing information.
A.B.C.D
Clears IP routing information at a specific IP address.
data 0
Clears IP routing information on the management 0 interface.
ethernet slot / port
Clears IP routing information on a specific Ethernet interface.
loopback
Clears IP routing information on the loopback interface.
loopback-number
Loopback number. The range is from 0 to 1023.
port-channel
Clears IP routing information on the port channel.
portchannel-number
Port-channel number. The range is from 1 to 4096.
A.B.C.D/LEN
Clears IP routing information at a specific IP address.
vrf
Clears IP routing information for a VRF.
vrf-name
Virtual forwarding and routing (VRF) name. The range for the number of
characters is from 1 to 32.
default
Clears default IP routing information.
management 0
Clears IP routing information on the management 0 interface.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IP routing information:
vsg# clear ip route *
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-37
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip route
Related Commands
Command
Description
show routing
Displays routes.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-38
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ip traffic
clear ip traffic
To clear global IP statistics, use the clear ip traffic command.
clear ip traffic [vrf {vrf-name | default | management}]
Syntax Description
vrf
Clears virtual routing and forwarding (VRF) global IP address statistics.
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
default
Clears default global IP address statistics.
management
Clears management global IP address statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear global IP statistics:
vsg# clear ip traffic
Related Commands
Command
Description
show ip traffic
Displays IP traffic information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-39
Chapter 2
Cisco Virtual Security Gateway Commands
clear ipv6 adjacency statistics
clear ipv6 adjacency statistics
To clear IPv6 address adjacency statistics, use the clear ipv6 adjacency statistics command.
clear ipv6 adjacency statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear IPv6 address adjacency statistics:
vsg# clear ipv6 adjacency statistics
Related Commands
Command
Description
show ipv6 adjacency
Displays IPv6 statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-40
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ipv6 icmp interface statistics
clear ipv6 icmp interface statistics
To clear Internet Control Management Protocol (ICMP) IPv6 interface statistics, use the clear ipv6 icmp
interface statistics command.
clear ipv6 icmp interface statistics [data 0 | ethernet slot-number / port-number
[. sub-interface-number] | loopback virtual-interface-number | port-channel
port-channel-number [. sub-interface-number] ]
Syntax Description
data 0
(Optional) Clears the data 0 interface.
ethernet
(Optional) Clears the Ethernet interface.
slot-number
Ethernet slot number. The range is from 1 to 66.
/
Slot number port number separator.
port-number
Ethernet port number. The range is from 1 to 128.
.
Port number subinterface number separator.
sub-interface-number
(Optional) Subinterface number. The range is from 1 to 4094.
loopback
(Optional) Clears the loopback interface.
virtual-interface-number
Virtual interface number. The range is from 0 to 1023.
port-channel
(Optional) Clears the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear ICMP IPv6 Ethernet interface statistics:
vsg# clear ipv6 icmp interface statistics ethernet 1 / 2 . 3
Related Commands
Command
Description
show ipv6 icmp
Displays ICMPv6 information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-41
Chapter 2
Cisco Virtual Security Gateway Commands
clear ipv6 icmp mld groups
clear ipv6 icmp mld groups
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) group IPv6
statistics, use the clear ipv6 icmp mld groups command.
clear ipv6 icmp mld groups {* [vrf {vrf-name | all | default | management}] | A:B::C:D |
A:B::C:D/LEN}
Syntax Description
*
Clears all routes.
vrf
(Optional) Clears ICMP MLD virtual routing and forwarding (VRF) IPv6
routes.
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
all
(Optional) Clears all routing information.
default
(Optional) Clears default routing information.
management
(Optional) Clears management routing information.
A:B::C:D
Clears a specific IPv6 address.
A:B::C:D/LEN
Clears a specific IPv6 address.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all ICMP MLD group IPv6 statistics:
vsg# clear ipv6 icmp mld groups *
Related Commands
Command
Description
show ipv6 icmp
Displays ICMPv6 information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-42
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ipv6 icmp mld route
clear ipv6 icmp mld route
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) routes, use the
clear ipv6 icmp mld route command.
clear ipv6 icmp mld route {* [vrf {vrf-name | all | default | management}] | A:B::C:D |
A:B::C:D/LEN}
Syntax Description
*
Clears all routes.
vrf
(Optional) Clears ICMP MLD virtual routing and forwarding (VRF) IPv6
routes.
vrf-name
VRF name. The range for the number of characters is from 1 to 32.
all
Clears all routing information.
default
Clears default routing information.
management
Clears management routing information.
A:B::C:D
Clears a specific ICMP MLD IPv6 route.
A:B::C:D/LEN
Clears a specific ICMP MLD IPv6 route.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IPv6 ICMP MLD routes:
vsg# clear ipv6 icmp mld route *
Related Commands
Command
Description
show ipv6 icmp
Displays ICMPv6 information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-43
Chapter 2
Cisco Virtual Security Gateway Commands
clear ipv6 nd interface statistics
clear ipv6 nd interface statistics
To clear Neighbor Discovery (ND) IPv6 interface statistics, use the clear ipv6 nd interface statistics
command.
clear ipv6 nd interface statistics [data 0 | ethernet slot-number / port-number
[. sub-interface-number] | loopback virtual-interface-number | port-channel
port-channel-number [. sub-interface-number] ]
Syntax Description
data 0
(Optional) Clears the data 0 interface.
ethernet
(Optional) Clears the Ethernet interface.
slot-number
Ethernet slot number. The range is from 1 to 66.
/
Slot number port number separator.
port-number
Ethernet port number. The range is from 1 to 128.
.
Port number subinterface number separator.
sub-interface-number
(Optional) Subinterface number. The range is from 1 to 4094.
loopback
(Optional) Clears the loopback interface.
virtual-interface-number
Virtual interface number. The range is from 0 to 1023.
port-channel
(Optional) Clears the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear IPv6 ND interface statistics:
vsg# clear ipv6 nd interface statistics ethernet 2 / 3 . 4
Related Commands
Command
Description
show ipv6 nd
Displays Neighbor Discovery interface statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-44
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear line
clear line
To end a session on a specified Virtual Teletype (VTY), use the clear line command.
clear line vty-name
Syntax Description
vty-name
Defaults
None
Command Modes
EXEC
VTY name. The range for the number of characters is from 1 to 64.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to end a session on a specified VTY:
vsg# clear line VTY100
Related Commands
Command
Description
show users
Displays active user sessions.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-45
Chapter 2
Cisco Virtual Security Gateway Commands
clear logging
clear logging
To clear logfile messages and logging sessions, use the clear logging command.
clear logging {logfile | session}
Syntax Description
logfile
Clears log file messages.
session
Clears logging sessions.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear messages from the logging file:
vsg# clear logging logfile
Related Commands
Command
Description
show logging logfile
Displays the contents of the log file.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-46
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ntp
clear ntp
To clear the Network Time Protocol (NTP) sessions and statistics, use the clear ntp command.
clear ntp {session | statistics {all-peers | io | local | memory}}
Syntax Description
session
Clears NTP sessions.
statistics
Clears NTP statistics.
all-peers
Clears all statistics.
io
Clears IO statistics.
local
Clears local statistics.
memory
Clears memory statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all NTP statistics:
vsg# clear ntp statistics all-peers
Related Commands
Command
Description
show ntp peers
Displays information about NTP peers.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-47
Chapter 2
Cisco Virtual Security Gateway Commands
clear nvram
clear nvram
To clear the nonvolatile RAM (NVRAM), use the clear nvram command.
clear nvram
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the NVRAM:
vsg# clear nvram
Related Commands
Command
Description
show system resources Displays system resources.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-48
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear pktmgr client
clear pktmgr client
To clear packet manager client counters, use the clear pktmgr client command.
clear pktmgr client [client-counter-uuid]
Syntax Description
client-counter-uuid
Defaults
None
Command Modes
EXEC
(Optional) Client counter user identification. The range is from 0 to
4294967295.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a packet manager client counter:
vsg# clear pktmgr client 100
Related Commands
Command
Description
clear routing
Clears routing information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-49
Chapter 2
Cisco Virtual Security Gateway Commands
clear pktmgr interface
clear pktmgr interface
To clear packet manager interface information, use the clear pktmgr interface command.
clear pktmgr interface [data 0 | ethernet slot-number / port-number [. sub-interface-number] |
loopback virtual-interface-number | mgmt 0 | port-channel [. sub-interface-number]]
Syntax Description
data 0
(Optional) Clears the data 0 interface.
ethernet
(Optional) Clears the Ethernet interface.
slot-number
Ethernet slot number. The range is from 1 to 66.
/
Slot-number port-number separator.
port-number
Ethernet port number. The range is from 1 to 128.
.
Port-number subinterface number separator.
sub-interface-number
Subinterface number. The range is from 1 to 4094.
loopback
(Optional) Clears the loopback interface.
virtual-interface-number
Virtual interface number. The range is from 0 to 1023.
port-channel
(Optional) Clears the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear packet manager interface information:
vsg# clear pktmgr interface ethernet 10 / 11 . 12
Related Commands
Command
Description
clear pktmgr client
Clears the packet manager client.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-50
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear policy-engine
clear policy-engine
To clear policy engine statistics, use the clear policy-engine command.
clear policy-engine {policy-name stats | stats}
Syntax Description
policy-name
Policy engine name.
stats
Clears policy engine statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear policy engine statistics:
vsg# clear policy-engine stats
Related Commands
Command
Description
show policy-engine
Displays the policy engine.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-51
Chapter 2
Cisco Virtual Security Gateway Commands
clear processes
clear processes
To clear process logs, use the clear processes command.
clear processes {log {all | archive [archive-name] | pid pid-number} | vdc vdc-name {all | pid
pid-number}}
Syntax Description
log
Clears process logs.
all
Clears all process logs.
archive
Clears archived process logs.
archive-name
(Optional) Archive name.
pid
Clears the process log for a specific process.
pid-number
PID number.
vdc
Clears process logs for a specific Cisco VSG.
vdc-name
VDC name.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all process logs:
vsg# clear processes log all
Related Commands
Command
Description
show processes
Displays all processes.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-52
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear rmon
clear rmon
To clear Remote Monitoring (RMON) logs, use the clear rmon command.
clear rmon {alarms | all-alarms | events | hcalarms}
Syntax Description
alarms
Clears RMON alarms.
all-alarms
Clears all RMON alarms.
events
Clears RMON events.
hcalarms
Clears HC RMON alarms.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear RMON alarms:
vsg# clear rmon alarms
Related Commands
Command
Description
show rmon
Displays RMON information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-53
Chapter 2
Cisco Virtual Security Gateway Commands
clear role
clear role
To clear role session information, use the clear role command.
clear role session
Syntax Description
session
Defaults
None
Command Modes
EXEC
Clears the role session information.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear role session information:
vsg# clear role session
Related Commands
Command
Description
show role
Displays role information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-54
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing
clear routing
To clear IP routes, use the clear routing command.
clear routing {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number
[.{sub-interface-number}] | loopback virtual-interface-number | port-channel
port-channel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number /
port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel
port-channel-number}]
Syntax Description
*
Clears all routes.
A.B.C.D
Clears a specific IP route.
A.B.C.D/LEN
Clears an IP route and subnets.
data 0
(Optional) Clears routing on the data 0 interface.
ethernet
(Optional) Clears routing on Ethernet interfaces.
slot-number
Slot number. The range is from 1 to 66.
/
Slot and port number separator.
port-number
Port number. The range is from 1 to 128.
.
(Optional) Subinterface separator.
subinterface-number
Subinterface number. The range is from 1 to 4094.
loopback
(Optional) Clears routing on the loopback interface.
virtual-interface-number
Loopback number. The range is from 0 to 123.
port-channel
(Optional) Clears routing on the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all routes:
vsg# clear routing *
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-55
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing
Clearing ALL routes
This example shows how to clear routes on the data 0 interface:
vsg# clear routing 209.165.200.228 data 0
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-56
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing event-history
clear routing event-history
To clear routing event histories, use the clear routing event-history command.
clear routing event-history {add-route | cli | delete-route | errors | general | loop-detection |
modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary}
Syntax Description
add-route
Clears the added routes event history.
cli
Clears the command-line interface (CLI) routing event history.
delete-route
Clears the deleted routes event history.
errors
Clears the error routes event history.
general
Clears the general routes event history.
loop-detection
Clears the loop-detection routes event history.
modify-route
Clears the modified routes event history.
notifications
Clears the notification routes event history.
recursive-next-hop
Clears the recursive-next-hop routing event history.
summary
Clears the summary routing event history.
ufdm
Clears the UDFM routing event history.
ufdm-summary
Clears the UDFM summary routing event history.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the loop-detection routes event history:
vsg# clear routing event-history loop-detection
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-57
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ip
clear routing ip
To clear IP routing statistics, use the clear routing ip command.
clear routing ip {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number
[.{sub-interface-number}] | loopback virtual-interface-number | port-channel
port-channel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number /
port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel
port-channel-number}]
Syntax Description
*
Clears routing statistics for all routes.
A.B.C.D
Clears routing statistics for a specific IP route.
A.B.C.D/LEN
Clears routing statistics for an IP route and subnets.
data 0
(Optional) Clears the data 0 interface.
ethernet
(Optional) Clears the Ethernet interface.
slot-number
Ethernet slot number. The range is from 1 to 66.
/
Slot number port number separator.
port-number
Ethernet port number. The range is from 1 to 128.
.
Port number subinterface number separator.
sub-interface-number
Subinterface number. The range is from 1 to 4094.
loopback
(Optional) Clears the loopback interface.
virtual-interface-number
Virtual interface number. The range is from 0 to 1023.
port-channel
(Optional) Clears the port-channel interface.
port-channel-number
Port-channel number. The range is from 1 to 4096.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IP routes:
vsg# clear routing ip *
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-58
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ip
This example shows how to clear IP routes on slot 2, port 3:
vsg# clear routing ip ethernet 2 / 3
This example shows how to clear IP routes:
vsg# clear routing ip 209.165.200.228
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-59
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ip event-history
clear routing ip event-history
To clear routing event histories, use the clear routing ip event-history command.
clear routing ip event-history {add-route | cli | delete-route | errors | general | loop-detection |
modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary}
Syntax Description
add-route
Clears the added routes event history.
cli
Clears the command-line interface (CLI) routing event history.
delete-route
Clears the deleted routes event history.
errors
Clears the error routes event history.
general
Clears the general routes event history.
loop-detection
Clears the loop-detection routes event history.
modify-route
Clears the modified routes event history.
notifications
Clears the notification routes event history.
recursive-next-hop
Clears the recursive-next-hop routing event history.
summary
Clears the summary routing event history.
udfm
Clears the UDFM routing event history.
udfm-summary
Clears the UDFM summary routing event history.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the notifications routes event history:
vsg# clear routing ip event-history notifications
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-60
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ip unicast
clear routing ip unicast
To clear unicast routing entries, use the clear routing ip unicast command.
clear routing ip unicast {* | A.B.C.D | A.B.C.D/LEN | event-history}
Syntax Description
*
Clears all IP unicast routes.
A.B.C.D
Clears a specific IP unicast route.
A.B.C.D/LEN
Clears a specific IP unicast route and subnets.
event-history
Clears the IP unicast event history.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IP unicast routes:
vsg# clear routing ip unicast *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-61
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ipv4
clear routing ipv4
To clear IPv4 route entries, use the clear routing ipv4 command.
clear routing ipv4 {* | A.B.C.D | A.B.C.D/LEN | event-history | unicast}
Syntax Description
*
Clears all IPv4 routes.
A.B.C.D
Clears a specific IPv4 route.
A.B.C.D/LEN
Clears a specific IPv4 route and subnets.
event-history
Clears the IPv4 routing event history.
unicast
Clears IPv4 unicast routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IPv4 routes:
vsg# clear routing ipv4 *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-62
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing ipv6
clear routing ipv6
To clear IPv6 route entries, use the clear routing ipv6 command.
clear routing ipv6 {* | A:B::C:D | A:B::C:D/LEN | event-history | unicast}
Syntax Description
*
Clears all IPv6 routes.
A:B::C:D
Clears a specific IPv6 route.
A:B::C:D/LEN
Clears a specific IPv6 route and subnets.
event-history
Clears the IPv6 routing event history.
unicast
Clears IPv6 unicast routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all IPv6 routes:
vsg# clear routing ipv6 *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-63
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf
clear routing vrf
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf command.
clear routing vrf vrf-name
Syntax Description
vrf-name
Defaults
None
Command Modes
EXEC
VRF name. The range for the number of characters is from 1 to 32.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear VRF routes:
vsg# clear routing vrf vrfTest
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-64
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf default
clear routing vrf default
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf default command.
clear routing vrf default {* | A.B.C.D | A.B.C.D/LEN | ip | ipv4 | ipv6 | unicast}
Syntax Description
*
Clears all VRF routes.
A.B.C.D
Clears a specific VRF route.
A.B.C.D/LEN
Clears a specific VRF route.
ip
Clears IP VRF routes.
ipv4
Clears IPv4 VRF routes.
ipv6
Clears IPv6 VRF routes.
unicast
Clears unicast VRF routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear VRF routes:
vsg# clear routing vrf default *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-65
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management *
clear routing vrf management *
To clear all virtual routing and forwarding (VRF) management routes, use the clear routing vrf
management * command.
clear routing vrf management *
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all VRF management routes:
vsg# clear routing vrf management *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-66
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management
clear routing vrf management
To clear specific virtual routing and forwarding (VRF) management routes, use the clear routing vrf
management command.
clear routing vrf management ip-address [ip-address {data 0 | ethernet slot-number /
port-number [. sub-interface] | loopback loopback-number | port-channel port-number [.
sub-interface]}
Syntax Description
ip-address
IP address.
data 0
Clears VRF management routes.
ethernet
Clears VRF management routes on Ethernet ports.
slot-number
Ethernet port slot number.
/
Slot and port separator.
port-number
Ethernet port number.
. sub-interface
(Optional) Ethernet subinterface.
loopback
Clears VRF management routes on a loopback.
loopback-number
Loopback number.
port-channel
Clears VRF management routes on a port channel.
port-number
Port-channel number.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a specific set of Ethernet routes:
vsg# clear routing vrf management 209.165.200.226 209.165.200.236 ethernet 2 / 4
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-67
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ip
clear routing vrf management ip
To clear virtual routing and forwarding (VRF) IP management routes, use the clear routing vrf
management ip command.
clear routing vrf management ip {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number /
port-number [. sub-interface] | loopback loopback-number | port-channel port-number [.
sub-interface]}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.
sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}] |
unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback
loopback-number | port-channel port-number [. sub-interface]}]}
Syntax Description
*
Clears all IP routes.
A.B.C.D
(Optional) Clears a specific VRF management IP route.
data 0
Clears VRF management IP routes.
ethernet
Clears VRF management IP routes on Ethernet ports.
slot-number
Ethernet port slot number.
/
Slot number and port number separator.
port-number
Ethernet port number.
.
Subinterface separator.
sub-interface
(Optional) Ethernet subinterface.
loopback
Clears VRF management IP routes on a loopback.
loopback-number
Loopback number.
port-channel
Clears VRF management IP routes on a port channel.
port-number
Port-channel number.
unicast
Clears unicast IP routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-68
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ip
Examples
This example shows how to clear all IP unicast routes:
vsg# clear routing vrf management ip unicast *
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-69
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ipv4
clear routing vrf management ipv4
To clear IPv4 virtual routing and forwarding (VRF) management routes, use the clear routing vrf
management ipv4 command.
clear routing vrf management ipv4 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number /
port-number [. sub-interface] | loopback loopback-number | port-channel port-number [.
sub-interface]}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.
sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}] |
unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback
loopback-number | port-channel port-number [. sub-interface]}]}
Syntax Description
*
Clears all IPv4 routes.
A.B.C.D
Clears a specific VRF management IPv4 route.
data 0
Clears VRF management IPv4 routes.
ethernet
Clears VRF management IPv4 routes on Ethernet ports.
slot-number
Ethernet port slot number.
/
Slot number and port number separator.
port-number
Ethernet port number.
.
Subinterface separator.
sub-interface
Ethernet subinterface.
loopback
(Optional) Clears VRF management IPv4 routes on a loopback.
loopback-number
Loopback number.
port-channel
Clears VRF management IPv4 routes on a port channel.
port-number
Port-channel number.
unicast
Clears unicast IP routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-70
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ipv4
Examples
This example shows how to clear an IPv4 VRF management route:
vsg# clear routing vrf management ipv4 209:165::200:229
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-71
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ipv6
clear routing vrf management ipv6
To clear IPv6 virtual routing and forwarding (VRF) management routes, use the clear routing vrf
management ipv6 command.
clear routing vrf management ipv6 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number /
port-number [. sub-interface] | loopback loopback-number | port-channel port-number [.
sub-interface]}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.
sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}] |
unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback
loopback-number | port-channel port-number [. sub-interface]}]}
Syntax Description
*
Clears all IPv6 routes.
A.B.C.D
Clears a specific IPv6 route.
data 0
Clears VRF management IPv6 routes.
ethernet
Clears VRF management IPv6 routes on Ethernet ports.
slot-number
Ethernet port slot number.
/
Slot number and port number separator.
port-number
Ethernet port number.
.
Subinterface separator.
sub-interface
Ethernet subinterface.
loopback
(Optional) Clears VRF management IPv6 routes on a loopback.
loopback-number
Loopback number.
port-channel
Clears VRF management IPv6 routes on a port channel.
port-number
Port-channel number.
unicast
Clears unicast IP routes.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-72
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management ipv6
Examples
This example shows how to clear an IPv6 VRF management route:
vsg# clear routing vrf management ipv6 209:165::200:225
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-73
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management unicast
clear routing vrf management unicast
To clear unicast virtual routing and forwarding (VRF) management routes, use the clear routing vrf
management unicast command.
clear routing vrf management unicast {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number /
port-number [. sub-interface] | loopback loopback-number | port-channel port-number [.
sub-interface]} | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.
sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}]}
Syntax Description
*
Clears all unicast routes.
A.B.C.D
Clears a specific VRF management unicast route.
data 0
Clears VRF management unicast routes.
ethernet
Clears VRF management unicast routes on Ethernet ports.
slot-number
Ethernet port slot number.
/
Slot number and port number separator.
port-number
Ethernet port number.
.
Subinterface separator.
sub-interface
Ethernet subinterface.
loopback
Clears VRF management unicast routes on a loopback.
loopback-number
Loopback number.
port-channel
Clears VRF management unicast routes on a port channel.
port-number
Port-channel number.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a specific unicast route:
vsg# clear routing vrf management unicast 209.165.200.225
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-74
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear routing vrf management unicast
Related Commands
Command
Description
show routing
Displays the IP route table.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-75
Chapter 2
Cisco Virtual Security Gateway Commands
clear scheduler
clear scheduler
To clear the scheduler log, use the clear scheduler command.
clear scheduler logfile
Syntax Description
logfile
Defaults
None
Command Modes
EXEC
Clears the scheduler log.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the scheduler log file:
vsg# clear scheduler logfile
Related Commands
Command
Description
show scheduler logfile
Displays the scheduler log file.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-76
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear screen
clear screen
To clear the screen, use the clear screen command.
clear screen
Syntax Description
This command has no key words or arguments.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the screen:
vsg# clear screen
Related Commands
Command
Description
show terminal
Displays terminal configuration parameters.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-77
Chapter 2
Cisco Virtual Security Gateway Commands
clear service-path
clear service-path
To clear service path information, use the clear service-path command.
clear service-path {connection | statistics [svs-domain-id id module module-number]}
Syntax Description
connection
Clears all the connection entries in the flow table.
statistics
Clears service path statistics.
svs-domain-id
(Optional) Clears the SVS domain identification number.
id
DVS domain identification number.
module
(Optional) Clears module information.
module-number
Module number.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear service path statistics:
vsg# clear service-path statistics
Related Commands
Command
Description
show service-path statistics
Displays service path statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-78
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear snmp
clear snmp
To clear Simple Network Management Protocol (SNMP) information, use the clear snmp command.
clear snmp {counters | hostconfig}
Syntax Description
counters
Clears the SNMP counters.
hostconfig
Clears the SNMP host list.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear SNMP counters:
vsg# clear snmp counters
Related Commands
Command
Description
show snmp community
Displays SNMP community strings.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-79
Chapter 2
Cisco Virtual Security Gateway Commands
clear sockets
clear sockets
To clear socket statistics, use the clear sockets command.
clear sockets {all | raw | raw6 | tcp | tcp6 | udp | udp6}
Syntax Description
all
Clears all socket statistics.
raw
Clears RAW v4 statistics.
raw6
Clears RAW v6 statistics.
tcp
Clears TCP v4 statistics.
tcp6
Clears TCP v6 statistics.
udp
Clears UDP v4 statistics.
udp6
Clears UDP v6 statistics.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear socket statistics:
vsg# clear sockets all
Related Commands
Command
Description
show sockets statistics
Displays TCP socket statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-80
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear ssh
clear ssh
To clear the Secure Shell (SSH) host session, use the clear ssh command.
clear ssh hosts
Syntax Description
hosts
Defaults
None
Command Modes
EXEC
Clears the SSH host session.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear all SSH host sessions:
vsg# clear ssh hosts
Related Commands
Command
Description
show ssh
Displays SSH information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-81
Chapter 2
Cisco Virtual Security Gateway Commands
clear system internal ac application
clear system internal ac application
To clear application containers, use the clear system internal ac application command.
clear system internal ac application application-name instance instance-number [fe fe-name]
Syntax Description
application-name
Application container name.
instance
Clears the application container instance.
instance-number
Application container instance number.
fe
(Optional) Clears the functional element.
fe-name
Functional element name.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear an application container:
vsg# clear system internal ac application core instance 1
Related Commands
Command
Description
show system internal ac
application
Displays application container information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-82
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clear system internal ac ipc-stats
clear system internal ac ipc-stats
To clear application container Instructions per Cycle (IPC) statistics, use the clear system internal ac
ipc-stats command.
clear system internal ac ipc-stats fe {attribute-manager | inspection-ftp | inspection-rsh |
inspection-tftp | service-path}
Syntax Description
fe
Clears the functional element.
attribute-manager Clears the attribute manager FE.
inspection-ftp
Clears the inspection FTP FE.
inspection-rsh
Clears the inspection remote shell (RSH) FE.
inspection-tftp
Clears the inspection TFTP FE.
service-path
Clears the service path FE.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear application container IPC statistics:
vsg# clear system internal ac ipc-stats
Related Commands
Command
Description
show system internal ac
application
Displays application container information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-83
Chapter 2
Cisco Virtual Security Gateway Commands
clear user
clear user
To clear a user session, use the clear user command.
clear user user-id
Syntax Description
user-id
Defaults
None
Command Modes
EXEC
User identification number.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear a user session:
vsg# clear user user1
Related Commands
Command
Description
show users
Displays user session information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-84
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
cli
cli
To define a command-line interface (CLI) variable for a terminal session, use the cli command. To
remove the CLI variable, use the no form of this command.
cli var name variable-name variable-text
cli no var name variable-name
Syntax Description
variable-name
Variable name. The name is alphanumeric, case sensitive, and has a
maximum of 31 characters.
variable-text
Variable text. The text is alphanumeric, can contain spaces, and has a
maximum of 200 characters.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
You can reference a CLI variable using the following syntax:
$(variable-name)
Instances where you can use variables are as follows:
•
Command scripts
•
Filenames
You cannot reference a variable in the definition of another variable.
You can use the predefined variable, TIMESTAMP, to insert the time of day. You cannot change or
remove the TIMESTAMP CLI variable.
You must remove a CLI variable before you can change its definition.
Examples
This example shows how to define a CLI variable:
vsg# cli var name testinterface interface 2/3
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-85
Chapter 2
Cisco Virtual Security Gateway Commands
cli
This example shows how to reference the TIMESTAMP variable:
vsg# copy running-config > bootflash:run-config-$(TIMESTAMP).cnfg
This example shows how to remove a CLI variable:
vsg# cli no var name testinterface interface 2/3
Related Commands
Command
Description
show cli variables
Displays the CLI variables.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-86
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
clock set
clock set
To manually set the clock, use the clock set command.
clock set time day month year
Syntax Description
time
Time of the day. The format is HH:MM:SS.
day
Day of the month. The range is from 1 to 31.
month
Month of the year. The values are January, February, March, April, May,
June, July, August, September, October, November, or December.
year
Year. The range is from 2000 to 2030.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Use the clock set command when you cannot synchronize your device with an outside clock source, such
as a Network Time Protocol (NTP) server.
Examples
This example shows how to manually set the clock:
vsg# clock set 9:00:00 29 January 2011
Related Commands
Command
Description
show clock
Displays the clock time.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-87
Chapter 2
Cisco Virtual Security Gateway Commands
condition
condition
To specify a condition statement used in a rule or zone, use the condition command. To remove the
condition statement for a rule or zone, use the no form of this command.
condition attribute-name {eq | neq | gt | lt | prefix | contains | in-range | member-of | not-in-range
| not-member-of} attribute-value1 [attribute-value2]
Syntax Description
attribute-name
Name of the attribute for the rule object.
eq
Specifies equal to a number or exactly matched with a string.
neq
Specifies not equal to a number or not exactly matched with a string.
gt
Specifies greater than.
lt
Specifies less than.
prefix
Specifies a prefix of a string or an IP address.
contains
Specifies contains a substring.
in-range
Specifies a range of two integers, dates, times, or IP addresses.
member-of
Specifies a member of an object group.
not-in-range
Specifies negation of the in-range operator.
not-member-of
Specifies negation of the member.
attribute-value1
Value of an attribute (for example, 10.10.10.1) or name of an object-group
(for example, “ipaddr-group”).
attribute-value2
(Optional) Value of an attribute or the netmask of a network address.
Command Default
None
Command Modes
Rule configuration (config-rule)
Zone configuration (config-zone)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
Use the condition command to specify a condition statement that is used in a rule. Each condition
statement supports one of the Virtual Machine (VM), zone, network, or environment attributes. When
multiple condition statements are used in a rule, all conditions are considered to be AND’d during a
policy evaluation.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-88
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
condition
The following operators must have at least two attribute values:
•
prefix—When applied against an IP address (for example, prefix 10.10.10.1 255.255.255.0)
•
in-range—For all types of attribute values (for example, range 10.10.10.1 10.10.10.200)
•
not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1
10.10.10.200)
Attribute values can be any of the following:
Note
Examples
•
Integer
•
Integer range
•
IP address and a netmask
•
IP address range
•
String
•
Name of an object-group
•
Attributes used in rule conditions are mostly directional attributes.
•
Attributes used in zone conditions are all neutral attributes.
This example shows how to set up conditions for a web server zone:
VSG(config)# zone web_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.1 10.10.1.20
VSG(config-zone# exit
This example shows how to set up conditions for an app server zone:
VSG(config)# zone app_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.21 10.10.1.40
VSG(config-zone)# exit
This example shows how to set up conditions for a database server zone:
VSG(config)# zone db_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.41 10.10.1.60
VSG(config-zone)# exit
Related Commands
Command
Description
rule
Enters the rule configuration submode.
zone
Enters the zone configuration submode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-89
Chapter 2
Cisco Virtual Security Gateway Commands
cond-match-criteria
cond-match-criteria
To specify the condition match criteria for a rule or zone, use the cond-match-criteria command.
cond-match-criteria {match-all | match-any}
Syntax Description
match-all
Specifies that all conditions should be true.
match-any
Specifies that at least one condition from a column should be true.
Defaults
match-all
Command Modes
Rule configuration (config-rule)
Zone configuration (config-zone)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
This example shows how to specify the condition match criteria for a rule:
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
Related Commands
inet_web_rule
cond-match-criteria match-any
condition 1 dst.zone.name eq web_servers
condition 2 dst.net.port member_of http_ports
action permit
exit
Command
Description
condition
Specifies a condition statement used in a rule or zone.
rule
Enters the rule configuration submode.
zone
Enters the zone configuration submode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-90
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
configure
configure
To enter configuration mode, use the configure command.
configure
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enter configuration mode:
vsg# configure
Enter configuration commands, one per line.
vsg(config)#
Related Commands
End with CNTL/Z.
Command
Description
interface data 0
Enters interface configuration mode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-91
Chapter 2
Cisco Virtual Security Gateway Commands
copy bootflash:
copy bootflash:
To copy files from the bootflash directory, use the copy bootflash: command.
copy bootflash://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy a file from a remote bootflash directory to a local bootflash directory:
vsg# copy bootflash://jsmith@209.193.10.10/ws/jsmith-sjc/vsg-dplug.bin bootflash:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-92
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy bootflash:
Related Commands
Command
Description
copy volatile:
Copies files from the volatile: directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-93
Chapter 2
Cisco Virtual Security Gateway Commands
copy core:
copy core:
To copy files from the core directory, use the copy core: command.
copy core: //file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
ftp:
•
scp:
•
sftp:
•
tftp:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
None
Examples
This example shows how to copy a file from a remote core directory to a local volatile directory:
vsg# copy core://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Related Commands
Command
Description
copy log:
Copies files from the log directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-94
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy debug:
copy debug:
To copy files from the debug directory, use the copy debug: command.
copy debug: //file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy a file from a remote debug directory to a local volatile directory:
vsg# copy debug://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-95
Chapter 2
Cisco Virtual Security Gateway Commands
copy debug:
Related Commandsv
Command
Description
copy bootflash:
Copies files from the bootflash directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-96
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy ftp:
copy ftp:
To copy files from the file transfer protocol (FTP) directory, use the copy ftp: command.
copy ftp://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
log:
•
modflash:
•
nvram:
•
system:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to transfer a file from a remote FTP directory to a local bootflash directory:
vsg# copy ftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
Related Commands
Command
Description
copy sftp:
Copies the files from the SFTP directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-97
Chapter 2
Cisco Virtual Security Gateway Commands
copy log:
copy log:
To copy files from the log directory, use the copy log: command.
copy log://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote log directory to a local volatile directory:
vsg# copy log://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-98
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy log:
Related Commands
Command
Description
copy debug:
Copies files from the debug directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-99
Chapter 2
Cisco Virtual Security Gateway Commands
copy modflash:
copy modflash:
To copy files from the modflash directory, use the copy modflash: command.
copy modflash: //file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote modflash directory to a local volatile directory:
vsg# copy modflash://user@209.193.10.10/ws/user-sjc/vsg-mod.bin volatile:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-100
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy modflash:
Related Commands
Command
Description
copy nvram:
Copies files from the NVRAM directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-101
Chapter 2
Cisco Virtual Security Gateway Commands
copy nvram:
copy nvram:
To copy files from the nonvolatile RAM (NVRAM) directory, use the copy nvram: command.
copy nvram://file-address destination-address
Syntax Description
//file-address
Address of the NVRAM files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote NVRAM directory to a local volatile directory:
vsg# copy nvram://user@209.193.10.10/ws/user-sjc/vsg-ram.bin volatile:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-102
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy nvram:
Related Commands
Command
Description
copy modflash:
Copies files from a modflash directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-103
Chapter 2
Cisco Virtual Security Gateway Commands
copy running-config
copy running-config
To copy the running configuration, use the copy running-config command.
copy running-config destination-address [all-vdc]
Syntax Description
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
all-vdc
Defaults
None
Command Modes
EXEC
•
bootflash:
•
ftp:
•
nvram:
•
scp:
•
sftp:
•
tftp:
•
volatile:
(Optional) Copies to all virtual device contexts (VDC).
Global configuration
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to copy the running configuration to the bootflash directory:
vsg# copy running-config bootflash:
Related Commands
Command
Description
copy startup-config
Copies a startup configuration to a specified destination.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-104
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy scp:
copy scp:
To copy files from the Secure Control Protocol (SCP) directory, use the copy scp: command.
copy scp://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
log:
•
modflash:
•
nvram:
•
running-config
•
startup-config
•
system:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote SCP directory to a local volatile directory:
vsg# copy scp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin volatile:/
Related Commands
Command
Description
copy sftp:
Copies files from the SFTP directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-105
Chapter 2
Cisco Virtual Security Gateway Commands
copy sftp:
copy sftp:
To copy files from the Secure File Transfer Protocol (SFTP) directory, use the copy sftp: command.
copy sftp://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
log:
•
modflash:
•
nvram:
•
system:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to transfer a file from a remote SFTP directory to a local bootflash directory:
vsg# copy sftp://jjones@209.193.10.11/ps/jjones-rtg/vsg-dplug.bin bootflash:/
Related Commands
Command
Description
copy tftp:
Copies files from the Trivial File Transfer Protocol (TFTP) directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-106
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy startup-config
copy startup-config
To copy the startup configuration, use the copy startup-config command.
copy startup-config destination-address [all-vdc]
Syntax Description
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
all-vdc
Defaults
None
Command Modes
EXEC
•
bootflash:
•
ftp:
•
nvram:
•
scp:
•
sftp:
•
tftp:
•
volatile:
(Optional) Copies to all virtual device contexts (VDC).
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to copy the startup configuration to the bootflash directory:
vsg# copy startup-config bootflash:
Related Commands
Command
Description
copy running-config
Copies a running configuration to a specified destination.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-107
Chapter 2
Cisco Virtual Security Gateway Commands
copy system:
copy system:
To copy files from the file directory, use the copy system: command.
copy system: //file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
You use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote file directory to a local bootflash directory:
vsg# copy system://pkim@209.193.10.12/ps/pkim-rich/vsg-dplug.bin bootflash:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-108
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy system:
Related Commands
Command
Description
copy bootflash:
Copies files to the bootflash directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-109
Chapter 2
Cisco Virtual Security Gateway Commands
copy tftp:
copy tftp:
To copy files from the Trivial File Transfer Protocol (TFTP) directory, use the copy tftp: command.
copy tftp://file-address destination-address
Syntax Description
//file-address
Address of the files to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
log:
•
modflash:
•
nvram:
•
system:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote TFTP directory to a local bootflash directory:
vsg# copy tftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
Related Commands
Command
Description
copy sftp:
Copies files from the SFTP directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-110
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
copy volatile:
copy volatile:
To copy files from the volatile directory, use the copy volatile: command.
copy volatile: //file-address destination-address
Syntax Description
//file-address
Address of the file to copy.
destination-address
Address of the destination directory.
Use one of the following directories in the destination address:
Defaults
None
Command Modes
EXEC
•
bootflash:
•
debug:
•
ftp:
•
log:
•
modflash:
•
nvram:
•
scp:
•
sftp:
•
system:
•
tftp:
•
volatile:
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy files from a remote volatile directory to a local bootflash directory:
vsg# copy volatile://user@209.193.10.10/ws/user-sjc/vsg-dplug.bin bootflash:/
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-111
Chapter 2
Cisco Virtual Security Gateway Commands
copy volatile:
Related Commands
Command
Description
copy bootflash:
Copies files from the bootflash directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-112
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
debug logfile
debug logfile
To direct the output of the debug command to a specified file, use the debug logfile command. To revert
to the default, use the no form of the command.
debug logfile filename [size bytes]
no debug logfile filename [size bytes]
Syntax Description
Defaults
filename
Name of the file for debug command output. The filename is alphanumeric,
case sensitive, and has a maximum of 64 characters.
size
(Optional) Specifies the size of the logfile in bytes.
bytes
(Optional) Bytes. The range is from 4096 to 10485760.
Default filename: syslogd_debugs
Default file size: 10485760 bytes
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
The logfile is created in the log: file system root directory.
Use the dir log: command to display the log files.
Examples
This example shows how to specify a debug logfile:
vsg# debug logfile debug_log
This example shows how to revert to the default debug logfile:
vsg# no debug logfile debug_log
Related Commands
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-113
Chapter 2
Cisco Virtual Security Gateway Commands
debug logfile
Command
Description
dir
Displays the contents of a directory.
show debug
Displays the debug configuration.
show debug logfile
Displays the debug logfile contents.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-114
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
debug logging
debug logging
To enable debug command output logging, use the debug logging command. To disable debug logging,
use the no form of this command.
debug logging
no debug logging
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to enable the output logging for the debug command:
vsg# debug logging
This example shows how to disable the output logging for the debug command:
vsg# no debug logging
Related Commands
Command
Description
debug logfile
Configures the logfile for the debug command output.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-115
Chapter 2
Cisco Virtual Security Gateway Commands
delete
delete
To delete the contents of a directory, use the delete command.
delete {bootflash: | debug: | log: | modflash: | volatile:}
Syntax Description
bootflash:
Specifies the bootflash directory.
debug:
Specifies the debug directory.
log:
Specifies the log directory.
modflash:
Specifies the modflash directory.
volatile:
Specifies the volatile directory.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to delete the contents of the bootflash directory:
vsg# delete bootflash:
Related Commands
Command
Description
copy
Copies files to directories.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-116
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
dir
dir
To display the contents of a directory or file, use the dir command.
dir [bootflash: | debug: | log: | modflash: | volatile:]
Syntax Description
bootflash:
(Optional) Specifies the directory or filename.
debug:
(Optional) Specifies the directory or filename on expansion flash.
log:
(Optional) Specifies the directory or filename on log flash.
modflash:
(Optional) Specifies the directory or filename on module flash.
volatile:
(Optional) Specifies the directory or filename on volatile flash.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Use the pwd command to identify the directory you are currently working in.
Use the cd command to change the directory you are currently working in.
Examples
This example shows how to display the contents of the bootflash: directory:
vsg# dir bootflash:
Related Commands
Command
Description
cd
Changes the current working directory.
pwd
Displays the current working directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-117
Chapter 2
Cisco Virtual Security Gateway Commands
echo
echo
To echo an argument back to the terminal screen, use the echo command.
echo [backslash-interpret] [text]
Syntax Description
backslash-interpret
(Optional) Interprets any character following a backslash character (\) as a
formatting option.
text
(Optional) Text string to display. The text string is alphanumeric, case
sensitive, can contain spaces, and has a maximum length of 200 characters.
The text string can also contain references to CLI variables.
Defaults
Displays a blank line.
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
You can use this command in a command script to display information while the script is running.
Table 1 lists the formatting keywords that you can insert in the text when you include the
backslash-interpret keyword.
Table 1
Formatting Options for the echo Command
Formatting
Option
Description
\b
Specifies back spaces.
\c
Removes the new line character at the end of the text string.
\f
Inserts a form feed character.
\n
Inserts a new line character.
\r
Returns to the beginning of the text line.
\t
Inserts a horizontal tab character.
\v
Inserts a vertical tab character.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-118
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
echo
Table 1
Examples
Formatting Options for the echo Command (continued)
Formatting
Option
Description
\\
Displays a backslash character.
\nnn
Displays the corresponding ASCII octal character.
This example shows how to display a blank line at the command prompt:
vsg# echo
This example shows how to display a line of text at the command prompt:
vsg# echo Script run at $(TIMESTAMP).
Script run at 2008-08-12-23.29.24.
This example shows how to use a formatting option in the text string:
vsg# echo backslash-interpret This is line #1. \nThis is line #2.
This is line #1.
This is line #2.
Related Commands
Command
Description
run-script
Runs command scripts.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-119
Chapter 2
Cisco Virtual Security Gateway Commands
end
end
To return to EXEC mode from any lower-level mode, use the end command.
end
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enter VNMC policy agent mode and then how to return to EXEC mode:
vsg(config)# vnm-policy-agent
vsg(config-vnm-policy-agent)# end
Related Commands
Command
Description
configure
Enters configuration mode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-120
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
event
event
To clear the event counter, use the event command.
event manager clear counter counter-name
Syntax Description
event manager
Places you in the event manager.
clear counter
Clears the counter.
counter-name
Counter name. The text string is alphanumeric, case sensitive, can contain
spaces, and has a maximum length of 28 characters.
Defaults
Displays a blank line.
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to clear the event counter:
vsg# event manager clear counter default
Related Commands
Command
Description
show event
Displays event information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-121
Chapter 2
Cisco Virtual Security Gateway Commands
event-log archive
event-log archive
To archive event logs for the policy engine or all modules, use the event-log archive command. The
event logs are archived in a file with .gz extension in the bootflash: directory.
event-log archive {policy_engine | all}
Syntax Description
policy_engine
Archives the event logs for the policy engine.
all
Archives the event logs for all modules.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
This example shows how to archive event logs for the policy engine:
vsg# event-log archive policy_engine
Generated archive: event-logs.Mar_13_13-16_18_04.tar.gz
This example shows how to archive event logs for all modules:
vsg# event-log archive all
Generated archive: event-logs.Mar_13_13-16_15_23.tar.gz
Related Commands
Command
Description
clear event-log
policy_engine
Clears the event log buffer for the policy engine.
event-log policy_engine
Enables logging debugs for the policy engine.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-122
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
event-log inspect
event-log inspect
To inspect the event log, use the event-log inspect command. To disable this feature, use the no form of
this command.
event-log inspect {ac {error | info | inst-error | inst-info} | error | ftp {error | info | pkt_trace |
warn} | info | rsh {error | info | pkt_trace} | tftp {error | info}}
no event-log inspect {ac {error | info | inst-error | inst-info} | error | ftp {error | info | pkt_trace
| warn} | info | rsh {error | info | pkt_trace} | tftp {error | info}}
Syntax Description
ac
Enables event logging for the AC module.
error
Enables logging for error events.
info
Enables logging for informational events.
inst-error
Enables logging for the AC instance error event.
inst-info
Enables logging for the AC instance informational events.
ftp
Enables event logging for the FTP module.
pkt_trace
Enables logging for the packet trace event.
warn
Enables logging for the warning event.
rsh
Enables event logging for the Remote Shell (RSH) module.
pkt_trace
Enables logging for the packet trace event.
tftp
Enables event logging for the TFTP module.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
This example shows how to inspect the event log:
vsg# event-log inspect ac error
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-123
Chapter 2
Cisco Virtual Security Gateway Commands
event-log policy_engine
event-log policy_engine
To enable logging debugs for the policy engine, use the event-log policy_engine command. To disable
this feature, use the no form of this command.
event-log policy_engine {ac {error | info | inst-error | inst-info} | attr-mgr {control | data |
error} | data | data-detail}
no event-log policy_engine {ac {error | info | inst-error | inst-info} | attr-mgr {control | data |
error} | data | data-detail}
Syntax Description
ac
Enables event logging for the AC module.
error
Enables logging for error events.
info
Enables logging for informational events.
inst-error
Enables logging for the AC instance error event.
inst-info
Enables logging for the AC instance informational events.
attr-mgr
Enables event logging for the Attribute Manager module.
control
Enables display of the control plane event.
data
Enables event logging for the service path module.
data-detail
Enables the display of data path events details.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
Examples
This example shows how to archive event logs for all modules:
vsg# event-log policy_engine ac inst-error
Related Commands
Command
Description
clear event-log
policy_engine
Clears the event log buffer for the policy engine.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-124
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
event-log save config
event-log save config
To save the current configuration of event-logs, use the event-log save config command.
event-log save config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
Usage Guidelines
Use this command to save the current configuration of event-logs in persistent memory. When a device
reload or switchover occurs, the saved event-log configuration is applied.
Examples
This example shows how to save the current configuration of event-logs:
vsg# event-log save config
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-125
Chapter 2
Cisco Virtual Security Gateway Commands
event-log service-path
event-log service-path
To enable logging debugs for the service-path process, use the event-log service-path command. To
disable this feature, use the no form of this command.
event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp
{error | info | pkt-detail | pkt-error | pkt-info | vptah-lib-error | vpath-lib-info |
vpath-lib-frag} [terminal]}
no event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp
{error | info | pkt-detail | pkt-error | pkt-info | vpath-lib-error | vpath-lib-info |
vpath-lib-frag} [terminal]}
Syntax Description
ac
Enables event logging for the AC module.
error
Enables logging for error events.
info
Enables logging for informational events.
inst-error
Enables logging for installation errors.
inst-info
Enables logging for installation information.
fm
Enables event logging for the Flow Manager module.
debug
Enables debug information.
sp
Enables event logging for the service path module.
pkt-detail
Enables the display of packet details events.
pkt-error
Enables the display of packet errors events.
pkt-info
Enables the display of packet information events.
vpath-lib-error
Enables logging of vPath library errors events.
vpath-lib-info
Enables logging of vPath library information events.
vpath-lib-frag
Enables logging of vPath library fragmentation events.
terminal
(Optional) Enables logging to be displayed at the terminal.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was modified to include sp {vpath-lib-error |
vpath-lib-info | vpath-lib-frag}.
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-126
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
event-log service-path
Usage Guidelines
Event logs are written to the process buffer and can be viewed by the show system internal event-log
service-path command. When the terminal option is entered, the event logs are displayed on the
terminal.
Examples
This example shows how to display the event logs for the service-path vPath library errors on the
terminal:
vsg# event-log service-path sp vpath-lib-error terminal
Related Commands
Command
Description
show event-log all
Displays all the event-logs turned on in the system.
show system internal
event-log service-path
Displays the debug logs logged as a result of using the event-log
service-path sp command.
event-log save
Saves the event-log configuration across reboots.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-127
Chapter 2
Cisco Virtual Security Gateway Commands
exit
exit
To exit the current mode, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to exit the current mode:
vsg(config)# exit
vsg#
Related Commands
Command
Description
end
Places you in EXEC mode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-128
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
find
find
To find filenames that begin with a character string, use the find command.
find filename-prefix
Syntax Description
filename-prefix
Defaults
None
Command Modes
EXEC
First part or all of a filename. The filename prefix is case sensitive.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
The find command searches all subdirectories under the current working directory. You can use the cd
and pwd commands to navigate to the starting directory.
Examples
This example shows how to find a filename that has a prefix of “a”:
vsg# find a
Related Commands
Command
Description
pwd
Lists the directory you are currently in.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-129
Chapter 2
Cisco Virtual Security Gateway Commands
gunzip
gunzip
To uncompress a compressed file, use the gunzip command.
gunzip filename
Syntax Description
filename
Defaults
None
Command Modes
EXEC
Name of the file.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
The compressed filename must have the .gz extension.
You do not have to enter the .gz extension as part of the filename.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples
This example shows how to uncompress a compressed file:
vsg# gunzip run_cnfg.cfg
Related Commands
Command
Description
dir
Displays the directory contents.
gzip
Compresses a file.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-130
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
gzip
gzip
To compress a file, use the gzip command.
gzip filename
Syntax Description
filename
Defaults
None
Command Modes
EXEC
Filename.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
After you use this command, the file is replaced with the compressed filename that has the .gz extension.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples
This example shows how to compress a file:
vsg# gzip run_cnfg.cfg
Related Commands
Command
Description
dir
Displays the directory contents.
gunzip
Uncompresses a compressed file.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-131
Chapter 2
Cisco Virtual Security Gateway Commands
install
install
To install an image upgrade, use the install command.
install all {iso | kickstart}
Syntax Description
iso
Specifies an ISO image.
kickstart
Specifies a kickstart image.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to install an ISO image upgrade:
vsg# install all iso bootflash://smith@209.165.200.226/test
Related Commands
Command
Description
show install
Displays the software installation impact between two images.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-132
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
interface
interface
To configure an interface on the Cisco VSG, use the interface command. To remove an interface, use
the no form of this command.
interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel
channel-number}
no interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel
channel-number}
Syntax Description
data
Specifies the data interface number.
number
Data interface number. The number is 0.
ethernet
Specifies the slot and port number for the Ethernet interface.
slot/port
Slot and port number of the interface.
loopback
Specifies a virtual interface number.
number
Virtual interface number. The range is from 0 to 1023.
mgmt
Specifies the management interface number.
number
Management interface number. The number is 0.
port-channel
Specifies a port-channel interface number.
channel-number
Port-channel interface number. The range is from 0 to 1023.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to configure an interface:
vsg# interface data 0
This example shows how to remove an interface:
vsg# no interface data 0
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-133
Chapter 2
Cisco Virtual Security Gateway Commands
interface
Related Commands
Command
Description
show interface
Displays the interface and IP details, including Rx and Tx packets or bytes.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-134
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
ip
ip
To configure IP details, use the ip command. To revert to the default settings, use the no form of this
command.
ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup |
host name | igmp | name-server | route | routing event-history | tcp | tftp
path-mtu-discovery}
no ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup
| host name | igmp | name-server | route | routing event-history | tcp | tftp
path-mtu-discovery}
Syntax Description
access-list
match-local-traffic
Specifies the access-list matching for locally generated traffic.
arp timeout seconds
Specifies the Address Resolution Protocol (ARP) timeout. The range is
from 60 to 28800.
domain-list name
Specifies an additional domain name. The name has a maximum of 64
characters.
domain-lookup
Specifies the domain name server (DNS).
host name
Specifies an entry to the IP hostname table.
igmp
Specifies event-history buffers or snooping in Internet Gateway
Management Protocol (IGMP) global configuration mode.
name-server
Specifies the name-server address, IPv4 or IPv6.
route
Specifies the route IP prefix information.
routing event-history
Specifies the logs for routing events.
tcp
Configures global Transfer Control Protocol (TCP) parameters.
tftp
path-mtu-discovery
Specifies path-MTU discovery on the Trivial File Transfer Protocol (TFTP).
Defaults
1500
Command Modes
Global configuration
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-135
Chapter 2
Cisco Virtual Security Gateway Commands
ip
Examples
This example shows the ip command being used to configure IP details:
vsg(config)# ip host testOne 209.165.200.231
Related Commands
Command
Description
show ip
Displays IP details.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-136
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
line
line
To specify the line configuration, use the line command.
line {com1 | console | vty}
Syntax Description
com1
Specifies the COM1 port and enters the COM1 port configuration mode.
console
Specifies the console port and enters the console port configuration mode.
vty
Specifies the virtual terminal and enters the line configuration mode.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enter the COM1 port configuration mode:
vsg(config)# line com1
vsg(config-com1)#
This example shows how to enter the console port configuration mode:
vsg(config)# line console
vsg(config-console)#
This example shows how to enter the line configuration mode:
vsg(config)# line vty
vsg(config-line)#
Related Commands
Command
Description
show line
Displays information about the COM1 port, console port configuration,
and the line configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-137
Chapter 2
Cisco Virtual Security Gateway Commands
logging
logging
To configure logging, use the logging command.
logging {abort | commit | console severity-level | distribute | event | level | logfile name | module
severity-level | monitor severity-level | server | source-interface loopback number |
timestamp time-type}
Syntax Description
abort
Discards the logging Cisco Fabric Services (CFS) distribution session in
progress without committing and then releases the lock.
commit
Applies the pending configuration pertaining to the logging CFS distribution
session in progress in the fabric and then releases the lock.
console
severity-level
Enables logging messages to the console session. To disable, use the no logging
console command. The range is from 0 to 7.
distribute
Enables fabric distribution using CFS distribution for logging. To disable, use the
no logging distribute command.
event
Logs interface events. To disable, use the no logging event command.
level
Enables logging of messages from a named facility at a specified severity level.
To disable, use the no logging level command.
logfile name
Configures the specified log file that stores system messages. To disable, use the
no logging logfile command.
module
severity-level
Starts logging of module messages to the log file. To disable, use the no logging
module command. The range is from 0 to 7.
monitor
severity-level
Enables the logging of messages to the monitor (terminal line). To disable, use
the no logging monitor command. The range is from 0 to 7.
server
Designates and configures a remote server for logging system messages. To
disable, use the no logging server command.
source-interface
loopback number
Enables a source interface for the remote syslog server, To disable, use the no
logging source-interface command. The range is from 0 to 1023.
timestamp
time-type
Sets the unit of time used for the system messages time stamp, in microseconds,
milliseconds, or seconds. To disable, use the no logging timestamp command.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-138
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
logging
Examples
This example shows how to discard logging a CFS distribution session in progress:
vsg(config)# logging abort
Related Commands
Command
Description
show logging
Displays logging information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-139
Chapter 2
Cisco Virtual Security Gateway Commands
match
match
To specify a condition used in an object group, use the match command. To remove a condition in an
object group, use the no form of this command.
match {eq | gt | lt | prefix | contains | in-range | neq | not-in-range} attribute-value1
[attribute-value2]
Syntax Description
eq
Specifies equal to a number or exactly matched with a string.
gt
Specifies greater than.
lt
Specifies less than.
prefix
Specifies a prefix of a string or an IP address.
contains
Contains a substring.
in-range
Specifies a range of two integers, dates, times, or IP addresses.
neq
Specifies not equal to a number or not exactly matched with a string.
not-in-range
Negates the in-range operator.
attribute-value1
Value of the attribute such as 10.10.10.10 or name of an object-group such
as “ipaddr-group.”
attribute-value2
(Optional) Value of an attribute or netmask of a network address.
Command Default
None
Command Modes
Policy configuration (config-policy)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
When multiple condition statements are used in an object group, all conditions are considered to be OR’d
during policy evaluation. The following operators require at least two attribute values:
•
prefix—When applied against a subnet mask (for example, prefix 10.10.10.1 255.255.255.0)
•
in-range—For all types of attribute values (for example, in-range 10.10.10.1 10.10.10.200)
•
not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1
10.10.10.200)
Attribute values can be any of the following:
•
Integer
•
Integer range
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-140
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
match
Examples
•
IP address, or a netmask
•
IP address range
•
String
This example shows how to set conditions to be used in an object group:
vsg(config-object-group)# match 1 eq 80
vsg(config-object-group)# match 2 eq 443
vsg(config-object-group)# exit
vsg(config)#
Related Commands
Command
Description
object-group
Enters the object-group configuration submode.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-141
Chapter 2
Cisco Virtual Security Gateway Commands
mkdir (VSG)
mkdir (VSG)
To create a new directory, use the mkdir command.
mkdir {bootflash: | debug: | modflash: | volatile:}
Syntax Description
bootflash:
Specifies bootflash: as the directory name.
debug:
Specifies debug: as the directory name.
modflash:
Specifies modflash: as the directory name.
volatile:
Specifies volatile: as the directory name.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
4.2(1)VSG1(1)
This command was introduced for the Cisco VSG.
Examples
This example shows how to create the bootflash: directory:
vsg# mkdir bootflash:
Related Commands
Command
Description
cd
Changes the current working directory.
dir
Displays the directory contents.
pwd
Displays the name of the current working directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-142
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
no event-log all
no event-log all
To remove the event-log configuration for all modules, use the no event-log command.
no event-log all
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG2(1.1)
This command was introduced.
Examples
This example shows how to remove the event-log configuration for all modules:
vsg# no event-log all
Related Commands
Command
Description
event-log inspect
Enables or disables event logging for inspection engine.
event-log
policy_engine
Enables or disables event logging for policy engine.
event-log service-path
Enables or disables event logging for service path.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-143
Chapter 2
Cisco Virtual Security Gateway Commands
ntp sync-retry (VSG)
ntp sync-retry (VSG)
To retry synchronization with configured servers, use the ntp sync-retry command. To stop this process,
use the no form of this command.
ntp sync-retry
no ntp sync-retry
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced for the Cisco VSG.
Examples
This example shows how to enable the Network Time Protocol (NTP) synchronization retry:
vsg# ntp sync-retry
This example shows how to disable the NTP synchronization retry:
vsg# no ntp sync-retry
Related Commands
Command
Description
show clock
Displays the time and date.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-144
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
object-group
object-group
To reduce the number of rule configurations to accommodate the OR conditions for the HTTP/HTTPS
ports, use the object-group command. To remove the given object group object and all the relevant
configurations, use the no form of this command.
object-group group-name attribute-name
Syntax Description
group-name
Name of the object group.
attribute-name
Attribute designated for the group. The attribute used in an object group
must be a neutral attribute.
Command Default
None
Command Modes
Cisco VSG global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
This command enters the object-group submode. This command can be used to build a group of attribute
values so the group can be used in a condition statement later on with the operator member.
Examples
This example shows how to use the object-group command:
vsg(config)# object-group http_ports net.port
vsg(config-object-group)#
Related Commands
Command
Description
match
Specifies a condition used in an object group.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-145
Chapter 2
Cisco Virtual Security Gateway Commands
password strength-check
password strength-check
To enable password strength checking, use the password strength-check command. To disable the
password strength checking, use the no form of this command.
password strength-check
no password strength-check
Syntax Description
This command has no arguments or keywords.
Defaults
This feature is enabled by default.
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enable the checking of the password strength:
vsg(config)# password strength-check
This example shows how to disable the checking of the password strength:
vsg(config)# no password strength-check
Related Commands
Command
Description
show password
strength-check
Displays the configuration for checking the password strength.
username
Creates a user account.
role name
Names a user role and places you in role configuration mode for that role.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-146
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
policy
policy
To enter the policy configuration submode for constructing a firewall policy on the Cisco VSG, use the
policy command. To remove the given policy object and all its bindings with other policy objects, use
the no form of this command.
policy policy-name
Syntax Description
policy-name
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
Policy-map object.
Use the policy command to enable the policy configuration subcommand mode when the variable
policy-name is used to specify the policy-map object.
The policy command configuration submode provides the following functions:
Examples
•
Binding rules to a given policy.
•
Creating rank or precedence among all the bound rules.
•
Binding zones to a given policy.
This example shows how to set a 3-tiered policy object:
vsg(config)# policy
vsg(config-policy)#
vsg(config-policy)#
vsg(config-policy)#
vsg(config-policy)#
vsg(config-policy)#
vsg(config-policy)#
vsg(config)#
3-tiered-policy
rule inet_web_rule order 10
rule office_app_ssh_rule order 20
rule web_app_rule order 40
rule app_db_rule order 50
rule default_deny_rule order 60
exit
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-147
Chapter 2
Cisco Virtual Security Gateway Commands
policy
Related Commands
Command
Description
rule
Configures the binding of the policy with a given rule.
zone
Configures the binding of the policy with a given zone.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-148
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
pwd
pwd
To view the current directory, use the pwd command.
pwd
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.0(4)SV1(1)
This command was introduced.
4.2(1)VSG1(1)
This command was introduced for the Cisco VSG.
This example shows how to view the current directory:
vsg# pwd
bootflash:
vsg#
Related Commands
Command
Description
cd
Changes the current directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-149
Chapter 2
Cisco Virtual Security Gateway Commands
reload
reload
To reboot both the primary and secondary Cisco VSG in a redundant pair, use the reload command.
reload
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.0(4)SV1(1)
This command was introduced.
4.2(1)VSG1(1)
This command was introduced for the Cisco VSG.
Usage Guidelines
To reboot only one of the Cisco VSGs in a redundant pair, use the reload module command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve
any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
Examples
This example shows how to reload both the primary and secondary Cisco VSG:
vsg(config)# reload
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from
Command Line Interface
Related Commands
Command
Description
reload module
Reloads the specified Cisco VSG (1 or 2) in a redundant pair.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-150
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
reload module
reload module
To reload one of the Cisco VSGs in a redundant pair, use the reload module command.
reload module module [force-dnld]
Syntax Description
module
Module number (use 1 for the primary Cisco VSG or 2 for the secondary
Cisco VSG).
force-dnld
(Optional) Reboots the specified module to force NetBoot and image
download.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Usage Guidelines
Modification
4.0(4)SV1(1)
This command was introduced.
4.2(1)VSG1(1)
This command was introduced for the Cisco VSG.
To reboot both the Cisco VSGs in a redundant pair, use the reload command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve
any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
Examples
This example shows how to reload Cisco VSG 2, the secondary Cisco VSG in a redundant pair:
vsg# reload module 2
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from
Command Line Interface
Related Commands
Command
Description
show version
Displays information about the software version.
reload
Reboots both the primary and secondary Cisco VSG.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-151
Chapter 2
Cisco Virtual Security Gateway Commands
restart
restart
To manually restart a component, use the restart command. To disable manual restart, use the no form
of this command.
restart
no restart
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Do not use this command unless you are absolutely certain that there is no one else using the system.
Examples
This example shows how to restart the Cisco VSG:
vsg# restart
Related Commands
Command
Description
reload
Reboots the entire device.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-152
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
rmdir (VSG)
rmdir (VSG)
To remove a directory, use the rmdir command.
rmdir {bootflash: | debug: | modflash: | volatile:}
Syntax Description
bootflash:
Deletes the bootflash: directory.
debug:
Deletes the debug: directory.
modflash:
Deletes the modflash: directory.
volatile:
Deletes the volatile: directory.
Defaults
Removes the directory from the current working directory.
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to remove the bootflash directory:
vsg# rmdir bootflash:
Related Commands
Command
Description
cd
Changes the current working directory.
dir
Displays the directory contents.
pwd
Displays the name of the current working directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-153
Chapter 2
Cisco Virtual Security Gateway Commands
role
role
To configure a user role, use the role command. To delete a user role, use the no form of this command.
role {feature-group feature-group-name | name {name | network-observer}}
no role {feature-group name | [name name | network-observer] }
Syntax Description
feature-group name
Specifies a role for a feature group. The name can be any alphanumeric
string up to 32 characters.
name name
Specifies the role name. The name can be any alphanumeric string up to 16
characters.
network-observer
Specifies the user role.
Defaults
This feature is enabled by default.
Command Modes
Global configuration
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to configure a user role for a feature group:
vsg(config)# role feature-group name abc
vsg(config-role-featuregrp)#
Related Commands
Command
Description
show role
Displays the role configuration.
role name
Names a user role and places you in role configuration mode for that role.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-154
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
rule
rule
To enter the configuration submode to build a firewall rule that consists of multiple conditions and
actions, use the rule command. To remove the given rule object and all the relevant configurations, use
the no form of this command.
rule rule-name
Syntax Description
rule-name
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Rule object.
Usage Guidelines
Use the rule command to enter the rule configuration submode. The rule-name variable is used to
specify the rule object that is to be configured.
Examples
This example shows how to build firewall rules on the Cisco VSG:
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
inet_web_rule
cond-match-criteria match-any
condition 1 dst.zone.name eq web_servers
condition 2 dst.net.port member_of http_ports
action permit
exit
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
office_app_ssh_rule
cond-match-criteria match-all
condition 1 dst.zone.name eq app_servers
condition 2 src.net.ip-address prefix 192.10.1.0 \
255.255.255.0
vsg(config-rule)# condition 3 dst.net.port eq 22
vsg(config-rule)# action permit
vsg(config-rule)# exit
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
web_app_https_rule
cond-match-criteria match-all
condition 1 src.zone.name eq web_servers
condition 2 dst.zone.name eq app_servers
condition 3 dst.net.port member_of http_ports
action permit
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-155
Chapter 2
Cisco Virtual Security Gateway Commands
rule
vsg(config-rule)# exit
Related Commands
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
app_db_rule
cond-match-criteria match-any
condition 1 src.zone.name eq app_servers
condition 2 dst.zone.name eq db_servers
action permit
exit
vsg(config)# rule
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
vsg(config-rule)#
default_deny_rule
cond-match-criteria match-any
action deny
action log
exit
Command
Description
condition
Specifies a condition statement used in a rule.
action
Specifies the actions to be executed when traffic characteristics match with
the associated rule.
cond-match-criteria
Specifies the condition match criteria for a rule.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-156
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
run-script (VSG)
run-script (VSG)
To run a command script that is saved in a file, use the run-script command.
run-script [bootflash: [> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: |
scp: | sftp: | tftp: | volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more |
sed | sort | sscp | tr | uniq | vsh | wc | xml | begin | count | end | exclude | include] ] | volatile:
[> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: | scp: | sftp: | tftp: |
volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more | sed | sort | sscp | tr
| uniq | vsh | wc | xml | begin | count | end | exclude | include] ] ] [filename]
Syntax Description
bootflash:
(Optional) Indicates that the file containing the command script is located in the
bootflash file system.
>
(Optional) Redirects the output to a file.
ftp:
(Optional) Designates the destination file system path; in this case, the ftp: directory.
scp:
(Optional) Designates the destination file system path; in this case, the scp: directory.
sftp:
(Optional) Designates the destination file system path; in this case, the sftp:
directory.
tftp:
(Optional) Designates the destination file system path; in this case, the tftp: directory.
volatile:
(Optional) Indicates that the file containing the command script is located in the
volatile file system.
>>
(Optional) Redirects the output to a file in append mode.
|
(Optional) Pipes the command output to a filter.
cut
(Optional) Prints selected parts of lines.
diff
(Optional) Shows the difference between the current and previous invocation (creates
temporary files.
egrep
(Optional) Prints lines that match a pattern.
grep
(Optional) Prints lines that match a pattern.
head
(Optional) Displays only the first lines.
human
(Optional) Provides command output in human readable format if permanently set to
XML; otherwise, it turns on XML for the next command.
last
(Optional) Displays only the last lines.
less
(Optional) Designates filter for paging.
no-more
(Optional) Turns off the pagination for command output.
sed
(Optional) Enables the stream editor (SED).
sort
(Optional) Enables the stream sorter.
sscp
(Optional) Enables the stream secure copy (SSCP).
tr
(Optional) Translates, squeezes, and/or deletes characters.
uniq
(Optional) Discards all but one of successive identical lines.
vsh
(Optional) Enables the shell that understands command-line interface (CLI)
commands.
wc
(Optional) Enables word count, line count, and character count.
xml
(Optional) Enables output in XML format (according to .xsd definitions).
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-157
Chapter 2
Cisco Virtual Security Gateway Commands
run-script (VSG)
begin
(Optional) Begins with the line that matches the variable included after the command
keyword.
count
(Optional) Enables a count of the number of lines.
end
(Optional) Ends the display with the line that matches the string input after the
command keyword.
exclude
(Optional) Excludes the lines that match the string input after the command keyword.
include
(Optional) Includes the lines that match the string input after the command keyword.
filename
(Optional) Name of the file containing the command script. The name is case
sensitive.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to run a command script that is saved in a file called Sample:
vsg(config)# run-script volatile:Sample
Related Commands
Command
Description
cd
Changes the current working directory.
copy
Copies files.
dir
Displays the contents of the working directory.
pwd
Displays the name of the present working directory (pwd).
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-158
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
send
send
To send a message to an open session, use the send command.
send {message | session device message}
Syntax Description
message
Message.
session
Specifies a specific session.
device
Device type.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to send a message to an open session:
vsg# send session sessionOne testing
Related Commands
Command
Description
show banner
Displays a banner.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-159
Chapter 2
Cisco Virtual Security Gateway Commands
setup
setup
To use the basic system configuration dialog for creating or modifying a configuration file, use the setup
command.
setup
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
The Basic System Configuration Dialog assumes the factory defaults.
All changes made to your configuration are summarized for you at the completion of the setup sequence
with an option to save the changes or not.
You can exit the setup sequence at any point by pressing Ctrl-C.
Examples
This example shows how to use the setup command to create or modify a basic system configuration:
vsg# setup
Enter the domain id<1-4095>: 400
Enter HA role[standalone/primary/secondary]: standalone
[########################################] 100%
---- Basic System Configuration Dialog ---This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-160
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
setup
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): y
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the vsg name : vsg
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Mgmt0 IPv4 address :
Configure the default gateway? (yes/no) [y]: n
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]:
Configure the ntp server? (yes/no) [n]:
Configure vem feature level? (yes/no) [n]:
Configure svs domain parameters? (yes/no) [y]:
Enter SVS Control mode (L2 / L3) : l2
Invalid SVS Control Mode
Enter SVS Control mode (L2 / L3) : L2
Enter control vlan <1-3967, 4048-4093> : 400
Enter packet vlan <1-3967, 4048-4093> : 405
The following configuration will be applied:
vsgname vsg
telnet server enable
no ssh server enable
svs-domain
svs mode L2
control vlan 400
packet vlan 405
domain id 400
vlan 400
vlan 405
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n
Related Commands
Command
Description
show running-config
Displays the running configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-161
Chapter 2
Cisco Virtual Security Gateway Commands
sleep
sleep
To set a sleep time, use the sleep command.
sleep time
Syntax Description
time
Defaults
Sleep time is not set.
Command Modes
EXEC
Sleep time, in seconds. The range is from 0 to 2147483647.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
When you set time to 0, sleep is disabled.
Examples
This example shows how to set a sleep time:
vsg# sleep 100
This example shows how to disable sleep:
vsg# sleep 0
Related Commands
Command
Description
reload
Reboots the Cisco VSG.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-162
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
snmp-server
snmp-server
To configure the Simple Network Management Protocol (SNMP) values, use the snmp-server
command. To revert to the default, use the no form of this command.
snmp-server {aaa-user cache-timeout seconds | community word | contact | context word |
counter | enable traps | globalEnforcePriv | host | location name | mib community-map
name | protocol | source-interface | tcp-session auth | user name}
no snmp-server {aaa-user cache-timeout seconds | community word | contact | context word |
counter | enable traps | globalEnforcePriv | host | location name | mib community-map
name | protocol | source-interface | tcp-session auth | user name}
Syntax Description
aaa-user
cache-timeout
seconds
Configures an SNMP timeout value for synchronized AAA users. To revert to the
default, use no snmp-server aaa-user cache-timeout. The range is from 1 to
86400.
community word
Creates an SNMP community name and assigns access privileges for the
community. To remove the community or its access privileges, use the no
snmp-server community command. The maximum number of characters is 32.
contact
Configures the sysContact, which is the SNMP contact name. To remove or
modify the sysContact, use the no snmp-server contact command.
context word
Configures an SNMP context name to logical network entity mapping. To remove
the context, use the no snmp-server context command. The maximum number
of characters is 32.
counter
Enables the SNMP cache counter and sets the timeout. To remove the counter,
use the no snmp-server counter command.
enable traps
Enables SNMP notifications for traps of module notifications. To disable, use the
no snmp-server enable traps command.
globalEnforcePriv Globally enforces privacy for all SNMP users. To disable, use the no
snmp-server globalEnforcePriv command.
host
Configures a host receiver for SNMPv1 or SNMPv2c traps. To remove the host,
use the no snmp-server host command.
location name
Configures the sysLocation, which is the SNMP location name. To remove the
sysLocation, use the no snmp-server location command. The maximum number
of characters is 32.
mib
community-map
name
Configures the SNMP MIB community map. To remove, use the no snmp-server
mib community-map command. The maximum number of characters is 32.
protocol
Enables SNMP protocol operations. To disable, use the no snmp-server
protocol command.
source-interface
Configures the SNMP source interface through which notifications are sent. To
remove the notifications, use the no snmp-server source-interface command.
tcp-session auth
Enables a one-time authentication for SNMP over a TCP session. To disable
authentication, use the no snmp-server tcp-session auth command.
user name
Defines a user who can access the SNMP engine. To deny access, use the no
snmp-server user command. The maximum number of characters is 32.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-163
Chapter 2
Cisco Virtual Security Gateway Commands
snmp-server
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to configure the AAA user synchronization timeout value:
vsg(config)# snmp-server aaa-user cache-timeout 6000
Related Commands
Command
Description
show snmp
Displays information about SNMP.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-164
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
ssh
ssh
To create a Secure Shell (SSH) session, use the ssh command.
ssh {hostname| connect | name}
Syntax Description
hostname
Hostname or user@hostname for the SSH session. The hostname is
not case sensitive. The maximum number of characters is 64.
connect
Connects to a named remote host.
name
Specifies the name of the SSH connection.
Defaults
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Cisco NX-OS software supports SSH version 2.
Examples
This example shows how to start an SSH session:
vsg# ssh 10.10.1.1 vrf management
The authenticity of host '10.10.1.1 (10.10.1.1)' can't be established.
RSA key fingerprint is 9b:d9:09:97:f6:40:76:89:05:15:42:6b:12:48:0f:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.1.1' (RSA) to the list of known hosts.
User Access Verification
Password:
Related Commands
Command
Description
clear ssh session
Clears SSH sessions.
ssh server enable
Enables the SSH server.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-165
Chapter 2
Cisco Virtual Security Gateway Commands
ssh key
ssh key
To generate a secure-shell (SSH) session key with a specific security configuration, use the ssh key
command.
ssh key {dsa | rsa}
Syntax Description
dsa
Generates DSA security keys. There is an option to force the generation of keys,
even if the previous ones are present.
rsa number
Generates RSA security keys at a specified level of bits. The range is from 768
to 2048.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Cisco NX-OS software supports SSH version 2.
Examples
This example shows how to generate an SSH session key:
vsg(config)# ssh key rsa 770
Related Commands
Command
Description
clear ssh session
Clears SSH sessions.
ssh server enable
Enables the SSH server.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-166
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system clis
system clis
To generate an event history, use the system clis command. To disable the event history, use the no form
of this command.
system clis event-history {client | errors | ha | nvdb | parser}
no system clis event-history {client | errors | ha | nvdb | parser}
Syntax Description
event-history
Generates event history logs for the command-line interface (CLI).
client
Generates a client interaction event history log.
errors
Generates an error event history log.
ha
Generates a high-availability (HA) event history log.
nvdb
Generates an NVDB and PSS event history log.
parser
Generates a parser event history event log.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-administrator
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to generate an error event history log:
vsg# system clis event-history errors
Related Commands
Command
Description
show system clis
event-history
Displays the event history of the CLI servers.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-167
Chapter 2
Cisco Virtual Security Gateway Commands
system cores
system cores
To copy cores to a destination, use the system cores command. To disable, use the no form of this
command.
system cores tftp: //server@ip-address
no system cores tftp: //server@ip-address
Syntax Description
tftp:
Specifies the Trivial File Transfer Protocol (TFTP) protocol.
server
Destination server.
ip-address
Destination IP address.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy cores to a destination:
vsg# system cores tftp://jjones@209.165.200.229
Related Commands
Command
Description
show system cores
Displays the core transfer option.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-168
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system default switchport
system default switchport
To return to system-level default values, use the system default switchport command. To disable the
default switchport feature, use the no form of this command.
system default switchport [shutdown]
no system default switchport [shutdown]
Syntax Description
shutdown
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
(Optional) Shuts down the admin state.
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to return to system-level default values:
vsg# system default switchport shutdown
Related Commands
Command
Description
show system resources Displays system resources.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-169
Chapter 2
Cisco Virtual Security Gateway Commands
system hap-reset
system hap-reset
To reset local or remote supervisors after a high-availability (HA) failure, use the system hap-reset
command. To disable the hap-reset feature, use the no form of this command.
system hap-reset
system no hap-reset
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to switch over to the standby supervisor:
vsg# system hap-reset
Related Commands
Command
Description
show system
redundancy
Displays the system redundancy status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-170
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system health
system health
To check the system health, use the system health command.
system health check bootflash
Syntax Description
check
Runs a consistency check on the compact flash.
bootflash
Checks the internal bootflash.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to check the system health:
vsg# system health check bootflash
Related Commands
Command
Description
show system resources Displays system resources.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-171
Chapter 2
Cisco Virtual Security Gateway Commands
system heartbeat
system heartbeat
To enable the system heartbeat, use the system heartbeat command. To disable the system heartbeat,
use the no form of the command.
system heartbeat
system no heartbeat
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enable the system heartbeat:
vsg# system heartbeat
Related Commands
Command
Description
system health
Checks the system health status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-172
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system internal
system internal
To generate debug snapshots for services, use the system internal command.
system internal snapshot service service-name
Syntax Description
snapshot
Generates debug snapshots.
service
Generates a debug snapshot for a service.
service-name
Service name.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to generate debug snapshots for services:
vsg# system internal snapshot service
Related Commands
Command
Description
show system internal
Displays all internal commands.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-173
Chapter 2
Cisco Virtual Security Gateway Commands
system jumbomtu
system jumbomtu
To set the maximum transmission units (MTU) to jumbo, use the system jumbomtu command.
system jumbomtu 9000
Syntax Description
9000
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
MTU size.
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the MTU size to jumbo:
vsg# system jumbomtu 9000
Related Commands
Command
Description
show system resources Displays the system resource details.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-174
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system memlog
system memlog
To generate a memory log in bootflash, use the system memlog command.
system memlog
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to generate a memory log in bootflash:
vsg# system memlog
Related Commands
Command
Description
show system
memory-alerts-log
Displays a detailed log for memory alerts.
show system
memory-status
Displays memory status information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-175
Chapter 2
Cisco Virtual Security Gateway Commands
system memory-thresholds
system memory-thresholds
To set system memory thresholds, use the system memory-thresholds command.
system memory-thresholds {minor minor-memory-threshold severe severe memory-threshold
critical critical-memory-threshold | threshold critical no-process-kill}
Syntax Description
minor
Sets the minor memory threshold.
minor-memory-threshold
Minor threshold as a percentage of memory. The range is from 50 to
100.
severe
Sets the severe memory threshold.
severe memory-threshold
Severe threshold as a percentage of memory. The range is from 50 to
100.
critical
Sets the critical memory threshold.
critical-memory-threshold
Critical threshold as a percentage of memory. The range is from 50 to
100.
threshold
Sets the threshold behavior.
critical
Sets the critical memory threshold.
no-process-kill
Specifies to not kill processes when out of memory.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the memory threshold:
vsg# system memory-thresholds minor 60
Related Commands
Command
Description
show system resources Displays the system resources.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-176
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system pss
system pss
To shrink PSS files, use the system pss command.
system pss shrink
Syntax Description
shrink
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Shrinks the PSS files.
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to shrink PSS files:
vsg# system shrink pss
Related Commands
Command
Description
show system pss
Displays the PSS shrink status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-177
Chapter 2
Cisco Virtual Security Gateway Commands
system redundancy
system redundancy
To set a system redundancy policy, use the system redundancy command.
system redundancy role {primary | secondary | standalone}
Syntax Description
role
Sets the redundancy role.
primary
Specifies the primary redundant Cisco VSG.
secondary
Specifies the secondary redundant Cisco VSG.
standalone
Specifies no redundant Cisco VSG.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the redundancy role:
vsg# system redundancy role primary
Related Commands
Command
Description
show system
redundancy
Displays the system redundancy status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-178
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system standby
system standby
To enable a system standby manual boot, use the system standby command. To disable a system standby
manual boot, use the no form of this command.
system standby manual-boot
no system standby manual-boot
Syntax Description
manual-boot
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Specifies to perform a manual boot.
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set a system standby manual boot:
vsg# system standby manual-boot
Related Commands
Command
Description
show system standby
Displays the system standby manual boot option.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-179
Chapter 2
Cisco Virtual Security Gateway Commands
system startup-config
system startup-config
To initialize or unlock the system startup configuration, use the system startup-config command.
system startup-config {init | unlock lock id}
Syntax Description
init
Initializes the startup configuration.
unlock
Unlocks the startup configuration.
lock id
Lock identification number. The range is from 0 to 65536.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to unlock the system startup configuration:
vsg# system startup-config unlock 1324
Related Commands
Command
Description
show startup-config
Displays startup system information.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-180
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system statistics
system statistics
To reset the system statistics, use the system statistics command.
system statistics reset
Syntax Description
reset
Resets the system statistics.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to reset the system statistics:
vsg# system statistics reset
Related Commands
Command
Description
show system
redundancy
Displays the system redundancy status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-181
Chapter 2
Cisco Virtual Security Gateway Commands
system switchover
system switchover
To switch over to the standby supervisor in EXEC mode, use the system switchover command.
system switchover
To configure a system switchover in configuration mode, use the system switchover command.
system switchover {ha | warm}
Syntax Description
ha
Enables high availability.
warm
Enables a warm switchover.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to switch over to the standby supervisor:
vsg# system switchover
Related Commands
Command
Description
show redundancy
Displays the system redundancy status.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-182
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
system trace
system trace
To configure the system trace level, use the system trace command.
system trace {mask}
Syntax Description
mask
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
Mask name.
This example shows how to configure the system trace level:
vsg# system trace dc1
Related Commands
Command
Description
system default
Configures system-level default values.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-183
Chapter 2
Cisco Virtual Security Gateway Commands
system watchdog kdgb
system watchdog kdgb
To enable a system watchdog, use the system watchdog command. To disable a system watchdog, use
the no form of this command.
system watchdog kdgb
no system watchdog kdgb
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to enable watchdog:
vsg# system watchdog
Related Commands
Command
Description
system default
Configures system-level default values.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-184
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
tail
tail
To display the end of a file, use the tail command.
tail {bootflash: filename [number] | debug: filename [number] | modflash: filename [number] |
volatile: filename [number]}
Syntax Description
bootflash:
Specifies the bootflash directory.
filename
Name of the file.
number
(Optional) Number of lines to display.
debug:
Specifies the debug directory.
modflash:
Specifies the modflash directory.
volatile:
Specifies the volatile directory.
Defaults
10 lines
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to display the last 10 lines of a file:
vsg# tail bootflash:startup.cfg
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
This example shows how to display the last 20 lines of a file:
vsg# tail bootflash:startup.cfg 20
area 99 virtual-link 1.2.3.4
router rip Enterprise
router rip foo
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-185
Chapter 2
Cisco Virtual Security Gateway Commands
tail
address-family ipv4 unicast
router bgp 33.33
event manager applet sdtest
monitor session 1
monitor session 2
ip dhcp snooping vlan 1
ip arp inspection vlan 1
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
Related Commands
Command
Description
cd
Changes the current working directory.
copy
Copies files.
dir
Displays the directory contents.
pwd
Displays the name of the current working directory.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-186
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
telnet
telnet
To create a Telnet session, use the telnet command.
telnet {ipv4-address | hostname} [port-number | vrf vrf-name]
Syntax Description
Defaults
ipv4-address
IPv4 address of the remote device.
hostname
Hostname of the remote device. The name is alphanumeric, case
sensitive, and has a maximum of 64 characters.
port-number
(Optional) Port number for the Telnet session. The range is from 1
to 65535.
vrf vrf-name
(Optional) Specifies the virtual routing and forwarding (VRF) name
used for the Telnet session. The name is case sensitive.
Port 23
Default VRF
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to start a Telnet session:
vsg# telnet 10.10.1.1 vrf management
Related Commands
Command
Description
clear line
Clears Telnet sessions.
telnet server enable
Enables the Telnet server.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-187
Chapter 2
Cisco Virtual Security Gateway Commands
terminal alias
terminal alias
To display a terminal alias, use the terminal alias command. To disable the terminal alias, use the no
form of this command.
terminal alias word persist
no terminal alias word persist
Syntax Description
word
Name of the alias.
persist
Alias configuration saved.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to display an alias for engineering:
vsg# terminal alias engineering
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-188
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal color
terminal color
To enable colorization of the command prompt, command line, and output, use the terminal color
command. To disable the terminal color, use the no form of this command.
terminal color [evening | persist]
no terminal color [evening | persist]
Syntax Description
evening
Sets the screen background to black.
persist
Saves the configuration.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the colorization of the command line:
vsg# terminal color evening persist
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-189
Chapter 2
Cisco Virtual Security Gateway Commands
terminal dont-ask
terminal dont-ask
To turn off the “Are you sure?” questions when a command is entered, use the terminal dont-ask
command. To disable the terminal don’t ask question, use the no form of this command.
terminal dont-ask persist
no terminal dont-ask persist
Syntax Description
persist
Defaults
None
Command Modes
EXEC
Saves the configuration.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to turn off the “Are you sure?” question when a command is entered:
vsg# terminal dont-ask persist
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-190
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal edit-mode
terminal edit-mode
To set the edit mode to vi, use the terminal edit-mode command. To return the edit mode to emacs, use
the no form of this command.
terminal edit-mode vi
no terminal edit-mode vi
Syntax Description
vi
Defaults
emacs
Command Modes
EXEC
Sets the edit mode to vi.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the command line edition keys:
vsg# terminal edit-mode vi
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-191
Chapter 2
Cisco Virtual Security Gateway Commands
terminal event-manager
terminal event-manager
To bypass the CLI event manager, use the terminal event-manager command.
terminal event-manager bypass
Syntax Description
bypass
Defaults
None
Command Modes
EXEC
Bypasses the CLI event manager.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to bypass the CLI event manager:
vsg# terminal event-manager bypass
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-192
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal history
terminal history
To disable the recall of EXEC mode commands when in configuration mode, use the terminal history
command. To enable recall, use the no form of this command.
terminal history no-exec-in-config
no terminal history no-exec-in-config
Syntax Description
no-exec-in-config Disables the recall of EXEC mode commands when in configuration mode.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set terminal history properties:
vsg# terminal history no-exec-in-config
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-193
Chapter 2
Cisco Virtual Security Gateway Commands
terminal length
terminal length
To set the number of lines that appear on the terminal screen, use the terminal length command.
terminal length number
Syntax Description
number
Defaults
28 lines
Command Modes
EXEC
Number of lines. The range is from 0 to 511.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Set number to 0 to disable pausing.
Examples
This example shows how to set the number of lines that appear on the screen:
vsg# terminal length 60
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-194
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal log-all
terminal log-all
To log all commands including the show commands, use the terminal log-all command.
terminal log-all
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to log all commands:
vsg# terminal log-all
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-195
Chapter 2
Cisco Virtual Security Gateway Commands
terminal monitor
terminal monitor
To copy syslog output to the current terminal line, use the terminal monitor command.
terminal monitor
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to copy syslog output to the current terminal line:
vsg# terminal monitor
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-196
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal output
terminal output
To display show command output in XML, use the terminal output command. To display show
command output in text, use the no form of this command.
terminal output xml
no terminal output xml
Syntax Description
xml
Defaults
None
Command Modes
EXEC
Displays show command output in XML.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to display show command output in XML:
vsg# terminal output xml
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-197
Chapter 2
Cisco Virtual Security Gateway Commands
terminal redirection-mode
terminal redirection-mode
To set the redirection mode, use the terminal redirection-mode command.
terminal redirection-mode {ascii | zipped}
Syntax Description
ascii
Sets the redirection mode to ASCII.
zipped
Sets the redirection mode to zipped.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the redirection mode to ASCII:
vsg# terminal redirection-mode ascii
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-198
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal session-timeout
terminal session-timeout
To set the terminal session timeout, use the terminal session-timeout command.
terminal session-timeout time
Syntax Description
time
Defaults
None
Command Modes
EXEC
Timeout time, in seconds. The range is from 0 to 525600.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Set time to 0 to disable terminal session timeout.
Examples
This example shows how to set the terminal session timeout:
vsg# terminal session-timeout 100
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-199
Chapter 2
Cisco Virtual Security Gateway Commands
terminal terminal-type
terminal terminal-type
To specify the terminal type, use the terminal terminal-type command.
terminal terminal-type type
Syntax Description
type
Defaults
None
Command Modes
EXEC
Terminal type.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to specify the terminal type:
vsg# terminal terminal-type vt100
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-200
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal tree-update
terminal tree-update
To update the main parse tree, use the terminal tree-update command.
terminal tree-update
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to update the main parse tree:
vsg# terminal tree-update
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-201
Chapter 2
Cisco Virtual Security Gateway Commands
terminal verify-only
terminal verify-only
To verify commands, use the terminal verify-only command.
terminal verify-only username word
Syntax Description
username
Specifies the username for AAA authorization.
word
Username.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to verify commands:
vsg# terminal verify-only
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-202
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
terminal width
terminal width
To set the terminal width, use the terminal width command.
terminal width width
Syntax Description
width
Defaults
102 columns
Command Modes
EXEC
Sets the number of characters on a single line. The range is from 24 to 511.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to set the terminal width:
vsg# terminal width 60
Related Commands
Command
Description
show terminal
Displays the terminal configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-203
Chapter 2
Cisco Virtual Security Gateway Commands
test policy-engine
test policy-engine
To test the policy engine on a RADIUS server or in a server group, use the test policy-engine command.
test policy-engine {simulate-pe-req | simulate-zone-req}
Syntax Description
simulate-pe-req
Simulates the policy engine lookup.
simulate-zone-req
Simulates the policy engine zone.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to test the policy engine:
vsg# test policy-engine simulate-zone-req
Related Commands
Command
Description
show policy-engine
Displays policy-engine statistics.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-204
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
test-policy-engine simulate-pe-req policy
test-policy-engine simulate-pe-req policy
To enter the policy-engine configuration submode for unit testing or verification of a policy
configuration, use the test-policy-engine simulate-pe-req policy command.
test-policy-engine simulate-pe-req policy policy-name
Syntax Description
policy-name
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Examples
Policy to be tested or verified for configuration parameters.
This example shows how to test the ext-company policy.
vsm(config)# test policy-engine simulate-pe-req policy ext-company
Related Commands
Command
Description
attribute
Specifies the particular attribute to be tested in the policy configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-205
Chapter 2
Cisco Virtual Security Gateway Commands
traceroute
traceroute
To discover routes, use the traceroute command.
traceroute {A.B.C.D. | host-name} [source src-ipv4-addr | vrf vrf-name | show-mpls-hops]
Syntax Description
Defaults
A.B.C.D. | host-name
IPv4 address or hostname of the destination device. The name is case
sensitive.
vrf vrf-name
(Optional) Specifies the virtual routing and forwarding (VRF) instance to
use. The name is case sensitive.
show-mpls-hops
(Optional) Displays the Multiprotocol Label Switching (MPLS) hops.
source src-ipv4-addr
(Optional) Specifies a source IPv4 address. The format is A.B.C.D.
Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
Use the traceroute6 command to use IPv6 addressing for discovering the route to a device.
Examples
This example shows how to discover a route to a device:
vsg# traceroute 172.28.255.18 vrf management
traceroute to 172.28.255.18 (172.28.255.18), 30 hops max, 40 byte packets
1 172.28.230.1 (172.28.230.1) 0.746 ms 0.595 ms 0.479 ms
2 172.24.114.213 (172.24.114.213) 0.592 ms 0.51 ms 0.486 ms
3 172.20.147.50 (172.20.147.50) 0.701 ms 0.58 ms 0.486 ms
4 172.28.255.18 (172.28.255.18) 0.495 ms 0.43 ms 0.482 ms
Related Commands
Command
Description
traceroute6
Discovers the route to a device using IPv6 addressing.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-206
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
username name password
username name password
To set a password for the username, use the username name password command.
username name password {0 password | 5 password | password}
Syntax Description
name
Username.
0 password
Specifies a password. 0 denotes that the password that follows should be set
in clear text. The maximum size for password is 64 characters.
5 password
Specifies a password. 5 denotes that the password that follows should be
encrypted. The maximum size for password is 64 characters.
password
Password in clear text. The maximum size for password is 64 characters.
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Examples
This example shows how to set a password for the username:
vsg(config)# username admin password 5 q0w9e8R7
Usage Guidelines
The Cisco VSG does not support multiple user accounts. It supports only the default admin user account.
Related Commands
Command
Description
show users
Displays users.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-207
Chapter 2
Cisco Virtual Security Gateway Commands
where
where
To display your current context, use the where command.
where [detail]
Syntax Description
detail
Defaults
Displays summary context information.
Command Modes
EXEC
(Optional) Displays detailed context information.
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
This example shows how to display summary context information:
vsg# where
admin@firewall
Related Commands
Command
Description
pwd
Displays what directory you are in.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-208
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
write erase
write erase
To erase configurations in persistent memory areas, use the write erase command.
write erase [boot | debug]
Syntax Description
boot
(Optional) Erases the boot variable and management 0 interface
configurations.
debug
(Optional) Erases only the debug configuration.
Defaults
Erases all configuration in persistent memory except for the boot variable, mgmt0 interface, and debug
configuration.
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
4.2(1)VSG1(1)
This command was introduced.
Usage Guidelines
When information is corrupted or unusable, use the write erase command to erase the startup
configuration in the persistent memory. Entering this command returns the device to its initial state,
except for the boot variable, mgmt0 interface, and debug configurations. To erase those configurations,
specifically use the boot and debug options.
Examples
This example shows how to erase the startup configuration:
vsg(config)# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
This example shows how to erase the boot variable and mgmt0 interface configuration in the persistent
memory:
vsg(config)# write erase boot
This example shows how to erase the debug configuration in the persistent memory:
vsg(config)# write erase debug
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-209
Chapter 2
Cisco Virtual Security Gateway Commands
write erase
Related Commands
Command
Description
copy running-config startup-config Copies the running configuration to the startup configuration.
show running-config
Displays the startup configuration.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-210
OL-29527-01
Chapter 2
Cisco Virtual Security Gateway Commands
zone
zone
To configure a zone definition that is used to build Virtual Machine(VM)-to-zone mapping on the control
plane, use the zone command to enter the zone configuration submode. To disable this feature, use the
no form of this command.
zone zone-name
no zone zone-name
Syntax Description
zone-name
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2(1)VSG1(2)
This command was introduced.
Usage Guidelines
Zone object that is to be configured.
Use the zone command to enter the zone configuration submode. The zone-name variable specifies a
zone object.
The no option removes the given zone object and all relevant configurations (for example, condition
statements).
Note
Examples
Attributes used in a zone condition are all neutral attributes.
This example shows how to enter the zone configuration submode:
vsg(config)# zone DMZ
vsg(config-zone)#
Related Commands
Command
Description
condition
Specifies the parameters and rules for the security zone.
cond-match-criteria
Specifies the condition match criteria for a zone.
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
OL-29527-01
2-211
Chapter 2
Cisco Virtual Security Gateway Commands
zone
Cisco Virtual Security Gateway for VMware vSphere Command Reference, Release 4.2(1)VSG2(1.1)
2-212
OL-29527-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising