1 Cisco Nexus 1000V Series Switch Commands

1 Cisco Nexus 1000V Series Switch Commands
CH A P T E R
1
Cisco Nexus 1000V Series Switch Commands
This chapter provides information about the Cisco Virtual Security Gateway (VSG) related commands
on the Cisco Nexus 1000V Series switch and the Cisco Cloud Services Platform networking appliance.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-1
Chapter 1
Cisco Nexus 1000V Series Switch Commands
capability l3-vservice
capability l3-vservice
To configure a port profile to be used with l3-vn-service, use the capability l3-vservice command. To
remove the capability from a port profile, use the no form of this command.
capability l3-vservice
no capability l3-vservice
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
port-profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
This example shows how to configure a port profile to be used with l3-vservice:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# capability l3-vservice
This example shows how to remove the l3-vservice configuration from the port profile:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# no capability l3-vservice
Related Commands
Command
Description
show port-profile
Displays information about the port profiles.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-2
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
clear vservice connection
clear vservice connection
To clear the Cisco vservice connections, use the clear vservice connection command.
clear vservice connection [module module-num]
Syntax Description
module
(Optional) Clears a specific module.
module-num
Module number. The range is from 3 to 66.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
This example shows how to clear Cisco VSG connections:
vsm# clear vservice connection
Related Commands
Command
Description
show vservice
connection
Displays current vservice connection.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-3
Chapter 1
Cisco Nexus 1000V Series Switch Commands
clear vservice statistics
clear vservice statistics
To clear the Cisco vservice statistics, use the clear vservice statistics command.
clear vservice statistics [module module-number | ip <ip-address>]
Syntax Description
module
(Optional) Clears a module.
module-number
Module number. The range is from 3 to 66.
ip
IP address.
ip-address
IP address.
Defaults
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
This example shows how to clear Cisco VSG vservice statistics for existing modules:
vsm# clear vservice statistics
Cleared statistics successfully in module 4
Cleared statistics successfully in module 6
Related Commands
Command
Description
show vservice statistics Display current vservice statistics.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-4
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
copy running-config startup-config
copy running-config startup-config
To copy the running configuration to the startup configuration, use the copy running-config
startup-config command.
copy running-config startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Use this command to save configuration changes in the running configuration to the startup
configuration in persistent memory. When a device reload or switchover occurs, the saved configuration
is applied.
Examples
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config
[########################################] 100%
Related Commands
Command
Description
show running-config
Displays the running configuration.
show running-config diff Displays the differences between the running configuration and the startup
configuration.
show startup-config
Displays the startup configuration.
write erase
Erases the startup configuration in the persistent memory.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-5
Chapter 1
Cisco Nexus 1000V Series Switch Commands
log-level
log-level
To set logging severity levels for the Cisco Prime Network Services Controller (Prime NSC) policy
agent, use the log-level command. To reset logging levels, use the no form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
Syntax Description
critical
Sets the logging level to critical.
debug0
Sets the logging level to debug 0.
debug1
Sets the logging level to debug 1.
debug2
Sets the logging level to debug 2.
debug3
Sets the logging level to debug 3.
debug4
Sets the logging level to debug 4.
info
Sets the logging level to information.
major
Sets the logging level to major.
minor
Sets the logging level to minor.
warn
Sets the logging level to warning.
Command Default
None
Command Modes
Cisco Prime NSC policy agent configuration (config-nsc-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
This example shows how to set the logging level to critical:
vsm# configure
vsm(config)# nsc-policy-agent
vsm(config-nsc-policy-agent)# log-level critical
Related Commands
Command
Description
nsc-policy-agent
Enables the Cisco Prime NSC policy agent configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-6
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
org
org
To create a Cisco Prime Network Services Controller (Prime NSC) organization (domain), use the org
command. To delete a Cisco Prime NSC organization, use the no form of this command.
org organization-name
no org [organization-name]
Syntax Description
organization-name
Command Default
None
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Organization name. The number of characters is from 1 to 251.
Cisco Prime NSC organizations are Cisco Prime NSC domains.
You can hierarchically manage Cisco Prime NSC organizations. A user that is assigned at a top level
organization has automatic access to all organizations under it. For example, an engineering organization
can contain a software engineering organization and a hardware engineering organization. A locale that
contains only the software engineering organization has access to system resources only within that
organization. However, a locale that contains the engineering organization has access to the resources
for both the software engineering and hardware engineering organizations.
Examples
This example shows how to create an organization:
vsm# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# org root/tenant1
vsm(config-port-prof)#
Related Commands
Command
Description
vservice
Sets the IP address for a virtual firewall.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-7
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
ping vsn
To ping the virtual service nodes (VSN) from the vPath, use the ping vsn command. There is no no form
of this command.
ping vsn {all | {ip <ip-addr>}} src-module {all | vpath-all | <module-num>} [timeout <secs>]
[count {unlimited | <count>}]
Syntax Description
ip
Designates that a specific IP address is to be pinged.
ip-addr
IP address of the specific VSN.
all
Indicates that all VSNs must be pinged.
src-module
Designates the source module for the ping.
module-num
Module number for the source path.
vpath all
Designates that all source vPaths are to be used.
timeout
(Optional) Designates a timeout.
secs
Duration of the pinging operation in seconds.
count
(Optional) Designates a count of pings.
count
Number of pings to be counted.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
There is no no form of this command.
Examples
This example shows how to ping a Cisco VSG:
vsm# ping ?
<CR>
A.B.C.D or Hostname
WORD
vsn
vsm# ping vsn
IP address of remote system
Enter Hostname
VSNs to be pinged
Input parameters:
•
vsn : VSNs to be pinged.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-8
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
•
•
•
o
all : All VSNs that are currently associated to at least one VM. In other words,
all VSNs specified in port-profiles that are bound to at least one VM.
o
ip-addr <ip-addr> : All VSNs configured with this IP address.
src-module : Source modules to orginate ping request from.
o
all : All online modules.
o
vpath-all : All modules having VMs associated to port-profiles that has vn-service
defined.
o
<module-num> : A online module number.
timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec.
count : Number of ping packets to be sent.
o
<count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max
2147483647.
o
unlimited : Send ping packets until command is stopped.
Specify the IP address if the VSN to be pinged is not associated to any VMs yet.
In the output, the status of the ping request for each VSN for each module is shown. On a successful
ping, the round-trip time of the ping request/response for a VSN is shown in microseconds next to the
module number. On a failure, the failure message is shown next to the module number.
Various forms:
ping vsn all src-module all
ping vsn all src-module vpath-all
(Ping all VSNs from all modules)
(Ping all VSNs from all modules having
VMs associated to VSNs)
ping vsn all src-module 3
(Ping all VSNs from the specified module)
ping vsn ip 106.1.1.1 src-module all
(Ping specified VSN from all modules)
ping vsn ip 106.1.1.1 src-module vpath-all
(Ping specified VSN from all modules
having VMs associated to VSNs)
This example shows that the timeout and count options apply to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10
ping vsn all ip 106.1.1.1 count unlimited
Errors:
VSN response timeout – VSN is down, not reachable or not responding.
VSN ARP not resolved – VEM couldn’t resolve MAC address of VSN.
no response from VEM – VEM is not sending ping response to VSM. Can happen when VEM
is down and VSM not detected it yet.
These examples show how to display all of the source module traffic:
vsm# ping vsn all src-module all
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec)
: 9(508)
module(failed) : 10(VSN ARP not resolved) 11(VSN ARP not resolved)
12(VSN ARP not resolved)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec)
: 9(974) 11(987) 12(1007)
module(failed) : 10(VSN ARP not resolved)
ping vsn 10.1.1.44 vlan 0 from module 9 10
module(usec)
: 9(277) 10(436) 11(270)
ping vsn 10.1.1.40 vlan 0 from module 9 10
module(usec)
: 9(376) 10(606) 11(468)
11 12, seq=1 timeout=1-sec
12(399)
11 12, seq=1 timeout=1-sec
12(622)
ping vsn 10.1.1.44 vlan 0 from module 9 10
module(usec)
: 9(272) 10(389) 11(318)
ping vsn 10.1.1.40 vlan 0 from module 9 10
module(usec)
: 9(428) 10(632) 11(586)
11 12, seq=2 timeout=1-sec
12(357)
11 12, seq=2 timeout=1-sec
12(594)
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec)
: 9(284) 10(426) 11(331) 12(387)
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-9
Chapter 1
Cisco Nexus 1000V Series Switch Commands
ping vsn
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec)
: 9(414) 10(663) 11(644) 12(698)
ping vsn 10.1.1.44 vlan 0 from module 9 10
module(usec)
: 9(278) 10(479) 11(334)
ping vsn 10.1.1.40 vlan 0 from module 9 10
module(usec)
: 9(397) 10(613) 11(560)
11 12, seq=4 timeout=1-sec
12(469)
11 12, seq=4 timeout=1-sec
12(593)
vsm# ping vsn ip 10.1.1.40 src-module vpath-all
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=0 timeout=1-sec
module(usec)
: 9(698) 11(701) 12(826)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=1 timeout=1-sec
module(usec)
: 9(461) 11(573) 12(714)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=2 timeout=1-sec
module(usec)
: 9(447) 11(569) 12(598)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=3 timeout=1-sec
module(usec)
: 9(334) 11(702) 12(559)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=4 timeout=1-sec
module(usec)
: 9(387) 11(558) 12(597)
vsm#
Related Commands
Command
Description
ping
Activates a signal to verify connections with other devices on a path.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-10
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
policy-agent-image
policy-agent-image
To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To
remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
Syntax Description
bootflash:
Command Default
None
Command Modes
Prime NSC policy agent configuration (config-nsc-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
Designates the policy agent image local URL as bootflash.
This example shows how to designate the local URL that contains the policy agent image:
vsm# configure
vsm(config)# nsc-policy-agent
vsm(config-nsc-policy-agent)# policy-agent-image bootflash:
Related Commands
Command
Description
nsc-policy-agent
Enables the NSC policy agent configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-11
Chapter 1
Cisco Nexus 1000V Series Switch Commands
pop
pop
To pop a mode off the stack or to restore a mode, use the pop command.
pop file-name
Syntax Description
file-name
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
Name of the file.
This example shows how to restore from a file called file1:
vsm# pop file1
Related Commands
Command
Description
push
Pushes the current mode onto the stack.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-12
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
port-profile
port-profile
To create a port profile and enter port profile configuration mode, use the port-profile command. To
remove the port profile configuration, use the no form of this command.
port-profile profile-name
no port-profile profile-name
Syntax Description
profile-name
Defaults
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Port profile name. The number of characters is from 1 to 80.
Usage Guidelines
The port profile name must be unique for each port profile.
Examples
This example shows how to create a port profile called AccessProf:
vsm# configure
vsm(config)# port-profile AccessProf
This example shows how to remove the port profile called AccessProf:
vsm# configure
vsm(config)# no port-profile AccessProf
Related Commands
Command
Description
show port-profile
Displays information about the port profiles.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-13
Chapter 1
Cisco Nexus 1000V Series Switch Commands
push
push
To push the current mode onto stack or to save it, use the push command.
push file-name
Syntax Description
file-name
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
Name of the file.
This example shows how to push file1 onto the stack:
vsm# push file1
Related Commands
Command
Description
pop
Pops the current mode off the stack.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-14
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
registration-ip
registration-ip
To set the service registry IP address, use the registration-ip command. To discard the service registry
IP address, use the no form of this command.
registration-ip ip-address
no registration-ip
Syntax Description
ip-address
Command Default
None
Command Modes
Cisco Prime NSC policy agent configuration mode (config-nsc-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
Service registry IP address. The format is A.B.C.D.
This example shows how to set the service registry IP address:
vsm# configure
vsm(config)# nsc-policy-agent
vsm(config-nsc-policy-agent)# registration-ip 209.165.200.23
Related Commands
Command
Description
nsc-policy-agent
Enters the Cisco Prime NSC policy agent configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-15
Chapter 1
Cisco Nexus 1000V Series Switch Commands
shared-secret
shared-secret
To set the shared secret password for communication between the Cisco VSG, the Virtual Supervisor
Module (VSM), and the Cisco Prime Network Services Controller (Prime NSC), use the shared-secret
command. To discard the shared secret password, use the no form of this command.
shared-secret shared-secret-password
no shared-secret
Syntax Description
shared-secret-password Shared secret password. The number of characters is from 1 to 64. You must
use at least one uppercase character.
Command Default
None
Command Modes
Cisco Prime NSC policy agent configuration mode (config-nsc-policy-agent)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
This example shows how to set the shared secret password:
vsm# configure
vsm(config)# nsc-policy-agent
vsm(config-nsc-policy-agent)# shared-secret Password123
Related Commands
Command
Description
nsc-policy-agent
Enters NSC policy agent configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-16
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show org port brief
show org port brief
Displays the ports attached to the port profile where org is configured, use the show org port brief
command.
show org port brief [port-profile pp_name | vethernet veth_num] [module module_num]
Syntax Description
port-profile
(Optional) Displays the port information for the specified port-profile
name.
pp_name
Port-profile name.
vethernet
(Optional) Displays the port information for the specified virtual Ethernet
number.
vethernet_num
Specifies the virtual Ethernet number.
module
(Optional) Displays the module number.
module_num
Displays the module number to see the virtual Ethernet connections on the
module.
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show org port brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
module—Filters the output per a specific module number.
•
|—Pipes the command output to a filter.
This example shows how to display the port profile information:
nexus-812# show org port brief
Veth Mod VM-Name vNIC IP-Address
1 3 lin1 80.1.0.11,
5 3 lin2 80.1.0.22,
6 3 vm-11 80.1.0.52,
7 3 vm-12 80.1.0.53
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-17
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
show running-config
To display the running configuration, use the show running-config command.
show running-config [aaa | diff| ip| port-profile | vlan | acllog | eem | ipqos | port-security | vrf
| aclmgr | exclude | ipv6 | radius | vservice | adjmgr | exclude-provision | l3vm | rpm| vshd
| all | expand-port-profile | license | security | arp | icmpv6 | monitor | cdp | igmp | network
| spanning-tree | cert-enroll | interface | ntp | vdc-all]
Syntax Description
aaa
(Optional) Displays the Authentication, Authorization and Accounting
(AAA) configuration.
aclmgr
(Optional) Displays the running configuration for Access Control List
(ACL) manager.
adjmgr
(Optional) Displays adjacency manager information.
all
(Optional) Displays the current operating configurations.
arp
(Optional) Displays Address Resolution Protocol (ARP) information.
cdp
(Optional) Displays the Cisco Discovery Protocol (CDP) configuration.
cert-enroll
(Optional) Displays certificate enrollment information.
diff
(Optional) Displays the difference between the running and startup configurations.
eem
exclude
(Optional) Displays the running configuration of the excluded features.
exclude-provision
(Optional) Excludes the provision informaiton.
expand-port-profile
(Optional) Displays port profile information.
icmpv6
(Optional) Displays Internet Control Message Protocol (ICMPv6) information.
igmp
(Optional) Displays Internet Group Management Protocol (IGMP) information.
interface
(Optional) Displays interface configurations.
ip
(Optional) Displays Internet Protocol (IP) information.
ipqos
(Optional) Displays the running configuration for the IP Quality of Service
(QoS) manager.
ipv6
(Optional) Displays IPv6 information.
l3vm
(Optional) Displays Layer 3 Virtual Machine (L3VM) information.
license
(Optional) Displays the licensing configuration.
monitor
(Optional) Displays Ethernet Switched Port Ananlyzer (SPAN) session information.
network
(Optional) Displays network information.
ntp
(Optional) Displays Network Time Protocol (NTP) information.
port-profile
(Optional) Displays port-profile configurations.
port-security
(Optional) Displays port-security configurations.
radius
(Optional) Displays the Remote Authentication Dial In User Service
(RADIUS) configuration.
rpm
(Optional) Displays RPM information.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-18
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
security
(Optional) Displays the security configurations.
spanning-tree
(Optional) Displays spanning-tree protocol information.
vdc-all
(Optional) Displays all virtual device context (VDC) configurations.
vlan
(Optional) Displays virtual large area network (VLAN) information.
vrf
(Optional) Displays Virtual Routing and Forwarding (VRF) information.
vshd
(Optional) Displays the running configuration for virtual shared hardware
device (VSHD).
acllog
Displays acllog information.
vservice
Displays virtual service node.
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show running-config command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the running configuration:
vsm-hpv# show running-config
!Command: show running-config
!Time: Sun May 5 20:04:22 2013
version 5.2(1)SM1(5.1)
svs switch edition essential
hostname VSM-hpv
no feature telnet
feature network-segmentation-manager
username admin password 5 $1$KxvwqWCb$8PqeCVrfY6QDy9nau.hBf.
role network-admin
banner motd #Nexus 1000V Switch
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-19
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
#
ip domain-lookup
errdisable recovery cause failed-port-state
svs license volatile
vem 3
host id 0F5A5036-A5BF-1244-896D-760C4E3AC29C
vem 4
host id 1022F40A-D033-FB44-B228-6B48FBD14928
snmp-server user admin network-admin auth md5 0xda2d510adcc26f463fc5c476a19be55b priv
0xda2d510adcc26f463fc5c476a19be55b localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vrf context management
ip route 0.0.0.0/0 10.2.0.1
vlan 1,550-555,914
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile default port-binding static
port-profile type vethernet NSM_template_vlan
no shutdown
guid 86ceec5b-7a9c-4df4-9218-333bfc6f40a5
description NSM default port-profile for VLAN networks. Do not delete.
state enabled
port-profile type vethernet NSM_template_segmentation
no shutdown
guid 4a6cf01d-80df-48b2-87d8-0b0a15e7d450
description NSM default port-profile for VXLAN networks. Do not delete.
state enabled
port-profile type ethernet Uplink
no shutdown
guid 2122b8d9-8d21-4fb3-9e75-971fbb1a266d
max-ports 512
state enabled
port-profile type ethernet uplink_network_default_policy
no shutdown
guid bf7bd8ce-9a90-4af2-98c9-d7f8bafa9cb2
max-ports 512
description NSM created profile. Do not delete.
state enabled
port-profile type vethernet N1K
no shutdown
guid 70cff39e-9136-434c-8f36-f17e82210031
state enabled
publish port-profile
port-profile type vethernet service
no shutdown
guid 6b9b60fd-4aff-40da-896c-7df7bc252908
state enabled
publish port-profile
port-profile type vethernet ha
no shutdown
guid 7f598f09-68d6-47a3-97e0-158ce8558292
state enabled
publish port-profile
port-profile type vethernet vnadp
capability l3-vservice
no shutdown
guid d41c34d0-7c93-4fec-92ef-1f4383276b28
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-20
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config
state enabled
publish port-profile
port-profile type vethernet veth-1
org root/Tenant-1
vservice node VSG-138 profile SP11
no shutdown
guid 14fa09d3-6cf8-4c55-b7f5-ad0ae4e4c8bd
state enabled
publish port-profile
port-profile type vethernet veth-2
org root/Tenant-1/VDC-1/App-1/Tier-1
vservice node VSG-138 profile SP14
no shutdown
guid 4be00543-2965-4d4e-be39-2f0ed5c606e6
state enabled
publish port-profile
port-profile type vethernet veth-3
org root/Tenant-1/VDC-1/App-1/Tier-1
vservice node VSG-N1010 profile SP11
no shutdown
guid 335f49a3-95e8-4c88-b078-7a5424f4537b
state enabled
Related Commands
Command
Description
show aaa
Displays AAA information.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-21
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config vservice node
show running-config vservice node
To display the configuration details of the service nodes in the network, use the show running-config
vservice node command.
show running-config vservice node [node-name]
Syntax Description
node-name
Command Default
None
Command Modes
EXEC
SupportedUserRoles
network-admin
(Optional) Name of the vservice node.
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show running-config vservice node command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
node-name—Displays the configuration of the specified vservice node name.
•
|—Pipes the command output to a filter.
This example shows how to display information about a configured vservice node:
vsm# show running-config vservice node
!Command: show running-config vservice node
!Time: Wed May 8 06:54:03 2013
version 5.2(1)SM1(5.1)
logging level vns_agent 2
vservice node VSGl3 type vsg
ip address 192.168.180.33
adjacency l3
fail-mode close
vservice node VSGhv-l3 type vsg
ip address 192.168.180.31
adjacency l3
fail-mode close
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-22
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show running-config vservice node
Related Commands
Command
Description
vservice node
Configures a service node.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-23
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show nsc-pa status
show nsc-pa status
To display the installation status of a policy agent, use the show nsc-pa status command.
show nsc-pa status
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
EXEC
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show nsc-pa status command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the installation status of the policy agent:
vsm# configure
vsm(config)# show nsc-pa status
NSC Policy-Agent status is - Installed Successfully. Version 3.2(1c)-vsm
vsm(config)#
Related Commands
Command
Description
nsc-policy-agent
Enters the Cisco Prime NSC policy agent configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-24
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice brief
show vservice brief
To display only a brief summary about the Cisco VSG, use the show vservice brief command.
show vservice brief {[node-name <node name>] | { [node-l3] [node-ipaddr <ip-addr>}} | [
module <module-num>]}}
Syntax Description
node-l3
Displays the port information for the Layer 3 adjacency of a node.
node-ipaddr
Displays the port information for the specified IP address of the node.
ip-addr
Specifies the IP address of the service node.
module
(Optional) Displays module number.
module-num
Specifies the module number to see all the VSN connections on the module.
node-name
(Optional) Displays service node name.
node-name
Specifies the service node.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display a summary of the Cisco VSGs:
VSM# show vservice brief
-------------------------------------------------------------------------------Node Information
--------------------------------------------------------------------------------
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-25
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice brief
ID Name
1 NODE-1
Type
vsg
IP-Address
20.1.0.142
Mode
l3
State
Alive
Module
3,4,
-------------------------------------------------------------------------------Path Information
--------------------------------------------------------------------------------------------------------------------------------------------------------------Port Information
-------------------------------------------------------------------------------PortProfile:PP-VNS-1
Org:root/Tenant/VDC/App/Tire
Node:NODE-1(20.1.0.142)
Profile(Id):SP1(8)
Veth Mod VM-Name
vNIC IP-Address
3
4 ub-vm-60
30.1.0.60,
6
3 ub-vm-20
30.1.0.20,
VSM#
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-26
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice connection
show vservice connection
To display Cisco VSG connections, use the show vservice connection command.
show vservice connection [port-profile <pp_name> | service-profile <sp_name> | node-name
<node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module <module_num>]
Syntax
Description
port-profile
Port information for the specified port-profile name.
port-profile
Specifies the port-profile name.
service-profile
Port information for the specified service-profile name.
service_profile
Specifies the service-profile name.
node-name
(Optional) Displays service node name.
node-name
Specifies the service node.
node-l3
Displays the port information for the Layer 3 adjacency of a node.
node-ipaddr
Displays the port information for the specified IP address of the node.
ip-addr
Specifies the IP address of the service node.
module
(Optional) Displays module number.
module-num
Specifies the module number.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice connection command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display Cisco VSG connections:
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-27
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice connection
vsm-hpv# show vservice connection
Actions(Act):
d - drop s - reset
p - permit t - passthrough
r - redirect e - error
_ - not processed yet upper case - offloaded
Flags:
A - seen ack for syn/fin from src a - seen ack for syn/fin from dst
E - tcp conn established (SasA done)
F - seen fin from src f - seen fin from dst
R - seen rst from src r - seen rst from dst
S - seen syn from src s - seen syn from dst
T - tcp conn torn down (FafA done) x - IP-fragment connection
#Port-Profile:PP-VM-VNS1 Node:VSG-Node1
#Module 3
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
icmp 80.1.0.52 P 80.1.0.53 592
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-28
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice detail
show vservice detail
To display detailed information about the Cisco VSG, use the show vservice detail command.
show vservice detail {[node-name <node name>] | { [node-l3] [node-ipaddr <ip-addr>}} | [
module <module-num>]}}
Syntax Description
node-name
(Optional) Displays service node name.
node-name
Specifies the service node.
node-l3
Displays the port information for the Layer 3 adjacency of a node.
node-ipaddr
Displays the port information for the specified IP address of the node.
ip-addr
Specifies the IP address of the service node.
module
(Optional) Displays module number.
module-num
Specifies the module number to see all the VSN connections on the module.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice detail command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display detailed information about Cisco VSGs:
VSM# show vservice detail
-------------------------------------------------------------------------------Node Information
--------------------------------------------------------------------------------
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-29
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice detail
Node ID:1
Type:vsg
Mod State
3 Alive
4 Alive
Name:NODE-1
IPAddr:20.1.0.142
MAC-Addr
---
Fail:close
VVer
2
2
L3
-------------------------------------------------------------------------------Path Information
--------------------------------------------------------------------------------------------------------------------------------------------------------------Port Information
-------------------------------------------------------------------------------PortProfile:PP-VNS-1
Org:root/Tenant/VDC/App/Tire
Node:NODE-1(20.1.0.142)
Profile(Id):SP1(8)
Veth3
Module :4
VM-Name :ub-vm-60
vNIC:Network Adapter
DV-Port :a063af28-c377-42a4-8396-89d9f28aa576--46a1bc75-6af5-48c9-bad2-773028e24fc5
VM-UUID :A063AF28-C377-42A4-8396-89D9F28AA576
DVS-UUID:02b1b0b0-a022-414f-b5f9-b82dadaca1f0
IP-Addrs:30.1.0.60,
Veth6
Module :3
VM-Name :ub-vm-20
vNIC:Network Adapter
DV-Port :2834329d-eb5d-477b-8e86-5fb9fd40b000--aa5c3125-b4d9-4520-8e48-c355102ee015
VM-UUID :2834329D-EB5D-477B-8E86-5FB9FD40B000
DVS-UUID:02b1b0b0-a022-414f-b5f9-b82dadaca1f0
IP-Addrs:30.1.0.20,
VSM#
-------------------
Related Commands
Command
Description
show vservice port
Displays information about virtual Ethernet (vEth) ports.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-30
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice node mac brief
show vservice node mac brief
To display a brief summary about the MAC address of the Cisco VSG service node, use the show
vservice node mac brief command.
show vservice node mac brief
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice node mac brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the MAC address of the Cisco VSG service node
VSM-hpv# show vservice node mac brief
-------------------------------------------------------------------------------Node Information
-------------------------------------------------------------------------------ID Type
IP-Address
MAC-Addr
Mode
Fail State
Module
3 vsg
10.1.0.150
00:00:00:00:00:00 l3
close Alive
4,
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-31
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice node brief
show vservice node brief
To display a brief summary about the Cisco VSG vservice node, use the show vservice node brief
command.
show vservice node brief {[name <name>] | {[l3] [ipaddr <ip_addr>]} } [module
<module_num>]}
Syntax
Description
name
(Optional) Displays service node name.
name
Service node.
l3
(Optional) Displays the port information for the Layer 3 adjacency.
ipaddr
(Optional) Displays the port information for the specified IP address of the
node.
ip_addr
Node’s IP address.
module
(Optional) Displays module keyword.
module-num
Module number to see all the VSN connections on the module.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice node brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display a brief summary about the Cisco VSG vservice node.
VSM-hpv# show vservice node brief
------------------------------------------------------------------------Node Information
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-32
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice node brief
------------------------------------------------------------------------ID Name
Type
IP-Address
Mode
State
Module
3 VSG-Root
vsg
10.1.0.150
l3
Alive 4,
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-33
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice node detail
show vservice node detail
To display details about the Cisco VSG vservice node, use the show vservice node detail command.
show vservice node detail {[name <name>] | {[l3] [ipaddr <ip_addr>]} } [module
<module_num>]}
Syntax
Description
name
(Optional) Displays the service node name.
name
Service node.
l3
(Optional) Displays the port information for the Layer 3 adjacency.
ipaddr
Displays the port information for the specified IP address of the node.
ip_addr
Node’s IP address.
module
(Optional) Displays module keyword.
module-num
Module number to see all the VSN connections on the module.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Examples
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice node detail command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display the Cisco VSG service node:
VSM-hpv# show vservice node detail
-------------------------------------------------------------------------------Node Information
--------------------------------------------------------------------------------
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-34
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice node detail
Node ID:3
Name:VSG-Root
Type:vsg
IPAddr:10.1.0.150
Fail:close
Mod
State
MAC-Addr
VVer
4
Alive
--
L3
2
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-35
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice port brief
show vservice port brief
To display a brief summary about the configured ports in the network, use the show vservice port brief
command.
show vservice port brief [port-profile <pp_name> | vethernet <veth_if> | service-profile
<sp_name> | node-name <node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module
<module_num>]}
Syntax Description
Command Modes
port-profile
Displays the port information for the specified port-profile name.
pp_name
Port-profile name.
vethernet
Displays the virtual ethernet interface for the specified port-profile name.
veth_if
Virtual ethernet interface.
service-profile
Displays the port information for the specified service-profile name.
service_profile
Service-profile name.
node-name
(Optional) Displays service node name.
node-name
Service node.
node-l3
Displays the port information for the Layer 3 adjacency of a node.
node-ipaddr
Displays the port information for the specified IP address of the node.
ip_addr
Node’s IP address.
module
(Optional) Displays module keyword.
module-num
Module number to see all the VSN connections on the module.
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice port brief command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
module—Filter the output per a specific module number.
•
|—Pipes the command output to a filter.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-36
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice port brief
Examples
This example shows how to display a brief summary about the vservice ports for module number 4:
vsm# show vservice port brief module 4
-------------------------------------------------------------------------------Port Information
-------------------------------------------------------------------------------PortProfile:
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150)
Profile(Id):SP100(16)
Veth Mod VM-Name
vNIC
5
4 vm-win-16
Related Commands
Command
Description
vservice port detail
Displays details of the configured ports in the network.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-37
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice port detail
show vservice port detail
To display details about the configured ports in the network, use the show vservice port detail
command.
show vservice port detail [port-profile <pp_name> | vethernet <veth_if> | service-profile
<sp_name> | node-name <node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module
<module_num>]}
Syntax Description
Command Modes
port-profile
Displays the port information for the specified port-profile name.
pp_name
Port-profile name.
vethernet
Displays the virtual ethernet interface for the specified port-profile name.
veth_if
Virtual ethernet interface.
service-profile
Displays the port information for the specified service-profile name.
service_profile
Service-profile name.
node-name
(Optional) Displays service node name.
node-name
Service node.
node-l3
Displays the port information for the Layer 3 adjacency of a node.
node-ipaddr
Displays the port information for the specified IP address of the node.
ip_addr
Node’s IP address.
module
(Optional) Displays module keyword.
module-num
Module number to see all the VSN connections on the module.
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Usage Guidelines
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
You can use the following operators with the show vservice port detail command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
module—Filter the output per a specific module number.
•
|—Pipes the command output to a filter.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-38
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice port detail
Examples
This example shows how to display details about of the vservice for module 4:
vsm# show vservice port detail module 4
-------------------------------------------------------------------------------Port Information
-------------------------------------------------------------------------------PortProfile:
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150)
Profile(Id):SP100(16)
Veth5
Module :4
VM-Name :vm-win-16
vNIC:Network Adapter
DV-Port :884f1580-0ad6-4958-a74a-c27b3febbe28--8884a888-09e1-4503-8074-de32e3e2a
f85
VM-UUID :884F1580-0AD6-4958-A74A-C27B3FEBBE28
DVS-UUID:633a90b8-98bd-4264-b3b6-7a0d77b73ba1
Related Commands
Command
Description
show vservice port
brief
Displays a brief summary about the configured ports in the network.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-39
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice statistics
show vservice statistics
To display the information about the configuration, MAC address, state of associated Cisco VSG and Virtual
Ethernet Module (VEM), virtual Ethernet interfaces to which Cisco VSGs are bound, and Virtual Service
Node (VSN) statistics for all VEM modules associated with Cisco VSGs, use the show vservice statistics
command.
show vservice statistics [ip ip-addr | module module-num]
Syntax Description
ip
(Optional) Displays IP address statistics.
ip-addr
IP address.
module
(Optional) Displays VEM module statistics.
module-num
Module number.
Command Default
None
Command Modes
EXEC
Global configuration (config)
SupportedUserRoles
network-admin
network-operator
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Examples
You can use the following operators with the show vservice statistics command:
•
>—Redirects the output to a file.
•
>>—Redirects the output to a file in append mode.
•
|—Pipes the command output to a filter.
This example shows how to display statistics for a module:
VSM-hpv# show vservice statistics module 4
#VSN VLAN: 0, IP-ADDR: 10.1.0.150
Module: 4
#VPath Packet Statistics
Ingress
Total Seen
2
Policy Redirects
2
No-Policy Passthru
0
Policy-Permits Rcvd
1
Policy-Denies Rcvd
0
Egress
2
2
0
2
0
Total
4
4
0
3
0
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-40
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
show vservice statistics
Permit Hits
Deny
Hits
Decapsulated
Fail-Open
Badport Err
VSN Config Err
VSN State Down
Encap Err
Version Mismatch
V1 In svcPath
All-Drops
Flow Notificns Sent
Total Rcvd From VSN
Non-Cisco Encap Rcvd
VNS-Port Drops
Policy-Action Err
Decap Err
L2-Frag Sent
L2-Frag Rcvd
L2-Frag Coalesced
Encap exceeded MTU
ICMP Too Big Rcvd
#VPath Flow Statistics
Active Flows
Forward Flow Create
Reverse Flow Create
Flow ID Alloc
Connection ID Alloc
L2 Flow Create
L3 Flow Create
L4 TCP Flow Create
L4 UDP Flow Create
L4 Oth Flow Create
Embryonic Flow Create
L2 Flow Timeout
L3 Flow Timeout
L4 TCP Flow Timeout
L4 UDP Flow Timeout
L4 Oth Flow Timeout
Flow Lookup Hit
Flow Dual Lookup
TCP chkfail InvalACK
TCP chkfail WndVari
Flow Classify Err
Conn ID Alloc Err
Flow Exist
Flow Removal Err
Flow Full Match Err
Invalid Flow Pair
Hash Alloc
InvalFID Lookup Err
Related Commands
0
0
1
0
0
0
228
0
0
0
228
0
1
1
3
1
1
0
0
2
0
0
2
0
0
5
0
5
8
0
0
0
0
0
0
0
3
0
0
0
0
2
0
0
0
1288
0
0
0
1288
0
0
3
0
0
0
1516
0
0
0
1516
0
5
0
2
0
0
0
0
0
0
0
Active Connections
Forward Flow Destroy
Reverse Flow Destroy
Flow ID Free
Connection ID Free
L2 Flow Destroy
L3 Flow Destroy
L4 TCP Flow Destroy
L4 UDP Flow Destroy
L4 Oth Flow Destroy
Embryonic Flow Bloom
L2 Flow Offload
L3 Flow Offload
L4 TCP Flow Offload
L4 UDP Flow Offload
L4 Oth Flow Offload
Flow Lookup Miss
L4 TCP Tuple-reuse
TCP chkfail SeqPstWnd
0
1
2
3
1
1
0
0
2
0
0
3
0
0
0
0
3
0
0
Flow ID Alloc Err
Hash Alloc Err
Flow Entry Exhaust
Flow Entry Miss
Bad Action Receive
Invalid Connection
Hash Free
Deferred Delete
0
0
0
0
0
0
0
0
Command
Description
show vservice port
Displays information about virtual Ethernet (vEth) ports.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-41
Chapter 1
Cisco Nexus 1000V Series Switch Commands
state (port profile)
state (port profile)
To enable the operational state of a port profile, use the state command. To disable the operational state
of a port profile, use the no form this command.
state enabled
no state enabled
Syntax Description
enabled
Defaults
Disabled
Command Modes
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
Enables the port profile.
This example shows how to enable the operational state of a port profile:
vsm# configure
vsm(config)# port-profile testprofile
vsm(config-port-prof)# state enabled
Related Commands
Command
Description
show port-profile
Displays port profile information.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-42
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
switchport mode
switchport mode
To set the port mode of an interface, use the switchport mode command. To remove the port mode
configuration, use the no form of this command.
switchport mode {access | trunk}
no switchport mode {access | trunk}
Syntax Description
access
Sets the port mode access.
trunk
Sets the port mode to trunk.
Defaults
Switchport mode is not set.
Command Modes
Interface configuration (config-if)
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2.1SV2(2.1)
This command was introduced.
Examples
This example shows how to set the port mode of an interface:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# switchport mode access
This example shows how to remove the mode configuration:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# no switchport mode access
Related Commands
Command
Description
show interface
Displays interface information.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-43
Chapter 1
Cisco Nexus 1000V Series Switch Commands
switchport access vlan
switchport access vlan
To set the access mode of an interface, use the switchport access vlan command. To remove the access
mode configuration, use the no form of this command.
switchport access vlan vlan-id
no switchport access vlan vlan-id
Syntax Description
vlan-id
Defaults
Access mode is not set.
Command Modes
Interface configuration (config-if)
VLAN identification number. The range is from 1 to 3967.
Port profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
4.2.1SV2(2.1)
This command was introduced.
Examples
This example shows how to set the access mode of an interface:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# switchport access vlan 100
This example shows how to remove the access mode configuration:
vsm# configure
vsm(config)# interface vethernet 1
vsm(config-if)# no switchport access vlan
Related Commands
Command
Description
show interface
Displays interface information.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-44
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
tcp state-checks
tcp state-checks
To configure the Cisco Nexus 1000V switch to perform TCP state checks, use the tcp state-checks command. To return to the default setting, use the no form of the command.
tcp state-checks
no tcp state-checks
Syntax Description
There are no arguments.
Command Modes
vservice global configuration (config-vservice-global)
SupportedUserRoles
network-admin
system-admin
Command History
Usage Guidelines
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Because the default TCP state checks in vPath are different for each check, the no form of this command
may enable or disable the respective checks. See the “Defaults” section, before you enter the no form of
this command.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-45
Chapter 1
Cisco Nexus 1000V Series Switch Commands
tcp state-checks
Examples
This example shows how to configure the switch to perform the default TCP state checks:
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)# tcp state-checks
Related Commands
Command
Description
vservice global type
vsg
Enters the vservice global configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-46
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vlan
vlan
To create a VLAN and enter VLAN configuration mode, use the vlan command. To remove a VLAN,
use the no form of this command.
vlan {id | dot1Q tag native}
no vlan {id | dot1Q tag native}
Syntax Description
id
VLAN identification number. The range is from 1 to 4094.
dot1Q tag native
Specifies an IEEE 802.1Q virtual LAN.
Defaults
VLAN 1
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Specify a VLAN range by using a dash. For example, 1-9 or 20-30.
Examples
This example shows how to create a VLAN and enter VLAN configuration mode:
vsm# configure
vsm(config)# vlan 100
vsm(config-vlan)#
This example shows how to remove a VLAN:
vsm# configure
vsm(config)# no vlan 100
Related Commands
Command
Description
show vlan
Displays the VTP VLAN status.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-47
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vservice
vservice
To associate a port profile with a service node, use the vservice command from the config-port-profile
mode of the port profile. To delete a port-profile configuration, use the no form of this command.
vservice {node node_name [profile profile_name]}
no vservice
Syntax Description
node
Specifies the service node to associate the port profile with.
node_name
Predefined service node name.
profile
(Optional) Specifies the service profile that the service node is to be
associated with.
profile_name
Predefined service profile name.
Defaults
None
Command Modes
Port-profile configuration (config-port-prof)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
You can associate the service node to the chosen port-profile entity. The node need to be predefined. If
the node is of type VSG specifying a profile is mandatory.
Examples
This example shows how to configure a port profile with a node and service profile:
vsm(config)# port-profile port1 <-------- Enter the mode of the port-profile entity you
want to configure
vsm(config-port-prof)# vservice node vsg1 profile sp1
Related Commands
Command
Description
show port-profile
Displays information about the port profiles.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-48
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vservice global type vsg
vservice global type vsg
To enter vservice global configuration mode, use the vservice global type vsg command.
vservice global type vsg
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
vservice global configration (config-vservice-global)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Examples
This example shows how to enter vservice global configuration mode:
n1000v# configure <------ enter the config mode
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)#
Related Commands
Command
Description
tcp state-checks
Configures selective TCP state checks on the switch traffic.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-49
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vservice node
vservice node
To configure a service node, use the vservice node command. To disable a service node, use the no form
of this command.
vservice node node_name type {vsg}
ip address ip-address | no ip address
adjacency {l3} | no adjacency failmode {close | open} | no failmode
no vservice node node_name
no ip address
no adjacency
no failmode
Syntax Description
node_name
Service node name to identify it in the network.
type
Specifies the type of service node to be configured.
vsg
Specifies the Cisco VSG service node.
ip address
Specifies the IP address of the service node. This IP address should
match the IP address of the data interface node.
ip-address
IP address of the associated service node.
no
Specifies that there is no IP address associated with the service
node.
adjacency
Specifies the adjacency for Layer 3 mode.
l3
Specifies Layer 3 (using IP address) mode for the service node.
failmode
Sets the state to be in either fail close or fail open mode.
close
Drops packets if the Cisco VSG is down. This is the default value.
open
Allows the packets to pass through if the Cisco VSG is down.
Command Default
None
Command Modes
Global configration (config)
SupportedUserRoles
Network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Use vservice node command to configure a service node with an existing Cisco VSG. That node is
associated with a port profile.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-50
OL-31175-01
Chapter 1
Cisco Nexus 1000V Series Switch Commands
vservice node
You can only delete inactive vservice nodes. The inactive nodes are not configured with any Virtual
Machines (VMs).
Examples
Related Commands
This example shows how to enter vservice-node mode and configure the IP address of a vservice node,
adjacency, and fail-mode settings:
vsm(config)# vservice node
vsm(config-vservice-node)#
vsm(config-vservice-node)#
vsm(config-vservice-node)#
test type vsg <------- enter the vservice-node mode
ip address 1.1.11.11
adjacency l3
fail-mode close
Command
Description
show vservice node brief
Displays brief information about the vservice node.
show vservice node detail
Displays detailed information about the vservice node.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
OL-31175-01
1-51
Chapter 1
Cisco Nexus 1000V Series Switch Commands
nsc-policy-agent
nsc-policy-agent
To enter Cisco Prime Network Services Controller (Prime NSC) policy agent mode, use the
nsc-policy-agent command.
nsc-policy-agent
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
SupportedUserRoles
network-admin
Command History
Release
Modification
5.2(1)SM1(5.1)
This command was introduced.
Usage Guidelines
Use Cisco Prime NSC policy agent configuration mode to configure policy agents.
Examples
This example shows how to enter Cisco Prime NSC policy agent mode:
vsm# configure
vsm(config)# nsc-policy-agent
vsm(config-nsc-policy-agent)#
Related Commands
Command
Description
configure
Enters global configuration mode.
Cisco Virtual Security Gateway for Microsoft Hyper-V Command Reference, Release 5.2(1)VSG2(1.1a)
1-52
OL-31175-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising