The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter M.
To create a MAC access control list (ACL), use the mac access-list command. To remove the MAC ACL, use the no form of this command.
mac access-list name
no mac access-list name
name |
MAC ACL name. The name is case-sensitive, alphanumeric, and has a maximum of 64 characters. |
The MAC ACL does not exist.
Global configuration (config)
network-admin
This example shows how to create a MAC ACL:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
mac access-list aL1
n1000v(config)#
|
|
---|---|
show access-list |
Displays access list information. |
To configure the aging time for entries in the Layer 2 table, use the mac address-table aging-time command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [vlan vlan-id]
no mac address-table aging-time [vlan vlan-id]
1800 seconds
Global configuration (config)
network-admin
Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to a different value from that specified by the user (from the rounding process), the system returns an informational message.
When you use this command in the global configuration mode, the age values of all VLANs for which a configuration has not been specified are modified and those VLANs with specifically modified aging times are not modified. When you use the no form of this command without the VLAN parameter, only those VLANs that have not been specifically configured for the aging time reset to the default value. Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only the specified VLAN is modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN is returned to the current global configuration for the aging time, which may or may not be the default value of 300 seconds depending if the global configuration of the device for the aging time has been changed.
The aging time is counted from the last time that the switch detected the MAC address.
This example shows how to change the length of time an entry remains in the MAC address table to 500 seconds for the entire device:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
mac address-table aging-time 500
|
|
---|---|
clear mac address-table aging-time |
Displays information about the MAC address aging time. |
show mac address-table |
Displays information about the MAC address table. |
To add a static entry to the Layer 2 MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id {interface {interface-name}+ | drop} [auto-learn]
no mac address-table static mac-address vlan vlan-id
None
Global configuration (config)
network-admin
You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast MAC address.
The output interface specified cannot be a VLAN interface or a Switched Virtual Interface (SVI).
Use the no form to remove entries that are profiled by the combination of specified entry information.
This example shows how to add a static entry to the MAC address table:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
mac address-table static 0050.3e8d.6400 vlan 3 interface ethernet 2/1
n1000v(config)#
|
|
---|---|
show mac address-table |
Displays information about the MAC address table. |
To toggle the auto-mac-learning state on a vEthernet interface, use the mac auto-static-learn command. To disable the auto-mac-learning state, use the no form of this command.
mac auto-static-learn
[no] mac auto-static-learn
This command has no arguments or keywords.
By default, the auto-mac-learning state is enabled.
Interface configuration (config-if)
Port profile configuration (config-port-profile)
network-admin
Follow these guidelines:
•This command is needed on the vEthernet interfaces that are used for Microsoft Network Load Balancing setups in unicast mode.
•This configuration is not supported on PVLAN ports.
•This configuration is not supported on the ports configured with Unknown Unicast Flood Blocking (UUFB).
•This configuration is not supported on the ports configured with the command switchport port-security mac-address sticky.
This example shows how to configure the auto-mac-learning state on veth1:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# int veth 1
n1000v(config-if)# no mac auto-static-learn
n1000v(config-if)#
|
|
---|---|
mac address-table static |
Adds a static MAC address in the Layer 2 MAC address table and saves it in the running configuration. |
To enable access control for port groups, use the mac port access-group command. To disable access control for port groups, use the no form of this command.
mac port access-group name {in | out}
no mac port access-group name {in | out}
name |
Group name. The name is case-sensitive, alphanumeric, and can have a maximum of 64 characters. |
in |
Specifies inbound traffic. |
out |
Specifies outbound traffic. |
None
Port profile configuration (config-port-prof)
network-admin
This example shows how to enable access control for port groups:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile 1
n1000v(config-port-prof)# mac port access-group groupOne in
n1000v(config-port-prof)#
|
|
---|---|
show mac |
Displays MAC information. |
To define an access control list (ACL) matching criteria, use the match command. To remove matching criteria, use the no form of this command.
match {{access-group name name} | {[not] cos cos-list} | {[not] dscp {dscp-list}+} | {[not] precedence {precedence-list}+} | {[not] discard-class discard-class-list} | {[not] qos-group qos-group-list} | {[not] class-map cmap-name} | {[not] packet length len-list} | {[not] ip rtp port-list}}
no match {{access-group name acl-name} | {[not] cos cos-list} | {[not] dscp {dscp-list}+} | {[not] precedence {precedence-list}+} | {[not] discard-class discard-class-list} | {[not] qos-group qos-group-list} | {[not] class-map cmap-name} | {[not] packet length len-list} | {[not] ip rtp port-list}}
None
Class map configuration (config-cmap-qos)
network-admin
This example shows how to configure a class-map match criteria:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# class-map cl_map1
n1000v(config-cmap-qos)# match access-group name ac_gr1
n1000v(config-cmap-qos)#
This example shows how to remove the class-map match criteria:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# class-map cl_map1
n1000v(config-cmap-qos)# no match access-group name ac_gr1
n1000v(config-cmap-qos)#
|
|
---|---|
show class map |
Displays class map information. |
To define IP matching criteria for a NetFlow flow record, use the match ip command. To remove the matching criteria, use the no form of this command.
match ip {protocol | tos}
no match ip {protocol | tos}
protocol |
Specifies the protocol. |
tos |
Specifies the type of service. |
None
Flow record configuration (config-flow-record)
network-admin
This example shows how to configure IP matching criteria for a NetFlow flow record and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# match ip protocol
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
No. of users: 0
Template ID: 0
Fields:
match ip protocol
match interface input
match interface output
match flow direction
doc-n1000v(config-flow-record)#
This example shows how to remove the IP matching criteria for a NetFlow flow record a and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# no match ip protocol
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
No. of users: 0
Template ID: 0
Fields:
match interface input
match interface output
match flow direction
doc-n1000v(config-flow-record)#
To define IPv4 matching criteria for a NetFlow flow record, use the match ipv4 command. To remove the matching criteria, use the no form of this command.
match ipv4 {source | destination} address
no match ipv4 {source | destination} address
source |
Specifies the source address. |
destination |
Specifies the destination address. |
address |
Specifies the address. |
None
Flow record configuration (config-flow-record)
network-admin
This example shows how to configure IPv4 matching criteria for a NetFlow flow record and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# match ipv4 destination address
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
Description: Ipv4flow
No. of users: 0
Template ID: 0
Fields:
match ipv4 destination address
match interface input
match interface output
match flow direction
collect counter packets
n1000v(config-flow-record)#
This example shows how to remove the IPv4 matching criteria for a NetFlow flow record and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# no match ipv4 destination address
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
No. of users: 0
Template ID: 0
Fields:
match interface input
match interface output
match flow direction
doc-n1000v(config-flow-record)#
To define transport matching criteria for a NetFlow flow record, use the match transport command. To remove the matching criteria, use the no form of this command.
match transport {destination-port | source-port}
no match transport {destination-port | source-port}
destination-port |
Specifies the transport destination port. |
source-port |
Specifies the transport source port. |
None
Flow Record configuration (config-flow-record)
network-admin
This example shows how to configure transport matching criteria for a NetFlow flow record and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# match transport destination-port
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
Description: Ipv4flow
No. of users: 0
Template ID: 0
Fields:
match ipv4 destination-port
match interface input
match interface output
match flow direction
collect counter packets
n1000v(config-flow-record)#
This example shows how to remove the transport matching criteria for a NetFlow flow record a and then display the result:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# no match transport destination-port
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
No. of users: 0
Template ID: 0
Fields:
match interface input
match interface output
match flow direction
doc-n1000v(config-flow-record)#
To specify the maximum number of ports for a port profile, use the max-ports command. To remove the maximum ports configuration, use the no form of this command.
max-ports number
no max-ports number
number |
Number of ports for a port profile. The range is from 1 to 1024. |
32 ports
Port profile configuration (config-port-prof)
network-admin
This example shows how to set the maximum number of ports in the testprofile port profile:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# max-ports 100
n1000v(config-port-prof)#
This example shows how to remove the maximum ports configuration from the testprofile port profile:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# no max-ports 100
n1000v(config-port-prof)#
|
|
---|---|
port-profile |
Creates a port profile. |
show port-profile name |
Displays configuration information about a particular port profile. |
To create a new directory, use the mkdir command.
mkdir {bootflash: | debug: | volatile:}
bootflash: |
Specifies bootflash as the directory name. |
debug: |
Specifies debug as the directory name. |
volatile: |
Specifies volatile as the directory name. |
None
Any
network-admin
This example shows how to create the bootflash: directory:
n1000v#
mkdir bootflash:
|
|
---|---|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To enter commands on the Virtual Ethernet Module (VEM) remotely from the Cisco Nexus 1000V, use the module vem command.
module vem module-number execute line [line]
module-number |
Specifies the module number. The range is from 3 to 66. |
execute line |
Specifies the command to execute on the VEM. Command to be sent to the VEM. |
None
EXEC
network-admin
This example shows how to display the VEM port profile configuration remotely from the Cisco Nexus 1000V:
n1000v#
module vem 3 execute vemcmd show port-profile
This example shows how to display the VEM configuration remotely from the Cisco Nexus 1000V:
n1000v# module vem 3 execute vemcmd show l2 342
Bridge domain 8 brtmax 4096, brtcnt 6, timeout 300
VLAN 342, swbd 342, ""
Flags: P - PVLAN S - Secure D - Drop
Type MAC Address LTL timeout Flags PVLAN
Dynamic 00:15:5d:e1:25:03 305 22
Dynamic 00:15:5d:e1:25:01 305 7
Dynamic 00:15:5d:e1:25:00 305 9
Dynamic 00:15:5d:e1:25:05 305 12
Dynamic 24:b6:57:63:60:43 305 7
Dynamic 00:1b:21:c2:46:f0 305 108
n1000v#
|
|
---|---|
show module vem |
Displays VEM information. |
To enter the monitor configuration mode for configuring an Ethernet Switch Port Analyzer (SPAN) session for analyzing traffic between ports, use the monitor session command.
To disable monitoring a SPAN session(s), use the no form of this command.
monitor session {session-number [shut | type erspan-source] | all shut}
no monitor session {session-number [shut | type erspan-source] | all shut}
None
Global configuration (config)
network-admin
This example shows how to enter the monitor configuration mode for configuring SPAN session number 2 for analyzing traffic between ports:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 2
n1000v(config-monitor)#
This example shows how to remove the configuration for SPAN session 2 for analyzing traffic between ports:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
no monitor session 2
n1000v(config)#
|
|
---|---|
show monitor |
Displays Ethernet SPAN information. |
To move a file from one directory to another, use the move command.
move [filesystem:[//module/][directory/] | directory/]source-filename {{filesystem:[//module/][directory/] | directory/}[destination-filename] | target-filename}
The default name for the destination file is the same as the source filename.
Any
network-admin
You can make a copy of a file by using the copy command.
Tip You can rename a file by moving it within the same directory.
This example shows how to move a file to another directory:
n1000v# move file1 my_files:file2
This example shows how to move a file to another file system:
n1000v# move file1 slot0:
This example shows how to move a file to another supervisor module:
n1000v# move file1 bootflash://sup-remote/file1.bak
|
|
---|---|
cd |
Changes the current working directory. |
copy |
Makes a copy of a file. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To set the maximum size of a transmission unit for Encapsulated Remote Switched Port Analyzer (ERSPAN) packets in a monitor session, use the mtu command.
mtu mtu_value
mtu_value |
MTU size (50 to 9000 bytes) for ERSPAN packets in a monitor session. Packets larger than the allowable size are truncated. |
1500 bytes
ERSPAN configuration (config-erspan-src)
network-admin
ERSPANed packets larger than the specified allowable size for the monitor session are truncated.
This example shows how to configure an MTU of 1000 bytes for ERSPAN packets
in monitor session 2:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
monitor session 2 type erspan-source
n1000v(
config-erspan-source)#
mtu 1000
|
|
---|---|
monitor session |
Creates an ERSPAN monitor session. |
show monitor session |
Displays the ERSPAN session configuration. |