The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter R.
To configure the dead-time interval for all Remote Access Dial-In User Service (RADIUS) servers used by a device, use the radius-server deadtime command. To revert to the default, use the no form of this command.
radius-server deadtime minutes
no radius-server deadtime minutes
minutes |
Number of minutes for the dead-time interval. The range is from 1 to 1440 minutes. |
0 minutes
Global configuration (config)
network-admin
The dead-time interval is the number of minutes before the device checks a RADIUS server that was previously unresponsive.
Note The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, periodic RADIUS server monitoring is not performed.
This example shows how to configure the global dead-time interval for all RADIUS servers to perform periodic monitoring:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server deadtime 5
This example shows how to revert to the default for the global dead-time interval for all RADIUS servers and disable periodic server monitoring:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no radius-server deadtime 5
|
|
---|---|
show radius-server |
Displays RADIUS server information. |
To allow users to send authentication requests to a specific Remote Access Dial-In User Service (RADIUS) server when logging in, use the radius-server directed request command. To revert to the default, use the no form of this command.
radius-server directed-request
no radius-server directed-request
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
You can specify the username@vrfname:hostname during login, where vrfname is the virtual routing and forwarding (VRF) instance to use and hostname is the name of a configured RADIUS server. The username is sent to the RADIUS server for authentication.
This example shows how to allow users to send authentication requests to a specific RADIUS server when logging in:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server directed-request
This example shows how to disallow users to send authentication requests to a specific RADIUS server when logging in:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no radius-server directed-request
|
|
---|---|
show radius-server directed-request |
Displays the directed request RADIUS server configuration. |
To configure Remote Access Dial-In User Service (RADIUS) server parameters, use the radius-server host command. To revert to the default, use the no form of this command.
radius-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret [pac]] [accounting]
[acct-port port-number] [auth-port port-number] [authentication] [retransmit count]
[test {idle-time time | password password | username name}]
[timeout seconds [retransmit count]]
no radius-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret [pac]] [accounting]
[acct-port port-number] [auth-port port-number] [authentication] [retransmit count]
[test {idle-time time | password password | username name}]
[timeout seconds [retransmit count]]
Global configuration (config)
network-admin
When the idle time interval is 0 minutes, periodic RADIUS server monitoring is not performed.
This example shows how to configure RADIUS server authentication and accounting parameters:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server host 10.10.2.3 key HostKey
n1000v(config)# radius-server host 10.10.2.3 auth-port 2003
n1000v(config)# radius-server host 10.10.2.3 acct-port 2004
n1000v(config)# radius-server host 10.10.2.3 accounting
n1000v(config)# radius-server host radius2 key 0 abcd
n1000v(config)# radius-server host radius3 key 7 1234
n1000v(config)# radius-server host 10.10.2.3 test idle-time 10
n1000v(config)# radius-server host 10.10.2.3 test username tester
n1000v(config)# radius-server host 10.10.2.3 test password 2B9ka5
|
|
---|---|
show radius-server |
Displays RADIUS server information. |
To configure a Remote Access Dial-In User Service (RADIUS) shared secret key, use the radius-server key command. To remove a configured shared secret, use the no form of this command.
radius-server key [0 | 7] shared-secret
no radius-server key [0 | 7] shared-secret
Clear text
Global configuration (config)
network-admin
You must configure the RADIUS preshared key to authenticate the switch on the RADIUS server. The length of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all RADIUS server configurations on the switch. You can override a global key assignment for an individual host by using the key keyword in the radius-server host command.
This example shows how to provide various scenarios to configure RADIUS authentication:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server key AnyWord
n1000v(config)# radius-server key 0 AnyWord
n1000v(config)# radius-server key 7 public pac
|
|
---|---|
show radius-server |
Displays RADIUS server information. |
To specify the number of times that the device should try a request with a Remote Access Dial-In User Service (RADIUS) server, use the radius-server retransmit command. To revert to the default, use the no form of this command.
radius-server retransmit count
no radius-server retransmit count
count |
Number of times that the device tries to connect to a RADIUS server(s) before reverting to local authentication. The range is from 1 to 5 times. |
1 retransmission
Global configuration (config)
network-admin
This example shows how to configure the number of retransmissions to RADIUS servers:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server retransmit 3
This example shows how to revert to the default number of retransmissions to RADIUS servers:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no radius-server retransmit 3
|
|
---|---|
show radius-server |
Displays RADIUS server information. |
To specify the time between retransmissions to the Remote Access Dial-In User Service (RADIUS) servers, use the radius-server timeout command. To revert to the default, use the no form of this command.
radius-server timeout seconds
no radius-server timeout seconds
seconds |
Number of seconds between retransmissions to the RADIUS server. The range is from 1 to 60 seconds. |
5 seconds
Global configuration (config)
network-admin
This example shows how to configure the timeout interval:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# radius-server timeout 30
This example shows how to revert to the default interval:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no radius-server timeout 30
|
|
---|---|
show radius-server |
Displays RADIUS server information. |
To configure a NetFlow flow record, use the record command. To remove the flow record configuration, use the no form of this command.
record {name | netflow ipv4 {original-input | original-output | netflow protocol-port} | netflow-original}
no record {name | netflow ipv4 {original-input | original-output | netflow protocol-port} | netflow-original}
None
Flow monitor configuration (config-flow-monitor)
network-admin
A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. You can define new flow records or use the predefined flow record.
This example shows how to configure a flow record to use the predefined traditional IPv4 input NetFlow record:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow monitor testmon
n1000v(config-flow-monitor)# record netflow ipv4 original-input
n1000v(config-flow-monitor)#
This example shows how to remove the predefined traditional IPv4 input NetFlow flow record configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow monitor testmon
n1000v(config-flow-monitor)# no record netflow ipv4 original-input
n1000v(config-flow-monitor)#
|
|
---|---|
show flow monitor |
Displays NetFlow monitor configuration information. |
show flow record |
Displays NetFlow record configuration information. |
To reboot both the primary and secondary Virtual Supervisor Modules (VSMs) in a redundant pair, use the reload command.
reload
This command has no arguments or keywords.
None
Any
network-admin
To reboot only one of the VSMs in a redundant pair, use the reload module command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the VSM.
This example shows how to reload both the primary and secondary VSM:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
reload
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Sep 3 11:33:35 bl-n1000v %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from command-line interface
|
|
---|---|
reload module |
Reloads the specified VSM (1 or 2) in a redundant pair. |
To reload one of the Virtual Supervisor Modules (VSMs) in a redundant pair, use the reload module command.
reload module module [force-dnld]
module |
Module number: •1 (primary VSM) •2 (secondary VSM) |
force-dnld |
(Optional) Reboots the specified module to force NetBoot and image download. |
None
Any
network-admin
To reboot both the VSMs in a redundant pair, use the reload command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the VSM.
This example shows how to reload VSM 2, the secondary VSM in a redundant pair:
n1000v# reload module 2
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Sep 3 11:33:35 bl-n1000v %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from command-line interface
|
|
---|---|
reload |
Reboots both the primary and secondary VSM. |
show version |
Displays information about the software version. |
To resequence a list with sequence numbers, use the resequence command.
resequence {{{ip | mac} access-list} | time-range} [name number increment]
None
Global configuration (config)
network-admin
This example shows how to resequence the first entry in the MAC ACL named aclOne:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# resequence mac access-list aclOne 1 2
n1000v(config)#
|
|
---|---|
show access-list |
Displays ACLs. |
To remove a directory, use the rmdir command.
rmdir [filesystem: [//module/]] directory
Removes the directory from the current working directory.
Any
network-admin
This example shows how to remove the my_files directory:
n1000v# rmdir my_files
|
|
---|---|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To create a feature group or user role, use the role command. To remove the role, use the no form of this command.
role {feature-group group-name | name name}
no role {feature-group group-name | name name}
None
Global configuration (config)
network-admin
This example shows how to create a role named UserA:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
role name UserA
This example shows how to remove the UserA role:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no role UserA
To create a rule that defines criteria for a user role, use the rule command. To remove a rule, use the no form of this command.
rule number {deny | permit} {read | read-write [feature feature-name | feature-group group-name] | command command-name}
no rule number
None
Role configuration (config-role)
network-admin
The rule number specifies the order in which the rule is applied, in descending order. For example, if a role has three rules, rule 3 is applied first, rule 2 is applied next, and rule 1 is applied last. You can configure up to 256 rules for each role.
This example shows how to create a rule that denies access to the clear users command:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# role name UserA
n1000v(config-role)# rule 1 deny command clear users
n1000v(config-role)#
This example shows how to remove the rule 1 configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# role name UserA
n1000v(
config-role)#
no rule 1
|
|
---|---|
show role |
Displays the user role configuration. |
username |
Configures information about the user. |
To run a command script that is saved in a file, use the run-script command.
run-script {bootflash: | volatile:} filename
None
Any
network-admin
network-operator
This example shows how to run a command script that is saved in the Sample file on the Volatile file system:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
run-script volatile:Sample
n1000v(
config)#
|
|
---|---|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the contents of the working directory. |
pwd |
Displays the name of the present working directory (pwd). |