The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter S.
To send a message to an open session, use the send command.
send {message | session device message}
message |
Message. |
session |
Specifies a specific session. |
device |
Device type. |
None
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to send a message to an open session:
n1000v# send session sessionOne testing
n1000v#
|
|
---|---|
show banner |
Displays a banner. |
To configure the RADIUS server as a member of the RADIUS server group, use the server command. To remove a server, use the no form of this command.
server {ipv4-address | server-name}
no server {ipv4-address | server-name}
ipv4-address |
IPV4 address of the RADIUS server. |
server-name |
Name that identifies the RADIUS server. |
None
Radius configuration (config-radius)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure the RADIUS server as a member of the RADIUS server group:
n1000v# config t
n1000v(config)# aaa group server radius RadServer
n1000v(config-radius)# server 10.10.1.1
n1000v(config-radius)#
This example shows how to remove the server configuration:
n1000v# config t
n1000v(config)# aaa group server radius RadServer
n1000v(
config)#
no server 10.10.1.1
To configure a service policy for an interface, use the service-policy command. To remove the service policy configuration, use the no form of this command.
service-policy {input name [no-stats] | output name [no-stats] | type qos {input name [no-stats] | output name [no-stats]}}
no service-policy {input name [no-stats] | output name [no-stats] | type qos {input name [no-stats] | output name [no-stats]}}
No service policy exists.
Interface configuration (config-if)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure a service policy for an interface:
n1000v# configure terminal
n1000v(config)# interface vethernet 10
n1000v(config-if)# service-policy type qos input sp10 no-stats
n1000v(config-if)#
This example shows how to remove a service policy configuration for an interface:
n1000v# configure terminal
n1000v(config)# interface vethernet 10
n1000v(config-if)# no service-policy type qos input sp10 no-stats
n1000v(config-if)#
|
|
---|---|
show running interface |
Displays interface configuration information. |
To configure an inside or outside interface in a virtual service domain (VSD) port profile, use the service-port command. To remove the configuration, use the no form of this command.
service-port {inside | outside} [default-action {drop | forward}]
no service-port
inside |
Inside Network |
outside |
Outside Network |
default-action |
(Optional) Action to be taken if service port is down. •drop: drops packets •forward: forwards packets (the default) |
forward default-action
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(2) |
This command was introduced. |
If a port profile without a service port is configured on an SVM, it will flood the network with packets.
When configuring a port profile on an SVM, first bring the SVM down, This prevents a port-profile that is mistakenly configured without a service port from flooding the network with packets. The SVM can be returned to service after the configuration is complete and verified.
This example shows how to configure an inside interface on a VSD port profile that drops packets if the service port is down:
n1000v# config t
n1000v(
config)# port-profile svm_vsd1_in
n1000v(
config-port-prof)# service-port inside default-action drop
n1000v(
config-port-prof)#
This example shows how to remove a service port configuration:
n1000v# config t
n1000v(
config)# port-profile svm_vsd1_in
n1000v(
config-port-prof)# no service-port
n1000v(
config-port-prof)#
|
|
---|---|
show virtual-service-domain |
Displays a list of the VSDs currently configured in the VSM, including VSD names and port profiles. |
To limit the number of VSH sessions, use the session-limit command. To remove the limit, use the no form of this command.
session-limit number
no session-limit number
number |
Number of VSH sessions. The range of valid values is 1 to 64 |
No limit is set.
Line configuration (config-line)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to limit the number of VSH sessions:
n1000v#
configure terminal
n1000v(config)# line vty
n1000v(config-line)# session-limit 10
n1000v(config-line)#
This example shows how to remove the limit:
n1000v#
configure terminal
n1000v(config)# line vty
n1000v(config-line)# no session-limit 10
n1000v(config-line)#
To set QoS class attributes, use the set command. To remove class attributes, use the no form of this command.
set {{cos cos-val} | {dscp [tunnel] {dscp-val | dscp-enum}} | {precedence [tunnel] {prec-val | prec-enum}} | {discard-class dis-class-val} | {qos-group qos-grp-val} | {{{cos cos} | {dscp dscp} | {precedence precedence} | {discard-class discard-class}} table table-map-name} | {cos1 {{dscp table cos-dscp-map} | {precedence table cos-precedence-map} | {discard-class table cos-discard-class-map}}} | {dscp1 {{cos table dscp-cos-map} | {prec3 table dscp-precedence-map} | {dis-class3 table dscp-discard-class-map}}} | {prec1 {{cos3 table precedence-cos-map} | {dscp3 table precedence-dscp-map} | {dis-class3 table precedence-discard-class-map}}} | {dis-class1 {{cos3 table discard-class-cos-map} | {dscp3 table discard-class-dscp-map} | {prec3 table discard-class-precedence-map}}}}
no set {{cos cos-val} | {dscp [tunnel] {dscp-val | dscp-enum}} | {precedence [tunnel] {prec-val | prec-enum}} | {discard-class dis-class-val} | {qos-group qos-grp-val} | {{{cos cos} | {dscp dscp} | {precedence precedence} | {discard-class discard-class}} table table-map-name} | {cos1 {{dscp table cos-dscp-map} | {precedence table cos-precedence-map} | {discard-class table cos-discard-class-map}}} | {dscp1 {{cos table dscp-cos-map} | {prec3 table dscp-precedence-map} | {dis-class3 table dscp-discard-class-map}}} | {prec1 {{cos3 table precedence-cos-map} | {dscp3 table precedence-dscp-map} | {dis-class3 table precedence-discard-class-map}}} | {dis-class1 {{cos3 table discard-class-cos-map} | {dscp3 table discard-class-dscp-map} | {prec3 table discard-class-precedence-map}}}}
None
Policy map class configuration (config-pmap-c-qos)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set class attributes:
n1000v#
configure terminal
n1000v(config)#
policy-map pm1
n1000v(config-pmap-qos)# class class-default
n1000v(config-pmap-c-qos)# set qos-group 1
n1000v(config-pmap-c-qos)#
This example shows how to remove class attributes:
n1000v# configure terminal
n1000v(config)# policy-map pm1
n1000v(config-pmap-qos)# class class-default
n1000v(config-pmap-c-qos)# no set qos-group 1
n1000v(config-pmap-c-qos)#
|
|
---|---|
show policy-map |
Displays policy maps. |
To use the Basic System Configuration Dialog for creating or modifying a configuration file, use the setup command.
setup
This command has no arguments or keywords, but the Basic System Configuration Dialog prompts you for complete setup information (see the example below).
None
Any
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
The Basic System Configuration Dialog assumes the factory defaults. Keep this in mind when using it to modify an existing configuration.
All changes made to your configuration are summarized for you at the completion of the setup sequence with an option to save the changes or not.
You can exit the setup sequence at any point by pressing Ctrl-C.
This example shows how to use the setup command to create or modify a basic system configuration:
n1000v# setup
Enter the domain id<1-4095>: 400
Enter HA role[standalone/primary/secondary]: standalone
[########################################] 100%
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): y
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the switch name : n1000v
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Mgmt0 IPv4 address :
Configure the default gateway? (yes/no) [y]: n
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]:
Configure the ntp server? (yes/no) [n]:
Configure vem feature level? (yes/no) [n]:
Configure svs domain parameters? (yes/no) [y]:
Enter SVS Control mode (L2 / L3) : l2
Invalid SVS Control Mode
Enter SVS Control mode (L2 / L3) : L2
Enter control vlan <1-3967, 4048-4093> : 400
Enter packet vlan <1-3967, 4048-4093> : 405
The following configuration will be applied:
switchname n1000v
telnet server enable
no ssh server enable
svs-domain
svs mode L2
control vlan 400
packet vlan 405
domain id 400
vlan 400
vlan 405
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n
n1000v#
|
|
---|---|
show running-config |
Displays the running configuration. |
To shutdown VLAN switching, use the shutdown command. To turn on VLAN switching, use the no form of this command.
shutdown
no shutdown
This command has no arguments or keywords.
None
VLAN configuration (config-vlan)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to shutdown VLAN switching:
n1000v#
configure terminal
n1000v(config)# vlan 10
n1000v(config-vlan)# shutdown
n1000v(config-vlan)#
This example shows how to turn on VLAN switching:
n1000v#
configure terminal
n1000v(config)# vlan 10
n1000v(config-vlan)# no shutdown
n1000v(config-vlan)#
|
|
---|---|
show vlan |
Displays VLAN information. |
To set a sleep time, use the sleep command.
sleep time
time |
Sleep time, in seconds. The range of valid values is 0 to 2147483647. |
Sleep time is not set.
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
When you set time to 0, sleep is disabled.
This example shows how to set a sleep time:
n1000v#
sleep 100
n1000v#
This example shows how to disable sleep:
n1000v#
sleep 0
n1000v#
To configure how long the AAA-synchronized user configuration stays in the local cache, use the snmp-server aaa-user cache-timeout command. To revert back to the default value of 3600 seconds, use the no form of this command.
snmp-server user aaa-user cache-timeout seconds
no snmp-server user aaa-user cache-timeout seconds
seconds |
Length of the time for the user configuration to remain in the local cache. The range is 1 to 86400 seconds. |
The default timeout is 3600 seconds.
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure the AAA-synchronized user configuration to stay in the local cache for 1200 seconds:
n1000v# config t
n1000v(
config)# snmp-server aaa-user cache-timeout 1200
This example shows how to revert back to the default value of 3600 seconds:
n1000v# config t
n1000v(config)# no snmp-server aaa-user cache-timeout 1200
To create an SNMP community string and assign access privileges for the community, use the snmp-server community command.
To remove the community or its access privileges, use the no form of this command.
snmp-server community string [group group-name] [ro | rw]
no snmp-server community string [group group-name] [ro | rw]
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You can create SNMP communities for SNMPv1 or SNMPv2c.
This example shows how to configure read-only access for the SNMP community called public:
n1000v# config t
n1000v(
config)# snmp-server community public ro
This example shows how to remove the SNMP community called public:
n1000v# config t
n1000v(config)# no snmp-server community public
To configure the sysContact, which is the SNMP contact name, use the snmp-server contact command.
To remove or modify the sysContact, use the no form of this command.
snmp-server contact [name]
no snmp-server contact [name]
name |
(Optional) SNMP contact name (sysContact), which can contain a maximum of 32 characters. |
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You can create SNMP communities for SNMPv1 or SNMPv2c.
This example shows how to configure the sysContact to be Admin:
n1000v# config t
n1000v(
config)# snmp-server contact Admin
This example shows how to remove the sysContact:
n1000v# config t
n1000v(config)# no snmp-server contact
To enforce SNMP message encryption for all users, use the snmp-server globalEnforcePriv command.
snmp-server globalEnforcePriv
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enforce SNMP message encryption for all users:
n1000v# config t
n1000v(config)#
snmp-server mib globalEnforcePriv
To configure a host receiver for SNMPv1 or SNMPv2c traps, use the snmp-server host command. To remove the host, use the no form of this command.
snmp-server host ip-address {traps | informs}{version {1 | 2c | 3}} [auth | noauth | priv] community [udp_port number]
no snmp-server host ip-address {traps | informs} {version {1 | 2c | 3}} [auth | noauth | priv] community [udp_port number]
None
Global configuration (config)
network-admin
|
|
4.0(1) |
This command was introduced. |
This example shows how to configure the host receiver, 192.0.2.1, for SNMPv1 traps:
n1000v# config t
n1000v(config)# snmp-server host 192.0.2.1 traps version 1 public
This example shows how to remove the configuration:
n1000v# config t
n1000v(config)# no snmp-server host 192.0.2.1 traps version 1 public
To configure the sysLocation, which is the SNMP location name, use the snmp-server location command.
To remove the sysLocation, use the no form of this command.
snmp-server location [name]
no snmp-server location [name]
name |
(Optional) SNMP location name (sysLocation), which can contain a maximum of 32 characters. |
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure the sysLocation to be Lab-7:
n1000v# config t
n1000v(
config)# snmp-server location Lab-7
This example shows how to remove the sysLocation:
n1000v# config t
n1000v(config)# no snmp-server location
To enable SNMP protocol operations, use the snmp-server protocol enable command. To disable SNMP protocol operations, use the no form of this command.
snmp-server protocol enable
no snmp-server protocol enable
This command has no arguments or keywords.
This command is enabled by default.
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enable SNMP protocol operations:
n1000v# config t
n1000v(config)#
snmp-server protocol enable
This example shows how to disable SNMP protocol operations:
n1000v# config t
n1000v(config)#
no snmp-server protocol enable
To enable authentication for SNMP over TCP, use the snmp-server tcp-session command. To disable authentication for SNMP over TCP, use the no form of this command.
snmp-server tcp-session [auth]
no snmp-server tcp-session
auth |
(Optional) Enables one-time authentication for SNMP over the entire TCP session (rather than on a per-command basis). |
This command is disabled by default.
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enable one-time authentication for SNMP over TCP:
n1000v# config t
n1000v(config)#
snmp-server tcp-session auth
This example shows how to disable one-time authentication for SNMP over TCP:
n1000v# config t
n1000v(config)#
no snmp-server tcp-session
To define a user who can access the SNMP engine, use the snmp-server user command. To deny a user access to the SNMP engine, use the no form of this command.
snmp-server user name [auth {md5 | sha} passphrase-1 [priv [aes-128] passphrase-2] [engineID id] [localizedkey]]
no snmp-server user name
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to provide one-time SNMP authorization for the user, Admin, using the HMAC SHA algorithm for authentication:
n1000v# config t
n1000v(
config)# snmp-server user Admin auth sha abcd1234 priv abcdefgh
This example shows how to deny a user access to the SNMP engine:
n1000v# config t
n1000v(config)# no snmp-server user Admin
To enable SNMP link-state traps for the interface, use the snmp trap link-status command. To disable SNMP link-state traps for the interface, use the no form of this command.
snmp trap link-status
no snmp trap link-status
This command has no arguments or keywords.
None
CLI interface configuration (config-if)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This command is enabled by default.
This example shows how to enable SNMP link-state traps for the interface:
n1000v# config t
n1000v(config)# interface veth 2
n1000v(config-if)# snmp trap link-status
n1000v(config-if)#
This example shows how to disable SNMP link-state traps for the interface:
n1000v# config t
n1000v(config)# interface veth 2
n1000v(config-if)# no snmp trap link-status
n1000v(config-if)#
To add an interface to a flow exporter designating it as the source for NetFlow flow records, use the source command. To remove the source interface from the flow exporter, use the no form of this command.
source mgmt 0
no source
mgmt 0 |
Adds the mgmt 0 interface to the flow exporter. |
None
NetFlow flow exporter configuration (config-flow-exporter)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
The mgmt0 interface is the only interface that can be added to the flow exporter.
This example shows how to add source management interface 0 to the ExportTest flow exporter:
n1000v(
config)#
config t
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# source mgmt 0
This example shows how to remove source management interface 0 from the ExportTest flow exporter:
n1000v(
config)#
config t
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# no source mgmt 0
To set the speed for an interface, use the speed command. To automatically set both the speed and duplex parameters to auto, use the no form of this command.
speed {speed_val | auto [10 100 [1000]]}
no speed [{speed_val | auto [10 100 [1000]]}]
None
Interface configuration (config-if)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
If you configure an Ethernet port speed to a value other than auto (for example, 10, 100, or 1000 Mbps), you must configure the connecting port to match. Do not configure the connecting port to negotiate the speed.
This example shows how to set the speed of Ethernet port 1 on the module in slot 3 to 1000 Mbps:
n1000v config t
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# speed 1000
This example shows how to automatically set the speed to auto:
n1000v config t
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# no speed 1000
To create a Secure Shell (SSH) session, use the ssh command.
ssh [username@]{ipv4-address | hostname} [vrf vrf-name]
Default VRF
Any
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
The NX-OS software supports SSH version 2.
This example shows how to start an SSH session:
n1000v# ssh 10.10.1.1 vrf management
The authenticity of host '10.10.1.1 (10.10.1.1)' can't be established.
RSA key fingerprint is 9b:d9:09:97:f6:40:76:89:05:15:42:6b:12:48:0f:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.1.1' (RSA) to the list of known hosts.
User Access Verification
Password:
|
|
---|---|
clear ssh session |
Clears SSH sessions. |
ssh server enable |
Enables the SSH server. |
To generate the key pair for the switch, which is used if SSH server is enabled, use the ssh key command. To remove the SSH server key, use the no form of this command.
ssh key {dsa [force] | rsa [length [force]]}
no ssh key [dsa | rsa]
1024-bit length
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
The switch uses a 1024-bit RSA key by default. The ssh key command allows you to choose a different algorithm (DSA) or different key strengths.
If you want to remove or replace an SSH server key, you must first disable the SSH server using the no ssh server enable command.
The Cisco NX-OS software supports SSH version 2.
This example shows how to create an SSH server key using DSA:
n1000v# config t
n1000v(config)# ssh key dsa
generating dsa key(1024 bits).....
..
generated dsa key
This example shows how to create an SSH server key using RSA with the default key length:
n1000v# config t
n1000v(config)# ssh key rsa
generating rsa key(1024 bits).....
.
generated rsa key
This example shows how to create an SSH server key using RSA with a specified key length:
n1000v# config t
n1000v(config)# ssh key rsa 768
generating rsa key(768 bits).....
.
generated rsa key
This example shows how to replace an SSH server key using DSA with the force option:
n1000v# config t
n1000v(config)# no ssh server enable
n1000v(config)# ssh key dsa force
deleting old dsa key.....
generating dsa key(1024 bits).....
.
generated dsa key
n1000v(config)# ssh server enable
This example shows how to remove the DSA SSH server key:
n1000v# config t
n1000v(config)# no ssh server enable
XML interface to system may become unavailable since ssh is disabled
n1000v(config)# no ssh key dsa
n1000v(config)# ssh server enable
This example shows how to remove all SSH server keys:
n1000v# config t
n1000v(config)# no ssh server enable
XML interface to system may become unavailable since ssh is disabled
n1000v(config)# no ssh key
n1000v(config)# ssh server enable
|
|
---|---|
show ssh key |
Displays the SSH server key information. |
ssh server enable |
Enables the SSH server. |
To enable the Secure Shell (SSH) server, use the ssh server enable command. To disable the SSH server, use the no form of this command.
ssh server enable
no ssh server enable
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
The NX-OS software supports SSH version 2.
This example shows how to enable the SSH server:
n1000v# config t
n1000v(config)# ssh server enable
This example shows how to disable the SSH server:
n1000v# config t
n1000v(config)# no ssh server enable
XML interface to system may become unavailable since ssh is disabled
|
|
---|---|
show ssh server |
Displays the SSH server key information. |
To set the operational state of a VLAN, use the state command. To disable state configuration, use the no form of this command.
state {active | suspend}
no state
active |
Specifies the active state. |
suspend |
Specifies the suspended state. |
None
VLAN configuration (config-vlan)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the operational state of a VLAN:
n1000v#
configure terminal
n1000v(config)# vlan 10
n1000v(config-vlan)# state active
n1000v(config-vlan)#
This example shows how to disable state configuration:
n1000v#
configure terminal
n1000v(config)# vlan 10
n1000v(config-vlan)# no state
n1000v(config-vlan)#
|
|
---|---|
show vlan |
Displays VLAN information. |
To set the operational state of a port profile, use the state command.
state enabled
enabled |
Enables or disables the port profile. |
Disabled
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enable or disable the operational state of a port profile:
n1000v#
configure terminal
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# state enabled
n1000v(config-port-prof)#
|
|
---|---|
show port-profile |
Displays port profile information. |
To collect statistics for each ACL entry, use the statistics per-entry command. To remove statistics, use the no form of this command.
statistics per-entry
no statistics per-entry
This command has no arguments or keywords.
No statistics are collected.
ACL configuration (config-acl)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to collect statistics for each ACL entry:
n1000v# configure terminal
n1000v(config)# ip access-list 1
n1000v(config-acl)# statistics per-entry
n1000v(config-acl)#
This example shows how to remove statistics:
n1000v# configure terminal
n1000v(config)# ip access-list 1
n1000v(config-acl)# no statistics per-entry
n1000v(config-acl)#
|
|
---|---|
show statistics |
Displays statistics. |
To configure interface port channel subgroup assignment, use the sub-group command. To remove this configuration, use the no form of this command.
sub-group {cdp | manual}
no sub-group
None
Interface configuration (config-if)
network-admin
|
|
4.0 |
This command was introduced. |
4.0(4)SV1(2) |
The manual keyword was added. |
Use this command to identify the port channel as being in vPC-HM, which requires traffic to be managed separately for each upstream switch connected to the member ports. If the upstream switches have CDP enabled, the Cisco Nexus 1000V can use this information to automatically assign subgroups. If the upstream swiches do not have CDP enabled, then you must configure subgroups manually.
This command overrides any subgroup configuration specified in the port-profile inherited by the port channel interface.
This example shows how to configure a subgroup type for a port channel interface:
h1000v# config t
n1000v(config)# interface port-channel 1
n1000v(config-if)# sub-group cdp
This example shows how to remove the configuration:
h1000v# config t
n1000v(config)# interface port-channel 1
n1000v(config-if)# no sub-group
|
|
---|---|
show interface port channel channel-number |
Displays port-channel information. |
To configure subgroup IDs for Ethernet member ports of vPC-HM, use the sub-group-id command. To remove the subgroup IDs, use the no form of this command.
sub-group-id group_id
no sub-group-id
group_id |
Subgroup ID number. Range is from 0 to 31. |
None
Interface configuration (config-if)
network-admin
|
|
4.0 |
This command was introduced. |
4.0(4)SV1(2) |
The number of subgroups was increased to 32. |
This example shows how to configure an Ethernet member port on subgroup 5:
n1000v# config t
n1000v(config)# interface Ethernet 3/2
n1000v(config-if)# sub-group-id 1
This example shows how to remove the configuration:
n1000v# config t
n1000v(config)# interface Ethernet 3/2
n1000v(config-if)# no sub-group-id
|
|
---|---|
show interface ethernet slot/port |
Displays information about Ethernet interfaces. |
To enable an SVS connection, use the svs connection command. To disable an SVS connection, use the no form of this command.
svs connection name
no svs connection name
name |
Connection name. |
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
Only one SVS connection can be enabled per session.
This example shows how to enable an SVS connection:
n1000v#
configure terminal
n1000v(config)# svs connection conn1
n1000v(config-svs-conn)#
This example shows how to disable an SVS connection:
n1000v#
configure terminal
n1000v(config)# no svs connection conn1
n1000v(config)#
|
|
---|---|
show svs |
Displays SVS information. |
To configure an SVS domain and enter SVS domain configuration mode, use the svs-domain command.
svs-domain
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enter SVS domain configuration mode to configure an SVS domain:
n1000v#
configure terminal
n1000v(config)# svs-domain
n1000v(config-svs-domain)#
|
|
---|---|
show svs |
Displays SVS information. |
To transfer licenses from a specified source VEM to another VEM, or to transfer an unused license to the VSM license pool, use the svs license transfer src-vem command.
svs license transfer src-vem module number [ dst-vem module number | license_pool ]
dst-vem module-number |
Specifies the VEM to receive the transferred license. |
license_pool |
Transfers a license back to the VSM license pool. |
None
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
•Licenses cannot be transferred to a VEM unless there are sufficient licenses in the pool for all CPUs on that VEM.
•When licenses are successfully transferred from one VEM to another, then the following happens:
–The virtual Ethernet interfaces on the source VEM are removed from service.
–The virtual Ethernet interfaces on the destination VEM are brought into service.
•When licenses are successfully transferred from a VEM to the VSM license pool, then the following happens:
–The virtual Ethernet interfaces on the source VEM are removed from service.
This example shows how to transfer a license from VEM 3 to VEM 5, and then display the license configuration:
n1000v# config t
n1000v(config)# svs license transfer src-vem 3 dst-vem 5
n1000v(config)# show license usage NEXUS1000V_LAN_SERVICES_PKG
Application
-----------
VEM 5 - Socket 1
VEM 5 - Socket 2
VEM 4 - Socket 1
VEM 4 - Socket 2
-----------
n1000v#
This example shows how to transfer a license from VEM 3 to the VSM license pool, and then display the license configuration:
n1000v# config t
n1000v(config)# svs license transfer src-vem 3 license_pool
n1000v(config)# show license usage NEXUS1000V_LAN_SERVICES_PKG
Application
-----------
VEM 4 - Socket 1
VEM 4 - Socket 2
-----------
n1000v#
To enable volatile licenses so that, whenever a VEM is taken out of service, its licenses are returned to the VSM pool of available licenses, use the svs license volatile command. To disable volatile licenses, use the no form of this command.
svs license volatile
no svs license volatile
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enable the volatile license feature for a VSM:
n1000v(config)# svs license volatile
n1000v(config)#
This example shows how to disable the volatile license feature for a VSM:
n1000v(
config)#
no svs license volatile
To configure a transport mode for control and packet traffic in the virtual supervisor module (VSM) domain, use the svs mode command.
svs mode {L2 | L3 interface {mgmt0 | control0}}
Layer 2 mode
SVS domain configuration (config-svs-domain)
network-admin
|
|
4.0(4)SV1(2) |
This command was introduced. |
If you use mgmt0 as the Layer 3 control interface, then in the VSM VM, Ethernet adapters 1 and 3 are not used.
If you use control0 as the Layer 3 control interface, then in the VSM VM, Ethernet adapter 3 is not used.
This example shows how to configure mgmt0 as the Layer 3 transport interface for the VSM domain:
n1000v# config t
n1000v(config)# svs-domain
n1000v(config-svs-domain)# svs mode l3 interface mgmt0
n1000v(config-svs-domain)#
|
|
---|---|
show svs-domain |
Displays the VSM domain configuration. |
svs-domain |
Creates and configures the VSM domain. |
To configure the hostname for the device, use the switchname command. To revert to the default, use the no form of this command.
switchname name
no switchname
name |
Name for the device. The name is alphanumeric, case sensitive, can contain special characters, and can have a maximum of 32 characters. |
switch
Global configuration (config)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
The Cisco NX-OS software uses the hostname in command-line interface (CLI) prompts and in default configuration filenames.
The switchname command performs the same function as the hostname command.
This example shows how to configure the device hostname:
n1000v# configure terminal
n1000v(config)# switchname Engineering2
Engineering2(config)#
This example shows how to revert to the default device hostname:
Engineering2# configure terminal
Engineering2(config)# no switchname
n1000v(config)#
|
|
---|---|
hostname |
Configures the device hostname. |
show switchname |
Displays the device hostname. |
To set the access mode of an interface, use the switchport access vlan command. To remove access mode configuration, use the no form of this command.
switchport access vlan id
no switchport access vlan
id |
VLAN identification number. The range of valid values is 1 to 3967. |
Access mode is not set.
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the access mode of an interface:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# switchport access vlan 10
n1000v(config-if)#
This example shows how to remove access mode configuration:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# no switchport access vlan
n1000v(config-if)#
|
|
---|---|
show interface |
Displays interface information. |
To set the port mode of an interface, use the switchport mode command. To remove the port mode configuration, use the no form of this command.
switchport mode {access | private-vlan {host | promiscuous} | trunk}
no switchport mode {access | private-vlan {host | promiscuous} | trunk}
Switchport mode is not set.
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the port mode of an interface:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# switchport mode private-vlan host
n1000v(config-if)#
This example shows how to remove mode configuration:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# no switchport mode private-vlan host
n1000v(config-if)#
|
|
---|---|
show interface |
Displays interface information. |
To set the port security characteristics of an interface, use the switchport port-security command. To remove the port security configuration, use the no form of this command.
switchport port-security [aging {time time | type {absolute | inactivity}} | mac-address {address [vlan id] |sticky} | maximum number [vlan id] | violation {protect | shutdown}]
no switchport port-security [aging {time time | type {absolute | inactivity}} | mac-address {address [vlan id] |sticky} | maximum number [vlan id] | violation {protect | shutdown}]}
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the port security aging inactivity timer:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# switchport port-security aging type inactivity
n1000v(config-if)#
This example shows how to remove the port security aging inactivity timer:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# no switchport port-security aging type inactivity
n1000v(config-if)#
|
|
---|---|
show interface |
Displays interface information. |
show port-security |
Displays port security information. |
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan host-association
primary-vlan-id |
Number of the primary VLAN of the private VLAN relationship. |
secondary-vlan-id |
Number of the secondary VLAN of the private VLAN relationship. |
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
This example shows how to configure a host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
n1000v(config-if)#
switchport private-vlan host-association 18 20
n1000v(config-if)#
This example shows how to remove the private VLAN association from the port:
n1000v(config-if)#
no switchport private-vlan host-association
n1000v(config-if)#
|
|
---|---|
show vlan private-vlan [type] |
Displays information on private VLANs. |
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping {primary-vlan-id} {[add] secondary-vlan-list | remove secondary-vlan-list}
no switchport private-vlan mapping
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
This example shows how to configure the associate primary VLAN 18 to secondary isolated VLAN 20 on a private VLAN promiscuous port:
n1000v(config-if)#
switchport private-vlan mapping 18 20
n1000v(config-if)#
This example shows how to add a VLAN to the association on the promiscuous port:
n1000v(config-if)#
switchport private-vlan mapping 18 add 21
n1000v(config-if)#
This example shows how to remove the all private VLAN association from the port:
n1000v(config-if)#
no switchport private-vlan mapping
n1000v(config-if)#
To designate the primary private VLAN, use the switchport private-vlan trunk mapping trunk command. To remove the primary private VLAN, use the no form of this command.
switchport private-vlan trunk native vlan id
no switchport private-vlan trunk native vlan
id |
VLAN identification number. The range of valid values is 1 to 3967. |
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
When you use this command, you must either add a secondary VLAN, or remove a VLAN.
This example shows how to designate the primary private VLAN:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# n1000v(config-if)# switchport private-vlan mapping trunk 10 add 11
n1000v(config-if)#
This example shows how to remove the primary private VLAN:
n1000v#
configure terminal
n1000v(config)# interface vethernet 1
n1000v(config-if)# n1000v(config-if)# no switchport private-vlan mapping trunk 10
n1000v(config-if)#
|
|
---|---|
show vlan |
Displays VLAN information. |
To set the list of allowed VLANs on the trunking interface, use the switchport trunk allowed vlan command. To allow all VLANs on the trunking interface, use the no form of this command.
switchport trunk allowed vlan {vlan-list | all | none | [add | except | remove {vlan-list}]}
no switchport trunk allowed vlan
All VLANs
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport trunk allowed vlan command. This action is required only if you have not entered the switchport command for the interface.
If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic in VLAN 1.
This example shows how to add a series of consecutive VLANs to the list of allowed VLANs on a trunking port:n1000v
n1000v(config-if)#
switchport trunk allowed vlan add 40-50
n1000v(config-if)#
|
|
---|---|
show interface switchport |
Displays the administrative and operational status of a switching (nonrouting) port. |
To configure trunking parameters on an interface, use the switchport trunk native vlan command. To remove the configuration, use the no form of this command.
switchport trunk native vlan id
no switchport trunk native vlan
id |
VLAN identification number. The range of valid values is 1 to 3967. |
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to con1000vnfigure trunking n1000vparameters on an interface:
n1000v# configure terminal
n1000v(config)# interface vethernet 10
n1000v(config-if)# switchport trunk native vlan 20
n1000v(config-if)#
|
|
---|---|
show vlan |
Displays VLAN information. |
To configure a system-wide jumbo frame size, specifying the maximum frame size that Ethernet ports can process, use the system jumbomtu command.
system jumbomtu size
size |
Size, in bytes, of the Layer 2 Ethernet interface jumbo maximum transmission unit (MTU). Frames larger than this are dropped. The setting must be an even number between 1500 and 9000 bytes. |
9000 bytes
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
•For transmissions to occur between two ports, you must configure the same MTU size for both ports.
•A port drops any frames that exceed its MTU size.
•If you do not configure a system jumbo MTU size, it defaults to 1500 bytes.
•For a Layer 2 port, you can configure an MTU size as the system default of 1500 bytes or the system default jumbo MTU size of 9000 bytes.
•If you change the system jumbo MTU size, Layer 2 ports automatically use the system default MTU size of 1500 bytes unless you specifically configure the MTU size differently per port.
This example shows how to configure a system-wide maximum frame size of 8000 bytes:
n1000v# config t
n1000v(config)# system jumbomtu 8000
n1000v#
To configure a redundancy role for the VSM, use the system redundancy role command. To revert to the default setting, use the no form of the command.
system redundancy role {primary | secondary | standalone}
no system redundancy role {primary | secondary | standalone}
primary |
Specifies the primary redundant VSM. |
secondary |
Specifies the secondary redundant VSM. |
standalone |
Specifies no redundant VSM. |
None
EXEC
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure no redundant VSM:
n1000v# system redundancy role standalone
n1000v#
|
|
---|---|
show system redundancy |
Displays the system redundancy status. |
To switch over to the standby supervisor, use the system switchover command.
system switchover
This command has no arguments or keywords.
None
EXEC
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to switch over to the standby supervisor:
n1000v# system n1000vover
n1000v#
|
|
---|---|
show system redundancy |
Displays the system redundancy status. |
To change the software version supported on VEMs, use the system update vem feature level command.
system update vem feature level [version_number]
version_number |
(Optional) version number index from the list above. |
None
Any
network-admin
|
|
4.0(4)SV1(2) |
This command was introduced. |
This example shows how to change the software version supported:
n1000v#
system update vem feature level
Error : the feature level is set to the highest value possible
n1000v#
|
|
---|---|
show system vem feature level |
Displays the current software release supported. |
To add the system VLAN to a port profile, use the system vlan command. To remove the system VLAN from a port profile, use the no form of this command.
system vlan vlan-id-list
no system vlan
vlan-id-list |
List of VLAN IDs, separated by commas. The allowable range is 1-3967 and 4048-4093. |
None
Port profile configuration (config-port-prof)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
A system VLAN is used to configure and bring up physical or vEthernet ports before the Virtual Supervisor Module (VSM) has established communication with the Virtual Ethernet Module (VEM).
This example shows how to add system VLANs 260 and 261 to the port profile:
n1000v# config t
n1000v (config)# port-profile system-uplink
n1000v(config-port-prof)# system vlan 260, 261
n1000v(config-port-prof)#
This example shows how to remove all system VLANs from the port profile:
n1000v# config t
n1000v (config)# port-profile system-uplink
n1000v(config-port-prof)# no system vlan
n1000v(config-port-prof)#