Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4)
F Commands
Downloads: This chapterpdf (PDF - 217.0KB) The complete bookPDF (PDF - 12.84MB) | Feedback

F Commands

Table Of Contents

F Commands

feature dhcp

feature http-server

feature lacp

feature http-server

feature netflow

feature port-profile-roles

feature private-vlan

feature ssh

feature tacacs+

feature telnet

filter vlan

find

flow exporter

flow monitor

flow record

from (table map)


F Commands


This chapter describes the Cisco Nexus 1000V commands that begin with the letter F.

feature dhcp

To enable the DHCP feature globally, use the feature dhcp command. To disable DHCP, use the no form of this command.

feature dhcp

no feature dhcp

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Examples

This example shows how to enable DHCP globally:

n1000v# configure terminal 
n1000v(config)# feature dhcp
n1000v(config)# 
 
   

This example shows how to disable DHCP globally:

n1000v# configure terminal 
n1000v(config)# no feature dhcp
n1000v(config)# 

Related Commands

Command
Description

show feature

Displays the features available, such as DHCP, and whether they are enabled.

ip dhcp snooping trust

Configures an interface as a trusted source of DHCP messages.

ip dhcp snooping vlan

Enables DHCP snooping on the specified VLANs.

show ip dhcp snooping

Displays general information about DHCP snooping.


feature http-server

To enable the HTTP server, use the feature http-server command. To disable the HTTP server, use the no form of this command.

feature http-server

no feature http-server

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

VUM will not install VEMs if the HTTP server is disabled.

The HTTP server must be enabled in order to get the Cisco Nexus 1000V XML plugin from the VSM.

Examples

This example shows how to enable the HTTP server:

n1000v# config t
n1000v(config)# feature http-server
 
   

This example shows how to disable the HTTP server:

n1000v# config t
n1000v(config)# no feature http-server

Related Commands

Command
Description

show http-server

Displays the HTTP server configuration.

show feature

Displays the features available, such as LACP, and whether they are enabled.


feature lacp

To enable LACP support for port channels, use the feature lacp command. To disable it, use the no form of this command.

feature lacp

no feature lacp

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

You cannot configure LACP for a port channel without first enabling LACP using the command, feature lacp.

Examples

This example shows how to turn on LACP for port channels:

n1000v# config t
n1000v(config)# feature lacp
 
   

This example shows how to turn off LACP for port channels:

n1000v(config)# no feature lacp
 
   

Related Commands

Command
Description

show feature

Displays the features available and whether they are enabled.

show port-channel summary

Displays a summary for the port channel interfaces.

interface

Configures an interface.

channel-group

Configures a channel group on an interface.

port-profile

Configures a port profile.

channel-group auto

Configures a channel group on a port profile.

lacp offload

Offloads LACP management from the VSM to the VEMs.


feature http-server

To enable the HTTP server, use the feature http-server command. To disable the HTTP server, use the no form of this command.

feature http-server

no feature http-server

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

VUM will not install VEMs if the HTTP server is disabled.

The HTTP server must be enabled in order to get the Cisco Nexus 1000V XML plugin from the VSM.

Examples

This example shows how to enable the HTTP server:

n1000v# config t
n1000v(config)# feature http-server
 
   

This example shows how to disable the HTTP server:

n1000v# config t
n1000v(config)# no feature http-server

Related Commands

Command
Description

show http-server

Displays the HTTP server configuration.

show feature

Displays the features available, such as LACP, and whether they are enabled.


feature netflow

To enable the NetFlow, use the feature netflow command. To disable the feature, use the no form of this command.

feature netflow

no feature netflow

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Be aware of resource requirements since NetFlow consumes additional memory and CPU resources.

Memory and CPU resources are provided by the VEM hosting the flow monitor interface. Resources are limited by the number of CPU cores present on the VEM.

Examples

This example shows how to enable NetFlow:

n1000v# config t
n1000v(config)# feature netflow
 
   

This example shows how to disable NetFlow:

n1000v# config t
n1000v(config)# no feature netflow

Related Commands

Command
Description

show ssh server

Displays the SSH server configuration.

flow record

Creates a NetFlow flow record.

flow exporter

Creates a NetFlow flow exporter.

flow moniter

Creates a NetFlow flow monitor.

show flow record

Displays information about NetFlow flow records.

show flow exporter

Displays information about NetFlow flow exporters.

show flow monitor

Displays information about NetFlow flow monitors.


feature port-profile-roles

To enable port profile roles to restrict user and group access, use the feature port-profile-roles command. To disable it, use the no form of this command.

feature port-profile-roles

no feature port-profile-roles

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

When the port profile roles feature is disabled, all users on vCenter lose access to the port groups.

Examples

This example shows how to enable the port profile roles feature to restrict visibility to specific port groups:

n1000v(config)# feature port-profile-roles
n1000v(config)# 
 
   

This example shows how to disable the port profile roles feature:

n1000v(config)# no feature port-profile-roles
n1000v(config)# 

Related Commands

Command
Description

show port-profile-role

Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups.

show port-profile-role users

Displays available users and groups.

show port-profile

Displays the port profile configuration, including roles assigned to them.

show feature

Displays features available, such as LACP or Port Profile Roles and whether they are enabled.

port-profile-role

Creates a port profile role.

user

Assigns a user to a port profile role.

group

Assigns a group to a port profile role.

assign port-profile-role

Assigns a port profile role to a specific port profile.

feature port-profile-role

Enables support for the restriction of port profile roles.


feature private-vlan

To enable the private VLAN feature, use the feature private-vlan command. To disable the feature, use the no form of this command.

feature private-vlan

no feature private-vlan

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Be aware of resource requirements since NetFlow consumes additional memory and CPU resources.

Memory and CPU resources are provided by the VEM hosting the flow monitor interface. Resources are limited by the number of CPU cores present on the VEM.

Examples

This example shows how to enable the private VLAN feature:

n1000v# config t
n1000v(config)# feature private-vlan
 
   

This example shows how to disable the private VLAN feature:

n1000v# config t
n1000v(config)# no feature private-vlan

Related Commands

Command
Description

show vlan private-vlan

Displays the private VLAN configuration.

private-vlan

Configures a VLAN as a private VLAN.


feature ssh

To enable the secure shell (SSH) server, use the feature ssh command. To disable the server, use the no form of this command.

feature ssh

no feature ssh

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Before enabling SSH, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.

Examples

This example shows how to enable the SSH server:

n1000v# config t
n1000v(config)# feature ssh
 
   

This example shows how to disable the SSH server:

n1000v# config t
n1000v(config)# no feature ssh

Related Commands

Command
Description

show ssh server

Displays the SSH server configuration.

ssh key

Generates an SSH server key.

ssh

Creates and starts an SSH server session.

show feature

Displays the features available, such as the SSH server, and whether they are enabled.


feature tacacs+

To enable the TACACS+ server, use the feature tacacs+ command. To disable the server, use the no form of this command.

feature tacacs+

no feature tacacs+

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Examples

This example shows how to enable TACACS+:

n1000v# config t
n1000v(config)# feature tacacs+
 
   

This example shows how to disable TACACS+:

n1000v# config t
n1000v(config)# no feature tacacs+

Related Commands

Command
Description

tacacs-server key

Designates the global key shared between the Cisco Nexus 1000V and the TACACS+ server hosts.

tacacs-server host

Designates the key shared between the Cisco Nexus 1000V and this specific TACACS+ server host.

show tacacs-server

Displays the TACACS+ server configuration.

show feature

Displays the features available, such as TACACS+, and whether they are enabled.


feature telnet

To enable the Telnet server, use the feature telnet command. To disable the Telnet server, use the no form of this command.

feature telnet

no feature telnet

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.


Usage Guidelines

Before enabling Telnet, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.

Examples

This example shows how to enable the Telnet server:

n1000v# config t
n1000v(config)# feature telnet
 
   

This example shows how to disable the Telnet server:

n1000v# config t
n1000v(config)# no feature telnet

Related Commands

Command
Description

show telnet server

Displays the Telnet server configuration.

telnet

Creates and configures a telnet session.

show feature

Displays the features available, such as the Telnet server, and whether they are enabled.


filter vlan

To configure a filter from the source VLANs for a specified Switch Port Analyzer (SPAN) session, use the filter vlan command. To remove the filter, use the no form of this command.

filter vlan {number | range}

no filter vlan {number | range}

Syntax Description

number

Number of the VLAN associated with this filter.

range

Range of VLANs associated with this filter.


Defaults

None

Command Modes

CLI monitor configuration (config-monitor)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to configure the filter for VLAN IDs, 3, 4, 5, and 7:

n1000v# config t
n1000v(config)# monitor session 3
n1000v(config-monitor)# filter vlan 3-5, 7
n1000v(config-monitor)# 
 
   

This example shows how to remove the filter for VLAN ID 7:

n1000v# config t
n1000v(config)# monitor session 3
n1000v(config-monitor)# no filter vlan 7
n1000v(config-monitor)# 
 
   

Related Commands

Command
Description

monitor session

Creates a session with the given session number and places you in the CLI monitor configuration mode to further configure the session.

description

For the specified SPAN session, adds a description.

source

For the specified session, configures the sources and the direction of traffic to monitor.

destination interface

Configures the ports, for the specified session, to act as destinations for copied source packets.

no shut

Enables the SPAN session.

interface ethernet

Places you in CLI interface configuration mode for the specified interface.

switchport trunk allowed vlan

For the specified interface, configures the range of VLANs that are allowed on the interface.

show interface ethernet

Displays the interface trunking configuration for the selected slot and port or range of ports.


find

To find filenames beginning with a character string, use the find command.

find filename-prefix

Syntax Description

filename-prefix

First part or all of a filename. The filename prefix is case sensitive.


Defaults

None

Command Modes

Any

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

The find command searches all subdirectories under the current working directory. You can use the cd and pwd commands to navigate to the starting directory.

Examples

This example shows how to display filenames beginning with ospf:

n1000v# find ospf
/usr/bin/find: ./lost+found: Permission denied
./ospf-gr.cfg
./ospfgrconfig
./ospf-gr.conf
 
   

Related Commands

Command
Description

cd

Changes the current working directory.

pwd

Displays the name of the current working directory.


flow exporter

To create or modify a Flexible NetFlow flow exporter defining where and how Flow Records are exported to the NetFlow Collector Server, use the flow exporter command. To remove a flow exporter, use the no form of this command.

flow exporter exporter-name

no flow exporter exporter-name

Syntax Description

exporter-name

Name of the flow exporter that is created or modified.


Defaults

Flow exporters are not present in the configuration until you create them.

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

The following example shows how to create and configure FLOW-EXPORTER-1:

n1000v(config)# flow exporter FLOW-EXPORTER-1
n1000v(config-flow-exporter)# description located in Pahrump, NV
n1000v(config-flow-exporter)# destination A.B.C.D
n1000v(config-flow-monitor)# dscp 32
n1000v(config-flow-monitor)# source mgmt0
n1000v(config-flow-monitor)# transport udp 59
n1000v(config-flow-monitor)# version 9
 
   

The following example shows how to remove FLOW-EXPORTER-1:

n1000v(config)# no flow exporter FLOW-EXPORTER-1
n1000v(config)#

Related Commands

Command
Description

clear flow exporter

Clears the flow monitor.

show flow exporter

Displays flow monitor status and statistics.

description

Adds a description to a flow record, flow monitor, or flow exporter.

destination

Adds a destination IP address to a NetFlow flow exporter.

dscp

Adds a differentiated services codepoint (DSCP) to a flow exporter.

source mgmt

Adds the management interface to a flow exporter designating it as the source for NetFlow flow records.

transport udp

Adds a destination UDP port used to reach the NetFlow collector to a flow exporter.

version 9

Designates NetFlow export version 9 in the NetFlow exporter.


flow monitor

To create a Flexible NetFlow flow monitor, or to modify an existing Flexible NetFlow flow monitor, and enter Flexible NetFlow flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.

flow monitor monitor-name

no flow monitor monitor-name

Syntax Description

monitor-name

Name of the flow monitor that is created or modified.


Defaults

Flow monitors are not present in the configuration until you create them.

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor, and a cache that is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and non-key fields in the record which is configured for the flow monitor and stored in the flow monitor cache.

Once you enter the flow monitor configuration mode, the prompt changes to the following:

n1000v(config-flow-monitor)#
 
   

Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:

cache—Specifies the cache size, from 256 to 16384 entries.

description description—Provides a description for this flow monitor; maximum of 63 characters.

exit—Exits from the current configuration mode.

exporter name—Specifies the name of an exporter to export records.

no—Negates a command or sets its defaults.

record {record-name | netflow ipv4 collection-type | netflow-original}—Specifies a flow record to use as follows:

record-name—Name of a record.

netflow ipv4 collection-typeSpecifies the traditional IPv4 NetFlow collection schemes as follows:

original-input—Specifies the traditional IPv4 input NetFlow.

original-output—Specifies the traditional IPv4 output NetFlow

protocol-port—Specifies the protocol and ports aggregation scheme.

netflow-originalSpecifies the traditional IPv4 input NetFlow with origin autonomous systems.

timeout {active | inactive}—Specifies a flow timeout period as follows:

active—Specifies an active or long timeout in the range of 60 to 4092 seconds.

inactive—Specifies an inactive or normal timeout in the range of 15 to 4092 seconds.

The netflow-original and original-input keywords are the same and are equivalent to the following commands:

match ipv4 source address

match ipv4 destination address

match ip tos

match ip protocol

match transport source-port

match transport destination-port

match interface input

collect counter bytes

collect counter packet

collect timestamp sys-uptime first

collect timestamp sys-uptime last

collect interface output

collect transport tcp flags

The original-output keywords are the same as original-input keywords except for the following:

match interface output (instead of match interface input)

collect interface input (instead of collect interface output)

Examples

The following examples creates and configures a flow monitor named FLOW-MONITOR-1:

n1000v(config)# flow monitor FLOW-MONITOR-1
n1000v(config-flow-monitor)# description monitor location las vegas, NV
n1000v(config-flow-monitor)# exporter exporter-name1
n1000v(config-flow-monitor)# record test-record
n1000v(config-flow-monitor)# netflow ipv4 original-input

Related Commands

Command
Description

clear flow monitor

Clears the flow monitor.

show flow monitor

Displays flow monitor status and statistics.


flow record

To create a Flexible NetFlow flow record, or to modify an existing Flexible NetFlow flow record, and enter Flexible NetFlow flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.

flow record record-name

no flow record record-name

Syntax Description

record-name

Name of the flow record that is created or modified.


Defaults

Flow records are not present in the configuration until you create them.

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

Flexible NetFlow uses key and non-key fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow a combination of key and non-key fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.

Once you enter the flow record configuration mode, the prompt changes to the following:

n1000v(config-flow-record)#
 
   

Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:

collect—Specifies a non-key field. See the collect command for additional information.

description description—Provides a description for this flow record; maximum of 63 characters.

exit—Exits from the current configuration mode.

matchSpecifies a key field. See the match command for additional information.

no—Negates a command or sets its defaults.

Cisco NX-OS enables the following match fields by default when you create a flow record:

match interface input

match interface output

match flow direction

Examples

The following example creates a flow record named FLOW-RECORD-1, and enters Flexible NetFlow flow record configuration mode:

n1000v(config)# flow record FLOW-RECORD-1
n1000v(config-flow-record)#

Related Commands

Command
Description

clear flow monitor

Clears the flow monitor.

flow monitor

Creates a flow monitor.

show flow monitor

Displays flow monitor status and statistics.


from (table map)

To map input field values to output field values in a QoS table map, use the from command.

from source-value to dest-value

Syntax Description

source-value

Specifies the source value in the range from 0 to 63.

dest-value

Specifies the destination value in the range from 0 to 63.


Defaults

None

Command Modes

Table map configuration (config-tmap)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to create a mapping from three source values to the corresponding destination values:

n1000v(config)# table-map cir-markdown-map
n1000v(config-tmap)# from 0 to 7
n1000v(config-tmap)# from 1 to 6
n1000v(config-tmap)# from 2 to 5
 
   

Related Commands

Command
Description

show table-map

Displays QoS table maps.

table-map

Creates or modifies a QoS table map.