The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with T.
To create or modify a QoS table map, use the table-map command. To remove the table map, use the no form of this command.
|
|
This example shows how to create or access the my_table1 table map for configuration:
This example shows how to remove the my_table1 table map:
|
|
---|---|
Maps input field values to output field values in a QoS table map. |
|
Creates or modifies a QoS class map that defines a class of traffic. |
To generate troubleshooting information in a compressed file format for TAC. You can specify the target location where the file is saved using the command parameter.
tac-pac {bootflash | ftp | modflash | scp | sftp | tftp | volatile}
Note Before you open a TAC case, always generate troubleshooting information file using the tac-pac command along with feature specific command outputs and attach the files to the case. The troubleshooting information contains complete information for the Cisco TAC engineers to understand the issue. The troubleshooting information file, in compressed file format, is easier to share and transfer.
|
|
This example shows how generate troubleshooting information file for TAC and save it in the bootflash:
This example shows how generate troubleshooting information file for TAC and save it in the volatile memory:
You can copy the troubleshooting information file to bootflash, FTP, or TFTP server using the copy command. For example:
|
|
---|---|
To enable TACACS+, use the tacacs+ enable command. To disable TACACS+, use the no form of this command.
|
|
This example shows how to enable TACACS+:
This example shows how to disable TACACS+:
To set a periodic time interval where a nonreachable (nonresponsive) TACACS+ server is monitored for responsiveness, use the tacacs-server deadtime command. To disable the monitoring of the nonresponsive TACACS+ server, use the no form of this command.
tacacs -server deadtime minutes
no tacacs -server deadtime minutes
Specifies the time interval in minutes. The range is from 1 to 1440. |
|
|
Setting the time interval to zero disables the timer. If the dead-time interval for an individual TACACS+ server is greater than zero (0), that value takes precedence over the value set for the server group.
When the dead-time interval is 0 minutes, TACACS+ server monitoring is not performed unless the TACACS+ server is part of a server group and the dead-time interval for the group is greater than 0 minutes.
In global configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable command, before you can use any of the other TACACS+ commands to configure the feature.
This example shows how to configure the dead-time interval and enable periodic monitoring:
This example shows how to revert to the default dead-time interval and disable periodic monitoring:
|
|
---|---|
Sets a dead-time interval for monitoring a nonresponsive TACACS+ server. |
|
To allow users to send authentication requests to a specific TACACS+ server when logging in, use the radius-server directed request command. To revert to the default, use the no form of this command.
tacacs -server directed-request
no tacacs -server directed-request
|
|
In global configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable command, before you can use any of the other TACACS+ commands to configure the feature.
The user can specify the username@vrfname : hostname during login, where vrfname is the virtual routing and forwarding (VRF) name to use and hostname is the name of a configured TACACS+ server. The username is sent to the server name for authentication.
Note If you enable the directed-request option, the NX-OS device uses only the RADIUS method for authentication and not the default local method.
This example shows how to allow users to send authentication requests to a specific TACACS+ server when logging in:
This example shows how to disallow users to send authentication requests to a specific TACACS+ server when logging in:
|
|
---|---|
To configure TACACS+ server host parameters, use the tacacs-server host command in configuration mode. To revert to the defaults, use the no form of this command.
tacacs-server host { hostname | ipv4-address | ipv6-address }
[ key [ 0 | 7 ] shared-secret ] [ port port-number ]
[ test { idle-time time | password password | username name }]
[ timeout seconds ]
no tacacs-server host { hostname | ipv4-address | ipv6-address }
[ key [ 0 | 7 ] shared-secret ] [ port port-number ]
[ test { idle-time time | password password | username name }]
[ timeout seconds ]
|
|
|
|
You must use the tacacs+ enable command before you configure TACACS+.
When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.
This example shows how to configure TACACS+ server host parameters:
|
|
---|---|
To configure a global TACACS+ shared secret key, use the tacacs-server key command. To removed a configured shared secret, use the no form of this command.
tacacs-server key [ 0 | 7 ] shared-secret
no tacacs-server key [ 0 | 7 ] shared-secret
|
|
You must configure the TACACS+ preshared key to authenticate the device on the TACACS+ server. The length of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all TACACS+ server configurations on the device. You can override this global key assignment by using the key keyword in the tacacs-server host command.
You must use the tacacs+ enable command before you configure TACACS+.
The following example shows how to configure TACACS+ server shared keys:
|
|
---|---|
To specify the time between retransmissions to the TACACS+ servers, use the tacacs-server timeout command. To revert to the default, use the no form of this command.
no tacacs-server timeout seconds
Seconds between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds. |
|
|
You must use the tacacs+ enable command before you configure TACACS+.
This example shows how to configure the TACACS+ server timeout value:
This example shows how to revert to the default TACACS+ server timeout value:
|
|
---|---|
To display the last lines of a file, use the tail command.
tail [ filesystem : [ // module / ]][ directory / ] filename lines ]
|
|
---|---|
This example shows how to display the last 10 lines of a file:
This example shows how to display the last 20 lines of a file:
|
|
---|---|
To create a Telnet session, use the telnet command.
telnet { ipv4-address | hostname } [ port-number ] [ vrf vrf-name ]
|
|
To use this command, you must enable the Telnet server using the feature telnet command.
This example shows how to start a Telnet session using an IPv4 address:
|
|
---|---|
To designate a timeout period for resending NetFlow template data, use the template data timeout command. To remove the timeout period, use the no form of this command.
Netflow flow exporter version 9 configuration (config-flow-exporter-version-9)
|
|
This example shows how to configure a 3600-second timeout period for resending NetFlow flow exporter template data:
n1000v#
config t
This example shows how to remove the timeout period for resending NetFlow flow exporter template data:
n1000v#
config t
|
|
---|---|
Designates NetFlow export version 9 in the NetFlow exporter. |
To bypass the CLI event manager, use the terminal event-manager bypass command.
terminal event-manager byp ass
network-admin
network-operator
|
|
This example shows how to disable the CLI event manager:
|
|
---|---|
To set the number of lines that appear on the screen, use the terminal length command.
network-admin
network-operator
|
|
This example shows how to set the number of lines that appear on the screen:
n1000v#
terminal length 60
n1000v#
|
|
---|---|
To enable logging for Telnet or Secure Shell (SSH), use the terminal monitor command. To disable logging, use the no form of this command.
|
|
This command does not disable all messages from being printed to the console. Messages such as “module add” and “remove events” will still be logged to the console.
This example shows how to enable logging for Telnet or SSH:
|
|
---|---|
To set session timeout, use the terminal session-timeout command.
Timeout time, in seconds. The range of valid values is 0 to 525600. |
network-admin
network-operator
|
|
This example shows how to set session timeout:
n1000v#
terminal session-timeout 100
n1000v#
|
|
---|---|
To specify the terminal type, use the terminal terminal-type command.
network-admin
network-operator
|
|
This example shows how to specify the terminal type:
n1000v#
terminal terminal-type vt100
n1000v#
|
|
---|---|
To update the main parse tree, use the terminal tree-update command.
network-admin
network-operator
|
|
This example shows how to update the main parse tree:
n1000v#
terminal tree-update
n1000v#
|
|
---|---|
To set terminal width, use the terminal width command.
Number of characters on a single line. The range of valid values is 24 to 511. |
network-admin
network-operator
|
|
This example shows how to set terminal width:
n1000v#
terminal width 60
n1000v#
|
|
---|---|
To test for AAA on a RADIUS server or server group, use the test aaa command.
test aaa { group group-name user-name password | server radius address { user-name password | vrf vrf-name user-name password ]}}
AAA server group name. The range of valid values is 1 to 32. |
|
network-admin
network-operator
|
|
This example shows how to test for AAA on RADIUS server:
n1000v#
|
|
---|---|
To configure Keepalive interval timer and holdtimer for bgp, use the timers bgp <keepalive-timer> <hold-timer> command.
timers bgp <keepalive-timer> <hold-timer>
network-admin
network-operator
|
|
This example shows how to configure Keepalive interval timer and holdtimer for bgp:
n1000v(config-router)# timers bgp 180 180
|
|
---|---|
To enable Network State Tracking for all VEMs configured with a vPC-HM port-profile, use the track network-state enable command. To disable Network State Tracking, use the no form of this command.
|
|
This example shows how to enable Network State Tracking for all VEMs configured with a vPC-HM port-profile:
n1000v# config t
n1000v(
config)#
track network-state enable
n1000v(
config)#
This example shows how to disable Network State Tracking:
n1000v(
config)#
no track network-state
n1000v(
config)#
To specify an interval of time, from 1 to 10 seconds, between which Network State Tracking broadcasts are sent to pinpoint link failure on a port channel configured for vPC-HM, use the track network-state interval command. To remove the configured interval, use the no form of this command.
track network-state interval intv
no track network-state interval
Broadcast interval (from 1 to 10 seconds). The default is 5 seconds. |
|
|
This example shows how to specify an interval for sending broadcasts:
n1000v(
config)#
track network-state interval 8
n1000v(
config)#
This example shows how to remove the broadcast interval configuration:
n1000v(
config)#
no track network-state interval
n1000v(
config)#
To specify the maximum number of Network State Tracking broadcasts that can be missed consecutively before a split network is declared, use the track network-state threshold miss-count command. To remove the configuration, use the no form of this command.
track network-state threshold miss-count count
no track network-state threshold miss-count
Specifies the number of Network State Tracking broadcasts that can be missed from 3 to 7. The default is 5. |
|
|
This example shows how to configure the maximum number of Network State Tracking broadcasts that can be missed:
n1000v# config t
n1000v(
config)#
network-state tracking threshold miss-count 7
n1000v(
config)#
This example shows how to remove the configuration:
n1000v(
config)# no
network-state tracking threshold miss-count
n1000v(
config)#
To specify the action to take if a split network is detected by Network State Tracking, use the track network-state split action command. To remove the configuration, use the no form of this command.
track network-state split action
no track network-state split action
|
|
This example shows how to specify the action to take if Network State Tracking detects a split network:
n1000v# config t
n1000v(config)# track network-state split action repin
This example shows how to remove the configuration:
n1000v(
config)# no
track network-state split action repin
n1000v(
config)#
To discover the routes that packets take when traveling to an IPv4 address, use the traceroute command.
traceroute { dest-ipv4-addr | hostname } [ vrf vrf-name ] [ show-mpls-hops ] [ source src-ipv4-addr ]
Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
|
|
---|---|
To use IPv6 addressing for discovering the route to a device, use the traceroute6 command.
This example shows how to discover a route to a device:
|
|
---|---|
Configures VXLAN termination or a VTEP on the VXLAN gateway. Creating VTEP port-profile is similar to the steps described under Configuring vmknics for VXLAN Encapsulation except the vmware port-group command which is not supported on the VXLAN gateway.
[no] transport ip address A.B.C.D gateway A.B.C.D
Note Starting with Release 5.2(1)SV3(1.15), Cisco Nexus 1000V for VMware vSphere does not support the VXLAN gateway feature.
Port-profile configuration (config-port-prof)
|
|
---|---|
Configures VXLAN termination or a VTEP on the VXLAN gateway.
This example shows how to configure transport ip address:
n1000v(config)# port-profile type vethernet vmknic_vtep
n1000v(config-port-prof)# transport ip address 192.168.10.100 255.255.255.0 gateway 192.168.10.1
This example shows how to remove transport ip address:
n1000v(config)# port-profile type vethernet vmknic_vtep
n1000v(config-port-prof)# no transport ip address 192.168.10.100 255.255.255.0 gateway 192.168.10.1
To add a destination UDP port from the NetFlow exporter to the collector, use the transport udp command. To remove the port, use the no form of this command.
Netflow flow exporter configuration ( config-flow-exporter)
|
|
This example shows how to add UDP 200 to the flow exporter:
This example shows how to remove UDP 200 from the flow exporter:
|
|
---|---|
To define the network segmentation policy type, use the type command. To remove the network segmentation policy type, use the no form of this command.
Network Segment Policy configuration (config-network-segment-policy)
|
|
The policy type can be Segmentation or VLAN. For segmentation policy, VXLAN is used. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV2(1.1).
The policy type corresponds to the network pools in the vCloud Director. The policy type Segmentation corresponds to the network isolation-backed network pool in the vCloud Director. The policy type VLAN corresponds to the VLAN-backed network pool in the vCloud Director.
This example shows how to define the network segmentation policy type:
|
|
---|---|