The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter R.
To configure the dead-time interval for all RADIUS servers used by a device, use the radius-server deadtime command. To revert to the default, use the no form of this command.
radius-server deadtime minutes
no radius-server deadtime minutes
Number of minutes for the dead-time interval. The range is from 1 to 1440 minutes. |
|
|
The dead-time interval is the number of minutes before the device checks a RADIUS server that was previously unresponsive.
Note The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, periodic RADIUS server monitoring is not performed.
This example shows how to configure the global dead-time interval for all RADIUS servers to perform periodic monitoring:
This example shows how to revert to the default for the global dead-time interval for all RADIUS servers and disable periodic server monitoring:
|
|
---|---|
To allow users to send authentication requests to a specific RADIUS server when logging in, use the radius-server directed request command. To revert to the default, use the no form of this command.
radius-server directed-request
no radius-server directed-request
|
|
You can specify the username @ vrfname : hostname during login, where vrfname is the virtual routing and forwarding (VRF) instance to use and hostname is the name of a configured RADIUS server. The username is sent to the RADIUS server for authentication.
This example shows how to allow users to send authentication requests to a specific RADIUS serve when logging in:
This example shows how to disallow users to send authentication requests to a specific RADIUS server when logging in:
|
|
---|---|
To configure RADIUS server parameters, use the radius-server host command. To revert to the default, use the no form of this command.
radius-server host { hostname | ipv4-address | ipv6-address }
[ key [ 0 | 7 ] shared-secret [ pac ]] [ accounting ]
[ acct-port port-number ] [ auth-port port-number ] [ authentication ] [ retransmit count ]
[ test { idle-time time | password password | username name }]
[ timeout seconds [ retransmit count ]]
no radius-server host { hostname | ipv4-address | ipv6-address }
[ key [ 0 | 7 ] shared-secret [ pac ]] [ accounting ]
[ acct-port port-number ] [ auth-port port-number ] [ authentication ] [ retransmit count ]
[ test { idle-time time | password password | username name }]
[ timeout seconds [ retransmit count ]]
|
|
|
|
When the idle time interval is 0 minutes, periodic RADIUS server monitoring is not performed.
This example shows how to configure RADIUS server authentication and accounting parameters:
|
|
---|---|
To configure a RADIUS shared secret key, use the radius-server key command. To remove a configured shared secret, use the no form of this command.
radius-server key [ 0 | 7 ] shared-secret
no radius-server key [ 0 | 7 ] shared-secret
|
|
You must configure the RADIUS preshared key to authenticate the switch on the RADIUS server. The length of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all RADIUS server configurations on the switch. You can override this global key assignment for an individual host by using the key keyword in the radius-server host command.
This example shows how to provide various scenarios to configure RADIUS authentication:
|
|
---|---|
To specify the number of times that the device should try a request with a RADIUS server, use the radius-server retransmit command. To revert to the default, use the no form of this command.
radius-server retransmit count
no radius-server retransmit count
Number of times that the device tries to connect to a RADIUS server(s) before reverting to local authentication. The range is from 1 to 5 times. |
|
|
This example shows how to configure the number of retransmissions to RADIUS servers:
This example shows how to revert to the default number of retransmissions to RADIUS servers:
|
|
---|---|
To specify the time between retransmissions to the RADIUS servers, use the radius-server timeout command. To revert to the default, use the no form of this command.
no radius-server timeout seconds
Number of seconds between retransmissions to the RADIUS server. The range is from 1 to 60 seconds. |
|
|
This example shows how to configure the timeout interval:
This example shows how to revert to the default interval:
|
|
---|---|
To set the dedicated rate mode for the specified ports, use the rate-mode dedicated command.
Interface configuration (config-if)
|
|
---|---|
Use the rate-mode dedicated command to set the dedicated rate mode for the specified ports.
On a 32-port 10-Gigabit Ethernet module, each set of four ports can handle 10 gigabits per second (Gb/s) of bandwidth. You can use the rate-mode parameter to dedicate that bandwidth to the first port in the set of four ports or share the bandwidth across all four ports.
Note When you dedicate the bandwidth to one port, you must first administratively shut down the ports in the group, change the rate mode to dedicated, and then bring the dedicated port administratively up.
Table 15-1 identifies the ports that are grouped together to share each 10 Gb/s of bandwidth and which port in the group can be dedicated to utilize the entire bandwidth.
|
|
---|---|
When you enter the rate-mode dedicated command, the full bandwidth of 10 Gb is dedicated to one port. When you dedicate the bandwidth, all subsequent commands for the port are for dedicated mode.
This example shows how to configure the dedicated rate mode for Ethernet ports 4/17, 4/19, 4/21, and 4/23:
|
|
Displays interface information, which includes the current rate mode dedicated. |
To configure a NetFlow flow record, use the record command. To remove the flow record configuration, use the no form of the command.
record {name | netflow ipv4 { original-input | original-output | netflow protocol-port } | netflow-original }
no record {name | netflow ipv4 { original-input | original-output | netflow protocol-port } | netflow-original }
Flow monitor configuration (config-flow-monitor)
|
|
---|---|
This command was modified to change the protocol-port attribute to netflow protocol-port. |
|
A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. You can define new flow records or use the pre-defined flow record.
This example shows how to configure a flow record to use a the predefined traditional IPv4 input NetFlow record:
This example shows how to remove the predefined traditional IPv4 input NetFlow flow record configuration:
|
|
---|---|
To reboot both the primary and secondary VSM in a redundant pair, use the reload command.
|
|
To reboot only one of the VSMs in a redundant pair, use the reload module command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
This example shows how to reload both the primary and secondary VSM:
n1000v(
config)#
reload
|
|
---|---|
To reload one of the VSMs in a redundant pair, use the reload module command.
reload module module [ force-dnld ]
(Optional) Reboots the specified module to force NetBoot and image download. |
|
|
---|---|
To reboot both the VSMs in a redundant pair, use the reload command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
This example shows how to reload VSM 2, the secondary VSM in a redundant pair:
|
|
---|---|
To connect to remote machines, use the remote command. To disconnect, use the no form of this command.
remote { ip address address | hostname name }
no remote { ip address address | hostname name }
SVS connection configuration (config-svs-conn)
|
|
This example shows how to connect to a remote machine:
n1000v#
configure terminal
n1000v(config)#
svs connection svsconn1
n1000v(config-svs-conn)#
remote hostname server1
n1000v(config-svs-conn)#
|
|
---|---|
To resequence a list with sequence numbers, use the resequence command.
resequence {{{ip | mac} access-list } | time-range } name number increment
|
|
This example shows how to resequence the first entry in the MAC ACL named aclOne:
|
|
---|---|
To remove a directory, use the rmdir command.
rmdir [ filesystem : [ // module / ]] directory
|
|
---|---|
This example shows how to remove the my_files directory:
|
|
---|---|
To create a user role, use the role name command. To remove the role, use the no form of this command.
|
|
This example shows how to create a role named UserA:
n1000v #
config t
n1000v(
config)#
role name UserA
This example shows how to remove the UserA role:
n1000v(
config)#
no role UserA
To create a rule defining criteria for a user role, use the rule command. To remove a rule, use the no form of this command.
rule number { deny | permit } { read | read-write [ feature feature-name | feature-group group-name ] | command command-name }
Role configuration (config-role)
|
|
The rule number specifies the order in which the rule is applied, in descending order. For example, if a role has three rules, rule 3 is applied first, rule 2 is applied next, and rule 1 is applied last. You can configure up to 256 rules for each role.
This example shows how to create a rule that denies access to the clear users command:
This example shows how to remove the rule 1 configuration:
n1000v(
config-role)#
no rule 1
|
|
---|---|
To run a command script that is saved in a file, use the run-script command.
run-script { bootflash: | volatile: } filename
network-admin
network-operator
|
|
This example shows how to run a command script that is saved in the Sample file on the Volatile file system.
n1000v(
config)#
run-script volatile:Sample
n1000v(
config)#
|
|
---|---|