Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(1)
Nexus 1000v Commands
Download this chapter
Nexus 1000v CommandsNexus 1000v Commands
Download the complete book
Book PDFBook PDF (PDF - 2 MB)
 Feedback

Table Of Contents

Cisco Nexus 1000V Series Switch Commands

clear vsn connection

clear vsn statistics

switchport mode

switchport access vlan

state (port profile)

copy running-config startup-config

vnm-policy-agent

log-level

policy-agent-image

pop

push

registration-ip

shared-secret

show vnm-pa status

port-profile

show running-config

vn-service ip-address

org

show vsn brief

show vsn connection

show vsn detail

show vsn port vethernet

show vsn statistics

vlan

vmware port-group


Cisco Nexus 1000V Series Switch Commands

This chapter provides information about the VSG-related commands on the Nexus 1000V Switch.

clear vsn connection

To clear VSG connections, use the clear vsn connection command.

clear vsn connection [module module-number]

Syntax Description

module

(Optional) Clears a specific module.

module-number

(Optional) Module number. The range of values is from 3 to 66.


Defaults

None

Command Modes

EXEC

Global configuration (config)

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to clear VSG connections: 

vsm# clear vsn connection

Related Commands

Command
Description

show vsn

Displays VSG information.


clear vsn statistics

To clear VSG statistics, use the clear vsn statistics command.

clear vsn statistics [module module-number | vlan vlan-number ip ip-address [module module-number]]

Syntax Description

module

(Optional) Clears a module.

module-number

(Optional) Module number. The range of values is from 3 to 66.

vlan

(Optional) Clears a VLAN.

vlan-number

(Opyional) VLAN number.

ip

(Optional) Clears a device at a specific IP address.

ip-address

(Optional) IP address. The format is A.B.C.D.


Defaults

None

Command Modes

EXEC

Global configuration (config)

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to clear VSG statistics: 

vsm# clear vsn statistics

Related Commands

Command
Description

show vsn

Displays VSG information.


switchport mode

To set the port mode of an interface, use the switchport mode command. To remove the port mode configuration, use the no form of this command.

switchport mode {access | private-vlan {host | promiscuous} | trunk}

no switchport mode {access | private-vlan {host | promiscuous} | trunk}

Syntax Description

access

Sets the port mode access.

private-vlan

Sets the port mode to private VLAN.

host

Sets the port mode private VLAN to host.

promiscuous

Sets the port mode private VLAN to promiscuous.

trunk

Sets the port mode to trunk.


Defaults

Switchport mode is not set.

Command Modes

Interface configuration (config-if)

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to set the port mode of an interface: 

vsm# configure

vsm(config)# interface vethernet 1

vsm(config-if)# switchport mode private-vlan host

vsm(config-if)#

This example shows how to remove the mode configuration: 

vsm# configure

vsm(config)# interface vethernet 1

vsm(config-if)# no switchport mode private-vlan host

vsm(config-if)#

Related Commands

Command
Description

show interface

Displays interface information.


switchport access vlan

To set the access mode of an interface, use the switchport access vlan command. To remove the access mode configuration, use the no form of this command.

switchport access vlan vlan-id

no switchport access vlan vlan-id

Syntax Description

vlan-id

VLAN identification number. The range of values is from 1 to 3967.


Defaults

Access mode is not set.

Command Modes

Interface configuration (config-if)

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to set the access mode of an interface: 

vsm# configure

vsm(config)# interface vethernet 1

vsm(config-if)# switchport access vlan 100

vsm(config-if)#

This example shows how to remove the access mode configuration: 

vsm# configure

vsm(config)# interface vethernet 1

vsm(config-if)# no switchport access vlan

vsm(config-if)#

Related Commands

Command
Description

show interface

Displays interface information.


state (port profile)

To enable the operational state of a port profile, use the state command. To disable the operational state of a port profile, use the no form of the command.

state enabled

no state enabled

Syntax Description

enabled

Enables or disables the port profile.


Defaults

Disabled

Command Modes

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to enable the operational state of a port profile: 

vsm# configure

vsm(config)# port-profile testprofile

vsm(config-port-prof)# state enabled

vsm(config-port-prof)#

Related Commands

Command
Description

show port-profile

Displays port profile information.


copy running-config startup-config

To copy the running configuration to the startup configuration, use the copy running-config startup-config command.

copy running-config startup-config

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Any command mode

Supported User Roles

network-admin
network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.

Examples

This example shows how to save the running configuration to the startup configuration: 

vsm# copy running-config startup-config

[########################################] 100%

Related Commands

Command
Description

show running-config

Displays the running configuration.

show running-config diff

Displays the differences between the running configuration and the startup configuration.

show startup-config

Displays the startup configuration.

write erase

Erases the startup configuration in the persistent memory.


vnm-policy-agent

To enter Virtual Network Management Center (VNMC) policy agent mode, use the vnm-policy-agent command.

vnm-policy-agent

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

Use the VNMC policy agent configuration mode to configure policy agents.

Examples

This example shows how enter policy agent mode: 

vsm# configure

vsm(config)# vnm-policy-agent

vsm(config-vnm-policy-agent)#

Related Commands

Command
Description

configure

Enters global configuration mode.


log-level

To set logging severity levels for the Virtual Network Management Center (VNMC) policy agent, use the log-level command. To reset logging levels, use the no form of the command.

log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}

no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}

Syntax Description

critical

Sets the logging level to critical.

debug0

Sets the logging level to debug 0.

debug1

Sets the logging level to debug 1.

debug2

Sets the logging level to debug 2.

debug3

Sets the logging level to debug 3.

debug4

Sets the logging level to debug 4.

info

Sets the logging level to information.

major

Sets the logging level to major.

minor

Sets the logging level to minor.

warn

Sets the logging level to warning.


Command Default

None

Command Modes

VNMC policy agent configuration (config-vnm-policy-agent)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to set the logging level to critical: 

vsm# configure

vsm(config)# vnm-policy-agent

vsm(config-vnm-policy-agent)# log-level critical

Related Commands

Command
Description

vnm-policy-agent

Enables the VNM policy agent configuration mode.


policy-agent-image

To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To remove the designation, use the no form of the command.

policy-agent-image bootflash:

no policy-agent-image bootflash:

Syntax Description

bootflash:

Designates the policy agent image local URL as bootflash.


Command Default

None

Command Modes

VNMC policy agent configuration (config-vnm-policy-agent)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to designate the local URL that contains the policy agent image: 

vsm# configure

vsm(config)# vnm-policy-agent

vsm(config-vnm-policy-agent)# policy-agent-image bootflash:

Related Commands

Command
Description

vnm-policy-agent

Enables the VNM policy agent configuration mode.


pop

To pop a mode off the stack or to restore a mode, use the pop command.

pop file-name

Syntax Description

file-name

File name.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to restore from a file called file1: 

vsm# pop file1

Related Commands

Command
Description

push

Pushes the current mode onto the stack.


push

To push the current mode onto stack or to save it, use the push command.

push file-name

Syntax Description

file-name

File name.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

The following example shows how to push file1 onto the stack: 

vsm# push file1

Related Commands

Command
Description

pop

Pops the current mode off the stack.


registration-ip

To set the service registry IP address, use the registration-ip command. To discard the service registry IP address, use the no form of the command.

registration-ip ip-address

no registration-ip ip-address

Syntax Description

ip-address

Service registry IP address. The format is A.B.C.D.


Command Default

None

Command Modes

VNMC policy agent configuration mode (config-vnm-policy-agent)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Examples

This example shows how to set the service registry IP address: 

vsm# configure

vsm(config)# vnm-policy-agent

vsm(config-vnm-policy-agent)# registration-ip 209.165.200.233

vsm(config-vnm-policy-agent)#

Related Commands

Command
Description

vnm-policy-agent

Enters the VNM policy agent configuration mode.


shared-secret

To set the shared secret password for communication between the Virtual Security Gateway (VSG), the Virtual Supervisor Module (VSM), and the Virtual Network Manager Center (VNMC), use the shared-secret command. To discard the shared secret password, us the no form of the command.

shared-secret shared-secret-password

no shared-secret shared-secret-password

Syntax Description

shared-secret-password

Shared secret password. The range of valid values is from 1 to 64. You must use at least one upper case character.


Command Default

None

Command Modes

VNM policy agent configuration mode (config-vnm-policy-agent)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

None

Examples

The following example shows how to set the shared secret password: 

vsm# configure

vsm(config)# vnm-policy-agent

vsm(config-vnm-policy-agent)# shared-secret password123

vsm(config-vnm-policy-agent)#

Related Commands

Command
Description

vnm-policy-agent

Enters VNM policy agent configuration mode.


show vnm-pa status

To display the installation status of a policy agent, use the show vnm-pa status command.

show vnm-pa status

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vnm-pa status command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display the installation status of the policy agent: 

vsm# configure

vsm(config)# show vnm-pa status

VNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsm

vsm(config)#

Related Commands

Command
Description

vnm-policy-agent

Enters VNMC policy agent configuration mode.


port-profile

To create a port profile and enter port profile configuration mode, use the port-profile command. To remove the port profile configuration, use the no form of the command.

port-profile profile-name

no port-profile profile-name

Syntax Description

profile-name

Port profile name. The range of valid values is from 1 to 80.


Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

The port profile name must be unique for each port profile.

Examples

This example shows how to create a port profile called AccessProf: 

vsm# configure

vsm(config)# port-profile AccessProf

vsm(config-port-prof)#

This example shows how to remove the port profile called AccessProf: 

vsm# configure

vsm(config)# no port-profile AccessProf

vsm(config)#

Related Commands

Command
Description

show port-profile

Displays information about the port profiles.


show running-config

To display the running configuration, use the show running-config command.

show running-config [aaa | aclmgr | all | am | arp | cdp | diff | exclude | expand-port-profile | icmpv6 | igmp | interface | ip | ipqos | ipv6 | l3vm | license | monitor | ntp | port-profile | port-security | radius | rpm | security | snmp | vdc-all | vlan | vshd]

Syntax Description

aaa

(Optional) Displays the Authentication, Authorization and Accounting (AAA) configuration.

aclmgr

(Optional) Displays the running configuration for Access Control List (ACL) manager.

all

(Optional) Displays the current operating configurations.

am

(Optional) Displays Application Management (AM) information.

arp

(Optional) Displays Address Resolution Protocol (ARP) information.

cdp

(Optional) Displays the Cisco Discovery Protocol (CDP) configuration.

diff

(Optional) Displays the difference between the running and startup configurations.

exclude

(Optional) Excludes the running configuration of specified features.

expand-port-profile

(Optional) Displays port profile information.

icmpv6

(Optional) Displays Internet Control Message Protocol (ICMPv6) information.

igmp

(Optional) Displays Internet Group Management Protocol (IGMP) information.

interface

(Optional) Displays interface configurations.

ip

(Optional) Displays Internet Protocol (IP) information.

ipqos

(Optional) Displays the running configuration for the IP Quality of Service (QoS) manager.

ipv6

(Optional) Displays IPv6 information.

l3vm

(Optional) Displays Layer 3 Virtual Machine (L3VM) information

license

(Optional) Displays the licensing configuration.

monitor

(Optional) Displays Ethernet Switched Port Ananlyzer (SPAN) session information.

ntp

(Optional) Displays Network Time Protocol (NTP) information.

port-profile

(Optional) Displays port-profile configurations.

port-security

(Optional) Displays port-security configurations.

radius

(Optional) Displays the Remote Authentication Dial In User Service (RADIUS) configuration.

rpm

(Optional) Displays RPM information

security

(Optional) Displays the security configurations.

snmp

(Optional) Displays the Simple Network Management Protocol (SNMP) configuration.

vdc-all

(Optional) Displays all VDC configurations.

vlan

(Optional) Displays Virtual Large Area Network (VLAN) information.

vshd

(Optional) Displays the running configuration for VSHD.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show running-config command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display the running confoguration: 

vsm# show running-config


!Command: show running-config

!Time: Tue Jan  4 17:20:05 2011


version 4.2(1)SV1(4)

no feature telnet


username admin password 5 $1$z3M0/3no$j77mpF9f/mqmd7/mEZ6RR1  role network-admin

username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na.  role network-operator


banner motd #Nexus 1000v Switch#


ip domain-lookup

ip domain-lookup

switchname vsm

vem 3

  host vmware id 765186a7-eb7c-11de-b059-8843e1389748

vem 4

  host vmware id 90a97ac6-31d7-11df-ad65-68efbdf622ca

vem 5

  host vmware id 833fe152-3f8b-11df-bd70-68efbdf64970

snmp-server user admin network-admin auth md5 0x5ed3cfea7c44550ac3d18475f28b118b

 priv 0x5ed3cfea7c44550ac3d18475f28b118b localizedkey


vrf context management

  ip route 0.0.0.0/0 10.193.72.1

vlan 1,61-65

port-channel load-balance ethernet source-mac

port-profile default max-ports 32

port-profile default port-binding static

port-profile type vethernet vm-clear

  vmware port-group

  switchport mode access

  switchport access vlan 63

  no shutdown

  state enabled

port-profile type vethernet vsn-service

  vmware port-group

  switchport mode access

  switchport access vlan 64

  no shutdown

  max-ports 1024

  state enabled

port-profile type ethernet system-uplink

  vmware port-group

  switchport trunk allowed vlan 61-70

  switchport mode trunk

  no shutdown

  system vlan 61-62

  state enabled

port-profile type vethernet vsg129-2

  vmware port-group

  switchport mode access

  switchport access vlan 63

  org root/Canon

  vn-service ip-address 10.10.129.2 vlan 64 security-profile sp-vsg2-1

  no shutdown

  state enabled

port-profile type vethernet vsg134-1

  vmware port-group

  switchport mode access

  switchport access vlan 63

  vn-service ip-address 10.10.134.1 vlan 64 mgmt-ip-address 10.10.73.132 security-profile 
sp1

  no shutdown

  state enabled

port-profile type vethernet vsg136-1

  vmware port-group

  switchport mode access

  switchport access vlan 63

  vn-service ip-address 10.10.136.1 vlan 64 mgmt-ip-address 10.10.73.137 security-profile 
sp1

  no shutdown

  state enabled

port-profile type vethernet vsg129_2-svc-vlan65

  vmware port-group

  switchport mode access

  switchport access vlan 65

  vn-service ip-address 10.10.129.2 vlan 64 mgmt-ip-address 10.10.73.131 security-profile 
sp1

  no shutdown

  state enabled

port-profile type vethernet vm-clear-vlan65

  vmware port-group

  switchport mode access

  switchport access vlan 65

  no shutdown

  state enabled

port-profile type ethernet Unused_Or_Quarantine_Uplink

  vmware port-group

  shutdown

  description Port-group created for Nexus1000V internal usage. Do not use.

  state enabled

port-profile type vethernet Unused_Or_Quarantine_Veth

  vmware port-group

  shutdown

  description Port-group created for Nexus1000V internal usage. Do not use.

  state enabled

port-profile type vethernet vm-clear-vlan63

  vmware port-group

  switchport mode access

  switchport access vlan 63

  no shutdown

  state enabled


vdc vsm id 1

  limit-resource vlan minimum 16 maximum 2049

  limit-resource monitor-session minimum 0 maximum 2

  limit-resource vrf minimum 16 maximum 8192

  limit-resource port-channel minimum 0 maximum 768

  limit-resource u4route-mem minimum 32 maximum 32

  limit-resource u6route-mem minimum 16 maximum 16

  limit-resource m4route-mem minimum 58 maximum 58

  limit-resource m6route-mem minimum 8 maximum 8


interface mgmt0

  ip address 10.10.73.130/21


interface Vethernet1

  inherit port-profile vm-clear-vlan63

  description UD134-1,Network Adapter 2

  vmware dvport 7489 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0029


interface Vethernet2

  inherit port-profile vsg136-1

  description UD136-1,Network Adapter 2

  vmware dvport 7458 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0032


interface Vethernet3

  inherit port-profile vm-clear-vlan63

  description US136-1,Network Adapter 2

  vmware dvport 7492 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0030


interface Vethernet4

  inherit port-profile vsg129-2

  description US129-1,Network Adapter 2

  vmware dvport 6563 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.003E


interface Vethernet5

  inherit port-profile vm-clear-vlan63

  description US129-2,Network Adapter 2

  vmware dvport 7491 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0040


interface Vethernet6

  inherit port-profile vsn-service

  description VSG134-1,Network Adapter 1

  vmware dvport 3683 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.002C


interface Vethernet7

  inherit port-profile vsn-service

  description VSG129-2,Network Adapter 1

  vmware dvport 3686 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0037


interface Vethernet8

  inherit port-profile vsn-service

  description VSG136-1,Network Adapter 1

  vmware dvport 3684 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"

  vmware vm mac 0050.56BB.0034


interface Ethernet3/2

  inherit port-profile system-uplink


interface Ethernet4/6

  inherit port-profile system-uplink


interface Ethernet5/6

  inherit port-profile system-uplink


interface control0

line console

boot kickstart bootflash:/ks.bin sup-1

boot system bootflash:/sys.bin sup-1

boot kickstart bootflash:/ks.bin sup-2

boot system bootflash:/sys.bin sup-2

svs-domain

  domain id 61

  control vlan 61

  packet vlan 62

  svs mode L2  

svs connection vcenter

  protocol vmware-vim

  remote ip address 10.10.79.32 port 80

  vmware dvs uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" datacenter-name NAME/S

  connect

vnm-policy-agent

  registration-ip 10.193.73.144

  shared-secret **********

  policy-agent-image bootflash:/vnmc-vsmpa.1.0.0.512.bin

  log-level

vsm#

Related Commands

Command
Description

show aaa

Displays AAA information.


vn-service ip-address

To assign a data IP address, a VLAN number, and a profile to a VSG, use the vn-service ip-address command. To disable the data IP address, use the no form of the command.

vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]

no vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]

Syntax Description

ip-address

IP address. The format is A.B.C.D.

vlan vlan-number

Service VLAN number. The range of values is from 1 to 3967 and 4048 to 4093.

fail

States are either fail close or fail open.

close

Drops packets if the VSG is down.

open

Passes tpackets through if the VSG is down.

security-profile profile-name

Security profile name.


Command Default

Fail close.

Command Modes

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

This command configures the IP, VLAN, and security-profile for the VSG, and optionally allows for a fail safe configuration.

Fail mode specifies what the behavior is when the VEM does not have connectivity to the VSG. The default fail mode is close, which means that the packets will be forwarded. open fail mode means that packets will be dropped.

The security profile name must match one of the security profiles created on the VSG.

The IP address must match the data interface IP address on the VSG.

Examples

This example shows how to assign the IP address and VLAN number, and how to specify that packets are to be dropped: 

vsm# configure

Enter configuration commands, one per line. End with CNTL/Z.

vsm(config)# port-profile pP1

vsm(config-port-prof)# vn-service ip-address 209.165.200.236 vlan 2 fail open

vsm(config-port-prof)#

Related Commands

Command
Description

show virtual-service-domain

Displays virtual service domain information.


org

To create a VNMC organization (domain), use the org command. To delete a VNMC organization, use the no form of the command.

org organization-name

no org [organization-name]

Syntax Description

organization-name

The organization name. The range of values is from 1 to 251.


Command Default

None

Command Modes

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

VNMC organizations are VNMC domains.

You can hierarchically manage VNMC organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an engineering organization can contain a software engineering organization and a hardware engineering organization. A locale containing only the software engineering organization has access to system resources only within that organization. However, a locale that contains the engineering organization has access to the resources for both the software engineering and hardware engineering organizations.

Examples

This example shows how to create an organization: 

vsm# configure

Enter configuration commands, one per line. End with CNTL/Z.

vsm(config)# port-profile pP1

vsm(config-port-prof)# org orgpP1

vsm(config-port-prof)#

Related Commands

Command
Description

vn-service

Sets the IP address for a virtual firewall.


show vsn brief

To display a brief amount of information about the Cisco Virtual Security Gateway (VSG), use the show vsn brief command.

show vsn brief

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vsn brief command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display information about VSGs: 

vsm# show vsn brief


 VLAN           IP-ADDR           MAC-ADDR  FAIL-MODE  STATE  MODULE

   64     192.168.136.1  00:50:56:bb:00:34      Close     Up  5

   64     192.168.129.2  00:50:56:bb:00:37      Close     Up  3

vsm#

Related Commands

Command
Description

show vsn port vethernet

Displays information about the Cisco VSG.


show vsn connection

To display VSG connections, use the show vsn connection command.

show vsn connection [ip | module | vlan]

Syntax Description

ip

(Optional) Displays connections to a specific IP address.

mode

(Optional) Displays connections to a specific module.

vlan

(Optional) Displays connections to a specific VLAN.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vsn connection command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display VSG connections: 

vsm# show vsn connection

#VSN  VLAN: 64, IP-ADDR: 192.168.136.1

  Module: 5

#VSN  VLAN: 64, IP-ADDR: 192.168.129.2

  Module: 3

vsm#

Related Commands

Command
Description

show vsn port vethernet

Displays port information.


show vsn detail

To display detailed information about the Cisco Virtual Security Gateway (VSG), use the show vsn detail command.

show vsn detail

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin

network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vsn detail command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display detailed information about VSGs: 

vsm# show vsn detail

#VSN  VLAN: 64, IP-ADDR: 192.168.136.1

  Module: 5

#VSN  VLAN: 64, IP-ADDR: 192.168.129.2

  Module: 3

ankaa-vsm-master# show vsn detail

#VSN  VLAN: 64, IP-ADDR: 192.168.136.1

  MODULE       VSN-MAC-ADDR  FAIL-MODE   VSN-STATE

       5  00:50:56:bb:00:34      Close  No-License  

#VSN  VLAN: 64, IP-ADDR: 192.168.129.2

  MODULE       VSN-MAC-ADDR  FAIL-MODE   VSN-STATE

       3  00:50:56:bb:00:37      Close  No-License  


#VSN Ports, Port-Profile, Org and Security-Profile Association:

#VSN  VLAN: 64, IP-ADDR: 192.168.136.1

  Port-Profile: vsg136-1, Security-Profile: default, Org: Not-Available

    Module  Vethernet

         5  2

#VSN  VLAN: 64, IP-ADDR: 192.168.129.2

  Port-Profile: vsg129-2, Security-Profile: default, Org: Not-Available

    Module  Vethernet

         3  10, 4

vsm#

Related Commands

Command
Description

show vsn port vethernet

Displays information about the Cisco VSG.


show vsn port vethernet

To display information about vethernet ports, use the show vsn port vethernet command.

show vsn port vethernet port-number

Syntax Description

port-number

Port number. The range of valid values is from 1 to 1048575.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin
network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vsn port vethernet command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display information about vethernet port 2: 

vsm# show vsn port vethernet 2


Veth             : Veth2

VM Name          : UD136-1

VM uuid          : 42 3b e1 60 17 e6 92 c4-3b 47 f4 b7 4c a0 be 1b

DV Port          : 7458

DVS uuid         : 90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c

Flags            : 0x148

VSN Data IP      : 192.168.136.1

Security Profile : sp1

Org              : Not set

VNSP id          : 1

IP addresses:

vsm#

Related Commands

Command
Description

show vsn statistics

Displays VSG statistics.


show vsn statistics

To display VSG statistics, use the show vsn statistics command.

show vsn statistics [ip | module | vlan]

Syntax Description

ip

(Optional) Displays IP statistics.

mode

(Optional) Displays module statistics.

vlan

(Optional) Displays VLAN statistics.


Command Default

None

Command Modes

EXEC

Supported User Roles

network-admin
network-operator

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

You can use the following operators with the show vsn statistics command:

>—Redirects the output to a file.

>>—Redirects the output to a file in append mode.

|—Pipes the command output to a filter.

Examples

This example shows how to display statistics for a module: 

vsm# show vsn statistics module 3

#VSN  VLAN: 64, IP-ADDR: 192.168.129.2

  Module: 3

    #VPath Packet Statistics     Ingress         Egress           Total

    Total Seen                      8249          24572           32821

    Policy Redirects                7796          23260           31056

    No-Policy Passthru               441           1267            1708

    Policy-Permits Rcvd             7796          23260           31056

    Policy-Denies  Rcvd                0              0               0

    Permit Hits                       10             45              55

    Deny   Hits                        0              0               0

    Decapsulated                    7796          23260           31056

    Fail-Open                          0              0               0

    Badport Err                        0              0               0

    VSN Config Err                     0              0               0

    ARP Resolve Err                    2              0               2

    Encap Err                          0              0               0

    All-Drops                          2              0               2

    Total Rcvd From VSN                                           31056

    Non-Cisco Encap Rcvd                                              0

    VNS-Port Drops                                                    0

    Policy-Action Err                                                 0

    Decap Err                                                         0

    L2-Frag Sent                                                      0

    L2-Frag Rcvd                                                      0

    L2-Frag Coalesced                                                 0


    #VPath Flow Statistics

    Active Flows                       0  Active Connections                 0

    Forward Flow Create             7799  Forward Flow Destroy            7799

    Reverse Flow Create             7799  Reverse Flow Destroy            7799

    Flow ID Alloc                  15598  Flow ID Free                   15598

    Connection ID Alloc             7799  Connection ID Free              7799

    L2 Flow Create                     0  L2 Flow Destroy                    0

    L3 Flow Create                     4  L3 Flow Destroy                    4

    L4 TCP Flow Create                 0  L4 TCP Flow Destroy                0

    L4 UDP Flow Create             15594  L4 UDP Flow Destroy            15594

    L4 Oth Flow Create                 0  L4 Oth Flow Destroy                0

    Embryonic Flow Create              0  Embryonic Flow Bloom               0

    L2 Flow Timeout                    0  L2 Flow Offload                    0

    L3 Flow Timeout                    5  L3 Flow Offload                    2

    L4 TCP Flow Timeout                0  L4 TCP Flow Offload                0

    L4 UDP Flow Timeout            23393  L4 UDP Flow Offload            31054

    L4 Oth Flow Timeout                0  L4 Oth Flow Offload                0

    Flow Lookup Hit                23314  Flow Lookup Miss               15598

    Flow Dual Lookup               38912  L4 TCP Tuple-reuse                 0

    Flow Classify Err                  0  Flow ID Alloc Err                  0

    Conn ID Alloc Err                  0  Hash Alloc Err                     0

    Flow Exist                         0  Flow Entry Exhaust                 0

    Flow Removal Err                   0  Bad Flow ID Receive                0

    Flow Entry Miss                    0  Flow Full Match Err                0

    Bad Action Receive                 0  Invalid Flow Pair                  0

    Invalid Connection                 0

    Hash Alloc                         0  Hash Free                          0

    InvalFID Lookup                    0  InvalFID Lookup Err                0

    Deferred Delete                    0

vsm#

Related Commands

Command
Description

show vsn port vethernet

Displays information about the Cisco VSG.


vlan

To create a VLAN and enter the VLAN configuration mode, use the vlan command. To remove a VLAN, use the no form of this command.

vlan {id | dot1Q tag native}

no vlan {id | dot1Q tag native}

Syntax Description

id

VLAN identification number. The range of valid values is from 1 to 4094.

dot1Q tag native

Specifies an IEEE 802.1Q virtual LAN.


Defaults

The default VLAN is VLAN 1.

Command Modes

Global configuration (config)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

Specify a VLAN range by using a dash. For example, 1-9 or 20-30.

Examples

This example shows how to create a VLAN and enter the VLAN configuration mode: 

vsm# configure

vsm (config)# vlan 100

vsm (config-vlan)#

This example shows how to remove a VLAN: 

switch# configure

switch(config)# no vlan 100

switch(config)#

Related Commands

Command
Description

show vlan

Displays VTP VLAN status.


vmware port-group

To create a VMware port group, use the vmware port-group command. To remove the VMware port group, use the no form of the command.

vmware port-group name

no vmware port-group name

Syntax Description

name

Name of the VMware port group.


Defaults

None

Command Modes

Port profile configuration (config-port-prof)

Supported User Roles

network-admin

Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.


Usage Guidelines

To create the VMware port group, you must be in port profile configuration mode.

Examples

The following example shows how to create a VMware port group: 

vsm# configure

vsm(config)# port-profile testprofile

vsm(config-port-prof)# vmware port-group testgroup

vsm(config-port-prof)#

The following example shows how to remove the VMware port group: 

vsm# configure

vsm(config)# port-profile testprofile

vsm(config-port-prof)# no vmware port-group testgoup

vsm(config-port-prof)#

Related Commands

Command
Description

show port-profile name

Displays configuration information about a particular port profile.