Feedback
Table Of Contents
copy running-config startup-config
show running-config vservice node
show running-config vservice path
vPath and vServices Commands
This chapter provides information about the vPath and vServices related commands on the Cisco Nexus 1000V Series switch and the Cisco Nexus 1010 networking appliance.
bypass asa-traffic
To configure the traffic to bypass the Cisco VSG in a service chain, use the bypass asa-traffic command. To return to the default setting, use the no form of this command.
bypass asa-traffic
no bypass asa-traffic
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
vservice global configuration (config-vservice-global)
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
In a service chain, you can configure the switch traffic to bypass the Cisco VSG nodes, so that only the Cisco ASA policies are lookedup for traffic traversing between the outside and inside networks. When enabled, this functionality is implemented globally, and not per interface.
Examples
This example shows how to configure the switch traffic to bypass the Cisco VSG nodes:
n1000v# config tn1000v(config)# vservice global type vsgn1000v(config-vservice-global)# bypass asa-trafficRelated Commands
vservice path
Configures a path for service chaining.
vservice global type vsg
Enter the vservice global configuration mode.
capability l3-vn-service
To configure a port profile to be used with l3-vn-service, use the capability l3-vn-service command. To remove the capability from a port profile, use the no form of this command.
capability l3-vn-service
no capability l3-vn service
Syntax Description
Defaults
None
Command Modes
Port-profile configuration (config-port-prof)
network-admin
Command History
Usage Guidelines
If you are configuring a port profile for l3-vn-service, you must first configure the port profile in switchport mode.
The capability iscsi-multipath feature cannot be configured with the capability l3-vn-service feature.
Examples
This example shows how to configure a port profile to be used with l3-vn-service:
n1000v# config tn1000v(config)# port-profile testprofilen1000v(config-port-prof)# switchport mode accessn1000v(config-port-prof)# capability l3-vn-servicen1000v(config-port-prof)#This example shows how to remove the l3-vn-service configuration from the port profile:
n1000v# config tn1000v(config)# port-profile testprofilen1000v(config-port-prof)# no capability l3-vn-servicen1000v(config-port-prof)#Related Commands
clear vservice connection
To clear the Cisco vservice connections, use the clear vservice connection command.
clear vservice connection [module module-num]
Syntax Description
Defaults
None
Command Modes
EXEC
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
4.1(2)SV1(5.2)
The name of the command was modified
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to clear Cisco VSG connections:
vsm# clear vservice connectionRelated Commands
clear vservice statistics
To clear the Cisco vservice statistics, use the clear vservice statistics command.
clear vservice statistics [module module-number | vlan vlan-number]
Syntax Description
module
(Optional) Clears a module.
module-number
Module number. The range of values is from 3 to 66.
vlan
(Optional) Clears a VLAN.
vlan-number
VLAN number.
Defaults
None
Command Modes
EXEC
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
4.1(2)SV1(5.2)
The name of the command was modified.
4.0(4)SV1(1)
This command was introduced.
Examples
This example shows how to clear Cisco vservice statistics for existing modules:
vsm# clear vservice statisticsCleared statistics successfully in module 4Cleared statistics successfully in module 6Related Commands
copy running-config startup-config
To copy the running configuration to the startup configuration, use the copy running-config startup-config command.
copy running-config startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operatorCommand History
Usage Guidelines
Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.
Examples
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config[########################################] 100%Related Commands
log-level
To set logging severity levels for the Cisco Virtual Network Management Center (VNMC) policy agent, use the log-level command. To reset logging levels, use the no form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
Syntax Description
Command Default
None
Command Modes
Cisco VNMC policy agent configuration (config-vnm-policy-agent)
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to set the logging level to critical:
vsm# configurevsm(config)# vnm-policy-agentvsm(config-vnm-policy-agent)# log-level criticalRelated Commands
org
To create a Cisco VNMC organization (domain), use the org command. To delete a Cisco VNMC organization, use the no form of the command.
org organization-name
no org [organization-name]
Syntax Description
Command Default
None
Command Modes
Port profile configuration (config-port-prof)
Supported User Rolesnetwork-admin
Command History
Usage Guidelines
Cisco VNMC organizations are Cisco VNMC domains.
You can hierarchically manage Cisco VNMC organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an engineering organization can contain a software engineering organization and a hardware engineering organization. A locale containing only the software engineering organization has access to system resources only within that organization. However, a locale that contains the engineering organization has access to the resources for both the software engineering and hardware engineering organizations.
Examples
This example shows how to create an organization:
vsm# configureEnter configuration commands, one per line. End with CNTL/Z.vsm(config)# port-profile pP1vsm(config-port-prof)# org root/tenant1vsm(config-port-prof)#Related Commands
ping vsn
To ping the virtual service nodes (VSN) from the vPath, use the ping vsn command. There is no no form of this command.
ping vsn [ip vsn-ip-addr {[vlan vsn-vlan-num] | [vxlan bridge-domain bridge-domain-name] | all} {src-module {module-num | all | vpath-all}] [timeout secs] [count count]
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
Command History
Usage Guidelines
There is no no form of this command.
Examples
This example shows how to ping a Cisco VSG:
vsm# ping ?<CR>A.B.C.D or Hostname IP address of remote systemWORD Enter Hostnamempls Ping an MPLS networkmulticast Multicast pingvsn VSNs to be pingedvsm# ping vsnInput parameters:· vsn : VSNs to be pinged.o all : All VSNs that are currently associated to at least one VM. In other words, all VSNs specified in port-profiles that are bound to at least one VM.o ip-addr <ip-addr> : All VSNs configured with this IP address.o vlan <vlan-num> : All VSNs configured on this VLAN.· src-module : Source modules to orginate ping request from.o all : All online modules.o vpath-all : All modules having VMs associated to port-profiles that has vn-service defined.o <module-num> : A online module number.· timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec.· count : Number of ping packets to be sent.o <count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max 2147483647.o unlimited : Send ping packets until command is stopped.Specify both the IP address and VLAN if the VSN to be pinged is not associated to any VMs yet.
In the output, the status of the ping request for each VSN for each module is shown. On a successful ping, the round-trip-time of ping request/response for a VSN is shown in microseconds next to the module number. On a failure, the failure message is shown next to the module number.
Various forms:ping vsn all src-module all (Ping all VSNs from all modules)ping vsn all src-module vpath-all (Ping all VSNs from all modules havingVMs associated to VSNs)ping vsn all src-module 3 (Ping all VSNs from the specified module)ping vsn ip 106.1.1.1 src-module all (Ping specified VSN from all modules)ping vsn ip 106.1.1.1 vlan 54 src-module all (Ping specified VSN from all modules)ping vsn ip 106.1.1.1 src-module vpath-all (Ping specified VSN from all moduleshaving VMs associated to VSNs)ping vsn ip 106.1.1.1 vlan 54 src-module 3 (Ping specified VSN from specifiedmodule)The options timeout and count apply to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10ping vsn all ip 106.1.1.1 count unlimitedping vsn ip 106.1.1.1 vlan 54 src-vpath 3 count 10Errors:VSN response timeout - VSN is down, not reachable or not responding.VSN ARP not resolved - VEM couldn't resolve MAC address of VSN.no response from VEM - VEM is not sending ping response to VSM. Can happen when VEMis down and VSM not detected it yet.These examples show how to display all of the source module traffic:
vsm# ping vsn all src-module allping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=0 timeout=1-secmodule(usec) : 9(508)module(failed) : 10(VSN ARP not resolved) 11(VSN ARP not resolved)12(VSN ARP not resolved)ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=0 timeout=1-secmodule(usec) : 9(974) 11(987) 12(1007)module(failed) : 10(VSN ARP not resolved)ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=1 timeout=1-secmodule(usec) : 9(277) 10(436) 11(270) 12(399)ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=1 timeout=1-secmodule(usec) : 9(376) 10(606) 11(468) 12(622)ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=2 timeout=1-secmodule(usec) : 9(272) 10(389) 11(318) 12(357)ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=2 timeout=1-secmodule(usec) : 9(428) 10(632) 11(586) 12(594)ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=3 timeout=1-secmodule(usec) : 9(284) 10(426) 11(331) 12(387)ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=3 timeout=1-secmodule(usec) : 9(414) 10(663) 11(644) 12(698)ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=4 timeout=1-secmodule(usec) : 9(278) 10(479) 11(334) 12(469)ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=4 timeout=1-secmodule(usec) : 9(397) 10(613) 11(560) 12(593)vsm# ping vsn ip 10.1.1.40 src-module vpath-all
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=0 timeout=1-sec
module(usec) : 9(698) 11(701) 12(826)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=1 timeout=1-sec
module(usec) : 9(461) 11(573) 12(714)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=2 timeout=1-sec
module(usec) : 9(447) 11(569) 12(598)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=3 timeout=1-sec
module(usec) : 9(334) 11(702) 12(559)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=4 timeout=1-sec
module(usec) : 9(387) 11(558) 12(597)
vsm#Related Commands
policy-agent-image
To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
Syntax Description
Command Default
None
Command Modes
VNMC policy agent configuration (config-vnm-policy-agent)
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to designate the local URL that contains the policy agent image:
vsm# configurevsm(config)# vnm-policy-agentvsm(config-vnm-policy-agent)# policy-agent-image bootflash:Related Commands
pop
To pop a mode off the stack or to restore a mode, use the pop command.
pop file-name
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to restore from a file called file1:
vsm# pop file1Related Commands
port-profile
To create a port profile and enter port profile configuration mode, use the port-profile command. To remove the port profile configuration, use the no form of this command.
port-profile profile-name
no port-profile profile-name
Syntax Description
Defaults
None
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
Command History
Usage Guidelines
The port profile name must be unique for each port profile.
Examples
This example shows how to create a port profile called AccessProf:
vsm# configurevsm(config)# port-profile AccessProfvsm(config-port-prof)#This example shows how to remove the port profile called AccessProf:
vsm# configurevsm(config)# no port-profile AccessProfvsm(config)#Related Commands
push
To push the current mode onto stack or to save it, use the push command.
push file-name
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to push file1 onto the stack:
vsm# push file1Related Commands
registration-ip
To set the service registry IP address, use the registration-ip command. To discard the service registry IP address, use the no form of this command.
registration-ip ip-address
no registration-ip
Command Default
None
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to set the service registry IP address:
vsm# configurevsm(config)# vnm-policy-agentvsm(config-vnm-policy-agent)# registration-ip 209.165.200.233vsm(config-vnm-policy-agent)#Related Commands
shared-secret
To set the shared secret password for communication between the Cisco Virtual Security Gateway (VSG), the Virtual Supervisor Module (VSM), and the Cisco Virtual Network Management Center (VNMC), use the shared-secret command. To discard the shared secret password, use the no form of this command.
shared-secret shared-secret-password
no shared-secret
Syntax Description
shared-secret-password
Shared secret password. The range of valid values is from 1 to 64. You must use at least one uppercase character.
Command Default
None
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to set the shared secret password:
vsm# configurevsm(config)# vnm-policy-agentvsm(config-vnm-policy-agent)# shared-secret Password123vsm(config-vnm-policy-agent)#Related Commands
show org port brief
To display the ports attached to the port profile where org is configured, use the show org port brief command.
show org port brief [port-profile pp_name | vethernet veth_num] [module module_num]
Syntax Description
Command Modes
EXEC
Supported User RolesNetwork-admin
Network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice port brief command:
•
>—Redirects the output to a file.
•
•
•
Examples
This example shows how to display the port profile information:
Veth Mod VM-Name vNIC IP-Address2 4 fc3-2610-4 2 100.1.1.15 5 fc3-2610-5 3 100.1.1.29 5 fc3-2610-6 1 100.1.1.3show running-config
To display the running configuration, use the show running-config command.
show running-config [aaa | aclmgr | all | am | arp | cdp | diff | exclude | expand-port-profile | icmpv6 | igmp | interface | ip | ipqos | ipv6 | l3vm | license | monitor | ntp | port-profile | port-security | radius | rpm | security | snmp | vdc-all | vlan | vshd | acllog | dhcp | vservices [node node-name | path path-name]]
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show running-config command:
•
•
•
Examples
This example shows how to display the running configuration:
vsm# show running-config!Command: show running-config!Time: Tue Jan 4 17:20:05 2011version 4.2(1)SV1(4)no feature telnetusername admin password 5 $1$z3M0/3no$j77mpF9f/mqmd7/mEZ6RR1 role network-adminusername adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na. role network-operatorbanner motd #Nexus 1000v Switch#ip domain-lookupip domain-lookupswitchname vsmvem 3host vmware id 765186a7-eb7c-11de-b059-8843e1389748vem 4host vmware id 90a97ac6-31d7-11df-ad65-68efbdf622cavem 5host vmware id 833fe152-3f8b-11df-bd70-68efbdf64970snmp-server user admin network-admin auth md5 0x5ed3cfea7c44550ac3d18475f28b118bpriv 0x5ed3cfea7c44550ac3d18475f28b118b localizedkeyvrf context managementip route 0.0.0.0/0 10.193.72.1vlan 1,61-65port-channel load-balance ethernet source-macport-profile default max-ports 32port-profile default port-binding staticport-profile type vethernet vm-clearvmware port-groupswitchport mode accessswitchport access vlan 63no shutdownstate enabledport-profile type vethernet vsn-servicevmware port-groupswitchport mode accessswitchport access vlan 64no shutdownmax-ports 1024state enabledport-profile type ethernet system-uplinkvmware port-groupswitchport trunk allowed vlan 61-70switchport mode trunkno shutdownsystem vlan 61-62state enabledport-profile type vethernet vsg129-2vmware port-groupswitchport mode accessswitchport access vlan 63org root/Canonvn-service ip-address 10.10.129.2 vlan 64 security-profile sp-vsg2-1no shutdownstate enabledport-profile type vethernet vsg134-1vmware port-groupswitchport mode accessswitchport access vlan 63vn-service ip-address 10.10.134.1 vlan 64 mgmt-ip-address 10.10.73.132 security-profile sp1no shutdownstate enabledport-profile type vethernet vsg136-1vmware port-groupswitchport mode accessswitchport access vlan 63vn-service ip-address 10.10.136.1 vlan 64 mgmt-ip-address 10.10.73.137 security-profile sp1no shutdownstate enabledport-profile type vethernet vsg129_2-svc-vlan65vmware port-groupswitchport mode accessswitchport access vlan 65vn-service ip-address 10.10.129.2 vlan 64 mgmt-ip-address 10.10.73.131 security-profile sp1no shutdownstate enabledport-profile type vethernet vm-clear-vlan65vmware port-groupswitchport mode accessswitchport access vlan 65no shutdownstate enabledport-profile type ethernet Unused_Or_Quarantine_Uplinkvmware port-groupshutdowndescription Port-group created for Nexus1000V internal usage. Do not use.state enabledport-profile type vethernet Unused_Or_Quarantine_Vethvmware port-groupshutdowndescription Port-group created for Nexus1000V internal usage. Do not use.state enabledport-profile type vethernet vm-clear-vlan63vmware port-groupswitchport mode accessswitchport access vlan 63no shutdownstate enabledvdc vsm id 1limit-resource vlan minimum 16 maximum 2049limit-resource monitor-session minimum 0 maximum 2limit-resource vrf minimum 16 maximum 8192limit-resource port-channel minimum 0 maximum 768limit-resource u4route-mem minimum 32 maximum 32limit-resource u6route-mem minimum 16 maximum 16limit-resource m4route-mem minimum 58 maximum 58limit-resource m6route-mem minimum 8 maximum 8interface mgmt0ip address 10.10.73.130/21interface Vethernet1inherit port-profile vm-clear-vlan63description UD134-1,Network Adapter 2vmware dvport 7489 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0029interface Vethernet2inherit port-profile vsg136-1description UD136-1,Network Adapter 2vmware dvport 7458 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0032interface Vethernet3inherit port-profile vm-clear-vlan63description US136-1,Network Adapter 2vmware dvport 7492 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0030interface Vethernet4inherit port-profile vsg129-2description US129-1,Network Adapter 2vmware dvport 6563 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.003Einterface Vethernet5inherit port-profile vm-clear-vlan63description US129-2,Network Adapter 2vmware dvport 7491 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0040interface Vethernet6inherit port-profile vsn-servicedescription VSG134-1,Network Adapter 1vmware dvport 3683 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.002Cinterface Vethernet7inherit port-profile vsn-servicedescription VSG129-2,Network Adapter 1vmware dvport 3686 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0037interface Vethernet8inherit port-profile vsn-servicedescription VSG136-1,Network Adapter 1vmware dvport 3684 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"vmware vm mac 0050.56BB.0034interface Ethernet3/2inherit port-profile system-uplinkinterface Ethernet4/6inherit port-profile system-uplinkinterface Ethernet5/6inherit port-profile system-uplinkinterface control0line consoleboot kickstart bootflash:/ks.bin sup-1boot system bootflash:/sys.bin sup-1boot kickstart bootflash:/ks.bin sup-2boot system bootflash:/sys.bin sup-2svs-domaindomain id 61control vlan 61packet vlan 62svs mode L2svs connection vcenterprotocol vmware-vimremote ip address 10.10.79.32 port 80vmware dvs uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" datacenter-name NAME/Sconnectvnm-policy-agentregistration-ip 10.193.73.144shared-secret **********policy-agent-image bootflash:/vnmc-vsmpa.1.0.0.512.binlog-levelvsm#Related Commands
show running-config vservice node
To display the configuration details of the virtual service nodes in the network, use the show running-config vservice node command.
show running-config vservice node (optional) [node-name]
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
Supported User RolesNetwork-admin
Network-operator
Command History
Usage Guidelines
You can use the following operators with the show running-config vservice node command:
•
•
•
•
Examples
This example shows how to display the information of the configured vservice nodes:
vsm# show running-config vservice node!Command: show running-config vservice node!Time: Mon Jul 9 16:10:19 2012version 4.2(1)SV1(5.2)vservice node vasatDbd5 type asaip address 172.8.8.201adjacency l2 vxlan bridge-domain bd5555fail-mode openvservice node vasatCbd5 type asaip address 172.8.8.101adjacency l2 vxlan bridge-domain bd5555fail-mode openvservice node vsntest type vsgfail-mode closevservice node testvwaas type vwaasfail-mode closevservice node test type vsgadjacency l3fail-mode openvservice node testip type vsgfail-mode closevservice node vsgl2tC type vsgip address 10.10.10.103adjacency l2 vlan 504fail-mode closevservice node vsgl2tA101 type vsgip address 10.10.10.101adjacency l2 vlan 504fail-mode closevservice node vsgl2tB102 type vsgip address 10.10.10.102adjacency l2 vlan 504fail-mode closevservice node vsgtCbd6 type vsgip address 10.10.10.103adjacency l2 vxlan bridge-domain bd6666fail-mode closevservice node vsgl2tD104 type vsgip address 10.10.10.104adjacency l2 vlan 504fail-mode openvservice node vsgl2tE105 type vsgip address 10.10.10.105adjacency l2 vlan 504fail-mode closevservice node vsgl3tA101 type vsgip address 10.10.10.201adjacency l3fail-mode closevservice node vsgl3tB102 type vsgip address 10.10.10.202adjacency l3fail-mode closevservice node vsgl3tC103 type vsgip address 10.10.10.203adjacency l3fail-mode closevservice node vsgl3tD104 type vsgip address 10.10.10.204Related Commands
show running-config vservice path
To display the configuration details of the vservice paths, use the show running-config vservice path command.
show running-config vservice path (optional) [node-name]
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
Supported User RolesNetwork-admin
Network-operator
Command History
Usage Guidelines
You can use the following operators with the show running-config vservice path command:
•
•
•
•
Examples
This example shows how to display the information of the configured vservice nodes:
vsm# show running-config vservice path!Command: show running-config vservice path!Time: Mon Jul 9 16:52:55 2012version 4.2(1)SV1(5.2)vservice path sp-tDvsg504vasabd5node vsgl2tD104 profile sp-tD order 1node vasatDbd5 profile ep-tD order 100vservice path sp-tDvsgl3vasabd5node vsgl3tD104 profile sp-tD order 1node vasatDbd5 profile ep-tD order 1000000000vservice path sp-vsgl3tDnode vsgl3tD104 profile sp-tDl3vservice path sp-vsgl2tDnode vsgl2tD104 profile sp-tDvservice path sp-vsgbd6tCnode vsgtCbd6 profile sp-tCvservice path sp-vasal2tCnode vasal2tC profile ep-tC order 10vservice path sp-tCvsg504vasa503node vsgl2tC profile sp-tC order 10node vasal2tC profile ep-tC order 20vservice path sp-tCvsgbd6vasa503node vsgtCbd6 profile sp-tC order 10node vasal2tC profile ep-tC order 20vservice path sp-tCvsgbd6vasabd5node vsgtCbd6 profile sp-tC order 1410065406node vasatCbd5 profile ep-tC order 1410065407vservice path sp-tDedittestnode vsgl3tD104 profile sp-tD order 1node vasatDbd5 profile ep-tD order 22vservice path sptestvservice path sp-tEvsgl3node vsgl3tE105 profile sp-tE order 10vservice path sp-tDvasabd5node vasatDbd5 profile ep-tD order 100Related Commands
show vnm-pa status
To display the installation status of a policy agent, use the show vnm-pa status command.
show vnm-pa status
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vnm-pa status command:
•
•
•
Examples
This example shows how to display the installation status of the policy agent:
vsm# configurevsm(config)# show vnm-pa statusVNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsmvsm(config)#Related Commands
show vservice brief
To display only a brief summary about the Virtual Service Nodes (VSN), use the show vservice brief command.
show vservice brief [node-l3 node-ipaddr ip-addr | node-l3 module module-num] [ node-vxlan bridge-domain bridge-domain-name] | node-vlan vlan-id| node-name node name | module module-num
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice brief command:
•
•
•
Examples
This example shows how to display brief information about the Cisco VSGs:
vsm# show vservice brief#License InformationType In-Usevsg 0asa 2#Node InformationID Name Type IP-Address Mode State Module1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4,12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive?? 4,6,13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4,18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6,19 vsgl3tE105 vsg 10.10.10.205 l3 Unreach 4,6,#Path Information#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,Node Order Profilevsgl3tD104 1 sp-tDvasatDbd5 1000000000 ep-tD#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,Node Order ProfilevsgtCbd6 -- sp-tCRelated Commands
show vservice connection
To display VSN connections, use the show vservice connection command.
show vservice connection [node-name node-name] [node-vxlan bridge-domain bdname | node-vlan vlan-num | node-l3 [node-ipaddr ip-addr | module module-num] | node-ipaddr ip-addr] | path-name path-name | port-profile port-profile-name | service-profile service-profile-name]
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice connection command:
•
•
•
Examples
This example shows how to display Cisco VSG connections:
vsm# show vservice connectionmodule node_l3 node_vlannode_ipaddr node_name node_vxlanActions(Act):d - drop s - resetp - permit t - passthroughr - redirect e - error_ - not processed yet upper case - offloadedFlags:A - seen ack for syn/fin from src a - seen ack for syn/fin from dstE - tcp conn established (SasA done)F - seen fin from src f - seen fin from dstR - seen rst from src r - seen rst from dstS - seen syn from src s - seen syn from dstT - tcp conn torn down (FafA done) x - IP-fragment connection#Node vsgl2tD104#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Path sp-vsgbd6tC#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Module 6Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Path sp-tDvsgl3vasabd5#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Node vsgtCbd6#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Module 6Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Node vsgl3tE105#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Module 6Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Node vsgl3tD104#Module 4Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes#Module 6Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags BytesRelated Commands
show vservice detail
To display detailed information about the Virtual Service Nodes (VSN), use the show vservice detail command.
show vservice detail {module module_num | node_ipaddr ip_addr | node_l3 node_l3 | node_name node_name | node_vxlan vxlan_num | node_vlan vlane_num | path_name path_name port-profile port_profile| service-profile sevice_profile}
Syntax Description
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vsn detail command:
•
•
•
Examples
This example shows how to display detailed information about Cisco VSGs:
vsm# show vservice detail
-----------------#VSN VLAN: -, IP-ADDR: 10.1.1.40MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE9 - Close Up11 - Close Up12 - Close Up#VSN VLAN: -, IP-ADDR: 10.1.1.68MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE12 - Close Up#VSN VLAN: 502, IP-ADDR: 10.1.1.45MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE11 00:50:56:8f:5a:bb Close Up12 00:50:56:8f:5a:bb Close Up#VSN VLAN: 501, IP-ADDR: 10.1.1.44MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE9 00:50:56:8f:5a:85 Close Up11 00:50:56:8f:5a:85 Close Up#VSN VLAN: 501, IP-ADDR: 10.1.1.40MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE9 00:50:56:8e:35:bd Close Up11 00:50:56:8e:35:bd Close Up#VSN VLAN: 501, IP-ADDR: 10.1.1.41MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE11 00:50:56:8f:5a:7f Close Up#VSN Ports, Port-Profile, Org & Security-Profile Association:#VSN VLAN: -, IP-ADDR: 10.1.1.40Port-Profile: segment-5000-routed, Security-Profile: tenant1-sp1, Org: root/tenant1Module Vethernet9 411 36, 2512 69, 26, 67Port-Profile: segment-5001, Security-Profile: tenant1-sp1, Org: root/tenant1Module Vethernet9 45#VSN VLAN: -, IP-ADDR: 10.1.1.68Port-Profile: N1010-L3, Security-Profile: n1010-sp, Org: root/tenant1Module Vethernet12 41, 46#VSN VLAN: 502, IP-ADDR: 10.1.1.45Port-Profile: segment-5002, Security-Profile: tenant3-sp2, Org: root/tenant3Module Vethernet3 84, 854 86Port-Profile: tenant3-sp2, Security-Profile: tenant3-sp2, Org: root/tenant3Module Vethernet11 37, 40, 39, 3812 74#VSN VLAN: 501, IP-ADDR: 10.1.1.44Port-Profile: tenant1-vsg2, Security-Profile: tenant1-sp2, Org: root/tenant1Module Vethernet9 49, 55, 54, 53, 52, 51, 50, 56, 63, 62,61, 60, 59, 58, 57, 6, 7, 13, 14, 15,2, 111 16, 17, 22, 21, 20, 19, 18#VSN VLAN: 501, IP-ADDR: 10.1.1.40Port-Profile: data-53, Security-Profile: tenant1-sp1, Org: root/tenant1Module Vethernet9 2411 23#VSN VLAN: 501, IP-ADDR: 10.1.1.41Port-Profile: tenant2, Security-Profile: tenant2-sp1, Org: root/tenant2Module Vethernet11 68, 12, 72vsm#-------------------Related Commands
show vservice port vethernet
Displays information about virtual Ethernet (vEth) ports.
8
show vservice license brief
To display only a brief summary about the virtual service node license information, use the show vservice license brief command.
show vservice license brief
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vnm-pa status command:
•
•
•
Examples
This example shows how to display the brief information about the license:
n1000v# show vservice license brief--------------------------------------------------------------------------------License Information--------------------------------------------------------------------------------Type In-Use-Lic-Count UnLicensed-Modvsg 6asa 2Related Commands
show vservice license detail
To display the detail about the virtual service node license information, use the show vservice license detail command.
show vservice license detail {module module_num}
Syntax Description
module
Filters the module number.
module_num
Specifies the module number to see all the VSN connections on the module. The range is from 3 to 66.
Command Default
None
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vnm-pa status command:
•
•
•
Examples
This example shows how to display the brief information about the license:
n1000v# show vservice license detail module 4--------------------------------------------------------------------------------License Information--------------------------------------------------------------------------------Mod VSG-Lic-Count ASA-Lic-Count4 2 2Related Commands
show vservice node mac brief
To display only summary about the MAC address of the virtual service node, use the show vservice node mac brief command.
show vservice node mac brief
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice node brief command:
•
•
•
Examples
This example shows how to display the MAC address of the Cisco virtual service node
n1000v# show vservice node mac brief--------------------------------------------------------------------------------Node Information--------------------------------------------------------------------------------ID Type IP-Address MAC-Addr Mode Fail State Module1 asa 172.8.8.201 00:50:56:b5:37:8f vxlan open Alive 4,12 vsg 10.10.10.103 00:50:56:b5:25:f7 vxlan close Alive 4,6,7,13 vsg 10.10.10.104 00:50:56:b5:6d:36 v-504 close Alive 4,18 vsg 10.10.10.204 00:00:00:00:00:00 l3 open Alive 4,6,Related Commands
show vservice node brief
To display only the summary about the Cisco virtual service node, use the show vservice node brief command.
show vservice node brief [name node-name| vxlan bridge-domain bdname | vlan vlan_num | l3 ip-addr ip-addr | l3 module module-num] | ipaddr ip-addr | module module-num]
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice node brief command:
•
•
•
Examples
This example shows how to display summary information about Cisco VSN.
n1000v# show vservice node brief--------------------------------------------------------------------------------Node Information--------------------------------------------------------------------------------ID Name Type IP-Address Mode State Module1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4,12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive 4,6,7,13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4,18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6,Related Commands
show vservice node detail
Displays detailed information about virtual service node.
show vservice node detail
To display the detail about the Cisco virtual service node, use the show vservice node detail command.
show vservice node detail [name node-name| vxlan bridge-domain bdname | vlan vlan_num | l3 ip-addr ip-addr | l3 module module-num] | ipaddr ip-addr | module module-num]
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operator
Command History
Usage Guidelines
You can use the following operators with the show vsn connection command:
•
•
•
Examples
This example shows how to display Cisco VSG service node?
n1000v# show vservice node detail--------------------------------------------------------------------------------Node Information--------------------------------------------------------------------------------Node ID:1 Name:vasatDbd5Type:asa IPAddr:172.8.8.201 Fail:open Vxlan:bd5555Mod State MAC-Addr VVer4 Alive 00:50:56:b5:37:8f 2Node ID:12 Name:vsgtCbd6Type:vsg IPAddr:10.10.10.103 Fail:close Vxlan:bd6666Mod State MAC-Addr VVer4 Alive 00:50:56:b5:25:f7 26 Alive 00:50:56:b5:25:f7 27 Alive 00:50:56:b5:25:f7 2Node ID:13 Name:vsgl2tD104Type:vsg IPAddr:10.10.10.104 Fail:close Vlan:504Mod State MAC-Addr VVer4 Alive 00:50:56:b5:6d:36 2Node ID:18 Name:vsgl3tD104Type:vsg IPAddr:10.10.10.204 Fail:open L3Mod State MAC-Addr VVer4 Alive -- 26 Alive -- 2Related Commands
show vservice path brief
To only display the summary of the vservice path, use the show vservice path brief command.
show vservice path brief [module module-number | name name]
Syntax Description
module
(Optional).
module-number
name
Filters the path name to the service node.
name
Specifies the path name to the service node
Defaults
None
Command Modes
EXEC
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
Examples
This example shows how to show the vservice path:
vsm# show vservice path briefmodule name#Path Information#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,Node Order Profilevsgl3tD104 1 sp-tDvasatDbd5 1000000000 ep-tD#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,Node Order ProfilevsgtCbd6 -- sp-tCRelated Commands
show vservice path detail
To only display the details of the vservice path, use the show vservice path detail command.
show vservice path detail [module module-number | name name]
Syntax Description
Defaults
None
Command Modes
EXEC
Global configuration (config)
Supported User Rolesnetwork-admin
network-operator
Command History
Examples
This example shows how to show the vservice path:
vsm# show vservice path detailmodule name#Path Information#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,Node Order Profilevsgl3tD104 1 sp-tDvasatDbd5 1000000000 ep-tD#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,Node Order ProfilevsgtCbd6 -- sp-tCRelated Commands
show vservice port brief
To display a brief summary of the configured ports in the network, use the show vservice port brief command.
show vservice port brief {module module_num | node-ipaddr ip_addr | node-l3[node-ipaddr ip-addr | module module-num] | node-name node_name | node-vlan vlan-num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
Syntax Description
Command Modes
EXEC
Supported User RolesNetwork-admin
Network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice port brief command:
•
•
•
•
Examples
This example shows how to display the brief summary information of the vservice ports per module number 4:
vsm# show vservice port brief module 4--------------------------------------------------------------------------------Port Information--------------------------------------------------------------------------------PortProfile:tC-bd5-vsgbd6Org:root/tCNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)Veth Mod VM-Name vNIC IP-Address9 4 cos-8.10-bd5-spvsgbd6 2 172.8.8.10,23 4 cos-8.41-bd6-vsgbd6 1 172.8.8.41,37 4 xp-8.11-504-vsg504 1 172.8.8.11,51 4 cos-8.37-503-s...04vasa503 1 172.8.8.37,53 4 cos-8.31-503-vsgbd6 1 172.8.8.31,PortProfile:tD-bd5-spvsgl3vasabd5Org:root/tDPath:sp-tDvsgl3vasabd5Node Profile(Id)vsgl3tD104(10.10.10.204) sp-tD(6)vasatDbd5(172.8.8.201) ep-tD(8)Veth Mod VM-Name vNIC IP-Address72 4 cos-8.40-bd5-s...l3vasabd5 1 172.8.8.40,PortProfile:tD-504-vsg504Org:root/tDNode:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6)Veth Mod VM-Name vNIC IP-Address69 4 cos-8.38-504-vsg504 1 172.8.8.38,PortProfile:tD-bd5-vsgl3Org:root/tDNode:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7)Veth Mod VM-Name vNIC IP-Address50 4 2k3-9.8-bd6-spvsgl3 1 172.9.9.8,PortProfile:tC-bd6-vsgbd6Org:root/tCNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)Veth Mod VM-Name vNIC IP-Address11 4 cos-9.13-bd6-vsgl3 1 172.9.9.13,Related Commands
show vservice port detail
To display details of the configured ports in the network, use the show vservice port detail command.
show vservice port detail {module module_num | node-ipaddr ip_addr | node-l3[node-ipaddr ip-addr | module module-num] | node-name node_name | node-vlan vlan_num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
Syntax Description
Command Modes
EXEC
Supported User RolesNetwork-admin
Network-operator
Command History
Usage Guidelines
You can use the following operators with the show vservice port detail command:
•
•
•
•
Examples
This example shows how to display the detailed information of the vservice ports per module number 4:
vsm# show vservice port detail module 4--------------------------------------------------------------------------------Port Information--------------------------------------------------------------------------------PortProfile:tC-bd5-vsgbd6Org:root/tCNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)Veth9Module :4VM-Name :cos-8.10-bd5-spvsgbd6vNIC:Network Adapter 2DV-Port :4421VM-UUID :50 35 a1 39 18 76 76 18-89 89 27 33 1a 30 50 20DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.10,Veth23Module :4VM-Name :cos-8.41-bd6-vsgbd6vNIC:Network Adapter 1DV-Port :4425VM-UUID :50 35 d5 98 de c1 04 5b-3e 84 a6 2c 9f 04 2b c2DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.41,Veth37Module :4VM-Name :xp-8.11-504-vsg504vNIC:Network Adapter 1DV-Port :4424VM-UUID :50 35 bc 16 8c fa a8 66-ae d9 1f ca 30 e5 21 3eDVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.11,Veth51Module :4VM-Name :cos-8.37-503-s...04vasa503vNIC:Network Adapter 1DV-Port :4416VM-UUID :50 35 1d f6 ba 4e 26 7e-78 02 03 a8 cf c6 ed d9DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.37,Veth53Module :4VM-Name :cos-8.31-503-vsgbd6vNIC:Network Adapter 1DV-Port :4420VM-UUID :50 35 42 e3 93 f9 aa 46-3e 94 bb fd 39 23 a7 c0DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.31,PortProfile:tD-bd5-spvsgl3vasabd5Org:root/tDPath:sp-tDvsgl3vasabd5 NumOfSvc:2Node Profile(Id)vsgl3tD104(10.10.10.204) sp-tD(6)vasatDbd5(172.8.8.201) ep-tD(8)Veth72Module :4VM-Name :cos-8.40-bd5-s...l3vasabd5vNIC:Network Adapter 1DV-Port :3712VM-UUID :50 35 af 46 40 bb ef 61-37 9e c7 6f 5a 97 4e 18DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.40,PortProfile:tD-504-vsg504Org:root/tDNode:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6)Veth69Module :4VM-Name :cos-8.38-504-vsg504vNIC:Network Adapter 1DV-Port :4642VM-UUID :50 35 9a 63 d0 6a ff de-a5 66 65 2c 06 be e4 c1DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.8.8.38,PortProfile:tD-bd5-vsgl3Org:root/tDNode:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7)Veth50Module :4VM-Name :2k3-9.8-bd6-spvsgl3vNIC:Network Adapter 1DV-Port :3777VM-UUID :50 35 93 44 8b 31 35 e1-02 50 e1 5c 5e 3f 51 2aDVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.9.9.8,PortProfile:tC-bd6-vsgbd6Org:root/tCNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)Veth11Module :4VM-Name :cos-9.13-bd6-vsgl3vNIC:Network Adapter 1DV-Port :4832VM-UUID :50 35 f0 fb 15 4a 2b 46-4c 69 4c 24 d3 ab ff 0fDVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55IP-Addrs:172.9.9.13,Related Commands
show vservice port brief
Displays a brief summary of the configured ports in the network.
show vsn port vethernet
To display information about virtual Ethernet (vEth) ports, use the show vsn port vethernet command.
show vsn port vethernet port-number
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operatorCommand History
Usage Guidelines
You can use the following operators with the show vsn port vethernet command:
•
•
•
Examples
This example shows how to display information about vEth port 2:
vsm# show vsn port vethernet 2Veth : Veth2VM Name : UD136-1VM uuid : 42 3b e1 60 17 e6 92 c4-3b 47 f4 b7 4c a0 be 1bDV Port : 7458DVS uuid : 90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2cFlags : 0x148VSN Data IP : 192.168.136.1Security Profile : sp1Org : Not setVNSP id : 1IP addresses:vsm#Related Commands
show vservice statistics
To display the information about the configuration, MAC address, state of associated Cisco VSG and Virtual Ethernet Module (VEM), Veths to which Cisco VSGs are bound, and Virtual Service Node (VSN) statistics for all VEM modules associated with Cisco VSGs, use show vservice statistics command.
show vservice statistics [ip ip-addr | module module-num | vlan vlan-num]
Syntax Description
Command Default
None
Command Modes
EXEC
Supported User Rolesnetwork-admin
network-operatorCommand History
Usage Guidelines
You can use the following operators with the show vservice statistics command:
•
•
•
•
Examples
This example shows how to display statistics for a module:
vsm# show vservice statistics module 4#VSN VLAN: 0, IP-ADDR: 10.10.10.205Module: 4#VPath Packet Statistics Ingress Egress TotalTotal Seen 25 39 64Policy Redirects 16 21 37No-Policy Passthru 4666 3609 8275Policy-Permits Rcvd 16 21 37Policy-Denies Rcvd 0 0 0Permit Hits 9 18 27Deny Hits 0 0 0Decapsulated 16 21 37Fail-Open 0 0 0Badport Err 0 0 0VSN Config Err 0 0 0VSN State Down 2380 10765 13145Encap Err 0 0 0All-Drops 2380 10765 13145Flow Notificns Sent 0Total Rcvd From VSN 42Non-Cisco Encap Rcvd 0VNS-Port Drops 5Policy-Action Err 0Decap Err 0L2-Frag Sent 0L2-Frag Rcvd 0L2-Frag Coalesced 0Encap exceeded MTU 0ICMP Too Big Rcvd 0#VPath Flow StatisticsActive Flows 0 Active Connections 0Forward Flow Create 11 Forward Flow Destroy 11Reverse Flow Create 11 Reverse Flow Destroy 11Flow ID Alloc 22 Flow ID Free 22Connection ID Alloc 11 Connection ID Free 11L2 Flow Create 0 L2 Flow Destroy 0L3 Flow Create 0 L3 Flow Destroy 0L4 TCP Flow Create 0 L4 TCP Flow Destroy 0L4 UDP Flow Create 22 L4 UDP Flow Destroy 22L4 Oth Flow Create 0 L4 Oth Flow Destroy 0Embryonic Flow Create 0 Embryonic Flow Bloom 0L2 Flow Timeout 0 L2 Flow Offload 0L3 Flow Timeout 0 L3 Flow Offload 0L4 TCP Flow Timeout 0 L4 TCP Flow Offload 0L4 UDP Flow Timeout 59 L4 UDP Flow Offload 37L4 Oth Flow Timeout 0 L4 Oth Flow Offload 0Flow Lookup Hit 90 Flow Lookup Miss 22Flow Dual Lookup 112 L4 TCP Tuple-reuse 0TCP chkfail InvalACK 0 TCP chkfail SeqPstWnd 0TCP chkfail WndVari 0Flow Classify Err 0 Flow ID Alloc Err 0Conn ID Alloc Err 0 Hash Alloc Err 0Flow Exist 0 Flow Entry Exhaust 0Flow Removal Err 0 Bad Flow ID Receive 37Flow Entry Miss 0 Flow Full Match Err 0Bad Action Receive 0 Invalid Flow Pair 0Invalid Connection 0Hash Alloc 0 Hash Free 0InvalFID Lookup 37 InvalFID Lookup Err 0Deferred Delete 0vsm#Related Commands
show vservice port vethernet
Displays information about virtual Ethernet (vEth) ports.
tcp state-checks
To configure the Cisco Nexus 1000V switch to perform TCP state checks, use the tcp state-checks command. To return to the default setting, use the no form of the command.
tcp state-checks [invalid-ack | seq-past-window | window-variation]
no tcp state-checks [invalid-ack | seq-past-window | window-variation]
Syntax Description
Defaults
The default behavior of the TCP checks is as follows:
•
•
•
Command Modes
vservice global configuration (config-vservice-global)
Supported User Rolesnetwork-admin
system-admin
Command History
4.2(1)SV2(1.1)
This command was modified to add the invalid-ack, seq-past-window, and window-variation TCP state checks.
4.2(1)VSG1(4a)
This command was introduced.
Usage Guidelines
Because the default TCP state checks in vPath are different for each check, the no form of this command may enable or disable the respective checks. See the "Defaults" section, before you enter the no form of this command.
Examples
This example shows how to configure the switch to perform the default TCP state checks:
n1000v(config)# vservice global type vsgn1000v(config-vservice-global)# tcp state-checksThis example shows how to enable the seq-past-window TCP state check:n1000v(config-vservice-global)# tcp state-checks seq-past-windowThis example shows how to disable the invalid-ack TCP state check:n1000v(config-vservice-global)# no tcp state-checks invalid-ackRelated Commands
vservice global type vsg
Enters the vservice global configuration mode.
bypass asa-traffic
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain.
vn-service ip-address
To assign a data IP address, a VLAN number, and a profile to a Cisco VSG L2 mode, use the vn-service ip-address command. To disable the data IP address, use the no form of the command.
vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]
no vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]
To assign a data IP address and a profile to a Cisco VSG L3 mode, use the vn-service ip-address command. To disable the data IP address, use the no form of the command.
vn-service ip-address ip-address l3-mode [fail {close | open} | security-profile profile-name]
no vn-service ip-address ip-address l3-mode [fail {close | open} | security-profile profile-name]
Syntax Description
Command Default
Fail close
Command Modes
Port profile configuration (config-port-prof)
Supported User Rolesnetwork-admin
Command History
4.2(1)SV1(5.1)
This command was changed to include the command syntax and description for the L3 mode.
4.0(4)SV1(1)
This command was introduced.
Usage Guidelines
Use the vn-service ip-address command to configure the IP address, VLAN, and security profile for the Cisco VSG, and optionally to allow for a fail-safe configuration.
The fail mode specifies what the behavior is when the Virtual Ethernet Module (VEM) does not have connectivity to the Cisco VSG. The default fail mode is close, which means that the packets are dropped. The open fail mode means that packets are passed.
The security profile name must match one of the security profiles created on the Cisco VSG.
The IP address must match the data interface IP address on the Cisco VSG.
Examples
This example shows how to assign the IP address and VLAN number and how to specify that packets are to be passed when the Cisco VSG fails:
vsm# configureEnter configuration commands, one per line. End with CNTL/Z.vsm(config)# port-profile pP1vsm(config-port-prof)# vn-service ip-address 209.165.200.236 vlan 2 fail openvsm(config-port-prof)#Related Commands
vservice
To associate a port-profile with a service node or path, use the vservice command from the config-port-profile mode of the port-profile. To delete a port-profile configuration, use the no form of this command.
vservice {node node_name [profile profile_name] | path svc_path_name}
no vservice
Syntax Description
Defaults
None
Command Modes
Port-profile configuration (config-port-prof)
Supported User RolesNetwork-admin
Command History
Usage Guidelines
You can associate either the service node or path to the chosen port-profile entity. Both, the node as well as the path need to be pre-defined. If the node is of type VSG or ASA, then specifying a profile is mandatory. However, it is optional in case of a vWAAS or ACE nodes.
Examples
This example shows how to configure a port-profile with a node and service profile:
vsm(config)# port-profile port1 <-------- Enter the mode of the port-profile entity you want to configurevsm(config-port-prof)# vservice node vsg1 profile sp1vsm(config-port-prof)#This example shows how to configure a port-profile entity with a service path:
vsm(config-port-prof)# vservice path vpath1vsm(config-port-prof)#Related Commands
vservice node
To configure a service node, use the vservice node command. To disable a service node, use the no form of the command.
vservice node node_name type {vsg | asa | ace }
ip address ip-address | no ip address
adjacency {l2 {vlan vlan-number} | {vxlan bridge-domain bd-name} | l3} | no adjacency failmode {close | open} | no failmodeno vservice node node_name
no ip address
no adjacenc
no failmodeSyntax Description
Command Default
None
Command Modes
Global configration (config)
Supported User RolesNetwork-admin
Command History
Usage Guidelines
Use the vservice node command to configure a service node with an existing Cisco VSG, ASA, or ACE. That node in turn is associated with either a port profile or a vservice path.
You can only delete inactive vservice nodes. The inactive nodes are not configured with any virtual machines or service paths.
Examples
This example shows how to enter the vservice-node mode, and configure the IP address of a vservice node, adjacency, and fail-mode settings:
vsm(config)# vservice node test type vsg <------- enter the vservice-node modevsm(config-vservice-node)# ip address 1.1.11.11vsm(config-vservice-node)# adjacency l2 vlan 100vsm(config-vservice-node)# fail-mode closevsm(config-vservice-node)#Related Commands
show vservice node brief
Displays the vservice node information, in brief.
show vservice node detail
Displays the vservice node information, in detail.
vservice path
To configure a path for service chaining, use the vservice path command. To disable a service path, use the no form of the command.
vservice path svc_path_name
node node_name [profile prof_name] order order_numno vservice path svc_path_name
no node node_nameSyntax Description
Command Default
None
Command Modes
Global configuration (config)
Supported User RolesNetwork-admin
Command History
Usage Guidelines
You can configure up to 3 service nodes in one vservice path. The supported nodes are the Cisco VSG, vWAAS, and ASA. The specified node_name has to be pre-defined. Specifying a profile is mandatory for VSG and ASA, but not for vWAAS. For a given path, the ASA node must be configured last. At the end, you can disable a vservice-path from within its mode as well as at the global configuration level.
Examples
This example shows how to enter the vservice-path mode, and specify the name of a vservice node, port profile, and the order number:
vsm(config)# vservice path test <------- enter the vservice-path modevsm(config-vservice-path)# node test1 profile test2 order 100vsm(config-vservice-path)#This example shows how to disable a vservice-path:
vsm(config)# no vservice path testvsm(config)#Related Commands
show vservice path brief
Displays the vservice path information in brief.
show vservice path detail
Displays the vservice path information in detail.
vservice license
To assign VSG and ASA licenses to specific modules, use the vservice license command. You can transfer the licenses within the modules and license pool. This command also enables (activate) the volatile licenses. To disable volatile licenses, use the no form of the command.
vservice license type {vsg | asa} {transfer | volatile} {src-module mod_no | license-pool} {dst-module mod_no | license-pool}
[no] vservice license type {vsg | asa} volatile
Syntax Description
Defaults
None
Command Modes
EXEC
Supported User RolesNetwork-admin
Command History
Usage Guidelines
You cannot transfer volatile licenses to the license-pool. Thus, you cannot specify any keyword after you type "volatile" at the command line.
Examples
This example shows how to transfer a VSG license from a module to the license pool:
vsm(config)# vservice license type vsg transfer src-module 4 license-poolvsm(config)#This example shows how to transfer an ASA license from one module to another:
vsm(config)# vservice license type asa transfer src-module 12 dst-module 34vsm(config)#This example shows how to enable volatile VSG licenses:
vsm(config)# vservice license type vsg volatilevsm(config)#This example shows how to disable volatile ASA licenses:
vsm(config)# no vservice license type asa volatilevsm(config)#Related Commands
show vservice license brief
Displays usage information per license type.
show vservice license detail
Displays the license type per module.
vnm-policy-agent
To enter Cisco Virtual Network Management Center (VNMC) policy agent mode, use the vnm-policy-agent command.
vnm-policy-agent
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
Command History
Usage Guidelines
Use the Cisco VNMC policy agent configuration mode to configure policy agents.
Examples
This example shows how enter policy agent mode:
vsm# configurevsm(config)# vnm-policy-agentvsm(config-vnm-policy-agent)#Related Commands
vservice global type vsg
To enter the vservice global configuration mode, use the vservice global type vsg command.
vservice global type vsg
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
vservice global configration (config-vservice-global)
Supported User Rolesnetwork-admin
Command History
Examples
This example shows how to enter the vservice global configuration mode:
n1000v# configure <------ enter the config moden1000v(config)# vservice global type vsgn1000v(config-vservice-global)#Related Commands
bypass asa-traffic
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain.
tcp state-checks
Configures selective TCP state checks on the switch traffic.