The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter D.
To configure the duration of time for which a nonreachable Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System Plus (TACACS+) server is skipped, use the deadtime command. To revert to the default, use the no form of this command.
deadtime minutes
no deadtime minutes
minutes |
Number of minutes, from 0 to 1440, for the interval. |
0 minutes
RADlUS server group configuration (config-radius)
TACACS+ server group configuration (config-tacacs+)
Global configuration (config)
network-admin
Before you can configure it, you must enable TACACS+ by using the tacacs+ enable command.
The deadtime can be configured either globally and applied to all RADIUS or TACACS+ servers or per server group.
If the deadtime interval for a RADIUS or TACACS+ server group is greater than zero (0), that value takes precedence over the global dead-time value.
Setting the dead-time interval to 0 disables the timer.
When the deadtime interval is 0 minutes, RADIUS and TACACS+ servers are not marked as dead even if they are not responding.
This example shows how to set the deadtime interval to 2 minutes for a RADIUS server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa group server radius RadServer
n1000v(config-radius)# deadtime 2
This example shows how to set a global deadtime interval to 5 minutes for all TACACS+ servers and server groups:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# tacacs-server deadtime 5
n1000v(config)#
This example shows how to set the deadtime interval to 5 minutes for a TACACS+ server group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# aaa group server tacacs+ TacServer
n1000v(config-tacacs+)# deadtime 5
This example shows how to revert to the deadtime interval default:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# feature tacacs+
n1000v(config)# aaa group server tacacs+ TacServer
n1000v(config-tacacs+)# no deadtime 5
To direct the output of the debug commands to a specified file, use the debug logfile command. To revert to the default, use the no form of this command.
debug logfile filename [size bytes]
no debug logfile filename [size bytes]
Default filename: syslogd_debugs
Default file size: 4194304 bytes
Any
network-admin
The logfile is created in the log: file system root directory.
Use the dir log: command to display the log files.
This example shows how to specify a debug logfile:
n1000v# debug logfile debug_log
This example shows how to revert to the default debug logfile:
n1000v# no debug logfile debug_log
To enable debug command output logging, use the debug logging command. To disable debug logging, use the no form of this command.
debug logging
no debug logging
This command has no arguments or keywords.
Disabled
Any
network-admin
This example shows how to enable the output logging for the debug command:
n1000v# debug logging
This example shows how to disable the output logging for the debug command:
n1000v# no debug logging
|
|
---|---|
show debug |
Displays the debug flags. |
show debug-filter |
Displays the settings of the debug filter. |
debug logfile |
Configures the logfile for the debug command output. |
To remove a configured rate limit for the dynamic Address Resolution Protocol (ARP) inspection (DAI), use the default ip arp inspection limit command.
default ip arp inspection limit {rate [burst interval] | none}
rate |
Specifies a rate limit. |
burst interval |
(Optional) Specifies the burst interval. |
none |
Specifies no limit. |
None
Interface configuration (config-if)
network-admin
This resets the inspection limit to its defaults.
This example shows how to remove a configured rate limit for DAI from a virtual Ethernet interface, and resets the rate limit to the default:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
interface vethernet 3
n1000v(config-if)# default ip arp inspection limit rate
To remove a trusted virtual Ethernet interface configuration for dynamic Address Resolution Protocol (ARP) inspection (DAI), use the default ip arp inspection trust command.
default ip arp inspection trust
This command has no arguments or keywords.
None
Interface configuration (config-if)
network-admin
This command returns the interface to the default untrusted state.
This example shows how to remove the trusted virtual Ethernet interface configuration for DAI and return a virtual Ethernet interface to the untrusted state:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
interface vethernet 3
n1000v(config-if)# default ip arp inspection trust
n1000v(config-if)#
To remove a configured administrative state from an interface, use the default shutdown command.
default shutdown
This command has no arguments or keywords.
None
Interface configuration (config- if)
network-admin
When you use the default shutdown command on a port profile member interface, it also allows the port profile configuration to take affect.
This example shows how to change interface Ethernet 3/2 to shutdown:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 3/2
n1000v(config-if)# default shutdown
n1000v(config-if)#
To remove a configured administrative state from a port profile, and return its member interfaces to the default state (shutdown), use the default shutdown command.
default shutdown
This command has no arguments or keywords.
None
Port profile configuration (config- port-prof)
network-admin
This example shows how to change the member interfaces in the port profile named DataProfile to shutdown:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v#
port-profile DataProfile
n1000v(config-port-prof)#
default shutdown
n1000v(config-port-prof)#
|
|
---|---|
show port-profile |
Displays the configuration for a port profile. |
To remove a particular switchport characteristic from a port profile, use the default switchport command.
default switchport {mode | access vlan | trunk {native | allowed} vlan | private-vlan {host-association | mapping [trunk]} | port-security}
None
Port profile configuration (config-port-prof)
network-admin
The functionally of this command is equivalent to using the no form of a specific switchport command. For example, the effect of the following commands is the same:
•default switchport mode command = no switchport mode command.
•default switchport access vlan command = no switchport access vlan command.
•default switchport trunk native vlan command= no switchport trunk native vlan command.
This example shows how to revert port profile ports to switch access ports:
n1000v(config-port-prof)#
default switchport mode
This example shows how to remove the trunking allowed VLAN characteristics of a port profile:
n1000v(config-port-prof)# default switchport trunk allowed vlan
This example shows how to remove the private VLAN host association of a port profile:
n1000v(config-port-prof)# default switchport private-vlan host-association
This example shows how to remove port security characteristics of a port profile:
n1000v(config-port-prof)# default switchport port-security
|
|
---|---|
show port-profile |
Displays information about port profile(s). |
To remove any user configuration for the switchport port-security characteristic from a virtual Ethernet interface, use the default switchport port-security command. This has the effect of setting the default (disabled) for port-security for that interface.
default switchport port-security
This command has no arguments or keywords.
Disabled
Interface configuration (config-if)
network-admin
This example shows how to disable port security n1000v on virtual Ethernet 2:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface veth 2
n1000v(config-if)# default switchport port-security
n1000v(config-if)#
|
|
---|---|
show running-config port-security |
Displays the port security configuration. |
show port-security |
Displays the port security status. |
To specify the default action for mapping input field values to output field values in a table map, use the default command.
default {value | copy}
no default {value | copy}
value |
Output value. The range is from 0 to 63. |
copy |
Specifies that the default action is to copy all equal values to an equal output value. |
Copies the input value to the output value.
Table map configuration (config-tmap)
Default table map configuration
network-admin
The copy keyword is available only in the table map configuration mode. In the default table map configuration mode, the copy keyword is not available because all values must be assigned a mapping.
This example shows how to remove the default mapping action copy. The resulting default action is ignore:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
table-map my_table1
n1000v(config-tmap)# no default copy
n1000v(config-tmap)#
|
|
---|---|
from |
Specifies input field to output field mappings in table maps. |
show table-map |
Displays table maps. |
To delete a file, use the delete command.
delete [filesystem:[//directory/] | directory/]filename
None
Any
network-admin
Use the dir command to locate the file you that want to delete.
This example shows how to delete a file:
n1000v# delete bootflash:old_config.cfg
|
|
---|---|
dir |
Displays the contents of a directory. |
To create an IPv4 access control list (ACL) rule that denies traffic matching its conditions, use the deny command. To remove a rule, use the no form of this command.
General Syntax
[sequence-number] deny protocol source destination [dscp dscp | precedence precedence]
no deny protocol source destination [dscp dscp | precedence precedence]
no sequence-number
Internet Control Message Protocol (ICMP)
[sequence-number] deny icmp source destination [icmp-message] [dscp dscp | precedence precedence]
Internet Group Management Protocol (IGMP)
[sequence-number] deny igmp source destination [igmp-message] [dscp dscp | precedence precedence]
Internet Protocol v4
[sequence-number] deny ip source destination [dscp dscp | precedence precedence]
Transmission Control Protocol
[sequence-number] deny tcp source [operator port [port] | portgroup portgroup] destination [operator port [port] | portgroup portgroup] [dscp dscp | precedence precedence] [fragments] [log] [time-range time-range-name] [flags] [established]
User Datagram Protocol (UDP)
[sequence-number] deny udp source operator port [port] destination [operator port [port] [dscp dscp | precedence precedence]
A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater than the last rule in the ACL.
IPv4 ACL configuration (config-acl)
network-admin
When the device applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL. The device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more than one rule are satisfied, the device enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of several ways. In each rule, the method that you use to specify one of these arguments does not affect how you specify the other argument. When you configure a rule, use the following methods to specify the source and destination arguments:
•Address and network wildcard—You can use an IPv4 address followed by a network wildcard to specify a host or a network as a source or destination. The syntax is as follows:
IPv4-address network-wildcard
This example shows how to specify the source argument with the IPv4 address and network wildcard for the 192.0.2.0 subnet:
n1000v(config-acl)# deny tcp 192.0.2.0 0.0.0.255 any
•Address and variable-length subnet mask—You can use an IPv4 address followed by a variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The syntax is as follows:
IPv4-address/prefix-len
This example shows how to specify the source argument with the IPv4 address and VLSM for the 192.0.2.0 subnet:
n1000v(config-acl)# deny udp 192.0.2.0/24 any
•Host address—You can use the host keyword and an IPv4 address to specify a host as a source or destination. The syntax is as follows:
host IPv4-address
This syntax is equivalent to IPv4-address/32 and IPv4-address 0.0.0.0.
This example shows how to specify the source argument with the host keyword and the 192.0.2.0 IPv4 address:
n1000v(config-acl)# deny icmp host 192.0.2.0 any
•Any address—You can use the any keyword to specify that a source or destination is any IPv4 address. For examples of the use of the any keyword, see the examples in this section. Each example shows how to specify a source or destination by using the any keyword.
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can also be one of the following keywords:
•administratively-prohibited—Administratively prohibited
•alternate-address—Alternate address
•conversion-error—Datagram conversion
•dod-host-prohibited—Host prohibited
•dod-net-prohibited—Net prohibited
•echo—Echo (ping)
•echo-reply—Echo reply
•general-parameter-problem—Parameter problem
•host-isolated—Host isolated
•host-precedence-unreachable—Host unreachable for precedence
•host-redirect—Host redirect
•host-tos-redirect—Host redirect for ToS
•host-tos-unreachable—Host unreachable for ToS
•host-unknown—Host unknown
•host-unreachable—Host unreachable
•information-reply—Information replies
•information-request—Information requests
•mask-reply—Mask replies
•mask-request—Mask requests
•mobile-redirect—Mobile host redirect
•net-redirect—Network redirect
•net-tos-redirect—Net redirect for ToS
•net-tos-unreachable—Network unreachable for ToS
•net-unreachable—Net unreachable
•network-unknown—Network unknown
•no-room-for-option—Parameter required but no room
•option-missing—Parameter required but not present
•packet-too-big—Fragmentation needed and DF set
•parameter-problem—All parameter problems
•port-unreachable—Port unreachable
•precedence-unreachable—Precedence cutoff
•protocol-unreachable—Protocol unreachable
•reassembly-timeout—Reassembly timeout
•redirect—All redirects
•router-advertisement—Router discovery advertisements
•router-solicitation—Router discovery solicitations
•source-quench—Source quenches
•source-route-failed—Source route failed
•time-exceeded—All time-exceeded messages
•timestamp-reply—Time-stamp replies
•timestamp-request—Time-stamp requests
•traceroute—Traceroute
•ttl-exceeded—TTL exceeded
•unreachable—All unreachables
TCP Port Names
When you specify the protocol argument as tcp, the port argument can be a TCP port number, which is an integer from 0 to 65535. It can also be one of the following keywords:
bgp—Border Gateway Protocol (179)
chargen—Character generator (19)
cmd—Remote commands (rcmd, 514)
daytime—Daytime (13)
discard—Discard (9)
domain—Domain Name Service (53)
drip—Dynamic Routing Information Protocol (3949)
echo—Echo (7)
exec—EXEC (rsh, 512)
finger—Finger (79)
ftp—File Transfer Protocol (21)
ftp-data—FTP data connections (2)
gopher—Gopher (7)
hostname—NIC hostname server (11)
ident—Ident Protocol (113)
irc—Internet Relay Chat (194)
klogin—Kerberos login (543)
kshell—Kerberos shell (544)
login—Login (rlogin, 513)
lpd—Printer service (515)
nntp—Network News Transport Protocol (119)
pim-auto-rp—PIM Auto-RP (496)
pop2—Post Office Protocol v2 (19)
pop3—Post Office Protocol v3 (11)
smtp—Simple Mail Transport Protocol (25)
sunrpc—Sun Remote Procedure Call (111)
tacacs—TAC Access Control System (49)
talk—Talk (517)
telnet—Telnet (23)
time—Time (37)
uucp—UNIX-to-UNIX Copy Program (54)
whois—WHOIS/NICNAME (43)
www—World Wide Web (HTTP, 8)
UDP Port Names
When you specify the protocol argument as udp, the port argument can be a UDP port number, which is an integer from 0 to 65535. It can also be one of the following keywords:
biff—Biff (mail notification, comsat, 512)
bootpc—Bootstrap Protocol (BOOTP) client (68)
bootps—Bootstrap Protocol (BOOTP) server (67)
discard—Discard (9)
dnsix—DNSIX security protocol auditing (195)
domain—Domain Name Service (DNS, 53)
echo—Echo (7)
isakmp—Internet Security Association and Key Management Protocol (5)
mobile-ip—Mobile IP registration (434)
nameserver—IEN116 name service (obsolete, 42)
netbios-dgm—NetBIOS datagram service (138)
netbios-ns—NetBIOS name service (137)
netbios-ss—NetBIOS session service (139)
non500-isakmp—Internet Security Association and Key Management Protocol (45)
ntp—Network Time Protocol (123)
pim-auto-rp—PIM Auto-RP (496)
rip—Routing Information Protocol (router, in.routed, 52)
snmp—Simple Network Management Protocol (161)
snmptrap—SNMP Traps (162)
sunrpc—Sun Remote Procedure Call (111)
syslog—System Logger (514)
tacacs—TAC Access Control System (49)
talk—Talk (517)
tftp—Trivial File Transfer Protocol (69)
time—Time (37)
who—Who service (rwho, 513)
xdmcp—X Display Manager Control Protocol (177)
This example shows how to configure an IPv4 ACL named acl-lab-01 with rules that deny all TCP and UDP traffic from the 10.23.0.0 and 192.0.2.0 networks to the 10.176.0.0 network and a final rule that permits all other IPv4 traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip access-list acl-lab-01
n1000v(config-acl)# deny tcp 10.23.0.0/16 10.176.0.0/16
n1000v(config-acl)# deny udp 10.23.0.0/16 10.176.0.0/16
n1000v(config-acl)# deny tcp 192.0.2.0/16 10.176.0.0/16
n1000v(config-acl)# deny udp 192.0.2.0/16 10.176.0.0/16
n1000v(config-acl)# permit ip any any
To create a MAC access control list (ACL) rule that denies traffic matching its conditions, use the deny command. To remove a rule, use the no form of this command.
[sequence-number] deny source destination [protocol] [cos cos-value] [vlan vlan-id]
no deny source destination [protocol] [cos cos-value] [vlan vlan-id]
no sequence-number
A newly created MAC ACL contains no rules.
If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater than the last rule in the ACL.
MAC ACL configuration (config-mac-acl)
network-admin
When the device applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more than one rule are satisfied, the device enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of two ways. In each rule, the method that you use to specify one of these arguments does not affect how you specify the other argument. When you configure a rule, use the following methods to specify the source and destination arguments:
•Address and mask—You can use a MAC address followed by a mask to specify a single address or a group of addresses. The syntax is as follows:
MAC-address MAC-mask
This example specifies the source argument with the MAC address 00c0.4f03.0a72:
n1000v(config-acl)# deny 00c0.4f03.0a72 0000.0000.0000 any
This example specifies the destination argument with a MAC address for all hosts with a MAC vendor code of 00603e:
n1000v(config-acl)# deny any 0060.3e00.0000 0000.0000.0000
•Any address—You can use the any keyword to specify that a source or destination is any MAC address. For examples of the use of the any keyword, see the examples in this section. Each of the examples shows how to specify a source or destination by using the any keyword.
MAC Protocols
The protocol argument can be the MAC protocol number or a keyword. The protocol number is a four-byte hexadecimal number prefixed with 0x. Valid protocol numbers are from 0x0 to 0xffff. Valid keywords are the following:
•aarp—Appletalk ARP (0x80f3)
•appletalk—Appletalk (0x809b)
•decnet-iv—DECnet Phase IV (0x6003)
•diagnostic—DEC Diagnostic Protocol (0x6005)
•etype-6000—EtherType 0x6000 (0x6000)
•etype-8042—EtherType 0x8042 (0x8042)
•ip—Internet Protocol v4 (0x0800)
•lat—DEC LAT (0x6004)
•lavc-sca—DEC LAVC, SCA (0x6007)
•mop-console—DEC MOP Remote console (0x6002)
•mop-dump—DEC MOP dump (0x6001)
•vines-echo—VINES Echo (0x0baf)
This example shows how to configure a MAC ACL named mac-ip-filter with rules that permit any non-IPv4 traffic between two groups of MAC addresses:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# mac access-list mac-ip-filter
n1000v(config-mac-acl)# deny 00c0.4f00.0000 0000.00ff.ffff 0060.3e00.0000 0000.00ff.ffff ip
n1000v(config-mac-acl)# permit any any
To add a description for the interface and save it in the running configuration, use the description command. To remove the interface description, use the no form of this command.
description text
no description
text |
Interface type. The maximum number of characters is 80. |
None
Interface configuration (config-if)
network-admin
This example shows how to add the description for the interface and save it in the running configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 3/1
n1000v(
config-if)#
description Ethernet port 3 on module 1
This example shows how to remove the interface description:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 3/1
n1000v(
config-if)#
no description Ethernet port 3 on module 1
To add a description to a flow record, flow monitor, or flow exporter, use the description command. To remove the description, use the no form of this command.
description line
no description
line |
Flow record description. The range is from 1 to 63, case-sensitive, alphanumeric characters. |
None
NetFlow flow record (config-flow-record)
NetFlow flow exporter (config-flow-exporter)
Netflow flow monitor (config-flow-monitor)
network-admin
This example shows how to add a description to a flow record:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# description Ipv4flow
This example shows how to add a description to a flow exporter:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# description ExportHamilton
This example shows how to add a description to a flow monitor:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow monitor MonitorTest
n1000v(config-flow-monitor)# description Ipv4Monitor
To add a description to a quality of service (QoS) class map, policy map, or table map use the description command. To remove the description, use the no form of this command.
description text
no description text
text |
Class map or policy map description. The range is from 1 to 200, case-sensitive, alphanumeric characters. |
None
QoS class map configuration (config-cmap-qos)
QoS table map configuration (config-tmap-qos)
QoS policy map configuration (config-pmap-qos)
network-admin
This example shows how to add a description to a policy map:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
policy-map my_policy1
n1000v(config-pmap)# description this policy applies to input packets
n1000v(config-pmap)#
|
|
---|---|
class-map |
Creates or modifies a class map. |
policy-map |
Creates or modifies a policy map. |
table-map |
Creates or modifies a QoS table map. |
To add a description to a Switch Port Analyzer (SPAN) session, use the description command. To remove the description, use the no form of this command.
description string
no description
string |
SPAN session description. The range is from 1 to 32 alphanumeric characters. |
Blank (no description)
SPAN monitor configuration (config-monitor)
network-admin
This example shows how to add a description to a SPAN session:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 8
n1000v(config-monitor)#
description span_session_8a
n1000v(config-monitor)#
This example shows how to remove a description from a SPAN session:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 8
n1000v(
config)#
no description span_session_8a
n1000v(config-monitor)#
|
|
---|---|
show monitor session |
Displays session information. |
To add a destination IP address or virtual routing and forwarding (VRF) to a NetFlow flow exporter, use the destination command. To remove the IP address or VRF, use the no form of this command.
destination {ipaddr | ipv6addr} [use-vrf vrf_name]
no destination
ipaddr |
IP address for collector. |
ipv6addr |
IPv6 address for collector. |
use-vrf vrf_name |
(Optional) VRF label. VRF name. The name is a maximum of 32 case-sensitive, alphanumeric characters. |
None
NetFlow flow exporter configuration (config-flow-exporter)
network-admin
This example shows how to add a destination IP address to a Netflow flow exporter:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# destination 192.0.2.1
This example shows how to remove the IP address from a flow exporter:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# no destination 192.0.2.1
To configure the port(s) in a Switch Port Analyzer (SPAN) session to act as destination(s) for copied source packets, use the destination interface command. To remove the destination interface, use the no form of this command.
destination interface {ethernet slot/chassis | vethernet veth-number | port-channel number}
no destination interface {ethernet slot/chassis | vethernet veth-number | port-channel number}
None
SPAN monitor configuration (config-monitor)
network-admin
SPAN destination ports must already be configured as either access or trunk ports.
SPAN sessions are created in the shut state by default.
When you create a SPAN session that already exists, any additional configuration is added to that session. To make sure the session is cleared of any previous configuration, you can delete the session first by using the no monitor session command.
This example shows how to configure ethernet interfaces 2/5 and 3/7 in a SPAN session to act as a destination for copied source packets:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 8
n1000v(config-monitor)#
destination interface ethernet 2/5, ethernet 3/7
This example shows how to remove the SPAN configuration from destination ethernet interface 2/5:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 8
n1000v(config-monitor)#
no destination interface ethernet 2/5
To configure the IP address of the host to which the encapsulated traffic is sent and save it in the running configuration, use the destination ip command. To remove the configuration, use the no form of this command.
destination ip ip_address
no destination ip ip_address
ip_address |
IP address of the host to which the encapsulated traffic is sent. The address is in the format A.B.C.D. |
None
ERSPAN source configuration (config-erspan-src)
network-admin
ERSPAN destination ports must already be configured as either access or trunk ports.
ERSPAN sessions are created in the shut state by default.
When you attempt to create an ERSPAN session that already exists, any additional configuration is added to that session. To make sure the session is cleared of any previous configuration, you can delete the session first by using the no monitor session command.
This example shows how to configure the IP address of the host to which the encapsulated traffic is sent and save it in the running configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 1 type erspan-source
n1000v(config-erspan-src)#
destination ip 192.0.2.1
n1000v(config-erspan-src)#
exit
n1000v(config)#
This example shows how to remove the IP address of the host to which the encapsulated traffic is sent:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
monitor session 1 type erspan-source
n1000v(config-erspan-src)#
no destination ip 192.0.2.1
n1000v(config-erspan-src)#
exit
n1000v(config)#
To display the contents of a directory or file, use the dir command.
dir [bootflash: | debug: | log: | volatile:]
None
Any
network-admin
network-operator
Use the pwd command to identify the directory that you are currently working in.
Use the cd command to change the directory that you are currently working in.
This example shows how to display the contents of the directory:
n1000v#
dir ?
> Redirect it to a file
>> Redirect it to a file in append mode
bootflash: Directory or filename
debug: Directory or filename
log: Directory or filename
modflash: Directory or filename
volatile: Directory or filename
| Pipe command output to filter
This example shows how to display the contents of the bootflash: directory:
n1000v#
dir bootflash:
77824 May 24 16:21:09 2013 accounting.log
989 May 01 21:33:23 2013 apache_server.crt
1742 May 02 18:09:53 2013 apache_server.key
4096 Apr 30 12:09:14 2013 core/
99 May 19 17:53:05 2013 csv.txt
9585 May 17 17:21:59 2013 event_archive_1
4096 Apr 30 12:09:14 2013 log/
16384 Apr 30 12:08:37 2013 lost+found/
12236 May 17 17:53:29 2013 mts.log
1953327 Apr 30 12:10:01 2013 n1000vh-dk9-dplug.5.2.1.SM1.5.0.339.gbin
31030784 Mar 04 16:00:33 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.1.gbin
31153664 Apr 30 12:10:07 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.339.gbin
31243776 May 03 15:24:25 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.342.gbin
31178240 May 08 16:15:13 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.344.gbin
31452672 May 09 15:31:06 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.346.gbin
31223296 May 13 21:13:48 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.347.gbin
31157760 May 16 10:10:09 2013 n1000vh-dk9-kickstart.5.2.1.SM1.5.0.352.gbin
90829654 Apr 30 13:12:59 2013 n1000vh-dk9.5.2.1.SM1.5.0.1.gbin
90826915 Apr 30 12:10:25 2013 n1000vh-dk9.5.2.1.SM1.5.0.339.gbin
90823045 May 03 15:23:11 2013 n1000vh-dk9.5.2.1.SM1.5.0.342.gbin
90833045 May 08 16:16:02 2013 n1000vh-dk9.5.2.1.SM1.5.0.344.gbin
90868045 May 09 15:31:45 2013 n1000vh-dk9.5.2.1.SM1.5.0.346.gbin
90868714 May 13 21:14:00 2013 n1000vh-dk9.5.2.1.SM1.5.0.347.gbin
90871517 May 16 10:06:13 2013 n1000vh-dk9.5.2.1.SM1.5.0.352.gbin
107726 Apr 30 12:33:16 2013 run-jarvis.txt
12662 May 19 17:50:08 2013 soak-config1.txt
4096 Apr 30 12:09:33 2013 vdc_2/
4096 Apr 30 12:09:34 2013 vdc_3/
4096 Apr 30 12:09:34 2013 vdc_4/
16978300 Apr 30 12:10:28 2013 vsmhv-pa.2.0.0.12.bin
Usage for bootflash://sup-local
1070575616 bytes used
2127364096 bytes free
3197939712 bytes total
|
|
---|---|
cd |
Changes the current working directory. |
pwd |
Displays the current working directory. |
To disable the loop detection mechanism to support a redundant routing protocol, use the disable-loop-detection command. To enable the loop detection mechanism, use the no form of this command.
disable-loop-detection {carp | hsrp | vrrp | custom-rp {src-mac-range mac_range_start mac_range_end | dest-ip dest_ip | ip-proto proto_no | port port_no}}
no disable-loop-detection {carp | hsrp | vrrp | custom-rp {src-mac-range mac_range_start mac_range_end | dest-ip dest_ip | ip-proto proto_no | port port_no}}
By default, the loop detection mechanism is enabled.
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
•If you configure a virtual Ethernet interface and a port profile to run multiple protocols on the same virtual machine, then the configuration on the virtual Ethernet interface overrides the configuration on the port profile.
•Disable Internet Group Management Protocol (IGMP) snooping on both Cisco Nexus 1000V and upstream switches between the servers to support most redundant routing protocols.
•The disabled loop detection configuration is not supported on PVLAN ports.
•The disabled loop detection configuration is not supported on the port security ports.
This example shows how to disable loop detection for redundant routing protocols:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# int veth5
n1000v(config-if)# disable-loop-detection carp
n1000v(config-if)# disable-loop-detection vrrp
n1000v(config-if)# disable-loop-detection hsrp
n1000v(config-if)# disable-loop-detection custom-rp dest-ip 224.0.0.12 port 2234
n1000v(config-if)# end
n1000v# show running-config interface vethernet 5
!Command: show running-config interface Vethernet5
!Time: Fri Nov 4 02:21:24 2011
version 4.2(1)SV1(5.1)
interface Vethernet5
inherit port-profile vm59
description Fedora117, Network Adapter 2
disable-loop-detection carp
disable-loop-detection custom-rp dest-ip 224.0.0.12 port 2234
disable-loop-detection hsrp
disable-loop-detection vrrp
Hyper-V dvport 32 dvswitch uuid "ea 5c 3b 50 cd 00 9f 55-41 a3 2d 61 84 9e 0e c4"
Hyper-V vm mac 0050.56B3.00B2
n1000v#
|
|
---|---|
show running-config interface |
Displays the interface configuration. |
To assign a domain ID, use the domain id command. To remove a domain ID, use the no form of this command.
domain id number
no domain id
number |
Domain ID number. The range is from 1 to 1023. |
None
Domain configuration (config-svs-domain)
network-admin
During the installation of the Cisco Nexus 1000V the setup utility prompts you to configure a domain, including the domain ID and control and packet VLANs.
This example shows how to assign a domain ID:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
sve-domain
n1000v(
config-svs-domain)#
domain-id number 32
n1000v(
config-svs-domain)#
This example shows how to remove the domain ID:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
sve-domain
n1000v(
config-svs-domain)#
no domain-id number 32
n1000v(
config-svs-domain)#
|
|
---|---|
show svs domain |
Displays the domain configuration. |
To add a Differentiated Services Code Point (DSCP) to a NetFlow flow exporter, use the dscp command. To remove the DSCP, use the no form of this command.
dscp value
no dscp
value |
DSCP value. The range is from 0 to 63. |
None
NetFlow flow exporter configuration (config-flow-exporter)
network-admin
This example shows how to configure a DSCP for a NetFlow flow exporter:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# dscp 2
n1000v(config-flow-exporter)#
This example shows how to remove a DSCP from the NetFlow flow exporter:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# no dscp 2
n1000v(config-flow-exporter)#
To set the duplex mode for an interface as full, half, or autonegotiate, use the duplex command. To revert to the default setting, use the no form of this command.
duplex {full | half | auto}
no duplex [full | half | auto]
full |
Specifies full-duplex mode for the interface. |
half |
Specifies half-duplex mode for the interface. |
auto |
Sets the duplex mode on the interface to autonegotiate with the connecting port. |
None
Interface configuration (config-if)
network-admin
When you use the no version of this command, an argument (such as full, half, or auto) is optional. To return to the default duplex setting, you can use either of the following commands (if, for example, the setting had been changed to full):
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# no duplex
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# no duplex full
This example shows how to set the Ethernet port 1 on the module in slot 3 to full-duplex mode:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# duplex full
This example shows how to revert to the default duplex setting for the Ethernet port 1 on the module in slot 3:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 2/1
n1000v(config-if)# no duplex