The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter F.
To enable the Dynamic Host Configuration Protocol (DHCP) feature globally, use the feature dhcp command. To disable DHCP, use the no form of this command.
feature dhcp
no feature dhcp
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
This example shows how to enable DHCP globally:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature dhcp
n1000v(
config)#
This example shows how to disable DHCP globally:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature dhcp
n1000v(
config)#
To enable the HTTP server, use the feature http-server command. To disable the HTTP server, use the no form of this command.
feature http-server
no feature http-server
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
•The vCenter Update Manager (VUM) will not install the Virtual Ethernet Module (VEM) if the HTTP server is disabled.
•The HTTP server must be enabled in order to get the Cisco Nexus 1000V XML plugin from the Virtual Supervisor Module (VSM).
This example shows how to enable the HTTP server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature http-server
This example shows how to disable the HTTP server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature http-server
|
|
---|---|
show feature |
Displays the features available, such as LACP, and whether they are enabled. |
show http-server |
Displays the HTTP server configuration. |
To enable the Link Aggregation Control Protocol (LACP) support for port channels, use the feature lacp command. To disable it, use the no form of this command.
feature lacp
no feature lacp
This command has no arguments or keywords.
LACP is disabled.
Global configuration (config)
network-admin
LACP bundles a number of physical ports together to form a single logical channel.
You cannot configure LACP for a port channel without first enabling LACP using the command, feature lacp.
This example shows how to turn on LACP for port channels:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature lacp
This example shows how to turn off LACP for port channels:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature lacp
To enable the NetFlow, use the feature netflow command. To disable the feature, use the no form of this command.
feature netflow
no feature netflow
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
•Be aware of resource requirements since NetFlow consumes additional memory and CPU resources.
•Memory and CPU resources are provided by the Virtual Ethernet Module (VEM) hosting the flow monitor interface. Resources are limited by the number of CPU cores present on the VEM.
This example shows how to enable NetFlow:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature netflow
This example shows how to disable NetFlow:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature netflow
To enable the network segmentation manager (NSM) feature, use the feature network-segmentation-manager command. To disable the feature, use the no form of this command.
feature network-segmentation-manager
no feature network-segmentation-manager
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
This example shows how to enable the NSM feature:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# feature network-segmentation-manager
n1000v#
This example shows how to disable the NSM feature:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no feature network-segmentation-manager
n1000v#
To enable the private VLAN feature, use the feature private-vlan command. To disable the feature, use the no form of this command.
feature private-vlan
no feature private-vlan
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
This example shows how to enable the private VLAN feature:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature private-vlan
This example shows how to disable the private VLAN feature:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature private-vlan
Use the following example to configure the network segments as primary and secondary PVLANs that will be carried by an uplink network named Channel. Use the show feature | inc private-vlan command to verify that the PVLAN feature is enabled. Use the show vlan private-vlan command to verify PVLAN mappings. See the N Command Chapter for further information regarding the configuration of logical networks, network segment pools, network segments, and network uplinks.
n1000v(config)# feature private vlan
n1000v# show feature | inc private-vlan
private-vlan 1 enabled
n1000v(config)# nsm logical network IntranetSFO
n1000v(config-logical-net)# description network for host connectivity
n1000v(config-logical-net)# exit
n1000v(config)# nsm network segment pool IntranetSJ
n1000v(config-net-seg-pool)# member-of logical network IntranetSFO
n1000v(config-net-seg-pool)# exit
n1000v(config)# nsm network segment Pvlan_Primary_Segment
n1000v(config-net-seg)# member-of network segment pool IntranetSJ
n1000v(config-net-seg)# n1000vport mode private-vlan primary
n1000v(config-net-seg)# n1000vport private-vlan primary 100
n1000v(config-net-seg)# exit
n1000v(config)# nsm network segment VMNetworkB
n1000v(config-net-seg)# member-of network segment pool IntranetSJ
n1000v(config-net-seg)# n1000vport mode private-vlan host community
n1000v(config-net-seg)# n1000vport private-vlan host-association 100 200
n1000v(config-net-seg)# publish network segment
n1000v(config-net-seg)# exit
n1000v(config)# nsm network uplink Channel
n1000v(config-uplink-net)# allow network segment pool IntranetSJ
n1000v(config-uplink-net)# publish network uplink
n1000v(config-uplink-net)# exit
n1000v# show vlan private-vlan
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
101 200 primary Po1, Po3, Po5, Po7, Po9, Po11
400 402 community Po1, Po3, Po5, Po7, Po9, Po11
|
|
---|---|
private-vlan |
Configures a VLAN as a private VLAN. |
show vlan private-vlan |
Displays the private VLAN configuration. |
To enable the secure shell (SSH) server, use the feature ssh command. To disable the server, use the no form of this command.
feature ssh
no feature ssh
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
Before enabling SSH, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface.
This example shows how to enable the SSH server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature ssh
This example shows how to disable the SSH server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature ssh
To enable the Terminal Access Controller Access Control System Plus (TACACS+) server, use the feature tacacs+ command. To disable the server, use the no form of this command.
feature tacacs+
no feature tacacs+
This command has no arguments or keywords.
Disabled
Global configuration (config)
network-admin
This example shows how to enable TACACS+:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature tacacs+
This example shows how to disable TACACS+:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature tacacs+
To enable the Telnet server, use the feature telnet command. To disable the Telnet server, use the no form of this command.
feature telnet
no feature telnet
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
•Before enabling Telnet, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
This example shows how to enable the Telnet server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
feature telnet
This example shows how to disable the Telnet server:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no feature telnet
To configure a filter from the source VLANs for a specified Switch Port Analyzer (SPAN) session, use the filter vlan command. To remove the filter, use the no form of this command.
filter vlan {number | range}
no filter vlan {number | range}
number |
VLAN identification number associated with this filter. |
range |
VLAN identification number range associated with this filter. |
None
CLI monitor configuration (config-monitor)
network-admin
This example shows how to configure the filter for VLAN identifications, 3, 4, 5, and 7:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 3
n1000v(config-monitor)# filter vlan 3-5, 7
n1000v(config-monitor)#
This example shows how to remove the filter for VLAN identification 7:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 3
n1000v(config-monitor)# no filter vlan 7
n1000v(config-monitor)#
To find filenames beginning with a character string, use the find command.
find filename-prefix
filename-prefix |
First part or all of a filename. The filename prefix is case-sensitive and can be up to 28 characters. |
None
Any
network-admin
The find command searches all subdirectories under the current working directory. You can use the cd and pwd commands to navigate to the starting directory.
This example shows how to display filenames beginning with ospf:
n1000v# find ospf
/usr/bin/find: ./lost+found: Permission denied
./ospf-gr.cfg
./ospfgrconfig
./ospf-gr.conf
|
|
---|---|
cd |
Changes the current working directory. |
pwd |
Displays the name of the current working directory. |
To create or modify a Flexible NetFlow flow exporter that defines where and how Flow Records are exported to the NetFlow Collector Server, use the flow exporter command. To remove a flow exporter, use the no form of this command.
flow exporter exporter-name
no flow exporter exporter-name
exporter-name |
Flow exporter name that is created or modified. |
Flow exporters are not present in the configuration until you create them.
Global configuration (config)
network-admin
This example shows how to create and configure FLOW-EXPORTER-1:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow exporter FLOW-EXPORTER-1
n1000v(config-flow-exporter)# description located in Pahrump, NV
n1000v(config-flow-exporter)# destination A.B.C.D
n1000v(config-flow-monitor)# dscp 32
n1000v(config-flow-monitor)# source mgmt0
n1000v(config-flow-monitor)# transport udp 59
n1000v(config-flow-monitor)# version 9
This example shows how to remove FLOW-EXPORTER-1:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no flow exporter FLOW-EXPORTER-1
n1000v(config)#
To create a Flexible NetFlow flow monitor, or to modify an existing Flexible NetFlow flow monitor, and enter Flexible NetFlow flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.
flow monitor monitor-name
no flow monitor monitor-name
monitor-name |
Flow monitor name that is created or modified. The range is from 1 to 63, case-sensitive, alphanumeric characters. |
Flow monitors are not present in the configuration until you create them.
Global configuration (config)
network-admin
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor and a cache that is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record that is configured for the flow monitor and stored in the flow monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
n1000v(config-flow-monitor)#
Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:
•cache—Specifies the cache size, from 256 to 16384 entries.
•description description—Provides a description for this flow monitor. The argument has a maximum of 63, case-sensitive, alphanumeric characters.
•exit—Exits from the current configuration mode.
•exporter name—Specifies the name of an exporter to export records.
•no—Negates a command or sets its defaults.
•record {record-name | netflow ipv4 collection-type | netflow-original}—Specifies a flow record to use as follows:
–record-name—Name of a record.
–netflow ipv4 collection-type—Specifies the traditional IPv4 NetFlow collection schemes as follows:
original-input—Specifies the traditional IPv4 input NetFlow.
original-output—Specifies the traditional IPv4 output NetFlow
protocol-port—Specifies the protocol and ports aggregation scheme.
–netflow-original—Specifies the traditional IPv4 input NetFlow with origin autonomous systems.
•timeout {active | inactive}—Specifies a flow timeout period as follows:
–active—Specifies an active or long timeout in the range of 60 to 4092 seconds.
–inactive—Specifies an inactive or normal timeout in the range of 15 to 4092 seconds.
The netflow-original and original-input keywords are the same and are equivalent to the following commands:
•match ipv4 source address
•match ipv4 destination address
•match ip tos
•match ip protocol
•match transport source-port
•match transport destination-port
•match interface input
•collect counter bytes
•collect counter packet
•collect timestamp sys-uptime first
•collect timestamp sys-uptime last
•collect interface output
•collect transport tcp flags
The original-output keywords are the same as original-input keywords except for the following:
•match interface output (instead of match interface input)
•collect interface input (instead of collect interface output)
This examples shows how to create and configure a flow monitor named FLOW-MONITOR-1:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow monitor FLOW-MONITOR-1
n1000v(config-flow-monitor)# description monitor location las vegas, NV
n1000v(config-flow-monitor)# exporter exporter-name1
n1000v(config-flow-monitor)# record test-record
n1000v(config-flow-monitor)# netflow ipv4 original-input
|
|
---|---|
clear flow monitor |
Clears the flow monitor. |
show flow monitor |
Displays the flow monitor status and statistics. |
To create a Flexible NetFlow flow record, or to modify an existing Flexible NetFlow flow record, and enter Flexible NetFlow flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.
flow record record-name
no flow record record-name
record-name |
Flow record name that is created or modified. The range is from 1 to 63, case-sensitive, alphanumeric characters. |
Flow records are not present in the configuration until you create them.
Global configuration (config)
network-admin
Flexible NetFlow uses key and nonkey fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow, a combination of key and nonkey fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
n1000v(config-flow-record)#
Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:
•collect—Specifies a nonkey field. See the collect command for additional information.
•description description—Provides a description for this flow record. The argument has a range that is from 1 to 63, case-sensitive, alphanumeric characters.
•exit—Exits from the current configuration mode.
•match—Specifies a key field. See the match command for additional information.
•no—Negates a command or sets its defaults.
Cisco NX-OS enables the following match fields by default when you create a flow record:
•match interface input
•match interface output
•match flow direction
This example shows how to create a flow record named FLOW-RECORD-1 and enter Flexible NetFlow flow record configuration mode:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# flow record FLOW-RECORD-1
n1000v(config-flow-record)#
|
|
---|---|
clear flow monitor |
Clears the flow monitor. |
flow monitor |
Creates a flow monitor. |
show flow monitor |
Displays flow monitor status and statistics. |
To map input field values to output field values in a quality of service (QoS )table map, use the from command.
from source-value to dest-value
source-value |
Source value. The range is from 0 to 63. |
dest-value |
Destination value. The range is from 0 to 63. |
None
Table map configuration (config-tmap)
network-admin
This example shows how to create a mapping from three source values to the corresponding destination values:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
table-map cir-markdown-map
n1000v(config-tmap)# from 0 to 7
n1000v(config-tmap)# from 1 to 6
n1000v(config-tmap)# from 2 to 5
|
|
---|---|
show table-map |
Displays QoS table maps. |
table-map |
Creates or modifies a QoS table map. |