The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter T.
To set a periodic time interval where a nonreachable (nonresponsive) TACACS+ server is monitored for responsiveness, use the tacacs-server deadtime command. To disable the monitoring of the nonresponsive TACACS+ server, use the no form of this command.
tacacs-server deadtime minutes
no tacacs-server deadtime minutes
time |
Specifies the time interval in minutes. The range is from 1 to 1440. |
0 minutes
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
Setting the time interval to zero disables the timer. If the dead-time interval for an individual TACACS+ server is greater than zero (0), that value takes precedence over the value set for the server group.
When the dead-time interval is 0 minutes, TACACS+ server monitoring is not performed unless the TACACS+ server is part of a server group and the dead-time interval for the group is greater than 0 minutes.
In Global Configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable command, before you can use any of the other TACACS+ commands to configure the feature.
This example shows how to configure the dead-time interval and enable periodic monitoring:
n1000v# config terminal
n1000v(config)# tacacs-server deadtime 10
This example shows how to revert to the default dead-time interval and disable periodic monitoring:
n1000v# config terminal
n1000v(config)# no tacacs-server deadtime 10
|
|
---|---|
deadtime |
Sets a dead-time interval for monitoring a nonresponsive TACACS+ server. |
show tacacs-server |
Displays TACACS+ server information. |
tacacs+ enable |
Enables TACACS+. |
To allow users to send authentication requests to a specific TACACS+ server when logging in, use the radius-server directed request command. To revert to the default, use the no form of this command.
tacacs-server directed-request
no tacacs-server directed-request
This command has no arguments or keywords.
Disabled
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
In Global Configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable command, before you can use any of the other TACACS+ commands to configure the feature.
The user can specify the username@vrfname:hostname during login, where vrfname is the virtual routing and forwarding (VRF) name to use and hostname is the name of a configured TACACS+ server. The username is sent to the server name for authentication.
Note If you enable the directed-request option, the NX-OS device uses only the RADIUS method for authentication and not the default local method.
This example shows how to allow users to send authentication requests to a specific TACACS+ server when logging in:
n1000v# config t
n1000v(config)# tacacs-server directed-request
This example shows how to disallow users to send authentication requests to a specific TACACS+ server when logging in:
n1000v# config t
n1000v(config)# no tacacs-server directed-request
|
|
---|---|
show tacacs-server directed request |
Displays a directed request TACACS+ server configuration. |
tacacs+ enable |
Enables TACACS+. |
To configure TACACS+ server host parameters, use the tacacs-server host command in configuration mode. To revert to the defaults, use the no form of this command.
tacacs-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret] [port port-number]
[test {idle-time time | password password | username name}]
[timeout seconds]
no tacacs-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret] [port port-number]
[test {idle-time time | password password | username name}]
[timeout seconds]
|
|
Idle-time |
disabled |
Server monitoring |
disabled |
Timeout |
1 seconds |
Test username |
test |
Test password |
test |
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You must use the tacacs+ enable command before you configure TACACS+.
When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.
This example shows how to configure TACACS+ server host parameters:
n1000v# config terminal
n1000v(config)# tacacs-server host 10.10.2.3 key HostKey
n1000v(config)# tacacs-server host tacacs2 key 0 abcd
n1000v(config)# tacacs-server host tacacs3 key 7 1234
n1000v(config)# tacacs-server host 10.10.2.3 test idle-time 10
n1000v(config)# tacacs-server host 10.10.2.3 test username tester
n1000v(config)# tacacs-server host 10.10.2.3 test password 2B9ka5
|
|
---|---|
show tacacs-server |
Displays TACACS+ server information. |
tacacs+ enable |
Enables TACACS+. |
To configure a global TACACS+ shared secret key, use the tacacs-server key command. To removed a configured shared secret, use the no form of this command.
tacacs-server key [0 | 7] shared-secret
no tacacs-server key [0 | 7] shared-secret
None
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You must configure the TACACS+ preshared key to authenticate the device on the TACACS+ server. The length of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all TACACS+ server configurations on the device. You can override this global key assignment by using the key keyword in the tacacs-server host command.
You must use the tacacs+ enable command before you configure TACACS+.
The following example shows how to configure TACACS+ server shared keys:
n1000v# config terminal
n1000v(config)# tacacs-server key AnyWord
n1000v(config)# tacacs-server key 0 AnyWord
n1000v(config)# tacacs-server key 7 public
|
|
---|---|
show tacacs-server |
Displays TACACS+ server information. |
tacacs+ enable |
Enables TACACS+. |
To specify the time between retransmissions to the TACACS+ servers, use the tacacs-server timeout command. To revert to the default, use the no form of this command.
tacacs-server timeout seconds
no tacacs-server timeout seconds
seconds |
Seconds between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds. |
5 seconds
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
You must use the tacacs+ enable command before you configure TACACS+.
This example shows how to configure the TACACS+ server timeout value:
n1000v# config terminal
n1000v(config)# tacacs-server timeout 3
This example shows how to revert to the default TACACS+ server timeout value:
n1000v# config terminal
n1000v(config)# no tacacs-server timeout 3
|
|
---|---|
show tacacs-server |
Displays TACACS+ server information. |
tacacs+ enable |
Enables TACACS+. |
To display the last lines of a file, use the tail command.
tail [filesystem:[//module/]][directory/]filename lines]
10 lines
Any
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to display the last 10 lines of a file:
n1000v# tail bootflash:startup.cfg
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
This example shows how to display the last 20 lines of a file:
n1000v# tail bootflash:startup.cfg 20
area 99 virtual-link 1.2.3.4
router rip Enterprise
router rip foo
address-family ipv4 unicast
router bgp 33.33
event manager applet sdtest
monitor session 1
monitor session 2
ip dhcp snooping vlan 1
ip arp inspection vlan 1
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
|
|
---|---|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To create a Telnet session, use the telnet command.
telnet {ipv4-address | hostname} [port-number] [vrf vrf-name]
Port 23
Default VRF
Any
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
To use this command, you must enable the Telnet server using the telnet server enable command.
This example shows how to start a Telnet session using an IPv4 address:
n1000v# telnet 10.10.1.1 vrf management
|
|
---|---|
clear line |
Clears Telnet sessions. |
telnet server enable |
Enables the Telnet server. |
To enable the Telnet server, use the telnet server enable command. To disable the Telnet server, use the no form of this command.
telnet server enable
no telnet server enable
This command has no arguments or keywords.
Enabled
Global Configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to enable the Telnet server:
n1000v# config t
n1000v(config)# telnet server enable
This example shows how to disable the Telnet server:
n1000v# config t
n1000v(config)# no telnet server enable
XML interface to system may become unavailable since ssh is disabled
|
|
---|---|
show telnet server |
Displays the Telnet server configuration. |
telnet |
Creates a Telnet session. |
To designate a timeout period for resending NetFlow template data, use the template data timeout command. To remove the timeout period, use the no form of this command.
template data timeout time
no template data timeout
time |
A time period between 1 and 86400 seconds. |
None
Netflow Flow Exporter Version 9 Configuration (config-flow-exporter-version-9)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to configure a 3600-second timeout period for resending NetFlow flow exporter template data:
n1000v#
config t
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# version 9
n1000v(config-flow-exporter-version-9)# template data timeout 3600
This example shows how to remove the timeout period for resending NetFlow flow exporter template data:
n1000v#
config t
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# version 9
n1000v(config-flow-exporter-version-9)# no template data timeout
n1000v(config-flow-exporter)#
To bypass the CLI event manager, use the terminal event-manager bypass command.
terminal event-manager bypass
This command has no arguments or keywords.
Event manager is enabled.
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to disable the CLI event manager:
n1000v# terminal event-manager bypass
n1000v#
|
|
---|---|
show terminal |
Displays terminal configuration. |
To set the number of lines that appear on the screen, use the terminal length command.
terminal length number
number |
Number of lines. The range of valid values is 0 to 511. |
28 lines
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
Set number to 0 to disable pausing.
This example shows how to set the number of lines that appear on the screen:
n1000v#
terminal length 60
n1000v#
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set session timeout, use the terminal session-timeout command.
terminal session-timeout time
time |
Timeout time, in seconds. The range of valid values is 0 to 525600. |
None
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
Set time to 0 to disable timeout.
This example shows how to set session timeout:
n1000v#
terminal session-timeout 100
n1000v#
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To specify the terminal type, use the terminal terminal-type command.
terminal terminal-type type
type |
Terminal type. |
None
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to specify the terminal type:
n1000v#
terminal terminal-type vt100
n1000v#
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To update the main parse tree, use the terminal tree-update command.
terminal tree-update
This command has no arguments or keywords.
None
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to update the main parse tree:
n1000v#
terminal tree-update
n1000v#
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set terminal width, use the terminal width command.
terminal width number
number |
Number of characters on a single line. The range of valid values is 24 to 511. |
102 columns
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set terminal width:
n1000v#
terminal width 60
n1000v#
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To test for AAA on a RADIUS server or server group, use the test aaa command.
test aaa {group group-name user-name password | server radius address {user-name password | vrf vrf-name user-name password]}}
None
Any
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to test for AAA on RADIUS server:
n1000v# test aaa server radius ts1 vrf route1 user1 9w8e7r
n1000v#
|
|
---|---|
show aaa |
Displays AAA information. |
To discover the routes that packets take when traveling to an IPv4 address, use the traceroute command.
traceroute {dest-ipv4-addr | hostname} [vrf vrf-name] [show-mpls-hops] [source src-ipv4-addr]
Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
Any
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
To use IPv6 addressing for discovering the route to a device, use the traceroute6 command.
This example shows how to discover a route to a device:
n1000v# traceroute 172.28.255.18 vrf management
traceroute to 172.28.255.18 (172.28.255.18), 30 hops max, 40 byte packets
1 172.28.230.1 (172.28.230.1) 0.746 ms 0.595 ms 0.479 ms
2 172.24.114.213 (172.24.114.213) 0.592 ms 0.51 ms 0.486 ms
3 172.20.147.50 (172.20.147.50) 0.701 ms 0.58 ms 0.486 ms
4 172.28.255.18 (172.28.255.18) 0.495 ms 0.43 ms 0.482 ms
|
|
---|---|
traceroute6 |
Discovers the route to a device using IPv6 addressing. |
To add a destination UDP port from the NetFlow exporter to the collector, use the transport udp command. To remove the port, use the no form of this command.
transport udp portnumber
no transport udp
portnumber |
Destination UDP number from 1 to 65535. |
None
Netflow Flow Exporter Configuration (config-flow-exporter)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
Avoid using well-known ports 1-1024 when possible.
This example shows how to add UDP 200 to the flow exporter:
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# transport udp 200
This example shows how to remove UDP 200 from the flow exporter:
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# no transport udp 200