The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter F.
To enable the Cisco TrustSec feature on Cisco Nexus 1000V, use the feature cts command. To disable the Cisco TrustSec feature, use the no form of this command.
|
|
Enabling this feature requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to enable the Cisco TrustSec feature:
n1000v#
configure terminal
n1000v(
config)#
feature cts
This example shows how to disable the Cisco TrustSec feature:
n1000v#
configure terminal
n1000v(
config)#
no feature cts
|
|
---|---|
Displays the features available, such as CTS, and whether they are enabled. |
To enable the DHCP feature globally, use the feature dhcp command. To disable DHCP, use the no form of this command.
|
|
Starting with Release 4.2(1)SV2(1.1), a tier-based Licensing approach is adopted for the Cisco Nexus 1000V. The Cisco Nexus 1000V is shipped in two editions: Essential and Advanced. When the switch edition is configured as the Advanced edition, DHCP Snooping, Dynamic ARP Inspection (DAI), and IP Source Guard (IPSG) are available as advanced features that require licenses.
See the Cisco Nexus 1000V License Configuration Guide for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to enable DHCP globally:
n1000v(
config)#
feature dhcp
n1000v(
config)#
This example shows how to disable DHCP globally:
n1000v(
config)#
no feature dhcp
n1000v(
config)#
|
|
---|---|
Displays the features available, such as DHCP, and whether they are enabled. |
|
Configures an interface as a trusted source of DHCP messages. |
|
To enable the HTTP server, use the feature http-server command. To disable the HTTP server, use the no form of this command.
|
|
This example shows how to enable the HTTP server:
n1000v# config t
n1000v(
config)#
feature http-server
This example shows how to disable the HTTP server:
n1000v# config t
n1000v(
config)#
no feature http-server
|
|
---|---|
Displays the features available, such as LACP, and whether they are enabled. |
To enable LACP support for port channels, use the feature lacp command. To disable it, use the no form of this command.
|
|
You cannot configure LACP for a port channel without first enabling LACP using the command, feature lacp.
This example shows how to turn on LACP for port channels:
n1000v#
config t
n1000v(
config)#
feature lacp
This example shows how to turn off LACP for port channels:
n1000v(
config)#
no feature lacp
|
|
---|---|
Displays the features available and whether they are enabled. |
|
To enable the HTTP server, use the feature http-server command. To disable the HTTP server, use the no form of this command.
|
|
This example shows how to enable the HTTP server:
n1000v# config t
n1000v(
config)#
feature http-server
This example shows how to disable the HTTP server:
n1000v# config t
n1000v(
config)#
no feature http-server
|
|
---|---|
Displays the features available, such as LACP, and whether they are enabled. |
To enable the NetFlow, use the feature netflow command. To disable the feature, use the no form of this command.
|
|
This example shows how to enable NetFlow:
n1000v# config t
n1000v(
config)#
feature netflow
This example shows how to disable NetFlow:
n1000v# config t
n1000v(
config)#
no feature netflow
|
|
---|---|
To enable the network segmentation manager feature, use the feature network-segmentation-manager command. To disable the feature, use the no form of this command.
feature network-segmentation-manager
no feature network-segmentation-manager
|
|
This example shows how to enable the network segmentation manager feature:
This example shows how to disable the network segmentation manager feature:
|
|
---|---|
To enable port profile roles to restrict user and group access, use the feature port-profile-roles command. To disable it, use the no form of this command.
|
|
When the port profile roles feature is disabled, all users on vCenter lose access to the port groups.
This example shows how to enable the port profile roles feature to restrict visibility to specific port groups:
n1000v(
config)#
feature port-profile-roles
n1000v(
config)#
This example shows how to disable the port profile roles feature:
n1000v(
config)#
no feature port-profile-roles
n1000v(
config)#
To enable the private VLAN feature, use the feature private-vlan command. To disable the feature, use the no form of this command.
|
|
This example shows how to enable the private VLAN feature:
n1000v# config t
n1000v(
config)#
feature private-vlan
This example shows how to disable the private VLAN feature:
n1000v# config t
n1000v(
config)#
no feature private-vlan
|
|
---|---|
To enable the VXLAN feature, use the feature segmentation command. To disable the VXLAN feature, use the no form of this command.
|
|
This example shows how to enable the VXLAN feature:
|
|
---|---|
Displays the features available and whether they are enabled. |
To enable the secure shell (SSH) server, use the feature ssh command. To disable the server, use the no form of this command.
|
|
Before enabling SSH, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
This example shows how to enable the SSH server:
n1000v# config t
n1000v(
config)#
feature ssh
This example shows how to disable the SSH server:
n1000v# config t
n1000v(
config)#
no feature ssh
|
|
---|---|
Displays the features available, such as the SSH server, and whether they are enabled. |
To enable the TACACS+ server, use the feature tacacs+ command. To disable the server, use the no form of this command.
|
|
This example shows how to enable TACACS+:
n1000v# config t
n1000v(
config)#
feature tacacs+
This example shows how to disable TACACS+:
n1000v# config t
n1000v(
config)#
no feature tacacs+
To enable the Telnet server, use the feature telnet command. To disable the Telnet server, use the no form of this command.
|
|
Before enabling Telnet, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
This example shows how to enable the Telnet server:
n1000v# config t
n1000v(
config)#
feature telnet
This example shows how to disable the Telnet server:
n1000v# config t
n1000v(
config)#
no feature telnet
|
|
---|---|
Displays the features available, such as the Telnet server, and whether they are enabled. |
To configure a filter from the source VLANs for a specified Switch Port Analyzer (SPAN) session, use the filter vlan command. To remove the filter, use the no form of this command.
filter vlan { number | range }
no filter vlan { number | range }
CLI monitor configuration (config-monitor)
|
|
This example shows how to configure the filter for VLAN IDs, 3, 4, 5, and 7:
This example shows how to remove the filter for VLAN ID 7:
To enable vTracker, use the feature vtracker command. To disable vTracker, use the no form of this command.
|
|
This example shows how to enable vTracker:
# config t
This example shows how to disable vTracker:
(
config)#
no feature vTracker
To find filenames beginning with a character string, use the find command.
First part or all of a filename. The filename prefix is case sensitive. |
|
|
---|---|
The find command searches all subdirectories under the current working directory. You can use the cd and pwd commands to navigate to the starting directory.
This example shows how to display filenames beginning with ospf:
|
|
---|---|
To create or modify a Flexible NetFlow flow exporter defining where and how Flow Records are exported to the NetFlow Collector Server, use the flow exporter command. To remove a flow exporter, use the no form of this command.
no flow exporter exporter-name
Flow exporters are not present in the configuration until you create them.
|
|
---|---|
The following example shows how to create and configure FLOW-EXPORTER-1:
The following example shows how to remove FLOW-EXPORTER-1:
To create a Flexible NetFlow flow monitor, or to modify an existing Flexible NetFlow flow monitor, and enter Flexible NetFlow flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.
Flow monitors are not present in the configuration until you create them.
|
|
---|---|
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor, and a cache that is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and non-key fields in the record which is configured for the flow monitor and stored in the flow monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:
– record-name —Name of a record.
– netflow ipv4 collection-type — Specifies the traditional IPv4 NetFlow collection schemes as follows:
original-input —Specifies the traditional IPv4 input NetFlow.
original-output —Specifies the traditional IPv4 output NetFlow
protocol-port —Specifies the protocol and ports aggregation scheme.
– netflow-original — Specifies the traditional IPv4 input NetFlow with origin autonomous systems.
– active —Specifies an active or long timeout in the range of 60 to 4092 seconds.
– inactive —Specifies an inactive or normal timeout in the range of 15 to 4092 seconds.
The netflow-original and original-input keywords are the same and are equivalent to the following commands:
The original-output keywords are the same as original-input keywords except for the following:
The following examples creates and configures a flow monitor named FLOW-MONITOR-1:
|
|
---|---|
To create a Flexible NetFlow flow record, or to modify an existing Flexible NetFlow flow record, and enter Flexible NetFlow flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.
Flow records are not present in the configuration until you create them.
|
|
---|---|
Flexible NetFlow uses key and non-key fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow a combination of key and non-key fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:
Cisco NX-OS enables the following match fields by default when you create a flow record:
The following example creates a flow record named FLOW-RECORD-1, and enters Flexible NetFlow flow record configuration mode:
|
|
---|---|
To map input field values to output field values in a QoS table map, use the from command.
from source-value to dest-value
Table map configuration (config-tmap)
|
|
This example shows how to create a mapping from three source values to the corresponding destination values:
n1000v(
config)#
table-map cir-markdown-map
|
|
---|---|