Cisco Nexus 1000V Series Switch Commands
This chapter provides information about the Cisco Virtual Security Gateway (VSG) related commands on the Cisco Nexus 1000V Series switch and the Cisco Nexus 1010 networking appliance.
bypass asa-traffic
To configure the traffic to bypass the Cisco VSG in a service chain, use the bypass asa-traffic command. To return to the default setting, use the no form of this command.
bypass asa-traffic
no
bypass asa-traffic
Syntax Description
This command has no arguments or keywords.
Command Modes
vservice global configuration (config-vservice-global)
network-admin
network-operator
Command History
|
|
4.2(1)SV2(1.1)
|
This command was introduced.
|
Usage Guidelines
In a service chain, you can configure the switch traffic to bypass the Cisco VSG nodes, so that only the Cisco ASA policies are lookedup for traffic traversing between the outside and inside networks. When enabled, this functionality is implemented globally, and not per interface.
Examples
This example shows how to configure the switch traffic to bypass the Cisco VSG nodes:
n1000v(config)# vservice global type vsg n1000v(config-vservice-global)# bypass asa-traffic
Related Commands
|
|
vservice path
|
Configures a path for service chaining.
|
vservice global type vsg
|
Enter the vservice global configuration mode.
|
capability l3-vservice
To configure a port profile to be used with l3-vn-service, use the
capability l3-vservice
command. To remove the capability from a port profile, use the
no
form of this command.
capability l3-vservice
no capability l3-vservice
Syntax Description
This command has no arguments or keywords.
Command Modes
port-profile configuration (config-port-prof)
network-admin
Command History
|
|
4.2(1)SV2(1)
|
The vn-service keyword was changed to vservice.
|
4.2.1SV1(5.1)
|
This command was introduced.
|
Usage Guidelines
If you are configuring a port profile for
l3-vservice
, you must first configure the port profile in switchport mode.
The capability
iscsi-multipath
feature cannot be configured with the
capability l3-service
feature.
Examples
This example shows how to configure a port profile to be used with l3-vservice:
n1000v(config)# port-profile testprofile n1000v(config-port-prof)# switchport mode access n1000v(config-port-prof)# capability l3-vservice
This example shows how to remove the l3-vservice configuration from the port profile:
n1000v(config)# port-profile testprofile n1000v(config-port-prof)# no capability l3-vservice
Related Commands
|
|
show port-profile
|
Displays information about the port profiles.
|
clear vservice connection
To clear the Cisco vservice connections, use the
clear vservice connection
command.
clear vservice connection
[
module
module-num
]
Syntax Description
module
|
(Optional) Clears a specific module.
|
module-num
|
Module number. The range is from 3 to 66.
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
The name of the command is modified.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to clear Cisco VSG connections:
vsm# clear vservice connection
Related Commands
|
|
show vservice
|
Displays Cisco VSG information.
|
clear vservice statistics
To clear the Cisco vservice statistics, use the
clear vservice statistics
command.
clear vservice statistics
[
module
module-number
|
vlan
vlan-number
]
Syntax Description
module
|
(Optional) Clears a module.
|
module-number
|
Module number.
The range is from 3 to 66.
|
vlan
|
(Optional) Clears a VLAN.
|
vlan-number
|
VLAN number.
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
The name of the command is modified.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to clear Cisco VSG vservice statistics for existing modules:
vsm# clear vservice statistics Cleared statistics successfully in module 4 Cleared statistics successfully in module 6
Related Commands
|
|
show vservice
|
Displays Cisco VSG information.
|
copy running-config startup-config
To copy the running configuration to the startup configuration, use the copy running-config startup-config command.
copy running-config startup-config
Syntax Description
This command has no arguments or keywords.
Command Modes
Any command mode
network-admin
network-operator
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.
Examples
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config [########################################] 100%
Related Commands
|
|
show running-config
|
Displays the running configuration.
|
show running-config diff
|
Displays the differences between the running configuration and the startup configuration.
|
show startup-config
|
Displays the startup configuration.
|
write erase
|
Erases the startup configuration in the persistent memory.
|
log-level
To set logging severity levels for the Cisco Virtual Network Management Center (VNMC) policy agent, use the log-level command. To reset logging levels, use the
no
form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
Syntax Description
critical
|
Sets the logging level to critical.
|
debug0
|
Sets the logging level to debug 0.
|
debug1
|
Sets the logging level to debug 1.
|
debug2
|
Sets the logging level to debug 2.
|
debug3
|
Sets the logging level to debug 3.
|
debug4
|
Sets the logging level to debug 4.
|
info
|
Sets the logging level to information.
|
major
|
Sets the logging level to major.
|
minor
|
Sets the logging level to minor.
|
warn
|
Sets the logging level to warning.
|
Command Modes
Cisco VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to set the logging level to critical:
vsm(config)# vnm-policy-agent vsm(config-vnm-policy-agent)# log-level critical
Related Commands
|
|
vnm-policy-agent
|
Enables the Cisco VNMC policy agent configuration mode.
|
org
To create a Cisco Virtual Network Management Center (VNMC) organization (domain), use the
org
command. To delete a Cisco VNMC organization, use the
no
form of this command.
org
organization-name
no org
[
organization-name
]
Syntax Description
organization-name
|
Organization name. The number of characters allowed is from 1 to 251.
|
Command Modes
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Cisco VNMC organizations are Cisco VNMC domains.
You can hierarchically manage Cisco VNMC organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an engineering organization can contain a software engineering organization and a hardware engineering organization. A locale containing only the software engineering organization has access to system resources only within that organization. However, a locale that contains the engineering organization has access to the resources for both the software engineering and hardware engineering organizations.
Examples
This example shows how to create an organization:
Enter configuration commands, one per line. End with CNTL/Z. vsm(config)# port-profile pP1 vsm(config-port-prof)# org root/tenant1
Related Commands
|
|
vservice
|
Sets the IP address for a virtual firewall.
|
ping vsn
To ping a virtual service node (VSN) (including the Cisco VSG) from the vPath, use the ping vsn command.
ping vsn [ip
vsn-ip-addr
{[vlan
vsn-vlan-num
] | [vxlan bridge-domain
bridge-domain-name
] | all} {src-module {
module-num
| all | vpath-all}] [timeout
secs]
[count
count
]
Syntax Description
ip
|
Designates that a specific IP address is to be pinged.
|
vsn-ip-addr
|
IP address of the specific VSN.
|
vlan
|
(Optional) Designates a specific VLAN is to be pinged.
|
vsn-vlan-num
|
Specific VLAN number.
|
vxlan
bridge-domain
|
(Optional) Designates a virtual extensible local area network (VXLAN) bridge-domain.
|
bridge-domain-name
|
VXLAN bridge-domain name.
|
all
|
Indicates that all VSNs must be pinged.
|
src-module
|
Designates the source module for the ping.
|
module-num
|
Module number for the source path.
|
vpath all
|
Designates that all source vPaths are to be used.
|
timeout
|
(Optional) Designates a timeout.
|
secs
|
Duration of the pinging operation in seconds.
|
count
|
(Optional) Designates a count of pings.
|
count
|
Number of pings to be counted.
|
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG1(4.1)
|
The output of the
ping-vsn
command was changed to support the VXLAN.
|
4.2(1)VSG1(3.1)
|
The output of the
ping-vsn
command was changed to include the examples that show all of the source module traffic.
|
4.2(1)VSG1(2)
|
This command was introduced.
|
Usage Guidelines
There is no no form of this command.
Examples
This example shows how to ping a Cisco VSG:
A.B.C.D or Hostname IP address of remote system mpls Ping an MPLS network • vsn : VSNs to be pinged. o all : All VSNs that are currently associated to at least one VM. In other words, all VSNs specified in port-profiles that are bound to at least one VM. o ip-addr <ip-addr> : All VSNs configured with this IP address. o vlan <vlan-num> : All VSNs configured on this VLAN. • src-module : Source modules to orginate ping request from. o all : All online modules. o vpath-all : All modules having VMs associated to port-profiles that has vn-service defined. o <module-num> : A online module number. • timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec. • count : Number of ping packets to be sent. o <count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max 2147483647. o unlimited : Send ping packets until command is stopped.
Specify both the IP address and VLAN if the VSN to be pinged is not associated to any VMs yet.
In the output, the status of the ping request for each VSN for each module is shown. On a successful ping, the round-trip time of the ping request/response for a VSN is shown in microseconds next to the module number. On a failure, the failure message is shown next to the module number.
ping vsn all src-module all (Ping all VSNs from all modules) ping vsn all src-module vpath-all (Ping all VSNs from all modules having ping vsn all src-module 3 (Ping all VSNs from the specified module) ping vsn ip 106.1.1.1 src-module all (Ping specified VSN from all modules) ping vsn ip 106.1.1.1 vlan 54 src-module all (Ping specified VSN from all modules) ping vsn ip 106.1.1.1 src-module vpath-all (Ping specified VSN from all modules having VMs associated to VSNs) ping vsn ip 106.1.1.1 vlan 54 src-module 3 (Ping specified VSN from specified
This example shows that the options timeout and count apply to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10 ping vsn all ip 106.1.1.1 count unlimited ping vsn ip 106.1.1.1 vlan 54 src-vpath 3 count 10 VSN response timeout – VSN is down, not reachable or not responding. VSN ARP not resolved – VEM couldn’t resolve MAC address of VSN. no response from VEM – VEM is not sending ping response to VSM. Can happen when VEM is down and VSM not detected it yet.
These examples show how to display all of the source module traffic:
vsm# ping vsn all src-module all ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=0 timeout=1-sec module(failed) : 10(VSN ARP not resolved) 11(VSN ARP not resolved) ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec module(usec) : 9(974) 11(987) 12(1007) module(failed) : 10(VSN ARP not resolved) ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=1 timeout=1-sec module(usec) : 9(277) 10(436) 11(270) 12(399) ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=1 timeout=1-sec module(usec) : 9(376) 10(606) 11(468) 12(622) ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=2 timeout=1-sec module(usec) : 9(272) 10(389) 11(318) 12(357) ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=2 timeout=1-sec module(usec) : 9(428) 10(632) 11(586) 12(594) ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=3 timeout=1-sec module(usec) : 9(284) 10(426) 11(331) 12(387) ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec module(usec) : 9(414) 10(663) 11(644) 12(698) ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=4 timeout=1-sec module(usec) : 9(278) 10(479) 11(334) 12(469) ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=4 timeout=1-sec module(usec) : 9(397) 10(613) 11(560) 12(593)
vsm#
ping vsn ip 10.1.1.40 src-module vpath-all
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=0 timeout=1-sec
module(usec) : 9(698) 11(701) 12(826)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=1 timeout=1-sec
module(usec) : 9(461) 11(573) 12(714)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=2 timeout=1-sec
module(usec) : 9(447) 11(569) 12(598)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=3 timeout=1-sec
module(usec) : 9(334) 11(702) 12(559)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=4 timeout=1-sec
module(usec) : 9(387) 11(558) 12(597)
vsm#
Related Commands
|
|
ping
|
Activates a signal to verify connections with other devices on a path.
|
policy-agent-image
To designate the policy agent image local URL as bootflash, use the
policy-agent-image
command. To remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
Syntax Description
bootflash:
|
Designates the policy agent image local URL as bootflash.
|
Command Modes
VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to designate the local URL that contains the policy agent image:
vsm(config)# vnm-policy-agent vsm(config-vnm-policy-agent)# policy-agent-image bootflash:
Related Commands
|
|
vnm-policy-agent
|
Enables the VNM policy agent configuration mode.
|
pop
To pop a mode off the stack or to restore a mode, use the pop command.
pop
file-name
Syntax Description
file-na
me
|
Name of the file.
|
Command Modes
EXEC
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to restore from a file called file1:
Related Commands
|
|
push
|
Pushes the current mode onto the stack.
|
port-profile
To create a port profile and enter port profile configuration mode, use the port-profile command. To remove the port profile configuration, use the no form of this command.
port-profile
profile-nam
e
no port-profile
profile-nam
e
Syntax Description
profile-nam
e
|
Port profile name. The range for number of characters is from 1 to 80.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
The port profile name must be unique for each port profile.
Examples
This example shows how to create a port profile called AccessProf:
vsm(config)# port-profile AccessProf
This example shows how to remove the port profile called AccessProf:
vsm(config)# no port-profile AccessProf
Related Commands
|
|
show port-profile
|
Displays information about the port profiles.
|
push
To push the current mode onto stack or to save it, use the push command.
push
file-name
Syntax Description
file-na
me
|
Name of the file.
|
Command Modes
EXEC
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to push file1 onto the stack:
Related Commands
|
|
pop
|
Pops the current mode off the stack.
|
registration-ip
To set the service registry IP address, use the registration-ip command. To discard the service registry IP address, use the
no
form of this command.
registration-ip
ip-address
no registration-ip
ip-address
|
Service registry IP address. The format is A.B.C.D.
|
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to set the service registry IP address:
vsm(config)# vnm-policy-agent vsm(config-vnm-policy-agent)# registration-ip 209.165.200.23
Related Commands
|
|
vnm-policy-agent
|
Enters the Cisco VNMC policy agent configuration mode.
|
shared-secret
To set the shared secret password for communication between the Cisco VSG, the Virtual Supervisor Module (VSM), and the Cisco Virtual Network Management Center (VNMC), use the
shared-secret
command. To discard the shared secret password, use the
no
form of this command.
shared-secret
shared-secret-password
no shared-secret
Syntax Description
shared-secret-password
|
Shared secret password. The number of characters range is from 1 to 64. You must use at least one uppercase character.
|
Command Modes
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to set the shared secret password:
vsm(config)# vnm-policy-agent vsm(config-vnm-policy-agent)# shared-secret Password123
Related Commands
|
|
vnm-policy-agent
|
Enters VNM policy agent configuration mode.
|
show org port brief
To display the ports attached to the port profile where org is configured, use the show org port brief command.
s
how org port brief
[
port-profile
pp_name
|
vethernet
veth_num
] [
module
module_num
]
Syntax Description
port-profile
|
(Optional) Filters the port information for the specified port-profile name.
|
pp_name
|
Specifies the port-profile name.
|
vethernet
|
(Optional) Filters the port information for the specified virtual Ethernet number.
|
vethernet_num
|
Specifies the virtual Ethernet number.
|
module
|
(Optional) Filters the display by module number.
|
module_num
|
Specifies the module number to see the virtual Ethernet connections on the module.
|
Command Modes
EXEC
Network-admin
Network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show org port brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
module—Filters the output per a specific module number.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the port profile information:
Veth Mod VM-Name vNIC IP-Address 2 4 fc3-2610-4 2 100.1.1.1 5 5 fc3-2610-5 3 100.1.1.2 9 5 fc3-2610-6 1 100.1.1.3
show running-config
To display the running configuration, use the show running-config command.
show running-config
[
aaa
|
aclmgr
|
all
|
am
|
arp
|
cdp
|
diff
|
exclude
|
expand-port-profile
|
icmpv6
|
igmp
|
interface
|
ip
|
ipqos
|
ipv6
|
l3vm
|
license
|
monitor
|
ntp
|
port-profile
|
port-security
|
radius
|
rpm
|
security
|
snmp
|
vdc-all
|
vlan
|
vshd |
acllog
|
dhcp
|
vservices
[
node
node-name
|
path
path-name
]]
aaa
|
(Optional) Displays the Authentication, Authorization, and Accounting (AAA) configuration.
|
aclmgr
|
(Optional) Displays the running configuration for Access Control List (ACL) manager.
|
all
|
(Optional) Displays the current operating configurations.
|
am
|
(Optional) Displays Application Management (AM) information.
|
arp
|
(Optional) Displays Address Resolution Protocol (ARP) information.
|
cdp
|
(Optional) Displays the Cisco Discovery Protocol (CDP) configuration.
|
diff
|
(Optional) Displays the difference between the running and startup configurations.
|
exclude
|
(Optional) Excludes the running configuration of specified features.
|
expand-port-profile
|
(Optional) Displays port profile information.
|
icmpv6
|
(Optional) Displays Internet Control Message Protocol (ICMPv6) information.
|
igmp
|
(Optional) Displays Internet Group Management Protocol (IGMP) information.
|
interface
|
(Optional) Displays interface configurations.
|
ip
|
(Optional) Displays Internet Protocol (IP) information.
|
ipqos
|
(Optional) Displays the running configuration for the IP quality of service (QoS) manager.
|
ipv6
|
(Optional) Displays IPv6 information.
|
l3vm
|
(Optional) Displays Layer 3 Virtual Machine (L3VM) information.
|
license
|
(Optional) Displays the licensing configuration.
|
monitor
|
(Optional) Displays Ethernet Switched Port Ananlyzer (SPAN) session information.
|
ntp
|
(Optional) Displays Network Time Protocol (NTP) information.
|
port-profile
|
(Optional) Displays port-profile configurations.
|
port-security
|
(Optional) Displays port-security configurations.
|
radius
|
(Optional) Displays the Remote Authentication Dial In User Service (RADIUS) configuration.
|
rpm
|
(Optional) Displays RPM information.
|
security
|
(Optional) Displays the security configurations.
|
snmp
|
(Optional)
Displays the Simple Network Management Protocol (SNMP) configuration.
|
vdc-all
|
(Optional)
Displays all Virtual Device Context (VDC) configurations.
|
vlan
|
(Optional)
Displays virtual large area network (VLAN) information.
|
vshd
|
(Optional)
Displays the running configuration for the virtual shared hardware device (VSHD).
|
acllog
|
(Optional) Displays acllog information.
|
dhep
|
(Optional) Displays dhep information.
|
vservices
|
(Optional) Specifies the virtual services.
|
name
|
(Optional) Displays service node name.
|
node-name
|
Specifies the service node.
|
Path
|
(Optional) Filters the vservice path name
|
path-name
|
Specifies the service path name.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)SV1(5.1)
|
New parameters were added to this command.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show running-config
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the running configuration:
!Command: show running-config !Time: Tue Jan 4 17:20:05 2011 username admin password 5 $1$z3M0/3no$j77mpF9f/mqmd7/mEZ6RR1 role network-admin banner motd #Nexus 1000v Switch# host vmware id 765186a7-eb7c-11de-b059-8843e1389748 host vmware id 90a97ac6-31d7-11df-ad65-68efbdf622ca host vmware id 833fe152-3f8b-11df-bd70-68efbdf64970 snmp-server user admin network-admin auth md5 0x5ed3cfea7c44550ac3d18475f28b118b priv 0x5ed3cfea7c44550ac3d18475f28b118b localizedkey ip route 0.0.0.0/0 10.193.72.1 port-channel load-balance ethernet source-mac port-profile default max-ports 32 port-profile default port-binding static port-profile type vethernet vm-clear switchport access vlan 63 port-profile type vethernet vsn-service switchport access vlan 64 port-profile type ethernet system-uplink switchport trunk allowed vlan 61-70 port-profile type vethernet vsg129-2 switchport access vlan 63 vn-service ip-address 10.10.129.2 vlan 64 security-profile sp-vsg2-1 port-profile type vethernet vsg134-1 switchport access vlan 63 vn-service ip-address 10.10.134.1 vlan 64 mgmt-ip-address 10.10.73.132 security-profile sp1 port-profile type vethernet vsg136-1 switchport access vlan 63 vn-service ip-address 10.10.136.1 vlan 64 mgmt-ip-address 10.10.73.137 security-profile sp1 port-profile type vethernet vsg129_2-svc-vlan65 switchport access vlan 65 vn-service ip-address 10.10.129.2 vlan 64 mgmt-ip-address 10.10.73.131 security-profile sp1 port-profile type vethernet vm-clear-vlan65 switchport access vlan 65 port-profile type ethernet Unused_Or_Quarantine_Uplink description Port-group created for Nexus1000V internal usage. Do not use. port-profile type vethernet Unused_Or_Quarantine_Veth description Port-group created for Nexus1000V internal usage. Do not use. port-profile type vethernet vm-clear-vlan63 switchport access vlan 63 limit-resource vlan minimum 16 maximum 2049 limit-resource monitor-session minimum 0 maximum 2 limit-resource vrf minimum 16 maximum 8192 limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 32 maximum 32 limit-resource u6route-mem minimum 16 maximum 16 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8 ip address 10.10.73.130/21 inherit port-profile vm-clear-vlan63 description UD134-1,Network Adapter 2 vmware dvport 7489 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0029 inherit port-profile vsg136-1 description UD136-1,Network Adapter 2 vmware dvport 7458 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0032 inherit port-profile vm-clear-vlan63 description US136-1,Network Adapter 2 vmware dvport 7492 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0030 inherit port-profile vsg129-2 description US129-1,Network Adapter 2 vmware dvport 6563 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.003E inherit port-profile vm-clear-vlan63 description US129-2,Network Adapter 2 vmware dvport 7491 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0040 inherit port-profile vsn-service description VSG134-1,Network Adapter 1 vmware dvport 3683 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.002C inherit port-profile vsn-service description VSG129-2,Network Adapter 1 vmware dvport 3686 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0037 inherit port-profile vsn-service description VSG136-1,Network Adapter 1 vmware dvport 3684 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" vmware vm mac 0050.56BB.0034 inherit port-profile system-uplink inherit port-profile system-uplink inherit port-profile system-uplink boot kickstart bootflash:/ks.bin sup-1 boot system bootflash:/sys.bin sup-1 boot kickstart bootflash:/ks.bin sup-2 boot system bootflash:/sys.bin sup-2 remote ip address 10.10.79.32 port 80 vmware dvs uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" datacenter-name NAME/S registration-ip 10.193.73.144 policy-agent-image bootflash:/vnmc-vsmpa.1.0.0.512.bin
Related Commands
|
|
show aaa
|
Displays AAA information.
|
show running-config vservice node
To display the configuration details of the service nodes in the network, use the show running-config vservice node command.
show running-config vservice node [node-name]
Syntax Description
node-name
|
Name of the vservice node.
|
Command Modes
EXEC
Network-admin
Network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show running-config vservice node
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
node-name—Displays the configuration of the specified vservice node name.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display information about a configured vservice node:
vsm# show running-config vservice node !Command: show running-config vservice node !Time: Mon Jul 9 16:10:19 2012 vservice node vasatDbd5 type asa adjacency l2 vxlan bridge-domain bd5555 vservice node vasatCbd5 type asa adjacency l2 vxlan bridge-domain bd5555 vservice node vsntest type vsg vservice node testvwaas type vwaas vservice node test type vsg vservice node testip type vsg vservice node vsgl2tC type vsg vservice node vsgl2tA101 type vsg vservice node vsgl2tB102 type vsg vservice node vsgtCbd6 type vsg adjacency l2 vxlan bridge-domain bd6666 vservice node vsgl2tD104 type vsg vservice node vsgl2tE105 type vsg vservice node vsgl3tA101 type vsg vservice node vsgl3tB102 type vsg vservice node vsgl3tC103 type vsg vservice node vsgl3tD104 type vsg
Related Commands
|
|
vservice node
|
Configures a service node.
|
show running-config vservice path
To display the configuration details of the vservice paths, use the show running-config vservice path command.
show running-config vservice path [node-name]
Syntax Description
node-name
|
Name of the vservice node’s name
|
Command Modes
EXEC
Network-admin
Network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show running-config vservice path
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
node-name—Displays the configuration of the specified vservice node name.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display information about a vservice path:
vsm# show running-config vservice path !Command: show running-config vservice path !Time: Mon Jul 9 16:52:55 2012 vservice path sp-tDvsg504vasabd5 node vsgl2tD104 profile sp-tD order 1 node vasatDbd5 profile ep-tD order 100 vservice path sp-tDvsgl3vasabd5 node vsgl3tD104 profile sp-tD order 1 node vasatDbd5 profile ep-tD order 1000000000 node vsgl3tD104 profile sp-tDl3 node vsgl2tD104 profile sp-tD vservice path sp-vsgbd6tC node vsgtCbd6 profile sp-tC vservice path sp-vasal2tC node vasal2tC profile ep-tC order 10 vservice path sp-tCvsg504vasa503 node vsgl2tC profile sp-tC order 10 node vasal2tC profile ep-tC order 20 vservice path sp-tCvsgbd6vasa503 node vsgtCbd6 profile sp-tC order 10 node vasal2tC profile ep-tC order 20 vservice path sp-tCvsgbd6vasabd5 node vsgtCbd6 profile sp-tC order 1410065406 node vasatCbd5 profile ep-tC order 1410065407 vservice path sp-tDedittest node vsgl3tD104 profile sp-tD order 1 node vasatDbd5 profile ep-tD order 22 node vsgl3tE105 profile sp-tE order 10 vservice path sp-tDvasabd5 node vasatDbd5 profile ep-tD order 100
Related Commands
|
|
vservice path
|
Configures a service path.
|
show vnm-pa status
To display the installation status of a policy agent, use the
show vnm-pa status
command.
show vnm-pa status
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vnm-pa status
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the installation status of the policy agent:
vsm(config)# show vnm-pa status VNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsm
Related Commands
|
|
vnm-policy-agent
|
Enters the Cisco VNMC policy agent configuration mode.
|
show vservice brief
To display only a brief summary about the Cisco VSG, use the
show vservice brief
command.
show vservice brief
[
node-l3 node-ipaddr
ip-addr
|
node-l3
module
module-num
] [
node-vxlan bridge-domain
bridge-domain-name
] |
node-vlan
vlan-id |
node-name
node name
|
module
module-num
Syntax Description
node-l3 node-ipaddr
|
(Optional) Filters Layer 3 mode (Using the IP address) for the service node.
|
ip-addr
|
IP address of the service node.
|
node-l3 module
|
(Optional) Specifies the module in the service node.
|
module-num
|
Module number.
|
node-vxlan bridge-domain
|
(Optional) Filters the display by domain bridge name associated with the Virtual Extensible Local Area Network (VXLAN).
|
bridge-domain-name
|
The bridge domain name.
|
node_vlan
|
(Optional) Filters the display by VLAN connected with the service node.
|
vlan_num
|
VLAN number.
|
name
|
(Optional) Displays service node name.
|
node-name
|
The service node.
|
module
|
Filters the display by module number.
|
module-num
|
The module number.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
The output of the
show vservice brief
is changed.
|
4.1(2)SV1(5.1)
|
The output of the
show vsn brief
was changed to show the information about the Cisco VSG in L2 and L3 mode.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show
vservice
brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display a summary of the Cisco VSGs:
ID Name Type IP-Address Mode State Module 1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4, 12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive?? 4,6, 13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4, 18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6, 19 vsgl3tE105 vsg 10.10.10.205 l3 Unreach 4,6, #Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4, vasatDbd5 1000000000 ep-tD #Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Related Commands
|
|
show vsn port vethernet
|
Displays information about the Cisco VSG.
|
show vservice connection
To display Cisco VSG connections, use the
show vservice connection
command.
show vservice connection
[
node-name node-name
] [
node-vxlan bridge-domain
bdname
|
node-vlan vlan-num
|
node-l3
[
node-ipaddr
ip-addr
| module module-num] |
node-ipaddr
ip-addr
] |
path-name
path-name
|
port-profile
port-profile-name
|
service-profile
service-profile-name
]
Syntax Description
node-name
|
(Optional) Specifies the name of the service VLAN.
|
node-name
|
The service node name.
|
node-vxlan bridge-domain
|
Filters the display by the domain bridge name associated with the Virtual Extensible Local Area Network (VXLAN).
|
bd-name
|
The bridge domain name.
|
node-vlan
|
Filters the VLAN node for the VSG service VLAN.
|
vlan-num
|
Filters the VLAN module number for the VSG service VLAN.
|
node-l3 node-ipaddr
|
(Optional) Filters Layer 3 mode (using the IP address) for the service node.
|
ip-addr
|
The IP address of the service node.
|
node-l3 module
|
(Optional) Specifies the module in the service node.
|
module-num
|
The module number to see all the VSN connections on the module.
|
node_ipaddr
|
Filters the display by the IP address of the service node
|
ip-addr
|
The IP address of the service node.
|
path-name
|
Filters the vservice path name
|
path_name
|
The service path name.
|
port-profile
|
Filters the port information for the specified port-profile name.
|
port-profile
|
The port-profile name.
|
service-profile
|
Filters the port information for the specified service-profile name.
|
service_profile
|
The service-profile name.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
The output of the show vservice connection command was modified to show the Cisco VSG connections.
|
4.2.1SV1(5.1)
|
The output of the show vservice connection command was modified to show that the VLAN column is now referred as V(X)LAN. In the V(X)LAN column, the VLAN is represented with prefix ”v-” and V(X)LAN is shown without any prefix.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice connection
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display Cisco VSG connections:
vsm# show vservice connection node_ipaddr node_name node_vxlan p - permit t - passthrough _ - not processed yet upper case - offloaded A - seen ack for syn/fin from src a - seen ack for syn/fin from dst E - tcp conn established (SasA done) F - seen fin from src f - seen fin from dst R - seen rst from src r - seen rst from dst S - seen syn from src s - seen syn from dst T - tcp conn torn down (FafA done) x - IP-fragment connection Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
Related Commands
|
|
show vsn port vethernet
|
Displays port information.
|
show vservice detail
To display detailed information about the Cisco VSG, use the
show vservice detail
command.
show vservice detail {module module_num | node_ipaddr ip_addr | node_l3 node_l3 | node_name node_name | node_vxlan vxlan_num | node_vlan vlane_num | path_name path_name port-profile port_profile| service-profile sevice_profile}
Syntax Description
module
|
Filters the display by the module number.
|
module_num
|
The module number to see the VSN connections on the module.
|
node_ipaddr
|
Filters the display by the IP address of the service node.
|
ip_addr
|
The IP address of the service node.
|
node_l3
|
Filters the display by the node associated with the Layer 3 mode
|
node_l3
|
The Layer 3 mode for the vservice node.
|
node_name
|
Filters the display by the node name.
|
node_name
|
The service node name.
|
node_vxlan
|
Filters the display by VXLAN node.
|
vxlan_num
|
The VXLAN number for the Cisco VSG service VXLAN.
|
node_vlan
|
Filters the display by the VLAN node.
|
vlan_num
|
The VLAN number for the Cisco VSG service VLAN.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
The output of the show vservice detail command is changed.
|
4.2.1SV1(5.1)
|
The output of the show vsn detail command was changed to show the detailed information about Cisco VSGs.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vsn detail
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display detailed information about Cisco VSGs:
vsm#
show vservice detail
#VSN VLAN: -, IP-ADDR: 10.1.1.40 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE #VSN VLAN: -, IP-ADDR: 10.1.1.68 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE #VSN VLAN: 502, IP-ADDR: 10.1.1.45 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE 11 00:50:56:8f:5a:bb Close Up 12 00:50:56:8f:5a:bb Close Up #VSN VLAN: 501, IP-ADDR: 10.1.1.44 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE 9 00:50:56:8f:5a:85 Close Up 11 00:50:56:8f:5a:85 Close Up #VSN VLAN: 501, IP-ADDR: 10.1.1.40 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE 9 00:50:56:8e:35:bd Close Up 11 00:50:56:8e:35:bd Close Up #VSN VLAN: 501, IP-ADDR: 10.1.1.41 MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE 11 00:50:56:8f:5a:7f Close Up #VSN Ports, Port-Profile, Org & Security-Profile Association: #VSN VLAN: -, IP-ADDR: 10.1.1.40 Port-Profile: segment-5000-routed, Security-Profile: tenant1-sp1, Org: root/tenant1 Port-Profile: segment-5001, Security-Profile: tenant1-sp1, Org: root/tenant1 #VSN VLAN: -, IP-ADDR: 10.1.1.68 Port-Profile: N1010-L3, Security-Profile: n1010-sp, Org: root/tenant1 #VSN VLAN: 502, IP-ADDR: 10.1.1.45 Port-Profile: segment-5002, Security-Profile: tenant3-sp2, Org: root/tenant3 Port-Profile: tenant3-sp2, Security-Profile: tenant3-sp2, Org: root/tenant3 #VSN VLAN: 501, IP-ADDR: 10.1.1.44 Port-Profile: tenant1-vsg2, Security-Profile: tenant1-sp2, Org: root/tenant1 9 49, 55, 54, 53, 52, 51, 50, 56, 63, 62, 61, 60, 59, 58, 57, 6, 7, 13, 14, 15, 11 16, 17, 22, 21, 20, 19, 18 #VSN VLAN: 501, IP-ADDR: 10.1.1.40 Port-Profile: data-53, Security-Profile: tenant1-sp1, Org: root/tenant1 #VSN VLAN: 501, IP-ADDR: 10.1.1.41 Port-Profile: tenant2, Security-Profile: tenant2-sp1, Org: root/tenant2
Related Commands
|
|
show vservice port vethernet
|
Displays
information about virtual Ethernet (vEth) ports
.
|
show vservice license brief
To display only a brief summary about the Cisco VSG license information, use the
s
how vservice license brief
command.
show vservice license brief
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice license brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the brief information about the license:
vsm# show vservice license brief -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Type In-Use-Lic-Count UnLicensed-Mod
Related Commands
|
|
show license usage
|
Displays the vservice node license usage.
|
show vservice license detail
To display the detail about the Cisco VSG license information, use the
show vservice license detail
command.
show vservice license detail {module
module_num
}
Syntax Description
module
|
Filters the module number.
|
module_num
|
Module number. The range is from 3 to 66.
|
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice license detail
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the brief information about the license:
vsm# show vservice license detail module 4 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Mod VSG-Lic-Count ASA-Lic-Count
Related Commands
|
|
show license usage
|
The vservice license usage.
|
show vservice node mac brief
To display only summary about the MAC address of the Cisco VSG service node, use the
show vservice node mac brief
command.
show vservice node mac brief
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice node mac brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the MAC address of the Cisco VSG service node
vsm# show vservice node mac brief -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ID Type IP-Address MAC-Addr Mode Fail State Module 1 asa 172.8.8.201 00:50:56:b5:37:8f vxlan open Alive 4, 12 vsg 10.10.10.103 00:50:56:b5:25:f7 vxlan close Alive 4,6,7, 13 vsg 10.10.10.104 00:50:56:b5:6d:36 v-504 close Alive 4, 18 vsg 10.10.10.204 00:00:00:00:00:00 l3 open Alive 4,6,
show vservice node brief
To display only the summary about the Cisco VSG vservice node, use the
show vservice node brief
command.
show vservice node brief
[
name
node-name
|
vxlan bridge-domain
bdname
|
vlan
vlan_num
|
l3
ip-addr
ip-addr
|
l3
module
module-num
] |
ipaddr
ip-addr
| module
module-num
]
Syntax Description
name
|
(Optional) Displays the service node name.
|
node-name
|
Service node.
|
vxlan bridge-domain
|
Filters the VXLAN number associated with the service node.
|
bd_name
|
Bridge domain name.
|
vlan
|
Specifies the VLAN node for the Cisco VSG service VLAN.
|
vlan_num
|
VLAN number for the Cisco VSG service VLAN.
|
l3
|
Specifies Layer 3 mode (using IP address) for the service node.
|
ipaddr
|
Filters the display by the IP address of the service node
|
ip-addr
|
IP address of the service node.
|
module
|
(Optional) Specifies the module number.
|
module-num
|
Module number.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
The output of the show vservice node brief command was modified.
|
4.2.1SV1(5.1)
|
The output of the show vsn brief was modified to show the information about the Cisco VSG in Layer 2 and Layer 3 mode.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice node brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display Cisco VSG vservice node brief.
vsm# show vservice node brief -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ID Name Type IP-Address Mode State Module 1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4, 12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive 4,6,7, 13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4, 18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6,
show vservice node detail
To display the detail about the Cisco VSG vservice node, use the
show vservice node detail
command.
show vservice node detail
[
name
node-name
|
vxlan bridge-domain
bdname
|
vlan
vlan_num
|
l3
ip-addr
ip-addr
|
l3
module module-num] |
ipaddr
ip-addr
| module module-num]
Syntax Description
name
|
(Optional) Displays service node name.
|
node-name
|
Specifies the service node.
|
vxlan bridge-domain
|
Filters the VXLAN number associated with the service node.
|
bd_name
|
Bridge domain name.
|
vlan
|
Filters the VLAN node for the VSG service VLAN.
|
vlan_num
|
VLAN number for the VSG service VLAN.
|
l3
ipaddr
|
Filters the display by the Layer 3 IP address of the node.
|
l3 module
|
Filters the display by the Layer 3 mode (using the IP address) for the service node.
|
ipaddr
|
Filters the display by the IP address of the node.
|
ip-addr
|
IP address of the node.
|
module
|
(Optional) Specifies the module number.
|
module-num
|
Module number.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2.1SV1(5.2)
|
The output of the show vservice node detail command was modified to display the details about the Cisco VSG vservice nod
|
4.2.1SV1(5.1)
|
The output of the show vsn connection command was modified to show that the VLAN column is now referred as V(X)LAN. In the V(X)LAN column, the VLAN is represented with a prefix “v-” and V(X)LAN is shown without any prefix.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice node detail
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display Cisco VSG service node:
vsm# show vservice node detail
-------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Type:asa IPAddr:172.8.8.201 Fail:open Vxlan:bd5555 4 Alive 00:50:56:b5:37:8f 2 Type:vsg IPAddr:10.10.10.103 Fail:close Vxlan:bd6666 4 Alive 00:50:56:b5:25:f7 2 6 Alive 00:50:56:b5:25:f7 2 7 Alive 00:50:56:b5:25:f7 2 Node ID:13 Name:vsgl2tD104 Type:vsg IPAddr:10.10.10.104 Fail:close Vlan:504 4 Alive 00:50:56:b5:6d:36 2 Node ID:18 Name:vsgl3tD104 Type:vsg IPAddr:10.10.10.204 Fail:open L3
show vservice path brief
To display only the summary of the vservice path, use the
show vservice path brief
command.
show vservice path brief
[
module
module-number
|
name
name
]
Syntax Description
module
|
Module assigned to the service node.
|
module-number
|
Module number.
|
name
|
Filters the pathname to the service node.
|
name
|
Pathname to the service node.
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Examples
This example shows how to show the vservice path:
vsm# show vservice path brief #Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4, vasatDbd5 1000000000 ep-tD #Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Related Commands
|
|
show vservice path detail
|
Displays the details of the vservice path.
|
show vservice path detail
To display only the details of the vservice path, use the
show vservice path detail
command.
show vservice path detail
[
module
module-number
|
name
name
]
Syntax Description
module
|
(Optional) Displays module keyword.
|
module-number
|
Specifies the module number to see all the VSN connections on the module.
|
name
|
(Optional) Filters the pathname to the service node.
|
name
|
Pathname to the service node.
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Examples
This example shows how to show the vservice path:
vsm# show vservice path detail #Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4, vasatDbd5 1000000000 ep-tD #Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Related Commands
|
|
show vservice path brief
|
Displays a summary of the vservice path.
|
show vservice port brief
To display a brief summary of the configured ports in the network, use the
show vservice port brief
command.
show vservice port brief {module module_num | node-ipaddr ip_addr | node-l3
[
node-ipaddr
ip-addr
| module module-num]
| node-name node_name | node-vlan vlan-num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
Syntax Description
module
|
Filters the port information for the specified module.
|
module_num
|
Module number.
|
node-ipaddr
|
Filters the port information for the specified IP address of the node.
|
ip_addr
|
Node’s IP address.
|
node-l3
|
Filters the port information for the Layer 3 adjacency of a node.
|
node-ipp-addr
|
(Optional) Specifies the IP address of the node.
|
ip-addr
|
Node’s IP address.
|
module
|
(Optional) Specifies the module number of the service node.
|
module-num
|
Module number.
|
node-name
|
Filters the name of the service node.
|
node-name
|
Service node.
|
node-vlan
|
Filters the VLAN number associated with the service node.
|
vlan-num
|
VLAN number.
|
node-vxlan bridge-domain
|
Filters the Virtual Extensible Local Area Network (VXLAN) number associated with the service node.
|
bdname
|
VXLAN name.
|
path-name
|
Filters the vservice path name.
|
path_name
|
Service path name.
|
port-profile
|
Filters the port information for the specified port-profile name.
|
port-profile
|
Port-profile name.
|
service-profile
|
Filters the port information for the specified service-profile name.
|
service_profile
|
Service-profile name.
|
vethernet
|
Filters the port information for the specified virtual Ethernet number.
|
vethernet_num
|
Virtual Ethernet number.
|
Command Modes
EXEC
Network-admin
Network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice port brief
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
module—Filter the output per a specific module number.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the brief summary information of the vservice ports for module number 4:
vsm# show vservice port brief module 4 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- PortProfile:tC-bd5-vsgbd6 Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5) Veth Mod VM-Name vNIC IP-Address 9 4 cos-8.10-bd5-spvsgbd6 2 172.8.8.10, 23 4 cos-8.41-bd6-vsgbd6 1 172.8.8.41, 37 4 xp-8.11-504-vsg504 1 172.8.8.11, 51 4 cos-8.37-503-s...04vasa503 1 172.8.8.37, 53 4 cos-8.31-503-vsgbd6 1 172.8.8.31, PortProfile:tD-bd5-spvsgl3vasabd5 vsgl3tD104(10.10.10.204) sp-tD(6) vasatDbd5(172.8.8.201) ep-tD(8) Veth Mod VM-Name vNIC IP-Address 72 4 cos-8.40-bd5-s...l3vasabd5 1 172.8.8.40, PortProfile:tD-504-vsg504 Node:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6) Veth Mod VM-Name vNIC IP-Address 69 4 cos-8.38-504-vsg504 1 172.8.8.38, Node:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7) Veth Mod VM-Name vNIC IP-Address 50 4 2k3-9.8-bd6-spvsgl3 1 172.9.9.8, PortProfile:tC-bd6-vsgbd6 Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5) Veth Mod VM-Name vNIC IP-Address 11 4 cos-9.13-bd6-vsgl3 1 172.9.9.13,
Related Commands
|
|
vservice port detail
|
Displays details of the configured ports in the network.
|
show vservice port detail
To display details of the configured ports in the network, use the
show vservice port detail
command.
show vservice port detail {module module_num | node-ipaddr ip_addr | node-l3
[
node-ipaddr
ip-addr
| module module-num]
| node-name node_name | node-vlan vlan_num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
Syntax Description
module
|
Filters the port information for the specified module.
|
module_num
|
Module number.
|
node-ipaddr
|
Filters the port information for the specified IP address of the node.
|
ip_addr
|
Node’s IP address.
|
node-l3
|
Filters the port information for the Layer 3 adjacency of a node.
|
path-name
|
Filters the port information for the specified path name.
|
path_name
|
Service path name.
|
port-profile
|
Filters the port information for the specified port-profile name.
|
port-profile
|
Port-profile name.
|
service-profile
|
Filters the port information for the specified service-profile name.
|
service_profile
|
Service-profile name.
|
vethernet
|
Filters the port information for the specified virtual Ethernet number.
|
vethernet_num
|
Virtual Ethernet number.
|
Command Modes
EXEC
Network-admin
Network-operator
Command History
|
|
4.1(2)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vservice port detail
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
module—Filter the output per a specific module number.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display the detailed information of the vservice for module 4:
vsm# show vservice port detail module 4 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- PortProfile:tC-bd5-vsgbd6 Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5) VM-Name :cos-8.10-bd5-spvsgbd6 VM-UUID :50 35 a1 39 18 76 76 18-89 89 27 33 1a 30 50 20 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 VM-Name :cos-8.41-bd6-vsgbd6 VM-UUID :50 35 d5 98 de c1 04 5b-3e 84 a6 2c 9f 04 2b c2 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 VM-Name :xp-8.11-504-vsg504 VM-UUID :50 35 bc 16 8c fa a8 66-ae d9 1f ca 30 e5 21 3e DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 VM-Name :cos-8.37-503-s...04vasa503 VM-UUID :50 35 1d f6 ba 4e 26 7e-78 02 03 a8 cf c6 ed d9 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 VM-Name :cos-8.31-503-vsgbd6 VM-UUID :50 35 42 e3 93 f9 aa 46-3e 94 bb fd 39 23 a7 c0 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 PortProfile:tD-bd5-spvsgl3vasabd5 Path:sp-tDvsgl3vasabd5 NumOfSvc:2 vsgl3tD104(10.10.10.204) sp-tD(6) vasatDbd5(172.8.8.201) ep-tD(8) VM-Name :cos-8.40-bd5-s...l3vasabd5 VM-UUID :50 35 af 46 40 bb ef 61-37 9e c7 6f 5a 97 4e 18 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 PortProfile:tD-504-vsg504 Node:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6) VM-Name :cos-8.38-504-vsg504 VM-UUID :50 35 9a 63 d0 6a ff de-a5 66 65 2c 06 be e4 c1 DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 Node:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7) VM-Name :2k3-9.8-bd6-spvsgl3 VM-UUID :50 35 93 44 8b 31 35 e1-02 50 e1 5c 5e 3f 51 2a DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55 PortProfile:tC-bd6-vsgbd6 Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5) VM-Name :cos-9.13-bd6-vsgl3 VM-UUID :50 35 f0 fb 15 4a 2b 46-4c 69 4c 24 d3 ab ff 0f DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands--------------------------------------------------------------------------------
Related Commands Port Information
Related Commands--------------------------------------------------------------------------------
Related CommandsPortProfile:tC-bd5-vsgbd6
Related CommandsOrg:root/tC
Related CommandsNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Related Commands Module :4
Related Commands VM-Name :cos-8.10-bd5-spvsgbd6
Related Commands vNIC:Network Adapter 2
Related Commands DV-Port :4421
Related Commands VM-UUID :50 35 a1 39 18 76 76 18-89 89 27 33 1a 30 50 20
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.10,
Related Commands Module :4
Related Commands VM-Name :cos-8.41-bd6-vsgbd6
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4425
Related Commands VM-UUID :50 35 d5 98 de c1 04 5b-3e 84 a6 2c 9f 04 2b c2
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.41,
Related Commands Module :4
Related Commands VM-Name :xp-8.11-504-vsg504
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4424
Related Commands VM-UUID :50 35 bc 16 8c fa a8 66-ae d9 1f ca 30 e5 21 3e
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.11,
Related Commands Module :4
Related Commands VM-Name :cos-8.37-503-s...04vasa503
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4416
Related Commands VM-UUID :50 35 1d f6 ba 4e 26 7e-78 02 03 a8 cf c6 ed d9
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.37,
Related Commands Module :4
Related Commands VM-Name :cos-8.31-503-vsgbd6
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4420
Related Commands VM-UUID :50 35 42 e3 93 f9 aa 46-3e 94 bb fd 39 23 a7 c0
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.31,
Related CommandsPortProfile:tD-bd5-spvsgl3vasabd5
Related CommandsOrg:root/tD
Related CommandsPath:sp-tDvsgl3vasabd5 NumOfSvc:2
Related CommandsNode Profile(Id)
Related Commands vsgl3tD104(10.10.10.204) sp-tD(6)
Related Commands vasatDbd5(172.8.8.201) ep-tD(8)
Related Commands Module :4
Related Commands VM-Name :cos-8.40-bd5-s...l3vasabd5
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :3712
Related Commands VM-UUID :50 35 af 46 40 bb ef 61-37 9e c7 6f 5a 97 4e 18
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.40,
Related CommandsPortProfile:tD-504-vsg504
Related CommandsOrg:root/tD
Related CommandsNode:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6)
Related Commands Module :4
Related Commands VM-Name :cos-8.38-504-vsg504
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4642
Related Commands VM-UUID :50 35 9a 63 d0 6a ff de-a5 66 65 2c 06 be e4 c1
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.8.8.38,
Related CommandsPortProfile:tD-bd5-vsgl3
Related CommandsOrg:root/tD
Related CommandsNode:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7)
Related Commands Module :4
Related Commands VM-Name :2k3-9.8-bd6-spvsgl3
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :3777
Related Commands VM-UUID :50 35 93 44 8b 31 35 e1-02 50 e1 5c 5e 3f 51 2a
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:172.9.9.8,
Related CommandsPortProfile:test
Related CommandsNode:testip(0.0.0.0) Profile(Id):test(1)$
Related Commands Module :4
Related Commands VM-Name :cos-jbo9.7-bd6-spvsgl3
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4800
Related Commands VM-UUID :50 35 7a f3 bb 72 4a 48-46 71 59 86 34 a4 2c 06
Related Commands DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
Related Commands IP-Addrs:
Related CommandsPortProfile:tC-bd6-vsgbd6
Related CommandsOrg:root/tC
Related CommandsNode:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Related Commands Module :4
Related Commands VM-Name :cos-9.13-bd6-vsgl3
Related Commands vNIC:Network Adapter 1
Related Commands DV-Port :4832
Related Commands VM-UUID :50 35 f0 fb 15 4a 82 57 25 38 55
Related Commands IP-Addrs:172.9.9.13,
Related Commands
|
|
show vservice port brief
|
Displays a brief summary of the configured ports in the network
|
show vservice port vethernet
To display information about virtual Ethernet (vEth) ports, use the show vsn port vethernet
command.
show vsn port vethernet
port-number
Syntax Description
port-number
|
Port number. The range is from 1 to 1048575.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
You can use the following operators with the
show vsn port vethernet
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display information about vEth port 2:
vsm# show vsn port vethernet 2 VM uuid : 42 3b e1 60 17 e6 92 c4-3b 47 f4 b7 4c a0 be 1b DVS uuid : 90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c VSN Data IP : 192.168.136.1
Related Commands
|
|
show vservice statistics
|
Displays Cisco VSG statistics.
|
show vservice statistics
To display the information about the configuration, MAC address, state of associated Cisco VSG and Virtual Ethernet Module (VEM), virtual Ethernet interfaces to which Cisco VSGs are bound, and Virtual Service Node (VSN) statistics for all VEM modules associated with Cisco VSGs, use the show vservice statistics
command
.
show vservice statistics
[
ip
ip-addr
|
module
module-num
|
vlan
vlan-num
]
Syntax Description
ip
|
(Optional) Displays IP address statistics.
|
ip-addr
|
MAC address.
|
module
|
(Optional) Displays VEM module statistics.
|
module-num
|
Module number.
|
vlan
|
(Optional) Displays VLAN statistics.
|
vlan-num
|
VLAN number associated with the node in the Layer 2 mode.
|
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)SV1(5.2)
|
The name of the command is changed.
|
4.2(1)SV1(5.1)
|
This command is changed to show the vservice statistic details
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Use the
show vservice statistics
command to check the number of active connections on each module, different policy counters for Permits, Denies or Redirects to the service nodes and to check if any of the error counters are incrementing.
You can use the following operators with the
show vservice statistics
command:
-
>
—Redirects the output to a file.
-
>>
—Redirects the output to a file in append mode.
-
|
—Pipes the command output to a filter.
Examples
This example shows how to display statistics for a module:
vsm# show vservice statistics module 4 #VSN VLAN: 0, IP-ADDR: 10.10.10.205 #VPath Packet Statistics Ingress Egress Total Policy Redirects 16 21 37 No-Policy Passthru 4666 3609 8275 Policy-Permits Rcvd 16 21 37 VSN State Down 2380 10765 13145 All-Drops 2380 10765 13145 Active Flows 0 Active Connections 0 Forward Flow Create 11 Forward Flow Destroy 11 Reverse Flow Create 11 Reverse Flow Destroy 11 Flow ID Alloc 22 Flow ID Free 22 Connection ID Alloc 11 Connection ID Free 11 L2 Flow Create 0 L2 Flow Destroy 0 L3 Flow Create 0 L3 Flow Destroy 0 L4 TCP Flow Create 0 L4 TCP Flow Destroy 0 L4 UDP Flow Create 22 L4 UDP Flow Destroy 22 L4 Oth Flow Create 0 L4 Oth Flow Destroy 0 Embryonic Flow Create 0 Embryonic Flow Bloom 0 L2 Flow Timeout 0 L2 Flow Offload 0 L3 Flow Timeout 0 L3 Flow Offload 0 L4 TCP Flow Timeout 0 L4 TCP Flow Offload 0 L4 UDP Flow Timeout 59 L4 UDP Flow Offload 37 L4 Oth Flow Timeout 0 L4 Oth Flow Offload 0 Flow Lookup Hit 90 Flow Lookup Miss 22 Flow Dual Lookup 112 L4 TCP Tuple-reuse 0 TCP chkfail InvalACK 0 TCP chkfail SeqPstWnd 0 Flow Classify Err 0 Flow ID Alloc Err 0 Conn ID Alloc Err 0 Hash Alloc Err 0 Flow Exist 0 Flow Entry Exhaust 0 Flow Removal Err 0 Bad Flow ID Receive 37 Flow Entry Miss 0 Flow Full Match Err 0 Bad Action Receive 0 Invalid Flow Pair 0 InvalFID Lookup 37 InvalFID Lookup Err 0
Related Commands
|
|
show vservice port vethernet
|
Displays information about virtual Ethernet (vEth) ports
.
|
state (port profile)
To enable the operational state of a port profile, use the state command. To disable the operational state of a port profile, use the
no
form this command.
state enabled
no state enabled
Syntax Description
enabled
|
Enables the port profile.
|
Command Modes
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to enable the operational state of a port profile:
vsm(config)# port-profile testprofile vsm(config-port-prof)# state enabled
Related Commands
|
|
show port-profile
|
Displays port profile information.
|
switchport mode
To set the port mode of an interface, use the switchport mode command. To remove the port mode configuration, use the no form of this command.
switchport mode {access | private-vlan {host | promiscuous} | trunk}
no switchport mode {access | private-vlan {host | promiscuous} | trunk}
Syntax Description
access
|
Sets the port mode access.
|
private-vlan
|
Sets the port mode to private VLAN.
|
host
|
Sets the port mode private VLAN to host.
|
promiscuous
|
Sets the port mode private VLAN to promiscuous.
|
trunk
|
Sets the port mode to trunk.
|
Defaults
Switchport mode is not set.
Command Modes
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to set the port mode of an interface:
vsm(config)# interface vethernet 1 vsm(config-if)# switchport mode private-vlan host
This example shows how to remove the mode configuration:
vsm(config)# interface vethernet 1 vsm(config-if)# no switchport mode private-vlan host
Related Commands
|
|
show interface
|
Displays interface information.
|
switchport access vlan
To set the access mode of an interface, use the switchport access vlan command. To remove the access mode configuration, use the no form of this command.
switchport access vlan vlan-id
no switchport access vlan
vlan-id
Syntax Description
vlan-id
|
VLAN identification number. The range is from 1 to 3967.
|
Defaults
Access mode is not set.
Command Modes
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to set the access mode of an interface:
vsm(config)# interface vethernet 1 vsm(config-if)# switchport access vlan 100
This example shows how to remove the access mode configuration:
vsm(config)# interface vethernet 1 vsm(config-if)# no switchport access vlan
Related Commands
|
|
show interface
|
Displays interface information.
|
tcp state-checks
To configure the Cisco Nexus 1000V switch to perform TCP state checks, use the tcp state-checks command. To return to the default setting, use the no form of the command.
tcp state-checks [invalid-ack | seq-past-window | window-variation]
no tcp state-checks [invalid-ack | seq-past-window | window-variation]
Syntax Description
invalid-ack
|
(Optional) Enables the invalid-ack TCP state check on the Cisco VSG. When a data packet triggers an invalid ACK, the packet is dropped by the Cisco VSG.
|
seq-past-window
|
(Optional) Enables the seq-past-window TCP state check on the Cisco VSG. When a data packet’s sequence number is greater than the right edge of the TCP receiving window, the packet is dropped by the Cisco VSG.
|
window-variation
|
(Optional) Enables the window-variation TCP state check on the Cisco VSG. Thus, any attempt to make the window smaller is disallowed.
|
Defaults
The default behavior of the TCP checks is as follows:
-
invalid-ack—Enabled.
-
seq-past-window—Enabled.
-
window-variation—Disabled.
Command Modes
vservice global configuration (config-vservice-global)
network-admin
system-admin
Command History
|
|
4.2(1)SV2(1.1)
|
This command was modified to add the invalid-ack, seq-past-window, and window-variation TCP state checks.
|
4.2(1)VSG1(4a)
|
This command was introduced.
|
Usage Guidelines
Because the default TCP state checks in vPath are different for each check, the no form of this command may enable or disable the respective checks. See the “Defaults” section, before you enter the no form of this command.
Examples
This example shows how to configure the switch to perform the default TCP state checks:
n1000v(config)# vservice global type vsg n1000v(config-vservice-global)# tcp state-checks This example shows how to enable the seq-past-window TCP state check: n1000v(config-vservice-global)# tcp state-checks seq-past-window This example shows how to disable the invalid-ack TCP state check: n1000v(config-vservice-global)# no tcp state-checks invalid-ack
Related Commands
|
|
vservice global type vsg
|
Enters the vservice global configuration mode.
|
bypass asa-traffic
|
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain.
|
vlan
To create a VLAN and enter the VLAN configuration mode, use the vlan command. To remove a VLAN, use the no form of this command.
vlan {id | dot1Q tag native}
no vlan {id | dot1Q tag native}
Syntax Description
id
|
VLAN identification number. The range is from 1 to 4094.
|
dot1Q tag native
|
Specifies an IEEE 802.1Q virtual LAN.
|
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Specify a VLAN range by using a dash. For example, 1-9 or 20-30.
Examples
This example shows how to create a VLAN and enter the VLAN configuration mode:
This example shows how to remove a VLAN:
Related Commands
|
|
show vlan
|
Displays the VTP VLAN status.
|
vmware port-group
To create a VMware port group, use the vmware port-group command. To remove the VMware port group, use the no form of this command.
vmware port-group name
no vmware port-group name
Syntax Description
name
|
Name of the VMware port group.
|
Command Modes
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
To create the VMware port group, you must be in port profile configuration mode.
Examples
This example shows how to create a VMware port group:
vsm(config)# port-profile testprofile vsm(config-port-prof)# vmware port-group testgroup
This example shows how to remove the VMware port group:
vsm(config)# port-profile testprofile vsm(config-port-prof)# no vmware port-group testgoup
Related Commands
|
|
show port-profile name
|
Displays configuration information about a particular port profile.
|
vn-service ip-address
To assign a data IP address, a VLAN number, and a profile to a Cisco VSG L2 mode, use the vn-service ip-address command. To disable the data IP address, use the
no
form of this command.
vn-service ip-address
ip-address
vlan
vlan-number
[
fail
{
close
|
open
} |
security-profile
profile-name
]
no vn-service ip-address
ip-address
vlan
vlan-number
[
fail
{
close
|
open
} |
security-profile
profile-name
]
To assign a data IP address and a profile to a Cisco VSG Layer 3 mode, use the
vn-service ip-address
command. To disable the data IP address, use the
no
form of the command.
vn-service ip-address
ip-address
l3-mode
[
fail
{
close
|
open
} |
security-profile
profile-name
]
no vn-service ip-address
ip-address
l3-mode
[
fail
{
close
|
open
} |
security-profile
profile-name
]
Syntax Description
ip-address
|
IP address. The format is A.B.C.D.
|
vlan
vlan-number
|
Specifies the service VLAN number. The range is from 1 to 3967 and 4048 to 4093.
|
fail
|
(Optional) Sets the state to be in either fail close or fail open.
|
close
|
Drops packets if the Cisco VSG is down.
|
open
|
Passes packets through if the Cisco VSG is down.
|
security-profile
profile-name
|
(Optional) Specifies the security profile name.
|
l3-mode
|
Specifies that the Cisco VSG is in Layer 3 mode.
|
Command Default
Fail close
Command Modes
Port profile configuration (config-port-prof)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command is no longer supported. It was replaced by the vservice commands.
|
4.2(1)SV1(5.1)
|
This command was changed to include the command syntax and description for the Layer 3 mode.
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Use the
vn-servic
e ip-address command to configure the IP address, VLAN, and security profile for the Cisco VSG, and optionally to allow for a fail-safe configuration.
The fail mode specifies what the behavior is when the Virtual Ethernet Module (VEM) does not have connectivity to the Cisco VSG. The default fail mode is
close
, which means that the packets are dropped. The
open
fail mode means that packets are passed.
The security profile name must match one of the security profiles created on the Cisco VSG.
The IP address must match the data interface IP address on the Cisco VSG.
Examples
This example shows how to assign the IP address and VLAN number and how to specify that packets are to be passed when the Cisco VSG fails:
Enter configuration commands, one per line. End with CNTL/Z. vsm(config)# port-profile pP1 vsm(config-port-prof)# vn-service ip-address 209.165.200.236 vlan 2 fail open
Related Commands
|
|
show virtual-service-domain
|
Displays virtual service domain information.
|
vservice
To associate a port-profile with a service node or path, use the vservice command from the config-port-profile mode of the port-profile. To delete a port-profile configuration, use the no form of this command.
vservice {node node_name [profile profile_name] | path svc_path_name}
no vservice
Syntax Description
node
|
Specifies the service node to associate the port-profile with.
|
node_name
|
The pre-defined service node name.
|
profile
|
(Optional) Specifies the service profile the service node is to be associated with.
|
profile_nam
e
|
The pre-defined service profile name.
|
path
|
Specifies the service path (vPath) to associate the port-profile with.
|
svc_path_name
|
The pre-defined service path name.
|
Command Modes
Port-profile configuration (config-port-prof)
Network-admin
Command History
|
|
4.2(1)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can associate either the service node or path to the chosen port-profile entity. Both, the node as well as the path need to be pre-defined. If the node is of type VSG or ASA, then specifying a profile is mandatory. However, it is optional in case of a vWAAS or ACE nodes.
Examples
This example shows how to configure a port-profile with a node and service profile:
vsm(config)# port-profile port1 <-------- Enter the mode of the port-profile entity you want to configure vsm(config-port-prof)# vservice node vsg1 profile sp1
This example shows how to configure a port-profile entity with a service path:
vsm(config-port-prof)# vservice path vpath1
Related Commands
|
|
show port-profile
|
Displays information about the port profiles.
|
vservice global type vsg
To enter the vservice global configuration mode, use the vservice global type vsg command.
vservice global type vsg
Syntax Description
This command has no keywords or arguments.
Command Modes
vservice global configration (config-vservice-global)
network-admin
Command History
|
|
4.2(1)SV1(5.2)
|
This command was introduced.
|
Examples
This example shows how to enter the vservice global configuration mode:
n1000v# configure <------ enter the config mode n1000v(config)# vservice global type vsg n1000v(config-vservice-global)#
Related Commands
|
|
bypass asa-traffic
|
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain.
|
tcp state-checks
|
Configures selective TCP state checks on the switch traffic.
|
vservice node
To configure a service node, use the vservice node command. To disable a service node, use the
no
form of this command.
vservice node node_name type {vsg | asa | ace }
ip address ip-address | no ip address
adjacency {l2 {vlan vlan-number} | {vxlan bridge-domain bd-name} | l3} | no adjacency failmode {close | open} | no failmode
no vservice node node_name
no ip address
no adjacenc
no failmode
Syntax Description
node_name
|
Service node name to identify it in the network.
|
type
|
Specifies the type of service node to be configured. The values include vsg, asa, or ace.
|
vsg
|
Cisco VSG service node.
|
asa
|
Cisco adaptive security appliance (ASA) service node.
|
ace
|
Cisco application control engine (ACE) service node.
|
ip address
|
Specifies the IP address of the service node. This IP address should match the IP address of the data interface node.
|
ip-address
|
IP address of the associated service node.
|
no
|
If there’s no IP address associated with the service node.
|
adjacency
|
Specifies the adjacency for either l2 or l3 mode.
|
l2
|
Specifies Layer 2 mode (uses a MAC address).
|
vlan
|
For Layer 2 mode, associates a VLAN with the node.
|
vlan-number
|
Specifies the VLAN module number.
|
vxlan
|
Alternatively, associate a Virtual Extendable Local Area Network (VXLAN) with the service node.
|
bridge-domain
|
Specifies a bridge-domain for the VXLAN.
|
bd-name
|
Bridge-domain name.
|
l3
|
Specifies Layer 3 (using IP address) mode for the service node.
|
failmode
|
Sets the state to be in either fail close, or fail open mode.
|
close
|
Drops packets if the Cisco VSG is down. This is the default value.
|
open
|
Allows the packets to pass through if the Cisco VSG is down.
|
Command Modes
Global configration (config)
Network-admin
Command History
|
|
4.2(1)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
Use the vservice node command to configure a service node with an existing Cisco VSG, ASA, or ACE. That node is associated with either a port profile or a vservice path.
You can only delete inactive vservice nodes. The inactive nodes are not configured with any virtual machines or service paths.
Examples
This example shows how to enter the vservice-node mode and configure the IP address of a vservice node, adjacency, and fail-mode settings:
vsm(config)# vservice node test type vsg <------- enter the vservice-node mode vsm(config-vservice-node)# ip address 1.1.11.11 vsm(config-vservice-node)# adjacency l2 vlan 100 vsm(config-vservice-node)# fail-mode close
Related Commands
|
|
show vservice node brief
|
Displays the vservice node information in brief.
|
show vservice node detail
|
Displays the vservice node information in detail.
|
vservice path
To configure a path for service chaining, use the vservice path command. To disable a service path, use the
no
form of this command.
vservice path svc_path_name
node node_name [profile prof_name] order order_num
no vservice path svc_path_name
no node node_name
Syntax Description
vservice path
|
The service path
|
svc_path_name
|
Service path name. This name is associated with various service no nodes and port profiles to complete service chain configurations.
|
node
|
Specifies the destination node for this service path.
|
node_name
|
Service node name.
|
profile
|
(Optional) Specifies the destination port profile for this service path.
|
prof_name
|
Port profile name.
|
order
|
Specifies the order number for this service path.
|
order_num
|
Order number. The range is from 1 to 1000.
|
Command Modes
Global configuration (config)
Network-admin
Command History
|
|
4.2(1)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You can configure up to three service nodes in one vservice path. The supported nodes are the Cisco VSG, vWAAS, and ASA. The specified node_name has to be predefined. Specifying a profile is mandatory for VSG and ASA, but not for vWAAS. For a given path, the ASA node must be configured last. You can disable a vservice-path from within its mode and at the global configuration level.
Examples
This example shows how to enter the vservice-path mode and specify the name of a vservice node, port profile, and the order number:
vsm(config)# vservice path test <------- enter the vservice-path mode vsm(config-vservice-path)# node test1 profile test2 order 100
This example shows how to disable a vservice path:
vsm(config)# no vservice path test
Related Commands
|
|
show vservice path brief
|
Displays the vservice path information in brief.
|
show vservice path detail
|
Displays the vservice path information in detail.
|
vservice license
To assign Cisco VSG and ASA licenses to specific modules, use the vservice license command. To disable volatile licenses, use the no form of this command.
vservice license type {vsg | asa} {transfer | volatile} {src-module mod_no | license-pool} {dst-module mod_no | license-pool}
[no] vservice license type {vsg | asa} volatile
Syntax Description
type
|
Specifies the service node license. The options are Cisco VSG or ASA.
|
vsg
|
Specifies the VSG license type that you can assign to a specific module.
|
asa
|
Specifies the ASA license type that you can assign to a specific module.
|
transfer
|
Specifies that the license needs to be transferred.
|
volatile
|
Specifies the volatile licenses within the network.
|
src-module
|
Specifies the source module from which the license is to be transferred.
|
mod_no
|
Module number. The acceptable number range is from 3 to 66.
|
license-pool
|
Specifies that the license has to be transferred from a module to the pool or from the pool to a module.
|
dst-module
|
Specifies the destination module to which the license is to be assigned.
|
Command Modes
EXEC
Network-admin
Command History
|
|
4.2(1)SV1(5.2)
|
This command was introduced.
|
Usage Guidelines
You cannot transfer volatile licenses to the license pool. You cannot specify any keyword after you enter “volatile” at the command line.
You can transfer the licenses within the modules and license pool. This command also enables (activate) the volatile licenses.
Examples
This example shows how to transfer a Cisco VSG license from a module to the license pool:
vsm(config)# vservice license type vsg transfer src-module 4 license-pool
This example shows how to transfer a Cisco ASA license from one module to another:
vsm(config)# vservice license type asa transfer src-module 12 dst-module 34
This example shows how to enable volatile Cisco VSG licenses:
vsm(config)# vservice license type vsg volatile
This example shows how to disable volatile Cisco ASA licenses:
vsm(config)# no vservice license type asa volatile
Related Commands
|
|
show vservice license brief
|
Displays usage information per license type.
|
show vservice license detail
|
Displays the license type per module.
|
vnm-policy-agent
To enter Cisco Virtual Network Management Center (VNMC) policy agent mode, use the vnm-policy-agent command.
vnm-policy-agent
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Use the Cisco VNMC policy agent configuration mode to configure policy agents.
Examples
This example shows how
enter policy agent mode:
vsm(config)# vnm-policy-agent vsm(config-vnm-policy-agent)#
Related Commands
|
|
configure
|
Enters global configuration mode.
|
vsn type vsg global
To configure the TCP state checks, use the vsn type vsg global command.
vsn type vsg global
Syntax Description
This command has no arguments or keywords.
Defaults
TCP state checks are enabled.
Command Modes
Global configuration (config)
network-admin
system-admin
Command History
|
|
4.2(1)VSG1(4.1)
|
This command is no longer supported. It was replaced by the vservice global type vsg command.
|
4.2(1)VSG1(2)
|
This command was introduced.
|
Usage Guidelines
Because TCP state checks in vPath are enabled by default, use the no form of the tcp state-checks command to disable the state checks.
Examples
This example shows how to enter the VSN configuration submode:
vsm(config)# vsn type vsg global
Related Commands
|
|
tcp state-checks
|
Enables TCP state checks in the vPath.
|