The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about the vPath and vServices related commands on the Cisco Nexus 1000V Series switch and the Cisco Cloud Services Platform networking appliance.
To configure the traffic to bypass the Cisco VSG in a service chain, use the bypass asa-traffic command. To return to the default setting, use the no form of this command.
bypass asa-traffic
no bypass asa-traffic
This command has no arguments or keywords.
None
vservice global configuration (config-vservice-global)
network-admin
network-operator
|
|
---|---|
4.2(1)SV2(1.1) |
This command was introduced. |
In a service chain, you can configure the switch traffic to bypass the Cisco VSG nodes, so that only the Cisco ASA policies are lookedup for traffic traversing between the outside and inside networks. When enabled, this functionality is implemented globally, and not per interface.
This example shows how to configure the switch traffic to bypass the Cisco VSG nodes:
n1000v# config t
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)# bypass asa-traffic
|
|
---|---|
vservice path |
Configures a path for service chaining. |
vservice global type vsg |
Enter the vservice global configuration mode. |
To configure a port profile to be used with l3-vn-service, use the capability l3-vn-service command. To remove the capability from a port profile, use the no form of this command.
capability l3-vn-service
no capability l3-vn service
l3-vn-service |
Configure vmknic to carry l3-vn-service traffic. |
None
Port-profile configuration (config-port-prof)
network-admin
|
|
---|---|
4.2.1SV1(5.1) |
This command was introduced. |
If you are configuring a port profile for l3-vn-service, you must first configure the port profile in switchport mode.
The capability iscsi-multipath feature cannot be configured with the capability l3-vn-service feature.
This example shows how to configure a port profile to be used with l3-vn-service:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# switchport mode access
n1000v(config-port-prof)# capability l3-vn-service
n1000v(config-port-prof)#
This example shows how to remove the l3-vn-service configuration from the port profile:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# no capability l3-vn-service
n1000v(config-port-prof)#
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To clear the Cisco vservice connections, use the clear vservice connection command.
clear vservice connection [module module-num]
module |
(Optional) Clears a specific module. |
module-num |
Module number. The range is from 3 to 66. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
The name of the command was modified |
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to clear Cisco VSG connections:
vsm# clear vservice connection
|
|
---|---|
show vservice |
Displays Cisco VSG information. |
To clear the Cisco vservice statistics, use the clear vservice statistics command.
clear vservice statistics [module module-number | vlan vlan-number]
module |
(Optional) Clears a module. |
module-number |
Module number. The range of values is from 3 to 66. |
vlan |
(Optional) Clears a VLAN. |
vlan-number |
VLAN number. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
The name of the command was modified. |
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to clear Cisco vservice statistics for existing modules:
vsm# clear vservice statistics
Cleared statistics successfully in module 4
Cleared statistics successfully in module 6
|
|
---|---|
show vservice |
Displays Cisco VSG information. |
To copy the running configuration to the startup configuration, use the copy running-config startup-config command.
copy running-config startup-config
This command has no arguments or keywords.
None
Any command mode
network-admin
network-operator
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config
[########################################] 100%
To set logging severity levels for the Cisco Virtual Network Management Center (VNMC) policy agent, use the log-level command. To reset logging levels, use the no form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
None
Cisco VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the logging level to critical:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# log-level critical
|
|
---|---|
vnm-policy-agent |
Enables the Cisco VNMC policy agent configuration mode. |
To create a Cisco VNMC organization (domain), use the org command. To delete a Cisco VNMC organization, use the no form of the command.
org organization-name
no org [organization-name]
organization-name |
Organization name. The range of values is from 1 to 251. |
None
Port profile configuration (config-port-prof)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
Cisco VNMC organizations are Cisco VNMC domains.
You can hierarchically manage Cisco VNMC organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an engineering organization can contain a software engineering organization and a hardware engineering organization. A locale containing only the software engineering organization has access to system resources only within that organization. However, a locale that contains the engineering organization has access to the resources for both the software engineering and hardware engineering organizations.
This example shows how to create an organization:
vsm# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# org root/tenant1
vsm(config-port-prof)#
|
|
---|---|
vservice |
Sets the IP address for a virtual firewall. |
To ping the virtual service nodes (VSN) from the vPath, use the ping vsn command. There is no no form of this command.
ping vsn [ip vsn-ip-addr {[vlan vsn-vlan-num] | [vxlan bridge-domain bridge-domain-name] | all} {src-module {module-num | all | vpath-all}] [timeout secs] [count count]
None
EXEC
network-admin
There is no no form of this command.
This example shows how to ping a Cisco VSG:
vsm# ping ?
<CR>
A.B.C.D or Hostname IP address of remote system
WORD Enter Hostname
mpls Ping an MPLS network
multicast Multicast ping
vsn VSNs to be pinged
vsm# ping vsn
Input parameters:
· vsn : VSNs to be pinged.
o all : All VSNs that are currently associated to at least one VM. In other words, all VSNs specified in port-profiles that are bound to at least one VM.
o ip-addr <ip-addr> : All VSNs configured with this IP address.
o vlan <vlan-num> : All VSNs configured on this VLAN.
· src-module : Source modules to orginate ping request from.
o all : All online modules.
o vpath-all : All modules having VMs associated to port-profiles that has vn-service defined.
o <module-num> : A online module number.
· timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec.
· count : Number of ping packets to be sent.
o <count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max 2147483647.
o unlimited : Send ping packets until command is stopped.
Specify both the IP address and VLAN if the VSN to be pinged is not associated to any VMs yet.
In the output, the status of the ping request for each VSN for each module is shown. On a successful ping, the round-trip-time of ping request/response for a VSN is shown in microseconds next to the module number. On a failure, the failure message is shown next to the module number.
Various forms:
ping vsn all src-module all (Ping all VSNs from all modules)
ping vsn all src-module vpath-all (Ping all VSNs from all modules having
VMs associated to VSNs)
ping vsn all src-module 3 (Ping all VSNs from the specified module)
ping vsn ip 106.1.1.1 src-module all (Ping specified VSN from all modules)
ping vsn ip 106.1.1.1 vlan 54 src-module all (Ping specified VSN from all modules)
ping vsn ip 106.1.1.1 src-module vpath-all (Ping specified VSN from all modules
having VMs associated to VSNs)
ping vsn ip 106.1.1.1 vlan 54 src-module 3 (Ping specified VSN from specified
module)
The options timeout and count apply to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10
ping vsn all ip 106.1.1.1 count unlimited
ping vsn ip 106.1.1.1 vlan 54 src-vpath 3 count 10
Errors:
VSN response timeout - VSN is down, not reachable or not responding.
VSN ARP not resolved - VEM couldn't resolve MAC address of VSN.
no response from VEM - VEM is not sending ping response to VSM. Can happen when VEM
is down and VSM not detected it yet.
These examples show how to display all of the source module traffic:
vsm# ping vsn all src-module all
ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec) : 9(508)
module(failed) : 10(VSN ARP not resolved) 11(VSN ARP not resolved)
12(VSN ARP not resolved)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec) : 9(974) 11(987) 12(1007)
module(failed) : 10(VSN ARP not resolved)
ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=1 timeout=1-sec
module(usec) : 9(277) 10(436) 11(270) 12(399)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=1 timeout=1-sec
module(usec) : 9(376) 10(606) 11(468) 12(622)
ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=2 timeout=1-sec
module(usec) : 9(272) 10(389) 11(318) 12(357)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=2 timeout=1-sec
module(usec) : 9(428) 10(632) 11(586) 12(594)
ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec) : 9(284) 10(426) 11(331) 12(387)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec) : 9(414) 10(663) 11(644) 12(698)
ping vsn 10.1.1.44 vlan 501 from module 9 10 11 12, seq=4 timeout=1-sec
module(usec) : 9(278) 10(479) 11(334) 12(469)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=4 timeout=1-sec
module(usec) : 9(397) 10(613) 11(560) 12(593)
vsm# ping vsn ip 10.1.1.40 src-module vpath-all
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=0 timeout=1-sec
module(usec) : 9(698) 11(701) 12(826)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=1 timeout=1-sec
module(usec) : 9(461) 11(573) 12(714)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=2 timeout=1-sec
module(usec) : 9(447) 11(569) 12(598)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=3 timeout=1-sec
module(usec) : 9(334) 11(702) 12(559)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=4 timeout=1-sec
module(usec) : 9(387) 11(558) 12(597)
vsm#
|
|
---|---|
ping |
Activates a signal to verify connections with other devices on a path. |
To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
bootflash: |
Designates the policy agent image local URL as bootflash. |
None
VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to designate the local URL that contains the policy agent image:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# policy-agent-image bootflash:
|
|
---|---|
vnm-policy-agent |
Enables the VNM policy agent configuration mode. |
To pop a mode off the stack or to restore a mode, use the pop command.
pop file-name
file-name |
Name of the file. |
None
EXEC
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to restore from a file called file1:
vsm# pop file1
|
|
---|---|
push |
Pushes the current mode onto the stack. |
To create a port profile and enter port profile configuration mode, use the port-profile command. To remove the port profile configuration, use the no form of this command.
port-profile profile-name
no port-profile profile-name
profile-name |
Port profile name. The range of valid values is from 1 to 80. |
None
Global configuration (config)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
The port profile name must be unique for each port profile.
This example shows how to create a port profile called AccessProf:
vsm# configure
vsm(config)# port-profile AccessProf
vsm(config-port-prof)#
This example shows how to remove the port profile called AccessProf:
vsm# configure
vsm(config)# no port-profile AccessProf
vsm(config)#
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To push the current mode onto stack or to save it, use the push command.
push file-name
file-name |
Name of the file. |
None
EXEC
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to push file1 onto the stack:
vsm# push file1
|
|
---|---|
pop |
Pops the current mode off the stack. |
To set the service registry IP address, use the registration-ip command. To discard the service registry IP address, use the no form of this command.
registration-ip ip-address
no registration-ip
ip-address |
Service registry IP address. The format is A.B.C.D. |
None
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the service registry IP address:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# registration-ip 209.165.200.233
vsm(config-vnm-policy-agent)#
|
|
---|---|
vnm-policy-agent |
Enters the Cisco VNMC policy agent configuration mode. |
To set the shared secret password for communication between the Cisco Virtual Security Gateway (VSG), the Virtual Supervisor Module (VSM), and the Cisco Virtual Network Management Center (VNMC), use the shared-secret command. To discard the shared secret password, use the no form of this command.
shared-secret shared-secret-password
no shared-secret
shared-secret-password |
Shared secret password. The range of valid values is from 1 to 64. You must use at least one uppercase character. |
None
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
This example shows how to set the shared secret password:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# shared-secret Password123
vsm(config-vnm-policy-agent)#
|
|
---|---|
vnm-policy-agent |
Enters VNM policy agent configuration mode. |
To display the ports attached to the port profile where org is configured, use the show org port brief command.
show org port brief [port-profile pp_name | vethernet veth_num] [module module_num]
EXEC
Network-admin
Network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
You can use the following operators with the show vservice port brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filter the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display the port profile information:
Veth Mod VM-Name vNIC IP-Address
2 4 fc3-2610-4 2 100.1.1.1
5 5 fc3-2610-5 3 100.1.1.2
9 5 fc3-2610-6 1 100.1.1.3
To display the running configuration, use the show running-config command.
show running-config [aaa | aclmgr | all | am | arp | cdp | diff | exclude | expand-port-profile | icmpv6 | igmp | interface | ip | ipqos | ipv6 | l3vm | license | monitor | ntp | port-profile | port-security | radius | rpm | security | snmp | vdc-all | vlan | vshd | acllog | dhcp | vservices [node node-name | path path-name]]
None
EXEC
network-admin
network-operator
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
You can use the following operators with the show running-config command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the running configuration:
vsm# show running-config
!Command: show running-config
!Time: Tue Jan 4 17:20:05 2011
version 4.2(1)SV1(4)
no feature telnet
username admin password 5 $1$z3M0/3no$j77mpF9f/mqmd7/mEZ6RR1 role network-admin
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na. role network-operator
banner motd #Nexus 1000v Switch#
ip domain-lookup
ip domain-lookup
switchname vsm
vem 3
host vmware id 765186a7-eb7c-11de-b059-8843e1389748
vem 4
host vmware id 90a97ac6-31d7-11df-ad65-68efbdf622ca
vem 5
host vmware id 833fe152-3f8b-11df-bd70-68efbdf64970
snmp-server user admin network-admin auth md5 0x5ed3cfea7c44550ac3d18475f28b118b
priv 0x5ed3cfea7c44550ac3d18475f28b118b localizedkey
vrf context management
ip route 0.0.0.0/0 10.193.72.1
vlan 1,61-65
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile default port-binding static
port-profile type vethernet vm-clear
vmware port-group
switchport mode access
switchport access vlan 63
no shutdown
state enabled
port-profile type vethernet vsn-service
vmware port-group
switchport mode access
switchport access vlan 64
no shutdown
max-ports 1024
state enabled
port-profile type ethernet system-uplink
vmware port-group
switchport trunk allowed vlan 61-70
switchport mode trunk
no shutdown
system vlan 61-62
state enabled
port-profile type vethernet vsg129-2
vmware port-group
switchport mode access
switchport access vlan 63
org root/Canon
vn-service ip-address 10.10.129.2 vlan 64 security-profile sp-vsg2-1
no shutdown
state enabled
port-profile type vethernet vsg134-1
vmware port-group
switchport mode access
switchport access vlan 63
vn-service ip-address 10.10.134.1 vlan 64 mgmt-ip-address 10.10.73.132 security-profile sp1
no shutdown
state enabled
port-profile type vethernet vsg136-1
vmware port-group
switchport mode access
switchport access vlan 63
vn-service ip-address 10.10.136.1 vlan 64 mgmt-ip-address 10.10.73.137 security-profile sp1
no shutdown
state enabled
port-profile type vethernet vsg129_2-svc-vlan65
vmware port-group
switchport mode access
switchport access vlan 65
vn-service ip-address 10.10.129.2 vlan 64 mgmt-ip-address 10.10.73.131 security-profile sp1
no shutdown
state enabled
port-profile type vethernet vm-clear-vlan65
vmware port-group
switchport mode access
switchport access vlan 65
no shutdown
state enabled
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet vm-clear-vlan63
vmware port-group
switchport mode access
switchport access vlan 63
no shutdown
state enabled
vdc vsm id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
interface mgmt0
ip address 10.10.73.130/21
interface Vethernet1
inherit port-profile vm-clear-vlan63
description UD134-1,Network Adapter 2
vmware dvport 7489 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0029
interface Vethernet2
inherit port-profile vsg136-1
description UD136-1,Network Adapter 2
vmware dvport 7458 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0032
interface Vethernet3
inherit port-profile vm-clear-vlan63
description US136-1,Network Adapter 2
vmware dvport 7492 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0030
interface Vethernet4
inherit port-profile vsg129-2
description US129-1,Network Adapter 2
vmware dvport 6563 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.003E
interface Vethernet5
inherit port-profile vm-clear-vlan63
description US129-2,Network Adapter 2
vmware dvport 7491 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0040
interface Vethernet6
inherit port-profile vsn-service
description VSG134-1,Network Adapter 1
vmware dvport 3683 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.002C
interface Vethernet7
inherit port-profile vsn-service
description VSG129-2,Network Adapter 1
vmware dvport 3686 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0037
interface Vethernet8
inherit port-profile vsn-service
description VSG136-1,Network Adapter 1
vmware dvport 3684 dvswitch uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c"
vmware vm mac 0050.56BB.0034
interface Ethernet3/2
inherit port-profile system-uplink
interface Ethernet4/6
inherit port-profile system-uplink
interface Ethernet5/6
inherit port-profile system-uplink
interface control0
line console
boot kickstart bootflash:/ks.bin sup-1
boot system bootflash:/sys.bin sup-1
boot kickstart bootflash:/ks.bin sup-2
boot system bootflash:/sys.bin sup-2
svs-domain
domain id 61
control vlan 61
packet vlan 62
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 10.10.79.32 port 80
vmware dvs uuid "90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c" datacenter-name NAME/S
connect
vnm-policy-agent
registration-ip 10.193.73.144
shared-secret **********
policy-agent-image bootflash:/vnmc-vsmpa.1.0.0.512.bin
log-level
vsm#
|
|
---|---|
show aaa |
Displays AAA information. |
To display the configuration details of the virtual service nodes in the network, use the show running-config vservice node command.
show running-config vservice node (optional) [node-name]
This command has no arguments or keywords.
None
EXEC
Network-admin
Network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
You can use the following operators with the show running-config vservice node command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•node-name—Displays the configuration of the specified vservice node name.
•|—Pipes the command output to a filter.
This example shows how to display the information of the configured vservice nodes:
vsm# show running-config vservice node
!Command: show running-config vservice node
!Time: Mon Jul 9 16:10:19 2012
version 4.2(1)SV1(5.2)
vservice node vasatDbd5 type asa
ip address 172.8.8.201
adjacency l2 vxlan bridge-domain bd5555
fail-mode open
vservice node vasatCbd5 type asa
ip address 172.8.8.101
adjacency l2 vxlan bridge-domain bd5555
fail-mode open
vservice node vsntest type vsg
fail-mode close
vservice node testvwaas type vwaas
fail-mode close
vservice node test type vsg
adjacency l3
fail-mode open
vservice node testip type vsg
fail-mode close
vservice node vsgl2tC type vsg
ip address 10.10.10.103
adjacency l2 vlan 504
fail-mode close
vservice node vsgl2tA101 type vsg
ip address 10.10.10.101
adjacency l2 vlan 504
fail-mode close
vservice node vsgl2tB102 type vsg
ip address 10.10.10.102
adjacency l2 vlan 504
fail-mode close
vservice node vsgtCbd6 type vsg
ip address 10.10.10.103
adjacency l2 vxlan bridge-domain bd6666
fail-mode close
vservice node vsgl2tD104 type vsg
ip address 10.10.10.104
adjacency l2 vlan 504
fail-mode open
vservice node vsgl2tE105 type vsg
ip address 10.10.10.105
adjacency l2 vlan 504
fail-mode close
vservice node vsgl3tA101 type vsg
ip address 10.10.10.201
adjacency l3
fail-mode close
vservice node vsgl3tB102 type vsg
ip address 10.10.10.202
adjacency l3
fail-mode close
vservice node vsgl3tC103 type vsg
ip address 10.10.10.203
adjacency l3
fail-mode close
vservice node vsgl3tD104 type vsg
ip address 10.10.10.204
|
|
---|---|
vservice node |
Configures a virtual service node. |
To display the configuration details of the vservice paths, use the show running-config vservice path command.
show running-config vservice path (optional) [node-name]
This command has no arguments or keywords.
None
EXEC
Network-admin
Network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
You can use the following operators with the show running-config vservice path command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•node-name—Displays the configuration of the specified vservice node name.
•|—Pipes the command output to a filter.
This example shows how to display the information of the configured vservice nodes:
vsm# show running-config vservice path
!Command: show running-config vservice path
!Time: Mon Jul 9 16:52:55 2012
version 4.2(1)SV1(5.2)
vservice path sp-tDvsg504vasabd5
node vsgl2tD104 profile sp-tD order 1
node vasatDbd5 profile ep-tD order 100
vservice path sp-tDvsgl3vasabd5
node vsgl3tD104 profile sp-tD order 1
node vasatDbd5 profile ep-tD order 1000000000
vservice path sp-vsgl3tD
node vsgl3tD104 profile sp-tDl3
vservice path sp-vsgl2tD
node vsgl2tD104 profile sp-tD
vservice path sp-vsgbd6tC
node vsgtCbd6 profile sp-tC
vservice path sp-vasal2tC
node vasal2tC profile ep-tC order 10
vservice path sp-tCvsg504vasa503
node vsgl2tC profile sp-tC order 10
node vasal2tC profile ep-tC order 20
vservice path sp-tCvsgbd6vasa503
node vsgtCbd6 profile sp-tC order 10
node vasal2tC profile ep-tC order 20
vservice path sp-tCvsgbd6vasabd5
node vsgtCbd6 profile sp-tC order 1410065406
node vasatCbd5 profile ep-tC order 1410065407
vservice path sp-tDedittest
node vsgl3tD104 profile sp-tD order 1
node vasatDbd5 profile ep-tD order 22
vservice path sptest
vservice path sp-tEvsgl3
node vsgl3tE105 profile sp-tE order 10
vservice path sp-tDvasabd5
node vasatDbd5 profile ep-tD order 100
|
|
---|---|
vservice path |
Configures a service path. |
To display the installation status of a policy agent, use the show vnm-pa status command.
show vnm-pa status
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
You can use the following operators with the show vnm-pa status command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the installation status of the policy agent:
vsm# configure
vsm(config)# show vnm-pa status
VNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsm
vsm(config)#
|
|
---|---|
vnm-policy-agent |
Enters the Cisco VNMC policy agent configuration mode. |
To display only a brief summary about the Virtual Service Nodes (VSN), use the show vservice brief command.
show vservice brief [node-l3 node-ipaddr ip-addr | node-l3 module module-num] [ node-vxlan bridge-domain bridge-domain-name] | node-vlan vlan-id| node-name node name | module module-num
None
EXEC
network-admin
network-operator
You can use the following operators with the show vservice brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display brief information about the Cisco VSGs:
vsm# show vservice brief
#License Information
Type In-Use
vsg 0
asa 2
#Node Information
ID Name Type IP-Address Mode State Module
1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4,
12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive?? 4,6,
13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4,
18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6,
19 vsgl3tE105 vsg 10.10.10.205 l3 Unreach 4,6,
#Path Information
#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,
Node Order Profile
vsgl3tD104 1 sp-tD
vasatDbd5 1000000000 ep-tD
#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Node Order Profile
vsgtCbd6 -- sp-tC
|
|
---|---|
show vsn port vethernet |
Displays vEth port information. |
To display VSN connections, use the show vservice connection command.
show vservice connection [node-name node-name] [node-vxlan bridge-domain bdname | node-vlan vlan-num | node-l3 [node-ipaddr ip-addr | module module-num] | node-ipaddr ip-addr] | path-name path-name | port-profile port-profile-name | service-profile service-profile-name]
None
EXEC
network-admin
network-operator
You can use the following operators with the show vservice connection command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display Cisco VSG connections:
vsm# show vservice connection
module node_l3 node_vlan
node_ipaddr node_name node_vxlan
Actions(Act):
d - drop s - reset
p - permit t - passthrough
r - redirect e - error
_ - not processed yet upper case - offloaded
Flags:
A - seen ack for syn/fin from src a - seen ack for syn/fin from dst
E - tcp conn established (SasA done)
F - seen fin from src f - seen fin from dst
R - seen rst from src r - seen rst from dst
S - seen syn from src s - seen syn from dst
T - tcp conn torn down (FafA done) x - IP-fragment connection
#Node vsgl2tD104
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Path sp-vsgbd6tC
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Module 6
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Path sp-tDvsgl3vasabd5
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Node vsgtCbd6
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Module 6
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Node vsgl3tE105
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Module 6
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Node vsgl3tD104
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
#Module 6
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
|
|
---|---|
show vsn port vethernet |
Displays port information. |
To display detailed information about the Virtual Service Nodes (VSN), use the show vservice detail command.
show vservice detail {module module_num | node_ipaddr ip_addr | node_l3 node_l3 | node_name node_name | node_vxlan vxlan_num | node_vlan vlane_num | path_name path_name port-profile port_profile| service-profile sevice_profile}
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
You can use the following operators with the show vsn detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display detailed information about Cisco VSGs:
vsm# show vservice detail
-----------------
#VSN VLAN: -, IP-ADDR: 10.1.1.40
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
9 - Close Up
11 - Close Up
12 - Close Up
#VSN VLAN: -, IP-ADDR: 10.1.1.68
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
12 - Close Up
#VSN VLAN: 502, IP-ADDR: 10.1.1.45
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
11 00:50:56:8f:5a:bb Close Up
12 00:50:56:8f:5a:bb Close Up
#VSN VLAN: 501, IP-ADDR: 10.1.1.44
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
9 00:50:56:8f:5a:85 Close Up
11 00:50:56:8f:5a:85 Close Up
#VSN VLAN: 501, IP-ADDR: 10.1.1.40
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
9 00:50:56:8e:35:bd Close Up
11 00:50:56:8e:35:bd Close Up
#VSN VLAN: 501, IP-ADDR: 10.1.1.41
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
11 00:50:56:8f:5a:7f Close Up
#VSN Ports, Port-Profile, Org & Security-Profile Association:
#VSN VLAN: -, IP-ADDR: 10.1.1.40
Port-Profile: segment-5000-routed, Security-Profile: tenant1-sp1, Org: root/tenant1
Module Vethernet
9 4
11 36, 25
12 69, 26, 67
Port-Profile: segment-5001, Security-Profile: tenant1-sp1, Org: root/tenant1
Module Vethernet
9 45
#VSN VLAN: -, IP-ADDR: 10.1.1.68
Port-Profile: N1010-L3, Security-Profile: n1010-sp, Org: root/tenant1
Module Vethernet
12 41, 46
#VSN VLAN: 502, IP-ADDR: 10.1.1.45
Port-Profile: segment-5002, Security-Profile: tenant3-sp2, Org: root/tenant3
Module Vethernet
3 84, 85
4 86
Port-Profile: tenant3-sp2, Security-Profile: tenant3-sp2, Org: root/tenant3
Module Vethernet
11 37, 40, 39, 38
12 74
#VSN VLAN: 501, IP-ADDR: 10.1.1.44
Port-Profile: tenant1-vsg2, Security-Profile: tenant1-sp2, Org: root/tenant1
Module Vethernet
9 49, 55, 54, 53, 52, 51, 50, 56, 63, 62,
61, 60, 59, 58, 57, 6, 7, 13, 14, 15,
2, 1
11 16, 17, 22, 21, 20, 19, 18
#VSN VLAN: 501, IP-ADDR: 10.1.1.40
Port-Profile: data-53, Security-Profile: tenant1-sp1, Org: root/tenant1
Module Vethernet
9 24
11 23
#VSN VLAN: 501, IP-ADDR: 10.1.1.41
Port-Profile: tenant2, Security-Profile: tenant2-sp1, Org: root/tenant2
Module Vethernet
11 68, 12, 72
vsm#
-------------------
|
|
---|---|
show vservice port vethernet |
Displays information about virtual Ethernet (vEth) ports. |
To display only a brief summary about the virtual service node license information, use the show vservice license brief command.
show vservice license brief
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
You can use the following operators with the show vnm-pa status command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the brief information about the license:
n1000v# show vservice license brief
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Type In-Use-Lic-Count UnLicensed-Mod
vsg 6
asa 2
|
|
---|---|
show license usage |
Displays the licenses in use on each VEM. |
To display the detail about the virtual service node license information, use the show vservice license detail command.
show vservice license detail {module module_num}
module |
Filters the module number. |
module_num |
Specifies the module number to see all the VSN connections on the module. The range is from 3 to 66. |
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2.1SV1(5.2) |
This command was introduced. |
You can use the following operators with the show vnm-pa status command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the brief information about the license:
n1000v# show vservice license detail module 4
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Mod VSG-Lic-Count ASA-Lic-Count
4 2 2
|
|
---|---|
show license usage |
Displays the licenses in use on each VEM. |
To display only summary about the MAC address of the virtual service node, use the show vservice node mac brief command.
show vservice node mac brief
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
---|---|
4.2.1SV1(5.2) |
This command was introduced. |
You can use the following operators with the show vservice node brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the MAC address of the Cisco virtual service node
n1000v# show vservice node mac brief
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
ID Type IP-Address MAC-Addr Mode Fail State Module
1 asa 172.8.8.201 00:50:56:b5:37:8f vxlan open Alive 4,
12 vsg 10.10.10.103 00:50:56:b5:25:f7 vxlan close Alive 4,6,7,
13 vsg 10.10.10.104 00:50:56:b5:6d:36 v-504 close Alive 4,
18 vsg 10.10.10.204 00:00:00:00:00:00 l3 open Alive 4,6,
|
|
---|---|
show vservice node brief |
Displays summary of virtual service node. |
To display only the summary about the Cisco virtual service node, use the show vservice node brief command.
show vservice node brief [name node-name| vxlan bridge-domain bdname | vlan vlan_num | l3 ip-addr ip-addr | l3 module module-num] | ipaddr ip-addr | module module-num]
None
EXEC
network-admin
network-operator
You can use the following operators with the show vservice node brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display summary information about Cisco VSN.
n1000v# show vservice node brief
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
ID Name Type IP-Address Mode State Module
1 vasatDbd5 asa 172.8.8.201 vxlan Alive 4,
12 vsgtCbd6 vsg 10.10.10.103 vxlan Alive 4,6,7,
13 vsgl2tD104 vsg 10.10.10.104 v-504 Alive 4,
18 vsgl3tD104 vsg 10.10.10.204 l3 Alive 4,6,
|
|
---|---|
show vservice node detail |
Displays detailed information about virtual service node. |
To display the detail about the Cisco virtual service node, use the show vservice node detail command.
show vservice node detail [name node-name| vxlan bridge-domain bdname | vlan vlan_num | l3 ip-addr ip-addr | l3 module module-num] | ipaddr ip-addr | module module-num]
None
EXEC
network-admin
network-operator
You can use the following operators with the show vsn connection command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display Cisco VSG service node?
n1000v# show vservice node detail
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
Node ID:1 Name:vasatDbd5
Type:asa IPAddr:172.8.8.201 Fail:open Vxlan:bd5555
Mod State MAC-Addr VVer
4 Alive 00:50:56:b5:37:8f 2
Node ID:12 Name:vsgtCbd6
Type:vsg IPAddr:10.10.10.103 Fail:close Vxlan:bd6666
Mod State MAC-Addr VVer
4 Alive 00:50:56:b5:25:f7 2
6 Alive 00:50:56:b5:25:f7 2
7 Alive 00:50:56:b5:25:f7 2
Node ID:13 Name:vsgl2tD104
Type:vsg IPAddr:10.10.10.104 Fail:close Vlan:504
Mod State MAC-Addr VVer
4 Alive 00:50:56:b5:6d:36 2
Node ID:18 Name:vsgl3tD104
Type:vsg IPAddr:10.10.10.204 Fail:open L3
Mod State MAC-Addr VVer
4 Alive -- 2
6 Alive -- 2
|
|
---|---|
show vservice node brief |
Displays brief information about virtual service node. |
To only display the summary of the vservice path, use the show vservice path brief command.
show vservice path brief [module module-number | name name]
module |
(Optional). |
module-number |
|
name |
Filters the path name to the service node. |
name |
Specifies the path name to the service node |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
This example shows how to show the vservice path:
vsm# show vservice path brief
module name
#Path Information
#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,
Node Order Profile
vsgl3tD104 1 sp-tD
vasatDbd5 1000000000 ep-tD
#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Node Order Profile
vsgtCbd6 -- sp-tC
|
|
---|---|
show vservice path detail |
Displays the details of the vservice path. |
To only display the details of the vservice path, use the show vservice path detail command.
show vservice path detail [module module-number | name name]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
This example shows how to show the vservice path:
vsm# show vservice path detail
module name
#Path Information
#Path ID:2 NumOfSvc:2 Name:sp-tDvsgl3vasabd5 Mod:4,
Node Order Profile
vsgl3tD104 1 sp-tD
vasatDbd5 1000000000 ep-tD
#Path ID:5 NumOfSvc:1 Name:sp-vsgbd6tC Mod:4,6,
Node Order Profile
vsgtCbd6 -- sp-tC
|
|
---|---|
show vservice path brief |
Displays a summary of the vservice path. |
To display a brief summary of the configured ports in the network, use the show vservice port brief command.
show vservice port brief {module module_num | node-ipaddr ip_addr | node-l3[node-ipaddr ip-addr | module module-num] | node-name node_name | node-vlan vlan-num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
EXEC
Network-admin
Network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
You can use the following operators with the show vservice port brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filter the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display the brief summary information of the vservice ports per module number 4:
vsm# show vservice port brief module 4
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:tC-bd5-vsgbd6
Org:root/tC
Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Veth Mod VM-Name vNIC IP-Address
9 4 cos-8.10-bd5-spvsgbd6 2 172.8.8.10,
23 4 cos-8.41-bd6-vsgbd6 1 172.8.8.41,
37 4 xp-8.11-504-vsg504 1 172.8.8.11,
51 4 cos-8.37-503-s...04vasa503 1 172.8.8.37,
53 4 cos-8.31-503-vsgbd6 1 172.8.8.31,
PortProfile:tD-bd5-spvsgl3vasabd5
Org:root/tD
Path:sp-tDvsgl3vasabd5
Node Profile(Id)
vsgl3tD104(10.10.10.204) sp-tD(6)
vasatDbd5(172.8.8.201) ep-tD(8)
Veth Mod VM-Name vNIC IP-Address
72 4 cos-8.40-bd5-s...l3vasabd5 1 172.8.8.40,
PortProfile:tD-504-vsg504
Org:root/tD
Node:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6)
Veth Mod VM-Name vNIC IP-Address
69 4 cos-8.38-504-vsg504 1 172.8.8.38,
PortProfile:tD-bd5-vsgl3
Org:root/tD
Node:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7)
Veth Mod VM-Name vNIC IP-Address
50 4 2k3-9.8-bd6-spvsgl3 1 172.9.9.8,
PortProfile:tC-bd6-vsgbd6
Org:root/tC
Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Veth Mod VM-Name vNIC IP-Address
11 4 cos-9.13-bd6-vsgl3 1 172.9.9.13,
|
|
---|---|
vservice port detail |
Displays details of the configured ports in the network. |
To display details of the configured ports in the network, use the show vservice port detail command.
show vservice port detail {module module_num | node-ipaddr ip_addr | node-l3[node-ipaddr ip-addr | module module-num] | node-name node_name | node-vlan vlan_num | node-vxlan bridge-domain bdname| path-name path_name | port-profile port_profile | service-profile service_profile | vethernet vethernet_num}
EXEC
Network-admin
Network-operator
|
|
---|---|
4.1(2)SV1(5.2) |
This command was introduced. |
You can use the following operators with the show vservice port detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filter the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display the detailed information of the vservice ports per module number 4:
vsm# show vservice port detail module 4
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:tC-bd5-vsgbd6
Org:root/tC
Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Veth9
Module :4
VM-Name :cos-8.10-bd5-spvsgbd6
vNIC:Network Adapter 2
DV-Port :4421
VM-UUID :50 35 a1 39 18 76 76 18-89 89 27 33 1a 30 50 20
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.10,
Veth23
Module :4
VM-Name :cos-8.41-bd6-vsgbd6
vNIC:Network Adapter 1
DV-Port :4425
VM-UUID :50 35 d5 98 de c1 04 5b-3e 84 a6 2c 9f 04 2b c2
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.41,
Veth37
Module :4
VM-Name :xp-8.11-504-vsg504
vNIC:Network Adapter 1
DV-Port :4424
VM-UUID :50 35 bc 16 8c fa a8 66-ae d9 1f ca 30 e5 21 3e
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.11,
Veth51
Module :4
VM-Name :cos-8.37-503-s...04vasa503
vNIC:Network Adapter 1
DV-Port :4416
VM-UUID :50 35 1d f6 ba 4e 26 7e-78 02 03 a8 cf c6 ed d9
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.37,
Veth53
Module :4
VM-Name :cos-8.31-503-vsgbd6
vNIC:Network Adapter 1
DV-Port :4420
VM-UUID :50 35 42 e3 93 f9 aa 46-3e 94 bb fd 39 23 a7 c0
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.31,
PortProfile:tD-bd5-spvsgl3vasabd5
Org:root/tD
Path:sp-tDvsgl3vasabd5 NumOfSvc:2
Node Profile(Id)
vsgl3tD104(10.10.10.204) sp-tD(6)
vasatDbd5(172.8.8.201) ep-tD(8)
Veth72
Module :4
VM-Name :cos-8.40-bd5-s...l3vasabd5
vNIC:Network Adapter 1
DV-Port :3712
VM-UUID :50 35 af 46 40 bb ef 61-37 9e c7 6f 5a 97 4e 18
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.40,
PortProfile:tD-504-vsg504
Org:root/tD
Node:vsgl2tD104(10.10.10.104) Profile(Id):sp-tD(6)
Veth69
Module :4
VM-Name :cos-8.38-504-vsg504
vNIC:Network Adapter 1
DV-Port :4642
VM-UUID :50 35 9a 63 d0 6a ff de-a5 66 65 2c 06 be e4 c1
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.8.8.38,
PortProfile:tD-bd5-vsgl3
Org:root/tD
Node:vsgl3tD104(10.10.10.204) Profile(Id):sp-tDl3(7)
Veth50
Module :4
VM-Name :2k3-9.8-bd6-spvsgl3
vNIC:Network Adapter 1
DV-Port :3777
VM-UUID :50 35 93 44 8b 31 35 e1-02 50 e1 5c 5e 3f 51 2a
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.9.9.8,
PortProfile:tC-bd6-vsgbd6
Org:root/tC
Node:vsgtCbd6(10.10.10.103) Profile(Id):sp-tC(5)
Veth11
Module :4
VM-Name :cos-9.13-bd6-vsgl3
vNIC:Network Adapter 1
DV-Port :4832
VM-UUID :50 35 f0 fb 15 4a 2b 46-4c 69 4c 24 d3 ab ff 0f
DVS-UUID:6f df 35 50 6b 49 88 d0-ce 2f 69 82 57 25 38 55
IP-Addrs:172.9.9.13,
|
|
---|---|
show vservice port brief |
Displays a brief summary of the configured ports in the network. |
To display information about virtual Ethernet (vEth) ports, use the show vsn port vethernet command.
show vsn port vethernet port-number
port-number |
Port number. The range is from 1 to 1048575. |
None
EXEC
network-admin
network-operator
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
You can use the following operators with the show vsn port vethernet command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display information about vEth port 2:
vsm# show vsn port vethernet 2
Veth : Veth2
VM Name : UD136-1
VM uuid : 42 3b e1 60 17 e6 92 c4-3b 47 f4 b7 4c a0 be 1b
DV Port : 7458
DVS uuid : 90 33 3b 50 c2 11 2a 50-ae c5 0f 07 b2 b3 23 2c
Flags : 0x148
VSN Data IP : 192.168.136.1
Security Profile : sp1
Org : Not set
VNSP id : 1
IP addresses:
vsm#
|
|
---|---|
show vservice statistics |
Displays virtual service node statistics. |
To display the information about the configuration, MAC address, state of associated Cisco VSG and Virtual Ethernet Module (VEM), Veths to which Cisco VSGs are bound, and Virtual Service Node (VSN) statistics for all VEM modules associated with Cisco VSGs, use show vservice statistics command.
show vservice statistics [ip ip-addr | module module-num | vlan vlan-num]
None
EXEC
network-admin
network-operator
You can use the following operators with the show vservice statistics command:
•>—Redirects the output to a file.
•
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display statistics for a module:
vsm# show vservice statistics module 4
#VSN VLAN: 0, IP-ADDR: 10.10.10.205
Module: 4
#VPath Packet Statistics Ingress Egress Total
Total Seen 25 39 64
Policy Redirects 16 21 37
No-Policy Passthru 4666 3609 8275
Policy-Permits Rcvd 16 21 37
Policy-Denies Rcvd 0 0 0
Permit Hits 9 18 27
Deny Hits 0 0 0
Decapsulated 16 21 37
Fail-Open 0 0 0
Badport Err 0 0 0
VSN Config Err 0 0 0
VSN State Down 2380 10765 13145
Encap Err 0 0 0
All-Drops 2380 10765 13145
Flow Notificns Sent 0
Total Rcvd From VSN 42
Non-Cisco Encap Rcvd 0
VNS-Port Drops 5
Policy-Action Err 0
Decap Err 0
L2-Frag Sent 0
L2-Frag Rcvd 0
L2-Frag Coalesced 0
Encap exceeded MTU 0
ICMP Too Big Rcvd 0
#VPath Flow Statistics
Active Flows 0 Active Connections 0
Forward Flow Create 11 Forward Flow Destroy 11
Reverse Flow Create 11 Reverse Flow Destroy 11
Flow ID Alloc 22 Flow ID Free 22
Connection ID Alloc 11 Connection ID Free 11
L2 Flow Create 0 L2 Flow Destroy 0
L3 Flow Create 0 L3 Flow Destroy 0
L4 TCP Flow Create 0 L4 TCP Flow Destroy 0
L4 UDP Flow Create 22 L4 UDP Flow Destroy 22
L4 Oth Flow Create 0 L4 Oth Flow Destroy 0
Embryonic Flow Create 0 Embryonic Flow Bloom 0
L2 Flow Timeout 0 L2 Flow Offload 0
L3 Flow Timeout 0 L3 Flow Offload 0
L4 TCP Flow Timeout 0 L4 TCP Flow Offload 0
L4 UDP Flow Timeout 59 L4 UDP Flow Offload 37
L4 Oth Flow Timeout 0 L4 Oth Flow Offload 0
Flow Lookup Hit 90 Flow Lookup Miss 22
Flow Dual Lookup 112 L4 TCP Tuple-reuse 0
TCP chkfail InvalACK 0 TCP chkfail SeqPstWnd 0
TCP chkfail WndVari 0
Flow Classify Err 0 Flow ID Alloc Err 0
Conn ID Alloc Err 0 Hash Alloc Err 0
Flow Exist 0 Flow Entry Exhaust 0
Flow Removal Err 0 Bad Flow ID Receive 37
Flow Entry Miss 0 Flow Full Match Err 0
Bad Action Receive 0 Invalid Flow Pair 0
Invalid Connection 0
Hash Alloc 0 Hash Free 0
InvalFID Lookup 37 InvalFID Lookup Err 0
Deferred Delete 0
vsm#
|
|
---|---|
show vservice port vethernet |
Displays information about virtual Ethernet (vEth) ports. |
To configure the Cisco Nexus 1000V switch to perform TCP state checks, use the tcp state-checks command. To return to the default setting, use the no form of the command.
tcp state-checks [invalid-ack | seq-past-window | window-variation]
no tcp state-checks [invalid-ack | seq-past-window | window-variation]
The default behavior of the TCP checks is as follows:
•invalid-ack—Enabled.
•seq-past-window—Enabled.
•window-variation—Disabled.
vservice global configuration (config-vservice-global)
network-admin
system-admin
|
|
---|---|
4.2(1)SV2(1.1) |
This command was modified to add the invalid-ack, seq-past-window, and window-variation TCP state checks. |
4.2(1)VSG1(4a) |
This command was introduced. |
Because the default TCP state checks in vPath are different for each check, the no form of this command may enable or disable the respective checks. See the "Defaults" section, before you enter the no form of this command.
This example shows how to configure the switch to perform the default TCP state checks:
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)# tcp state-checks
This example shows how to enable the seq-past-window TCP state check:
n1000v(config-vservice-global)# tcp state-checks seq-past-window
This example shows how to disable the invalid-ack TCP state check:
n1000v(config-vservice-global)# no tcp state-checks invalid-ack
|
|
---|---|
vservice global type vsg |
Enters the vservice global configuration mode. |
bypass asa-traffic |
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain. |
To assign a data IP address, a VLAN number, and a profile to a Cisco VSG L2 mode, use the vn-service ip-address command. To disable the data IP address, use the no form of the command.
vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]
no vn-service ip-address ip-address vlan vlan-number [fail {close | open} | security-profile profile-name]
To assign a data IP address and a profile to a Cisco VSG L3 mode, use the vn-service ip-address command. To disable the data IP address, use the no form of the command.
vn-service ip-address ip-address l3-mode [fail {close | open} | security-profile profile-name]
no vn-service ip-address ip-address l3-mode [fail {close | open} | security-profile profile-name]
Fail close
Port profile configuration (config-port-prof)
network-admin
|
|
---|---|
4.2(1)SV1(5.1) |
This command was changed to include the command syntax and description for the L3 mode. |
4.0(4)SV1(1) |
This command was introduced. |
Use the vn-service ip-address command to configure the IP address, VLAN, and security profile for the Cisco VSG, and optionally to allow for a fail-safe configuration.
The fail mode specifies what the behavior is when the Virtual Ethernet Module (VEM) does not have connectivity to the Cisco VSG. The default fail mode is close, which means that the packets are dropped. The open fail mode means that packets are passed.
The security profile name must match one of the security profiles created on the Cisco VSG.
The IP address must match the data interface IP address on the Cisco VSG.
This example shows how to assign the IP address and VLAN number and how to specify that packets are to be passed when the Cisco VSG fails:
vsm# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# vn-service ip-address 209.165.200.236 vlan 2 fail open
vsm(config-port-prof)#
|
|
---|---|
show virtual-service-domain |
Displays virtual service domain information. |
To associate a port-profile with a service node or path, use the vservice command from the config-port-profile mode of the port-profile. To delete a port-profile configuration, use the no form of this command.
vservice {node node_name [profile profile_name] | path svc_path_name}
no vservice
None
Port-profile configuration (config-port-prof)
Network-admin
|
|
---|---|
4.2(1)SV1(5.2) |
This command was introduced. |
You can associate either the service node or path to the chosen port-profile entity. Both, the node as well as the path need to be pre-defined. If the node is of type VSG or ASA, then specifying a profile is mandatory. However, it is optional in case of a vWAAS or ACE nodes.
This example shows how to configure a port-profile with a node and service profile:
vsm(config)# port-profile port1 <-------- Enter the mode of the port-profile entity you
want to configure
vsm(config-port-prof)# vservice node vsg1 profile sp1
vsm(config-port-prof)#
This example shows how to configure a port-profile entity with a service path:
vsm(config-port-prof)# vservice path vpath1
vsm(config-port-prof)#
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To configure a service node, use the vservice node command. To disable a service node, use the no form of the command.
vservice node node_name type {vsg | asa | ace }
ip address ip-address | no ip address
adjacency {l2 {vlan vlan-number} | {vxlan bridge-domain bd-name} | l3} | no adjacency failmode {close | open} | no failmode
no vservice node node_name
no ip address
no adjacenc
no failmode
None
Global configration (config)
Network-admin
|
|
---|---|
4.2(1)SV1(5.2) |
This command was introduced. |
Use the vservice node command to configure a service node with an existing Cisco VSG, ASA, or ACE. That node in turn is associated with either a port profile or a vservice path.
You can only delete inactive vservice nodes. The inactive nodes are not configured with any virtual machines or service paths.
This example shows how to enter the vservice-node mode, and configure the IP address of a vservice node, adjacency, and fail-mode settings:
vsm(config)# vservice node test type vsg <------- enter the vservice-node mode
vsm(config-vservice-node)# ip address 1.1.11.11
vsm(config-vservice-node)# adjacency l2 vlan 100
vsm(config-vservice-node)# fail-mode close
vsm(config-vservice-node)#
|
|
---|---|
show vservice node brief |
Displays the vservice node information, in brief. |
show vservice node detail |
Displays the vservice node information, in detail. |
To configure a path for service chaining, use the vservice path command. To disable a service path, use the no form of the command.
vservice path svc_path_name
node node_name [profile prof_name] order order_num
no vservice path svc_path_name
no node node_name
None
Global configuration (config)
Network-admin
|
|
---|---|
4.2(1)SV1(5.2) |
This command was introduced. |
You can configure up to 3 service nodes in one vservice path. The supported nodes are the Cisco VSG, vWAAS, and ASA. The specified node_name has to be pre-defined. Specifying a profile is mandatory for VSG and ASA, but not for vWAAS. For a given path, the ASA node must be configured last. At the end, you can disable a vservice-path from within its mode as well as at the global configuration level.
This example shows how to enter the vservice-path mode, and specify the name of a vservice node, port profile, and the order number:
vsm(config)# vservice path test <------- enter the vservice-path mode
vsm(config-vservice-path)# node test1 profile test2 order 100
vsm(config-vservice-path)#
This example shows how to disable a vservice-path:
vsm(config)# no vservice path test
vsm(config)#
|
|
---|---|
show vservice path brief |
Displays the vservice path information in brief. |
show vservice path detail |
Displays the vservice path information in detail. |
To assign VSG and ASA licenses to specific modules, use the vservice license command. You can transfer the licenses within the modules and license pool. This command also enables (activate) the volatile licenses. To disable volatile licenses, use the no form of the command.
vservice license type {vsg | asa} {transfer | volatile} {src-module mod_no | license-pool} {dst-module mod_no | license-pool}
[no] vservice license type {vsg | asa} volatile
None
EXEC
Network-admin
|
|
---|---|
4.2(1)SV1(5.2) |
This command was introduced. |
You cannot transfer volatile licenses to the license-pool. Thus, you cannot specify any keyword after you type "volatile" at the command line.
This example shows how to transfer a VSG license from a module to the license pool:
vsm(config)# vservice license type vsg transfer src-module 4 license-pool
vsm(config)#
This example shows how to transfer an ASA license from one module to another:
vsm(config)# vservice license type asa transfer src-module 12 dst-module 34
vsm(config)#
This example shows how to enable volatile VSG licenses:
vsm(config)# vservice license type vsg volatile
vsm(config)#
This example shows how to disable volatile ASA licenses:
vsm(config)# no vservice license type asa volatile
vsm(config)#
|
|
---|---|
show vservice license brief |
Displays usage information per license type. |
show vservice license detail |
Displays the license type per module. |
To enter Cisco Virtual Network Management Center (VNMC) policy agent mode, use the vnm-policy-agent command.
vnm-policy-agent
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
Use the Cisco VNMC policy agent configuration mode to configure policy agents.
This example shows how enter policy agent mode:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)#
|
|
---|---|
configure |
Enters global configuration mode. |
To enter the vservice global configuration mode, use the vservice global type vsg command.
vservice global type vsg
This command has no keywords or arguments.
None
vservice global configration (config-vservice-global)
network-admin
|
|
---|---|
4.2(1)SV1(5.2) |
This command was introduced. |
This example shows how to enter the vservice global configuration mode:
n1000v# configure <------ enter the config mode
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)#
|
|
---|---|
bypass asa-traffic |
Configures the switch traffic to bypass the Cisco VSG nodes in a service chain. |
tcp state-checks |
Configures selective TCP state checks on the switch traffic. |