The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about the Cisco Virtual Security Gateway (VSG) related commands on the Cisco Nexus 1000V Series switch and the Cisco Cloud Services Platform networking appliance.
To configure a port profile to be used with l3-vn-service, use the capability l3-vservice command. To remove the capability from a port profile, use the no form of this command.
capability l3-vservice
no capability l3-vservice
This command has no arguments or keywords.
None
port-profile configuration (config-port-prof)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to configure a port profile to be used with l3-vservice:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# capability l3-vservice
This example shows how to remove the l3-vservice configuration from the port profile:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# no capability l3-vservice
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To clear the Cisco vservice connections, use the clear vservice connection command.
clear vservice connection [module module-num]
module |
(Optional) Clears a specific module. |
module-num |
Module number. The range is from 3 to 66. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to clear Cisco VSG connections:
vsm# clear vservice connection
|
|
---|---|
show vservice |
Displays Cisco VSG information. |
To clear the Cisco vservice statistics, use the clear vservice statistics command.
clear vservice statistics [module module-number | ip <ip-address>]
module |
(Optional) Clears a module. |
module-number |
Module number. The range is from 3 to 66. |
ip |
IP address. |
ip-address |
IP address. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to clear Cisco VSG vservice statistics for existing modules:
vsm# clear vservice statistics
Cleared statistics successfully in module 4
Cleared statistics successfully in module 6
|
|
---|---|
show vservice |
Displays Cisco VSG information. |
To copy the running configuration to the startup configuration, use the copy running-config startup-config command.
copy running-config startup-config
This command has no arguments or keywords.
None
Any command mode
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.
This example shows how to save the running configuration to the startup configuration:
vsm# copy running-config startup-config
[########################################] 100%
To set logging severity levels for the Cisco Virtual Network Management Center (VNMC) policy agent, use the log-level command. To reset logging levels, use the no form of this command.
log-level {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
no {critical | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn}
None
Cisco VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to set the logging level to critical:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# log-level critical
|
|
---|---|
vnm-policy-agent |
Enables the Cisco VNMC policy agent configuration mode. |
To create a Cisco Virtual Network Management Center (VNMC) organization (domain), use the org command. To delete a Cisco VNMC organization, use the no form of this command.
org organization-name
no org [organization-name]
organization-name |
Organization name. The number of characters is from 1 to 251. |
None
Port profile configuration (config-port-prof)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Cisco VNMC organizations are Cisco VNMC domains.
You can hierarchically manage Cisco VNMC organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an engineering organization can contain a software engineering organization and a hardware engineering organization. A locale that contains only the software engineering organization has access to system resources only within that organization. However, a locale that contains the engineering organization has access to the resources for both the software engineering and hardware engineering organizations.
This example shows how to create an organization:
vsm# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsm(config)# port-profile pP1
vsm(config-port-prof)# org root/tenant1
vsm(config-port-prof)#
|
|
---|---|
vservice |
Sets the IP address for a virtual firewall. |
To ping the virtual service nodes (VSN) from the vPath, use the ping vsn command. There is no no form of this command.
ping vsn {all | {ip <ip-addr>}} src-module {all | vpath-all | <module-num>} [timeout <secs>] [count {unlimited | <count>}]
None
EXEC
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
There is no no form of this command.
This example shows how to ping a Cisco VSG:
vsm# ping ?
<CR>
A.B.C.D or Hostname IP address of remote system
WORD Enter Hostname
mpls Ping an MPLS network
multicast Multicast ping
vsn VSNs to be pinged
vsm# ping vsn
Input parameters:
· vsn : VSNs to be pinged.
o all : All VSNs that are currently associated to at least one VM. In other words, all VSNs specified in port-profiles that are bound to at least one VM.
o ip-addr <ip-addr> : All VSNs configured with this IP address.
· src-module : Source modules to orginate ping request from.
o all : All online modules.
o vpath-all : All modules having VMs associated to port-profiles that has vn-service defined.
o <module-num> : A online module number.
· timeout <secs> : Time to wait for response from VSNs, in seconds. Default is 1 sec.
· count : Number of ping packets to be sent.
o <count> : Sepcifies number of ping packets to be sent. Default is 5. Min 1, Max 2147483647.
o unlimited : Send ping packets until command is stopped.
Specify the IP address if the VSN to be pinged is not associated to any VMs yet.
In the output, the status of the ping request for each VSN for each module is shown. On a successful ping, the round-trip time of the ping request/response for a VSN is shown in microseconds next to the module number. On a failure, the failure message is shown next to the module number.
Various forms:
ping vsn all src-module all (Ping all VSNs from all modules)
ping vsn all src-module vpath-all (Ping all VSNs from all modules having
VMs associated to VSNs)
ping vsn all src-module 3 (Ping all VSNs from the specified module)
ping vsn ip 106.1.1.1 src-module all (Ping specified VSN from all modules)
ping vsn ip 106.1.1.1 src-module vpath-all (Ping specified VSN from all modules
having VMs associated to VSNs)
This example shows that the timeout and count options apply to all of the above commands:
ping vsn all src-vpath all timeout 2 count 10
ping vsn all ip 106.1.1.1 count unlimited
Errors:
VSN response timeout - VSN is down, not reachable or not responding.
VSN ARP not resolved - VEM couldn't resolve MAC address of VSN.
no response from VEM - VEM is not sending ping response to VSM. Can happen when VEM
is down and VSM not detected it yet.
These examples show how to display all of the source module traffic:
vsm# ping vsn all src-module all
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec) : 9(508)
module(failed) : 10(VSN ARP not resolved) 11(VSN ARP not resolved)
12(VSN ARP not resolved)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=0 timeout=1-sec
module(usec) : 9(974) 11(987) 12(1007)
module(failed) : 10(VSN ARP not resolved)
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=1 timeout=1-sec
module(usec) : 9(277) 10(436) 11(270) 12(399)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=1 timeout=1-sec
module(usec) : 9(376) 10(606) 11(468) 12(622)
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=2 timeout=1-sec
module(usec) : 9(272) 10(389) 11(318) 12(357)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=2 timeout=1-sec
module(usec) : 9(428) 10(632) 11(586) 12(594)
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec) : 9(284) 10(426) 11(331) 12(387)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=3 timeout=1-sec
module(usec) : 9(414) 10(663) 11(644) 12(698)
ping vsn 10.1.1.44 vlan 0 from module 9 10 11 12, seq=4 timeout=1-sec
module(usec) : 9(278) 10(479) 11(334) 12(469)
ping vsn 10.1.1.40 vlan 0 from module 9 10 11 12, seq=4 timeout=1-sec
module(usec) : 9(397) 10(613) 11(560) 12(593)
vsm# ping vsn ip 10.1.1.40 src-module vpath-all
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=0 timeout=1-sec
module(usec) : 9(698) 11(701) 12(826)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=1 timeout=1-sec
module(usec) : 9(461) 11(573) 12(714)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=2 timeout=1-sec
module(usec) : 9(447) 11(569) 12(598)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=3 timeout=1-sec
module(usec) : 9(334) 11(702) 12(559)
ping vsn 10.1.1.40 vlan 0 from module 9 11 12, seq=4 timeout=1-sec
module(usec) : 9(387) 11(558) 12(597)
vsm#
|
|
---|---|
ping |
Activates a signal to verify connections with other devices on a path. |
To designate the policy agent image local URL as bootflash, use the policy-agent-image command. To remove the designation, use the no form of the command.
policy-agent-image bootflash:
no policy-agent-image bootflash:
bootflash: |
Designates the policy agent image local URL as bootflash. |
None
VNMC policy agent configuration (config-vnm-policy-agent)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to designate the local URL that contains the policy agent image:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# policy-agent-image bootflash:
|
|
---|---|
vnm-policy-agent |
Enables the VNM policy agent configuration mode. |
To pop a mode off the stack or to restore a mode, use the pop command.
pop file-name
file-name |
Name of the file. |
None
EXEC
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to restore from a file called file1:
vsm# pop file1
|
|
---|---|
push |
Pushes the current mode onto the stack. |
To create a port profile and enter port profile configuration mode, use the port-profile command. To remove the port profile configuration, use the no form of this command.
port-profile profile-name
no port-profile profile-name
profile-name |
Port profile name. The number of characters is from 1 to 80. |
None
Global configuration (config)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
The port profile name must be unique for each port profile.
This example shows how to create a port profile called AccessProf:
vsm# configure
vsm(config)# port-profile AccessProf
This example shows how to remove the port profile called AccessProf:
vsm# configure
vsm(config)# no port-profile AccessProf
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To push the current mode onto stack or to save it, use the push command.
push file-name
file-name |
Name of the file. |
None
EXEC
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to push file1 onto the stack:
vsm# push file1
|
|
---|---|
pop |
Pops the current mode off the stack. |
To set the service registry IP address, use the registration-ip command. To discard the service registry IP address, use the no form of this command.
registration-ip ip-address
no registration-ip
ip-address |
Service registry IP address. The format is A.B.C.D. |
None
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to set the service registry IP address:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# registration-ip 209.165.200.23
|
|
---|---|
vnm-policy-agent |
Enters the Cisco VNMC policy agent configuration mode. |
To set the shared secret password for communication between the Cisco VSG, the Virtual Supervisor Module (VSM), and the Cisco Virtual Network Management Center (VNMC), use the shared-secret command. To discard the shared secret password, use the no form of this command.
shared-secret shared-secret-password
no shared-secret
shared-secret-password |
Shared secret password. The number of characters is from 1 to 64. You must use at least one uppercase character. |
None
Cisco VNMC policy agent configuration mode (config-vnm-policy-agent)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to set the shared secret password:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)# shared-secret Password123
|
|
---|---|
vnm-policy-agent |
Enters VNM policy agent configuration mode. |
Displays the ports attached to the port profile where org is configured, use the show org port brief command.
show org port brief [port-profile pp_name | vethernet veth_num] [module module_num]
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show org port brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filters the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display the port profile information:
Veth Mod VM-Name vNIC IP-Address
2 4 fc3-2610-4 2 100.1.1.1
5 5 fc3-2610-5 3 100.1.1.2
9 5 fc3-2610-6 1 100.1.1.3
To display the running configuration, use the show running-config command.
show running-config [aaa | diff| ip| port-profile | vlan | acllog | eem | ipqos | port-security | vrf | aclmgr | exclude | ipv6 | radius | vservice | adjmgr | exclude-provision | l3vm | rpm| vshd | all | expand-port-profile | license | security | arp | icmpv6 | monitor | cdp | igmp | network | spanning-tree | cert-enroll | interface | ntp | vdc-all]
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show running-config command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the running configuration:
vsm-hpv# show running-config
!Command: show running-config
!Time: Sun May 5 20:04:22 2013
version 5.2(1)SM1(5.1)
svs switch edition essential
hostname VSM-hpv
no feature telnet
feature network-segmentation-manager
username admin password 5 $1$KxvwqWCb$8PqeCVrfY6QDy9nau.hBf. role network-admin
banner motd #Nexus 1000V Switch
#
ip domain-lookup
errdisable recovery cause failed-port-state
svs license volatile
vem 3
host id 0F5A5036-A5BF-1244-896D-760C4E3AC29C
vem 4
host id 1022F40A-D033-FB44-B228-6B48FBD14928
snmp-server user admin network-admin auth md5 0xda2d510adcc26f463fc5c476a19be55b priv 0xda2d510adcc26f463fc5c476a19be55b localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vrf context management
ip route 0.0.0.0/0 10.2.0.1
vlan 1,550-555,914
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile default port-binding static
port-profile type vethernet NSM_template_vlan
no shutdown
guid 86ceec5b-7a9c-4df4-9218-333bfc6f40a5
description NSM default port-profile for VLAN networks. Do not delete.
state enabled
port-profile type vethernet NSM_template_segmentation
no shutdown
guid 4a6cf01d-80df-48b2-87d8-0b0a15e7d450
description NSM default port-profile for VXLAN networks. Do not delete.
state enabled
port-profile type ethernet Uplink
no shutdown
guid 2122b8d9-8d21-4fb3-9e75-971fbb1a266d
max-ports 512
state enabled
port-profile type ethernet uplink_network_default_policy
no shutdown
guid bf7bd8ce-9a90-4af2-98c9-d7f8bafa9cb2
max-ports 512
description NSM created profile. Do not delete.
state enabled
port-profile type vethernet N1K
no shutdown
guid 70cff39e-9136-434c-8f36-f17e82210031
state enabled
publish port-profile
port-profile type vethernet service
no shutdown
guid 6b9b60fd-4aff-40da-896c-7df7bc252908
state enabled
publish port-profile
port-profile type vethernet ha
no shutdown
guid 7f598f09-68d6-47a3-97e0-158ce8558292
state enabled
publish port-profile
port-profile type vethernet vnadp
capability l3-vservice
no shutdown
guid d41c34d0-7c93-4fec-92ef-1f4383276b28
state enabled
publish port-profile
port-profile type vethernet veth-1
org root/Tenant-1
vservice node VSG-138 profile SP11
no shutdown
guid 14fa09d3-6cf8-4c55-b7f5-ad0ae4e4c8bd
state enabled
publish port-profile
port-profile type vethernet veth-2
org root/Tenant-1/VDC-1/App-1/Tier-1
vservice node VSG-138 profile SP14
no shutdown
guid 4be00543-2965-4d4e-be39-2f0ed5c606e6
state enabled
publish port-profile
port-profile type vethernet veth-3
org root/Tenant-1/VDC-1/App-1/Tier-1
vservice node VSG-N1010 profile SP11
no shutdown
guid 335f49a3-95e8-4c88-b078-7a5424f4537b
state enabled
|
|
---|---|
show aaa |
Displays AAA information. |
To display the configuration details of the service nodes in the network, use the show running-config vservice node command.
show running-config vservice node [node-name]
node-name |
(Optional) Name of the vservice node. |
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show running-config vservice node command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•node-name—Displays the configuration of the specified vservice node name.
•|—Pipes the command output to a filter.
This example shows how to display information about a configured vservice node:
vsm# show running-config vservice node
!Command: show running-config vservice node
!Time: Wed May 8 06:54:03 2013
version 5.2(1)SM1(5.1)
logging level vns_agent 2
vservice node VSGl3 type vsg
ip address 192.168.180.33
adjacency l3
fail-mode close
vservice node VSGhv-l3 type vsg
ip address 192.168.180.31
adjacency l3
fail-mode close
|
|
---|---|
vservice node |
Configures a service node. |
To display the installation status of a policy agent, use the show vnm-pa status command.
show vnm-pa status
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vnm-pa status command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the installation status of the policy agent:
vsm# configure
vsm(config)# show vnm-pa status
VNM Policy-Agent status is - Installed Successfully. Version 1.0(0.512)-vsm
vsm(config)#
|
|
---|---|
vnm-policy-agent |
Enters the Cisco VNMC policy agent configuration mode. |
To display only a brief summary about the Cisco VSG, use the show vservice brief command.
show vservice brief {[node-name <node name>] | { [node-l3] [node-ipaddr <ip-addr>}} | [ module <module-num>]}}
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display a summary of the Cisco VSGs:
vsm# show vservice brief
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Type In-Use-Lic-Count UnLicensed-Mod
vsg 2
asa 0
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
ID Name Type IP-Address Mode State Module
2 VSG-N1010 vsg 10.1.0.200 l3 Unreach 4,
3 VSG-Root vsg 10.1.0.150 l3 Unreach 4,
--------------------------------------------------------------------------------
Path Information
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:veth-10
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-N1010(10.1.0.200) Profile(Id):SP11(16)
Veth Mod VM-Name vNIC
3 4 vm-ub-11
PortProfile:veth-3
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150) Profile(Id):SP100(16)
Veth Mod VM-Name vNIC
5 4 vm-win-16
6 4 vm-ub-10
PortProfile:veth-3
Org:root/Tenant-2/VDC-2/App-2/Tier-2
Node:VSG-Root(10.1.0.150) Profile(Id):SP100(22)
Veth Mod VM-Name vNIC
4 4 vm-win-15
To display Cisco VSG connections, use the show vservice connection command.
show vservice connection [port-profile <pp_name> | service-profile <sp_name> | node-name <node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module <module_num>]
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice connection command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display Cisco VSG connections:
vsm-hpv# show vservice connection
Actions(Act):
d - drop s - reset
p - permit t - passthrough
r - redirect e - error
_ - not processed yet upper case - offloaded
Flags:
A - seen ack for syn/fin from src a - seen ack for syn/fin from dst
E - tcp conn established (SasA done)
F - seen fin from src f - seen fin from dst
R - seen rst from src r - seen rst from dst
S - seen syn from src s - seen syn from dst
T - tcp conn torn down (FafA done) x - IP-fragment connection
#Port-Profile:(null) Node:VSG-Root
#Module 4
Proto SrcIP[:Port] SAct DstIP[:Port] DAct Flags Bytes
To display detailed information about the Cisco VSG, use the show vservice detail command.
show vservice detail {[node-name <node name>] | { [node-l3] [node-ipaddr <ip-addr>}} | [ module <module-num>]}}
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vsn detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display detailed information about Cisco VSGs:
vsm-hpv# show vservice detail
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Mod VSG-Lic-Count
4 2
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
Node ID:3 Name:VSG-Root
Type:vsg IPAddr:10.1.0.150 Fail:close L3
Mod State MAC-Addr VVer
4 Alive -- 2
--------------------------------------------------------------------------------
Path Information
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:veth-10
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150) Profile(Id):SP100(16)
Veth5
Module :4
VM-Name :vm-win-16
vNIC:Network Adapter
DV-Port :884f1580-0ad6-4958-a74a-c27b3febbe28--8884a888-09e1-4503-8074-de32e3e2
af85
VM-UUID :884F1580-0AD6-4958-A74A-C27B3FEBBE28
DVS-UUID:633a90b8-98bd-4264-b3b6-7a0d77b73ba1
vsm#
-------------------
|
|
---|---|
show vservice port vethernet |
Displays information about virtual Ethernet (vEth) ports. |
To display a brief summary about the Cisco VSG license information, use the show vservice license brief command.
show vservice license brief
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice license brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the brief information about the license:
n1000v# show vservice license brief
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Type In-Use-Lic-Count UnLicensed-Mod
vsg 2
asa 0
|
|
---|---|
show license usage |
Displays the vservice node license usage. |
To display the detail about the Cisco VSG license information, use the show vservice license detail command.
show vservice license detail {module module_num}
module |
Filters the module number. |
module_num |
Module number. The range is from 3 to 66. |
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice license detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the brief information about the license:
VSM-hpv# show vservice license detail mod 4
--------------------------------------------------------------------------------
License Information
--------------------------------------------------------------------------------
Mod VSG-Lic-Count ASA-Lic-Count
4 2 0
|
|
---|---|
show license usage |
The vservice license usage. |
To display a brief summary about the MAC address of the Cisco VSG service node, use the show vservice node mac brief command.
show vservice node mac brief
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice node mac brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the MAC address of the Cisco VSG service node
VSM-hpv# show vservice node mac brief
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
ID Type IP-Address MAC-Addr Mode Fail State Module
3 vsg 10.1.0.150 00:00:00:00:00:00 l3 close Alive 4,
To display a brief summary about the Cisco VSG vservice node, use the show vservice node brief command.
show vservice node brief {[name <name>] | {[l3] [ipaddr <ip_addr>]} } [module <module_num>]}
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice node brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display a brief summary about the Cisco VSG vservice node.
VSM-hpv# show vservice node brief
-------------------------------------------------------------------------
Node Information
-------------------------------------------------------------------------
ID Name Type IP-Address Mode State Module
3 VSG-Root vsg 10.1.0.150 l3 Alive 4,
To display details about the Cisco VSG vservice node, use the show vservice node detail command.
show vservice node detail {[name <name>] | {[l3] [ipaddr <ip_addr>]} } [module <module_num>]}
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice node detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display the Cisco VSG service node:
VSM-hpv# show vservice node detail
--------------------------------------------------------------------------------
Node Information
--------------------------------------------------------------------------------
Node ID:3 Name:VSG-Root
Type:vsg IPAddr:10.1.0.150 Fail:close L3
Mod State MAC-Addr VVer
4 Alive -- 2
To display a brief summary about the configured ports in the network, use the show vservice port brief command.
show vservice port brief [port-profile <pp_name> | <veth_if> | service-profile <sp_name> | node-name <node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module <module_num>]}
EXEC
Network-admin
Network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice port brief command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filter the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display a brief summary about of the vservice ports for module number 4:
vsm# show vservice port brief module 4
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150) Profile(Id):SP100(16)
Veth Mod VM-Name vNIC
5 4 vm-win-16
|
|
---|---|
vservice port detail |
Displays details of the configured ports in the network. |
To display details about the configured ports in the network, use the show vservice port detail command.
show vservice port detail [port-profile <pp_name> | <veth_if> | service-profile <sp_name> | node-name <node_name> | {[node-l3] [node-ipaddr <ip_addr>]}] [module <module_num>]}
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice port detail command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•module—Filter the output per a specific module number.
•|—Pipes the command output to a filter.
This example shows how to display details about of the vservice for module 4:
vsm# show vservice port detail module 4
--------------------------------------------------------------------------------
Port Information
--------------------------------------------------------------------------------
PortProfile:
Org:root/Tenant-1/VDC-1/App-1/Tier-1
Node:VSG-Root(10.1.0.150) Profile(Id):SP100(16)
Veth5
Module :4
VM-Name :vm-win-16
vNIC:Network Adapter
DV-Port :884f1580-0ad6-4958-a74a-c27b3febbe28--8884a888-09e1-4503-8074-de32e3e2a
f85
VM-UUID :884F1580-0AD6-4958-A74A-C27B3FEBBE28
DVS-UUID:633a90b8-98bd-4264-b3b6-7a0d77b73ba1
|
|
---|---|
show vservice port brief |
Displays a brief summary about the configured ports in the network. |
To display the information about the configuration, MAC address, state of associated Cisco VSG and Virtual Ethernet Module (VEM), virtual Ethernet interfaces to which Cisco VSGs are bound, and Virtual Service Node (VSN) statistics for all VEM modules associated with Cisco VSGs, use the show vservice statistics command.
show vservice statistics [ip ip-addr | module module-num]
ip |
(Optional) Displays IP address statistics. |
ip-addr |
MAC address. |
module |
(Optional) Displays VEM module statistics. |
module-num |
Module number. |
None
EXEC
network-admin
network-operator
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can use the following operators with the show vservice statistics command:
•>—Redirects the output to a file.
•>>—Redirects the output to a file in append mode.
•|—Pipes the command output to a filter.
This example shows how to display statistics for a module:
VSM-hpv# show vservice statistics module 4
#VSN VLAN: 0, IP-ADDR: 10.1.0.150
Module: 4
#VPath Packet Statistics Ingress Egress Total
Total Seen 2 2 4
Policy Redirects 2 2 4
No-Policy Passthru 0 0 0
Policy-Permits Rcvd 1 2 3
Policy-Denies Rcvd 0 0 0
Permit Hits 0 0 0
Deny Hits 0 0 0
Decapsulated 1 2 3
Fail-Open 0 0 0
Badport Err 0 0 0
VSN Config Err 0 0 0
VSN State Down 228 1288 1516
Encap Err 0 0 0
Version Mismatch 0 0 0
V1 In svcPath 0 0 0
All-Drops 228 1288 1516
Flow Notificns Sent 0
Total Rcvd From VSN 5
Non-Cisco Encap Rcvd 0
VNS-Port Drops 2
Policy-Action Err 0
Decap Err 0
L2-Frag Sent 0
L2-Frag Rcvd 0
L2-Frag Coalesced 0
Encap exceeded MTU 0
ICMP Too Big Rcvd 0
#VPath Flow Statistics
Active Flows 0 Active Connections 0
Forward Flow Create 1 Forward Flow Destroy 1
Reverse Flow Create 1 Reverse Flow Destroy 2
Flow ID Alloc 3 Flow ID Free 3
Connection ID Alloc 1 Connection ID Free 1
L2 Flow Create 1 L2 Flow Destroy 1
L3 Flow Create 0 L3 Flow Destroy 0
L4 TCP Flow Create 0 L4 TCP Flow Destroy 0
L4 UDP Flow Create 2 L4 UDP Flow Destroy 2
L4 Oth Flow Create 0 L4 Oth Flow Destroy 0
Embryonic Flow Create 0 Embryonic Flow Bloom 0
L2 Flow Timeout 2 L2 Flow Offload 3
L3 Flow Timeout 0 L3 Flow Offload 0
L4 TCP Flow Timeout 0 L4 TCP Flow Offload 0
L4 UDP Flow Timeout 5 L4 UDP Flow Offload 0
L4 Oth Flow Timeout 0 L4 Oth Flow Offload 0
Flow Lookup Hit 5 Flow Lookup Miss 3
Flow Dual Lookup 8 L4 TCP Tuple-reuse 0
TCP chkfail InvalACK 0 TCP chkfail SeqPstWnd 0
TCP chkfail WndVari 0
Flow Classify Err 0 Flow ID Alloc Err 0
Conn ID Alloc Err 0 Hash Alloc Err 0
Flow Exist 0 Flow Entry Exhaust 0
Flow Removal Err 0 Flow Entry Miss 0
Flow Full Match Err 0 Bad Action Receive 0
Invalid Flow Pair 3 Invalid Connection 0
Hash Alloc 0 Hash Free 0
InvalFID Lookup Err 0 Deferred Delete 0
|
|
---|---|
show vservice port vethernet |
Displays information about virtual Ethernet (vEth) ports. |
To enable the operational state of a port profile, use the state command. To disable the operational state of a port profile, use the no form this command.
state enabled
no state enabled
enabled |
Enables the port profile. |
Disabled
Port profile configuration (config-port-prof)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to enable the operational state of a port profile:
vsm# configure
vsm(config)# port-profile testprofile
vsm(config-port-prof)# state enabled
|
|
---|---|
show port-profile |
Displays port profile information. |
To configure the Cisco Nexus 1000V switch to perform TCP state checks, use the tcp state-checks command. To return to the default setting, use the no form of the command.
tcp state-checks
no tcp state-checks
There are no arguments.
vservice global configuration (config-vservice-global)
network-admin
system-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Because the default TCP state checks in vPath are different for each check, the no form of this command may enable or disable the respective checks. See the "Defaults" section, before you enter the no form of this command.
This example shows how to configure the switch to perform the default TCP state checks:
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)# tcp state-checks
|
|
---|---|
vservice global type vsg |
Enters the vservice global configuration mode. |
To create a VLAN and enter VLAN configuration mode, use the vlan command. To remove a VLAN, use the no form of this command.
vlan {id | dot1Q tag native}
no vlan {id | dot1Q tag native}
id |
VLAN identification number. The range is from 1 to 4094. |
dot1Q tag native |
Specifies an IEEE 802.1Q virtual LAN. |
VLAN 1
Global configuration (config)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Specify a VLAN range by using a dash. For example, 1-9 or 20-30.
This example shows how to create a VLAN and enter VLAN configuration mode:
vsm# configure
vsm(config)# vlan 100
vsm(config-vlan)#
This example shows how to remove a VLAN:
vsm# configure
vsm(config)# no vlan 100
|
|
---|---|
show vlan |
Displays the VTP VLAN status. |
To associate a port profile with a service node, use the vservice command from the config-port-profile mode of the port profile. To delete a port-profile configuration, use the no form of this command.
vservice {node node_name [profile profile_name]}
no vservice
None
Port-profile configuration (config-port-prof)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You can associate the service node to the chosen port-profile entity. The node need to be predefined. If the node is of type VSG specifying a profile is mandatory.
This example shows how to configure a port profile with a node and service profile:
vsm(config)# port-profile port1 <-------- Enter the mode of the port-profile entity you
want to configure
vsm(config-port-prof)# vservice node vsg1 profile sp1
|
|
---|---|
show port-profile |
Displays information about the port profiles. |
To enter vservice global configuration mode, use the vservice global type vsg command.
vservice global type vsg
This command has no keywords or arguments.
None
vservice global configration (config-vservice-global)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
This example shows how to enter vservice global configuration mode:
n1000v# configure <------ enter the config mode
n1000v(config)# vservice global type vsg
n1000v(config-vservice-global)#
|
|
---|---|
tcp state-checks |
Configures selective TCP state checks on the switch traffic. |
To configure a service node, use the vservice node command. To disable a service node, use the no form of this command.
vservice node node_name type {vsg}
ip address ip-address | no ip address
adjacency {l3} | no adjacency failmode {close | open} | no failmode
no vservice node node_name
no ip address
no adjacenc
no failmode
None
Global configration (config)
Network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Use vservice node command to configure a service node with an existing Cisco VSG. That node is associated with a port profile.
You can only delete inactive vservice nodes. The inactive nodes are not configured with any Virtual Machines (VMs).
This example shows how to enter vservice-node mode and configure the IP address of a vservice node, adjacency, and fail-mode settings:
vsm(config)# vservice node test type vsg <------- enter the vservice-node mode
vsm(config-vservice-node)# ip address 1.1.11.11
vsm(config-vservice-node)# adjacency l3
vsm(config-vservice-node)# fail-mode close
|
|
---|---|
show vservice node brief |
Displays brief information about the vservice node. |
show vservice node detail |
Displays detailed information about the vservice node. |
To assign Cisco VSG licenses to specific modules, use the vservice license command. To disable volatile licenses, use the no form of this command.
vservice license type {vsg} {transfer | volatile} {src-module mod_no | license-pool} {dst-module mod_no | license-pool}
[no] vservice license type {vsg} volatile
None
EXEC
Network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
You cannot transfer volatile licenses to the license pool. You cannot specify any keyword after you enter "volatile" at the command line.
You can transfer the licenses within the modules and license pool. This command also enables (activate) the volatile licenses.
This example shows how to transfer a Cisco VSG license from a module to the license pool:
vsm(config)# vservice license type vsg transfer src-module 4 license-pool
This example shows how to enable volatile Cisco VSG licenses:
vsm(config)# vservice license type vsg volatile
|
|
---|---|
show vservice license brief |
Displays usage information per license type. |
show vservice license detail |
Displays the license type per module. |
To enter Cisco Virtual Network Management Center (VNMC) policy agent mode, use the vnm-policy-agent command.
vnm-policy-agent
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
|
|
---|---|
5.2(1)SM1(5.1) |
This command was introduced. |
Use the Cisco VNMC policy agent configuration mode to configure policy agents.
This example shows how enter policy agent mode:
vsm# configure
vsm(config)# vnm-policy-agent
vsm(config-vnm-policy-agent)#
|
|
---|---|
configure |
Enters global configuration mode. |