F Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter F.
feature dhcp
To enable the DHCP feature globally, use the
feature dhcp
command. To disable DHCP, use the
no
form of this command.
feature
dhcp
no
feature
dhcp
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Examples
This example shows how to enable DHCP globally:
n1000v# configure terminal n1000v(
config)#
feature dhcp
This example shows how to disable DHCP globally:
n1000v# configure terminal n1000v(
config)#
no feature dhcp
Related Commands
|
|
show feature
|
Displays the features available, such as DHCP, and whether they are enabled.
|
ip dhcp snooping trust
|
Configures an interface as a trusted source of DHCP messages.
|
ip dhcp snooping vlan
|
Enables DHCP snooping on the specified VLANs.
|
show ip dhcp snooping
|
Displays general information about DHCP snooping.
|
feature http-server
To enable the HTTP server, use the
feature http-server
command. To disable the HTTP server, use the
no
form of this command.
feature
http-server
no
feature
http-server
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
VUM will not install VEMs if the HTTP server is disabled.
-
The HTTP server must be enabled in order to get the Cisco Nexus 1000V XML plugin from the VSM.
Examples
This example shows how to enable the HTTP server:
n1000v(
config)#
feature http-server
This example shows how to disable the HTTP server:
n1000v(
config)#
no feature http-server
Related Commands
|
|
show http-server
|
Displays the HTTP server configuration.
|
show feature
|
Displays the features available, such as LACP, and whether they are enabled.
|
feature lacp
To enable LACP support for port channels, use the
feature lacp
command. To disable it, use the
no
form of this command.
feature
lacp
no
feature
lacp
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
You cannot configure LACP for a port channel without first enabling LACP using the command,
feature lacp
.
Examples
This example shows how to turn on LACP for port channels:
n1000v(
config)#
feature lacp
This example shows how to turn off LACP for port channels:
n1000v(
config)#
no feature lacp
Related Commands
|
|
show feature
|
Displays the features available and whether they are enabled.
|
show port-channel summary
|
Displays a summary for the port channel interfaces.
|
interface
|
Configures an interface.
|
channel-group
|
Configures a channel group on an interface.
|
port-profile
|
Configures a port profile.
|
channel-group auto
|
Configures a channel group on a port profile.
|
lacp offload
|
Offloads LACP management from the VSM to the VEMs.
|
feature http-server
To enable the HTTP server, use the
feature http-server
command. To disable the HTTP server, use the
no
form of this command.
feature
http-server
no
feature
http-server
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
VUM will not install VEMs if the HTTP server is disabled.
-
The HTTP server must be enabled in order to get the Cisco Nexus 1000V XML plugin from the VSM.
Examples
This example shows how to enable the HTTP server:
n1000v(
config)#
feature http-server
This example shows how to disable the HTTP server:
n1000v(
config)#
no feature http-server
Related Commands
|
|
show http-server
|
Displays the HTTP server configuration.
|
show feature
|
Displays the features available, such as LACP, and whether they are enabled.
|
feature netflow
To enable the NetFlow, use the
feature netflow
command. To disable the feature, use the
no
form of this command.
feature
netflow
no
feature
netflow
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
Be aware of resource requirements since NetFlow consumes additional memory and CPU resources.
-
Memory and CPU resources are provided by the VEM hosting the flow monitor interface. Resources are limited by the number of CPU cores present on the VEM.
Examples
This example shows how to enable NetFlow:
n1000v(
config)#
feature netflow
This example shows how to disable NetFlow:
n1000v(
config)#
no feature netflow
Related Commands
|
|
show ssh server
|
Displays the SSH server configuration.
|
flow record
|
Creates a NetFlow flow record.
|
flow exporter
|
Creates a NetFlow flow exporter.
|
flow moniter
|
Creates a NetFlow flow monitor.
|
show flow record
|
Displays information about NetFlow flow records.
|
show flow exporter
|
Displays information about NetFlow flow exporters.
|
show flow monitor
|
Displays information about NetFlow flow monitors.
|
feature port-profile-roles
To enable port profile roles to restrict user and group access, use the
feature port-profile-roles
command. To disable it, use the
no
form of this command.
feature
port-profile-roles
no
feature
port-profile-roles
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
When the port profile roles feature is disabled, all users on vCenter lose access to the port groups.
Examples
This example shows how to enable the port profile roles feature to restrict visibility to specific port groups:
n1000v(
config)#
feature port-profile-roles
This example shows how to disable the port profile roles feature:
n1000v(
config)#
no feature port-profile-roles
Related Commands
|
|
show port-profile-role
|
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups.
|
show port-profile-role users
|
Displays available users and groups.
|
show port-profile
|
Displays the port profile configuration, including roles assigned to them.
|
show feature
|
Displays features available, such as LACP or Port Profile Roles and whether they are enabled.
|
port-profile-role
|
Creates a port profile role.
|
user
|
Assigns a user to a port profile role.
|
group
|
Assigns a group to a port profile role.
|
assign port-profile-role
|
Assigns a port profile role to a specific port profile.
|
feature port-profile-role
|
Enables support for the restriction of port profile roles.
|
feature private-vlan
To enable the private VLAN feature, use the
feature private-vlan
command. To disable the feature, use the
no
form of this command.
feature
private-vlan
no
feature
private-vlan
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
Be aware of resource requirements since NetFlow consumes additional memory and CPU resources.
-
Memory and CPU resources are provided by the VEM hosting the flow monitor interface. Resources are limited by the number of CPU cores present on the VEM.
Examples
This example shows how to enable the private VLAN feature:
n1000v(
config)#
feature private-vlan
This example shows how to disable the private VLAN feature:
n1000v(
config)#
no feature private-vlan
Related Commands
|
|
show vlan private-vlan
|
Displays the private VLAN configuration.
|
private-vlan
|
Configures a VLAN as a private VLAN.
|
feature ssh
To enable the secure shell (SSH) server, use the
feature ssh
command. To disable the server, use the
no
form of this command.
feature
ssh
no
feature
ssh
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
Before enabling SSH, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
Examples
This example shows how to enable the SSH server:
n1000v(
config)#
feature ssh
This example shows how to disable the SSH server:
n1000v(
config)#
no feature ssh
Related Commands
|
|
show ssh server
|
Displays the SSH server configuration.
|
ssh key
|
Generates an SSH server key.
|
ssh
|
Creates and starts an SSH server session.
|
show feature
|
Displays the features available, such as the SSH server, and whether they are enabled.
|
feature tacacs+
To enable the TACACS+ server, use the
feature tacacs+
command. To disable the server, use the
no
form of this command.
feature
tacacs+
no
feature
tacacs+
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Examples
This example shows how to enable TACACS+:
n1000v(
config)#
feature tacacs+
This example shows how to disable TACACS+:
n1000v(
config)#
no feature tacacs+
Related Commands
|
|
tacacs-server key
|
Designates the global key shared between the Cisco Nexus 1000V and the TACACS+ server hosts.
|
tacacs-server host
|
Designates the key shared between the Cisco Nexus 1000V and this specific TACACS+ server host.
|
show tacacs-server
|
Displays the TACACS+ server configuration.
|
show feature
|
Displays the features available, such as TACACS+, and whether they are enabled.
|
feature telnet
To enable the Telnet server, use the
feature telnet
command. To disable the Telnet server, use the
no
form of this command.
feature
telnet
no
feature
telnet
Syntax Description
This command has no arguments or keywords.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)SV1(4)
|
This command was introduced.
|
Usage Guidelines
-
Before enabling Telnet, you must configure IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
Examples
This example shows how to enable the Telnet server:
n1000v(
config)#
feature telnet
This example shows how to disable the Telnet server:
n1000v(
config)#
no feature telnet
Related Commands
|
|
show telnet server
|
Displays the Telnet server configuration.
|
telnet
|
Creates and configures a telnet session.
|
show feature
|
Displays the features available, such as the Telnet server, and whether they are enabled.
|
filter vlan
To configure a filter from the source VLANs for a specified Switch Port Analyzer (SPAN) session, use the
filter vlan
command. To remove the filter, use the
no
form of this command.
filter
vlan
{
number | range
}
no
filter
vlan
{
number | range
}
Syntax Description
number
|
Number of the VLAN associated with this filter.
|
range
|
Range of VLANs associated with this filter.
|
Command Modes
CLI monitor configuration (config-monitor)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to configure the filter for VLAN IDs, 3, 4, 5, and 7:
n1000v(config)# monitor session 3 n1000v(config-monitor)# filter vlan 3-5, 7
This example shows how to remove the filter for VLAN ID 7:
n1000v(config)# monitor session 3 n1000v(config-monitor)# no filter vlan 7
Related Commands
|
|
monitor session
|
Creates a session with the given session number and places you in the CLI monitor configuration mode to further configure the session.
|
description
|
For the specified SPAN session, adds a description.
|
source
|
For the specified session, configures the sources and the direction of traffic to monitor.
|
destination interface
|
Configures the ports, for the specified session, to act as destinations for copied source packets.
|
no shut
|
Enables the SPAN session.
|
interface ethernet
|
Places you in CLI interface configuration mode for the specified interface.
|
switchport trunk allowed vlan
|
For the specified interface, configures the range of VLANs that are allowed on the interface.
|
show interface ethernet
|
Displays the interface trunking configuration for the selected slot and port or range of ports.
|
find
To find filenames beginning with a character string, use the
find
command.
find
filename-prefix
Syntax Description
filename-prefix
|
First part or all of a filename. The filename prefix is case sensitive.
|
Command Modes
Any
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
The
find
command searches all subdirectories under the current working directory. You can use the
cd
and
pwd
commands to navigate to the starting directory.
Examples
This example shows how to display filenames beginning with ospf:
/usr/bin/find: ./lost+found: Permission denied
Related Commands
|
|
cd
|
Changes the current working directory.
|
pwd
|
Displays the name of the current working directory.
|
flow exporter
To create or modify a Flexible NetFlow flow exporter defining where and how Flow Records are exported to the NetFlow Collector Server, use the
flow exporter
command. To remove a flow exporter, use the
no
form of this command.
flow exporter
exporter-name
no flow exporter
exporter-name
Syntax Description
exporter-name
|
Name of the flow exporter that is created or modified.
|
Defaults
Flow exporters are not present in the configuration until you create them.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
The following example shows how to create and configure FLOW-EXPORTER-1:
n1000v(config)# flow exporter FLOW-EXPORTER-1 n1000v(config-flow-exporter)# description located in Pahrump, NV n1000v(config-flow-exporter)# destination A.B.C.D n1000v(config-flow-monitor)# dscp 32 n1000v(config-flow-monitor)# source mgmt0 n1000v(config-flow-monitor)# transport udp 59 n1000v(config-flow-monitor)# version 9
The following example shows how to remove FLOW-EXPORTER-1:
n1000v(config)# no flow exporter FLOW-EXPORTER-1
Related Commands
|
|
clear flow exporter
|
Clears the flow monitor.
|
show flow exporter
|
Displays flow monitor status and statistics.
|
description
|
Adds a description to a flow record, flow monitor, or flow exporter.
|
destination
|
Adds a destination IP address to a NetFlow flow exporter.
|
dscp
|
Adds a differentiated services codepoint (DSCP) to a flow exporter.
|
source mgmt
|
Adds the management interface to a flow exporter designating it as the source for NetFlow flow records.
|
transport udp
|
Adds a destination UDP port used to reach the NetFlow collector to a flow exporter.
|
version 9
|
Designates NetFlow export version 9 in the NetFlow exporter.
|
flow monitor
To create a Flexible NetFlow flow monitor, or to modify an existing Flexible NetFlow flow monitor, and enter Flexible NetFlow flow monitor configuration mode, use the
flow monitor
command. To remove a Flexible NetFlow flow monitor, use the
no
form of this command.
flow monitor
monitor-name
no flow monitor
monitor-name
Syntax Description
monitor-name
|
Name of the flow monitor that is created or modified.
|
Defaults
Flow monitors are not present in the configuration until you create them.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor, and a cache that is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and non-key fields in the record which is configured for the flow monitor and stored in the flow monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
n1000v(config-flow-monitor)#
Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:
-
cache—
Specifies the cache size, from 256 to 16384 entries.
-
description
description
—Provides a description for this flow monitor; maximum of 63 characters.
-
exit
—Exits from the current configuration mode.
-
exporter
name
—Specifies the name of an exporter to export records.
-
no
—Negates a command or sets its defaults.
-
record
{
record-name
|
netflow ipv4
collection-type
|
netflow-original
}
—Specifies a flow record to use as follows:
–
record-name
—Name of a record.
–
netflow ipv4
collection-type
—
Specifies the traditional IPv4 NetFlow collection schemes as follows:
original-input
—Specifies the traditional IPv4 input NetFlow.
original-output
—Specifies the traditional IPv4 output NetFlow
protocol-port
—Specifies the protocol and ports aggregation scheme.
–
netflow-original
—
Specifies the traditional IPv4 input NetFlow with origin autonomous systems.
-
timeout
{
active
|
inactive
}—Specifies a flow timeout period as follows:
–
active
—Specifies an active or long timeout in the range of 60 to 4092 seconds.
–
inactive
—Specifies an inactive or normal timeout in the range of 15 to 4092 seconds.
The
netflow-original
and
original-input
keywords are the same and are equivalent to the following commands:
-
match ipv4 source address
-
match ipv4 destination address
-
match ip tos
-
match ip protocol
-
match transport source-port
-
match transport destination-port
-
match interface input
-
collect counter bytes
-
collect counter packet
-
collect timestamp sys-uptime first
-
collect timestamp sys-uptime last
-
collect interface output
-
collect transport tcp flags
The
original-output
keywords are the same as
original-input
keywords except for the following:
-
match interface output
(instead of match interface input)
-
collect interface input
(instead of collect interface output)
Examples
The following examples creates and configures a flow monitor named FLOW-MONITOR-1:
n1000v(config)# flow monitor FLOW-MONITOR-1 n1000v(config-flow-monitor)# description monitor location las vegas, NV n1000v(config-flow-monitor)# exporter exporter-name1 n1000v(config-flow-monitor)# record test-record n1000v(config-flow-monitor)# netflow ipv4 original-input
Related Commands
|
|
clear flow monitor
|
Clears the flow monitor.
|
show flow monitor
|
Displays flow monitor status and statistics.
|
flow record
To create a Flexible NetFlow flow record, or to modify an existing Flexible NetFlow flow record, and enter Flexible NetFlow flow record configuration mode, use the
flow record
command. To remove a Flexible NetFlow flow record, use the
no
form of this command.
flow record
record-name
no flow record
record-name
Syntax Description
record-name
|
Name of the flow record that is created or modified.
|
Defaults
Flow records are not present in the configuration until you create them.
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Usage Guidelines
Flexible NetFlow uses key and non-key fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow a combination of key and non-key fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
n1000v(config-flow-record)#
Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:
-
collect
—Specifies a non-key field. See the
collect
command for additional information.
-
description
description
—Provides a description for this flow record; maximum of 63 characters.
-
exit
—Exits from the current configuration mode.
-
match
—
Specifies a key field. See the
match
command for additional information.
-
no
—Negates a command or sets its defaults.
Cisco NX-OS enables the following match fields by default when you create a flow record:
-
match interface input
-
match interface output
-
match flow direction
Examples
The following example creates a flow record named FLOW-RECORD-1, and enters Flexible NetFlow flow record configuration mode:
n1000v(config)# flow record FLOW-RECORD-1 n1000v(config-flow-record)#
Related Commands
|
|
clear flow monitor
|
Clears the flow monitor.
|
flow monitor
|
Creates a flow monitor.
|
show flow monitor
|
Displays flow monitor status and statistics.
|
from (table map)
To map input field values to output field values in a QoS table map, use the
from
command.
from
source-value
to
dest-value
Syntax Description
source-value
|
Specifies the source value in the range from 0 to 63.
|
dest-value
|
Specifies the destination value in the range from 0 to 63.
|
Command Modes
Table map configuration (config-tmap)
network-admin
Command History
|
|
4.0(4)SV1(1)
|
This command was introduced.
|
Examples
This example shows how to create a mapping from three source values to the corresponding destination values:
n1000v(
config)#
table-map cir-markdown-mapn1000v(config-tmap)# from 0 to 7 n1000v(config-tmap)# from 1 to 6 n1000v(config-tmap)# from 2 to 5
Related Commands
|
|
show table-map
|
Displays QoS table maps.
|
table-map
|
Creates or modifies a QoS table map.
|