A Commands

This chapter describes the Cisco Nexus 1000V commands that begin with A.

aaa authentication login console

To configure AAA authentication methods for console logins, use the aaa authentication login console command. To revert to the default, use the no form of this command.

aaa authentication login console {group group-list } [none] | local | none }

no aaa authentication login console {group group-list [none] | local | none }

 
Syntax Description

group

Specifies to use a server group for authentication.

group-list

Specifies a space-separated list of server groups. The list can include the following:

  • radius for all configured RADIUS servers.
  • tacacs+ for all configured TACACS+ servers.
  • Any configured RADIUS or TACACS+ server group name.

none

Specifies to use the username for authentication.

local

Specifies to use the local database for authentication.

 
Defaults

local

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

 
Usage Guidelines

The group radius, group tacacs+, and group group-list methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to configure the host servers. Use the aaa group server command to create a named group of servers.

Use the show aaa group command to display the RADIUS server groups on the device.

If you specify more that one server group, the software checks each group in the order that you specify in the list.

If you specify the group method or local method and they fail, then the authentication can fail. If you specify the none method alone or after the group method, then the authentication always succeeds.

Examples

This example shows how to configure the AAA authentication console login methods:

n1000v# config t
n1000v(config)# aaa authentication login console group radius
 

This example shows how to revert to the default AAA authentication console login method:

n1000v# config t
n1000v(config)# no aaa authentication login console group radius
 

 
Related Commands

Command
Description

aaa group server

Configures AAA server groups.

radius-server host

Configures RADIUS servers.

show aaa authentication

Displays AAA authentication information.

show aaa group

Displays the AAA server groups.

tacacs-server host

Configures TACACS+ servers.

aaa authentication login default

To configure the default AAA authentication methods, use the aaa authentication login default command. To revert to the default, use the no form of this command.

aaa authentication login default { group group-list } [ none ] | local | none }

no aaa authentication login default { group group-list [ none ] | local | none }

 
Syntax Description

group

Specifies a server group list to be used for authentication.

group-list

Space-separated list of server groups that can include the following:

  • radius for all configured RADIUS servers.
  • tacacs+ for all configured TACACS+ servers.
  • Any configured RADIUS or TACACS+ server group name.

none

(Optional) Specifies to use the username for authentication.

local

Specifies to use the local database for authentication.

 
Defaults

local

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

 
Usage Guidelines

The group radius, group tacacs+, and group group-list methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to configure the host servers. Use the aaa group server command to create a named group of servers.

Use the show aaa group command to display the RADIUS server groups on the device.

If you specify more that one server group, the software checks each group in the order that you specify in the list.

If you specify the group method or local method and they fail, then the authentication fails. If you specify the none method alone or after the group method, then the authentication always succeeds.

Examples

This example shows how to configure the AAA authentication console login method:

n1000v# config t
n1000v(config)# aaa authentication login default group radius
 

This example shows how to revert to the default AAA authentication console login method:

n1000v# config t
n1000v(config)# no aaa authentication login default group radius
 

 
Related Commands

Command
Description

aaa group server

Configures AAA server groups.

radius-server host

Configures RADIUS servers.

show aaa authentication

Displays AAA authentication information.

show aaa group

Displays the AAA server groups.

tacacs-server host

Configures TACACS+ servers.

aaa authentication login error-enable

To configure an AAA authentication failure message to display on the console, use the aaa authentication login error-enable command. To remove the error message, use the no form of this command.

aaa authentication login error-enable

no aaa authentication login error-enable

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

Disabled

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

 
Usage Guidelines

If none of the remote AAA servers respond when a user logs in, the authentication is processed by the local user database. If you have enabled the display, one of the following message is generated for the user:

Remote AAA servers unreachable; local authentication done.
Remote AAA servers unreachable; local authentication failed.

Examples

This example shows how to enable the display of AAA authentication failure messages to the console:

n1000v# config t
n1000v(config)# aaa authentication login error-enable
 

This example shows how to disable the display of AAA authentication failure messages to the console:

n1000v# config t
n1000v(config)# no aaa authentication login error-enable
 

 
Related Commands

Command
Description

show aaa authentication login error-enable

Displays the status of the AAA authentication failure message display.

aaa authentication login mschap

To enable Microsoft Challenge Handshake Authentication Protocol (MSCHAP) authentication at login, use the aaa authentication login mschap command. To disable MSCHAP, use the no form of this command.

aaa authentication login mschap

no aaa authentication login mschap

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

Disabled

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

Examples

This example shows how to enable MSCHAP authentication:

n1000v# config t
n1000v(config)# aaa authentication login mschap
 

This example shows how to disable MSCHAP authentication:

n1000v# config t
n1000v(config)# no aaa authentication login mschap
 

 
Related Commands

Command
Description

show aaa authentication login mschap

Displays the status of MSCHAP authentication.

aaa group server radius

To create a RADIUS server group, use the aaa group server radius command. To delete a RADIUS server group, use the no form of this command.

aaa group server radius group-name

no aaa group server radius group-name

 
Syntax Description

group-name

RADIUS server group name.The name is alphanumeric and case-sensitive. The maximum length is 64 characters.

 
Defaults

None

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

Examples

This example shows how to create a RADIUS server group and enter RADIUS Server Configuration mode for configuring the specified server group:

n1000v# config t
n1000v(config)# aaa group server radius RadServer
n1000v(config-radius)#
 

This example shows how to delete a RADIUS server group:

n1000v# config t
n1000v(config)# no aaa group server radius RadServer
 

 
Related Commands

Command
Description

show aaa groups

Displays server group information.

radius-server host

Defines the IP address or hostname for a RADIUS server.

aaa group server tacacs+

To create a TACACS+ server group, use the aaa group server tacacs+ command. To delete a TACACS+ server group, use the no form of this command.

aaa group server tacacs+ group-name

no aaa group server tacacs+ group-name

 
Syntax Description

group-name

TACACS+ server group name. The name is alphanumeric and case-sensitive. The maximum length is 64 characters.

 
Defaults

None

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

 
Usage Guidelines

You must enable TACACS+ using the tacacs+ enable command before you can configure TACACS+.

Examples

This example shows how to create a TACACS+ server group:

n1000v# config t
n1000v(config)# aaa group server tacacs+ TacServer
n1000v(config-radius)#
 

This example shows how to delete a TACACS+ server group:

n1000v# config t
n1000v(config)# no aaa group server tacacs+ TacServer
 

 
Related Commands

Command
Description

tacacs+ enable

Enables TACACS+.

show aaa groups

Displays server group information.

assign port-profile-role

To assign a port profile role to a specific port profile, use the assign port-profile-role command. To remove the role from the profile, use the no form of this command.

assign port-profile-role port-profile-role-name

no assign port-profile-role port-profile-role-name

 
Syntax Description

port-profile-role-name

Name of the port profile role.

 
Defaults

None

 
Command Modes

port-profile configuration (config-port-profile)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.2(1)SV1(4)

This command was introduced.

Examples

This example shows how to assign a port profile role to a specific port profile:

n1000v# config t
n1000v(config)# port-profile allaccess2
n1000v(config-port-prof)# assign port-profile-role adminUser
 

This example shows how to remove a role from a port profile configuration:

n1000v# config t
n1000v(config)# port-profile allaccess2
n1000v(config-port-prof)# no assign port-profile-role adminUser

 
Related Commands

Command
Description

port-profile

Creates a port profile.

show port-profile-role

Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups.

show port-profile-role users

Displays available users and groups.

show port-profile

Displays the port profile configuration, including roles assigned to them.

feature port-profile-role

Enables support for the restriction of port profile roles.

port-profile

Creates a port profile.

attach module

To access the standby Virtual Supervisor Module (VSM) console from the active VSM, use the attach module command.

attach module module-number

 
Syntax Description

module-number

Number that identifies an existing module. The range is 1–66.

Note Only one value, 2, is operational.

 
Defaults

None

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.0(4)SV1(1)

This command was introduced.

Examples

This example shows how to attach to the console of the secondary VSM:

n1000v# config t
n1000v(config)# attach module 2
n1000v#

 
Usage Guidelines

Although the allowable range of module numbers is from 1–66, only one value, 2, is operational.

 
Related Commands

Command
Description

show cores

Displays a list of cores.

show processes log

Displays a list of process logs.

show system redundancy status

Checks redundancy status.

show system internal sysmgr state

Checks the system internal sysmgr state.

reload module

Reloads a module.

attach vem

To execute any VEM command without logging into the VEM, use the attach vem command. By using the attach vem command, you can get into the VEM and execute all the VEM commands.

attach module module-number

 
Syntax Description

module-number

Number that identifies an existing module. The range is 3–130.

 
Defaults

None

 
Command Modes

Global configuration (config)

 
Supported User Roles

network-admin

 
Command History

Release
Modification

4.2(1) SV2(2.1)

This command was introduced.

Examples

This example shows :

n1000v# config t
n1000v(config)# attach vem 4
n1000v# (vem-attach)# ?
vemcmd Execute vem command
vemdpa Execute vemdpa command
vemlog Execute vemlog command
vempkt Execute vempkt command
vemset Execute vemset command
ecd Go to execute command
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the CLI context you are in
 

 
Related Commands

Command
Description

show cores

Displays a list of cores.

show processes log

Displays a list of process logs.

show system redundancy status

Checks redundancy status.

show system internal sysmgr state

Checks the system internal sysmgr state.

reload module

Reloads a module.