The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with C.
To specify a cache size for a Netflow flow monitor, use the cache size command. To remove the cache size for a flow monitor, use the no form of this command.
Size in number of entries. The range is 256 to 16384 entries. |
Netflow monitor configuration (config-flow-monitor)
|
|
Use the cache-size command to limit the impact of the Netflow flow monitor cache on memory and performance.
This example shows how to configure the cache size for a Netflow flow monitor named MonitorTest, and then display the configuration:
This example shows how to remove a cache size from a flow monitor:
|
|
---|---|
Specifies an aging timer and its value for aging entries from the cache. |
|
To configure a port profile to be used with the ISCSI Multipath protocol, use the capability iscsi-multipath command. To remove the capability from a port profile, use the no form of this command.
Port profile configuration (config-port-prof)
|
|
If you are configuring a port profile for ISCSI Multipath, then you must first configure the port profile in switchport mode.
This example shows how to configure a port profile to be used with ISCSI Multipath protocol:
This example shows how to remove the ISCSI multipath configuration from the port profile:
|
|
---|---|
Places you into port profile configuration mode for creating and configuring a port profile. |
To configure the Layer 3 capability for a port profile, use the capability command. To remove a capability from a port profile, use the no form of this command.
Configures a port profile to be used for one of the following Layer 3 communication purposes: |
Port profile configuration (config-port-prof)
If you are configuring a port profile for Layer 3 control, then you must first configure the transport mode as Layer 3 using the svs mode command for the VSM domain.
This example shows how to configure a port profile to be used for Layer 3 communication purposes:
This example shows how to remove the Layer 3 configuration from the port profile:
|
|
---|---|
Places you into port profile configuration mode for creating and configuring a port profile. |
To assign the VXLAN capability to the port profile to ensure that the interfaces that inherit this port profile are used as sources for VXLAN encapsulated traffic, use the capability vxlan command. To remove the VXLAN capability, use the no form of this command.
Port profile configuration (config-port-prof)
|
|
This example shows how to assign the VXLAN capability to port profile vmnic-pp:
n1000v (config-port-prof)# capability vxlan
|
|
---|---|
Displays information about the running configuration of the vEthernet interface. |
|
To change to a different directory from the one you are currently working in, use the cd command.
cd [ filesystem: [ //directory ] | directory ]
(Optional) Name of the file system. Valid file systems are bootflash and volatile. |
|
(Optional) Name of the directory. The directory name is case sensitive. |
|
|
---|---|
You can only change to the directories that are on the active supervisor module.
Use the present working directory (pwd) command to verify the name of the directory you are currently working in.
This example shows how to change to a different directory on the current file system:
This example shows how to change from the file system you are currently working in to a different file system:
This example shows how to revert back to the default directory, bootflash:
|
|
---|---|
Displays the name of the directory you are currently working in. |
To specify the CDP version to advertise, use the cdp advertise command. To remove the cdp advertise configuration, use the no form of this command.
|
|
This example shows how to set CDP Version 1 as the version to advertise:
n1000v(
config)#
cdp advertise v1
This example shows how to remove CDP Version 1 as the configuration to advertise:
n1000v(
config)#
no cdp advertise v1
|
|
---|---|
To enable Cisco Discovery Protocol (CDP) globally on all interfaces and port channels, use the cdp enable command. To disable CDP globally, use the no form of this command.
|
|
CDP can only be configured on physical interfaces and port channels.
This example shows how to enable CDP globally and then show the CDP configuration:
This example shows how to disable CDP globally and then show the CDP configuration:
n1000v(
config)#
no cdp enable
|
|
---|---|
To enable Cisco Discovery Protocol (CDP) on an interface or port channel, use the cdp enable command. To disable it, use the no form of this command.
Interface configuration (config-if)
|
|
CDP can only be configured on physical interfaces and port channels.
This example shows how to enable CDP on port channel 2:
This example shows how to disable CDP on mgmt0:
To specify the device ID format for CDP, use the cdp format device-id command. To remove it, use the no form of this command.
cdp format device-id { mac-address | serial-number | system-name }
no cdp format device-id { mac-address | serial-number | system-name }
|
|
CDP must be enabled globally before you configure the device ID format.
You can configure CDP on physical interfaces and port channels only.
This example shows how to configure the CDP device ID with the MAC address format and then display the configuration:
n1000v(
config)#
cdp format device-id mac-address
n1000v
(config)# show cdp global
This example shows how to remove the CDP device ID MAC address format from the configuration:
n1000v(
config)#
no cdp format device-id mac-address
To do set the maximum amount of time that CDP holds onto neighbor information before discarding it, use the cdp holdtime command. To remove the CDP holdtime configuration, use the no form of this command.
|
|
CDP must be enabled globally before you configure the device ID format.
You can configure CDP on physical interfaces and port channels only.
This example shows how to set the CDP holdtime to 10 second:
n1000v(
config)#
cdp holdtime 10
This example shows how to remove the CDP holdtime configuration:
n1000v(
config)#
no cdp holdtime 10
|
|
---|---|
To set the refresh time for CDP to send advertisements to neighbors, use the cdp timer command. To remove the CDP timer configuration, use the no form of this command.
|
|
This example shows how to configure the CDP timer to 10 seconds:
n1000v(
config)#
cdp timer 10
This example shows how to remove the CDP timer configuration:
n1000v(
config)#
no cdp timer 10
|
|
---|---|
To create and define a channel group for all interfaces that belong to a port profile, use the channel-group auto command. To remove the channel group, use the no form of this command.
channel-group auto [ mode channel_mode ] [ sub-group sg-type { cdp | manual }] [ mac-pinning ]
Port profile configuration (config-port-prof)
|
|
The channel-group auto command creates a unique port channel for all interfaces that belong to the same module. The channel group is automatically assigned when the port profile is assigned to the first interface. Each additional interface that belongs to the same module is added to the same port channel. In VMware environments, a different port channel is created for each module.
– You need to know whether CDP is configured in the upstream switches.
If configured, CDP creates a subgroup for each upstream switch to manage its traffic separately.
If not configured, then you must manually configure subgroups to manage the traffic flow on the separate switches.
– When configuring a port channel for vPC-HM and the upstream switches do not support port channels, you can use MAC pinning, which will automatically assign each Ethernet member port to a unique sub-group.
– If vPC-HM is not configured when port channels connect to two different upstream switches, the VMs behind the Cisco Nexus 1000V receive duplicate packets from the network for broadcasts and multicasts.
– You can also configure vPC-HM on the interface. For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV2(1.1).
This example shows how to configure a port profile for a port channel that connects to a single upstream switch and then display the configuration:
This example shows how to configure a port profile for a port channel that connects to multiple upstream switches that have CDP enabled and then display the configuration:
|
|
---|---|
Creates a port profile and places you into global configuration mode for the named port profile. |
To create a port channel group or to move an interface from one port channel group to another, use the channel-group command. To remove the channel group configuration from an interface, use the no form of this command.
channel-group number [ force ] [ mode { active | on | passive }]
Interface configuration (config-if)
|
|
---|---|
A port channel in the on channel mode is a pure port channel and can aggregate a maximum of eight ports. It does not run LACP.
If an existing port channel is not running LACP you cannot change the mode for it or any of its interfaces. If you try to do so, the channel mode remains on and an error message is generated.
When you delete the last physical interface from a port channel, the port channel remains. To delete the port channel completely, use the no form of the port-channel command.
When an interface joins a port channel, the following attributes are removed and replaced with the those of the port channel:
The following attributes remain unaffected when an interface joins or leaves a port channel:
You do not have to create a port channel interface before you assign a physical interface to a channel group. A port channel interface is created automatically when the channel group gets its first physical interface, if it is not already created.
This example shows how to add an interface to LACP channel group 5 in active mode:
n1000v(config-if)#
channel-group 5 mode active
n1000v(config-if)#
|
|
---|---|
Displays information about the traffic on the specified port channel interface. |
|
Displays the list of compatibility checks that the Cisco Nexus 1000V uses. |
To add an existing Quality of Service (QoS) class to a policy map, use the class command. To remove a QoS class from a policy map, use the no form of this command.
class [ type qos ] { class-map-name | class-default } [ insert-before [ type qos ] before-class-map-name ]
no class { class-map-name | class-default }
The default is to reference a new class map at the end of the policy map.
The class named class-default matches all traffic not classified in other classes.
Policy map configuration (config-pmap)
|
|
Policy actions in the first class that matches the traffic type are performed.
The class named class-default matches all traffic not classified in other classes.
This example shows how to add a class map in sequence to the end of a policy map:
n1000v(
config)#
policy-map my_policy1
This example shows how to insert a class map in sequence before an existing class map in a policy map:
n1000v(
config)#
policy-map my_policy1
This example shows how to add the class-default class map to a policy map:
n1000v(
config)#
policy-map my_policy1
This example shows how to remove a class map reference from a policy map:
n1000v(
config)#
policy-map my_policy1
To create or modify a QoS class map that defines a class of traffic, use the class-map command. To remove a class map, use the no form of this command.
class-map [ type qos ] [ match-any | match-all ] class-map-name
no class-map [ type qos ] [ match-any | match-all ] class-map-name
|
|
Hyphen, underscore, and alphabetic characters are allowed in the class map name.
Forty characters are the maximum allowed in the class map name.
This example shows how to create a class map and enter the QoS class map configuration mode to configure the specified map:
n1000v# configure terminal
n1000v(
config)#
class-map my_class1
This example shows how to remove the QoS class map named my_class1:
n1000v(
config)#
no class-map my_class1
|
|
---|---|
Configures the traffic class by matching packets based on match criteria in another class map. |
|
Configures the traffic class by matching packets based on packet lengths. |
To modify a type queuing class map and enter the class-map configuration mode, use the class-map type queuing command.
class-map type queuing {match-any | match-all} queuing-class-map-name
|
|
This example shows how to modify a queuing class map:
|
|
---|---|
Configures the traffic class by matching packets based on match criteria in another class map. |
|
To clear the counters for IP and MAC access control list(s) (ACLs), use the clear access-list counters command.
clear access-list counters [ access-list-name ]
(Optional) Name of the ACL whose counters the device clears. The name can be up to 64 alphanumeric, case-sensitive characters. |
|
|
If you specify an ACL, the name can be up to 64 alphanumeric, case-sensitive characters.
This example shows how to clear counters for all IP and MAC ACLs:
This example shows how to clear counters for an IP ACL named acl-ip-01:
|
|
---|---|
To clear the accounting logs that are stored on a local VSM during the split-brain resolution, use the clear active-active accounting logs command.
clear active-active accounting logs
|
|
Use the following command to check the accounting logs that were backed up during the split-brain resolution.
This example shows how to clear the accounting logs:
To clear the remote accounting logs that are stored on a remote VSM during the split-brain resolution, use the clear active-active remote accounting logs command.
clear active-active remote accounting logs
|
|
Use the following command to check the remote accounting logs that were backed up during the split-brain resolution.
This example shows how to clear the remote accounting logs:
To clear the redundancy traces that are stored on a local VSM during the split-brain resolution, use the clear active-active redundancy traces command.
clear active-active redundancy traces
|
|
Use the following command to check the redundancy traces that were backed up during the split-brain resolution.
This example shows how to clear the redundancy traces:
To clear the remote accounting logs that are stored on a remote VSM during the split-brain resolution, use the clear active-active remote redundancy traces command.
clear active-active remote redundancy traces
|
|
Use the following commands to check the remote accounting logs that were backed up during the split-brain resolution.
This example shows how to clear the remote accounting logs:
To clear Cisco Discovery Protocol (CDP) information on an interface, use the clear cdp command.
clear cdp { counters [ interface slot/port ] | table [ interface slot/port ]}
|
|
This example shows how to clear CDP counters on all interfaces:
n1000V#
clear cdp counters
This example shows how to clear CDP cache on all interfaces:
n1000V#
clear cdp table
|
|
---|---|
To clear the history of commands you have entered into the CLI, use the clear cli history command.
|
|
---|---|
Use the show cli history command to display the history of the commands that you entered at the command-line interface (CLI).
This example shows how to clear the command history:
|
|
---|---|
To clear the core files, use the clear cores command.
|
|
---|---|
Use the show system cores command to display information about the core files.
This example shows how to clear the core file:
This example shows how to clear the core on the logflash filesystem:
|
|
---|---|
To clear interface counters, use the clear counters command.
clear counters [ interface {all | ethernet slot/port | loopback virtual-interface-number | mgmt | port-channel port-channel-number | vethernet interface-number} ]
Clears virtual Ethernet interfaces. The range is 1 to 1048575. |
|
|
This example shows how to clear the Ethernet interface counters:
n1000v(
config)#
clear counters ethernet 2/1
|
|
---|---|
To clear the contents of the debug logfile, use the clear debug-logfile command.
|
|
---|---|
This example shows how to clear the debug logfile:
|
|
---|---|
To clear the statistics for a Flexible NetFlow flow exporter, use the clear flow exporter command in Any.
clear flow exporter { name exporter-name | exporter-name }
|
|
---|---|
You must have already enabled traffic monitoring with Flexible NetFlow using an exporter before you can use the clear flow exporter command.
The following example clears the statistics for the flow exporter named NFC-DC-PHOENIX:
|
|
---|---|
To clear the counters for IP access control lists (ACLs), use the clear ip access-list counters command.
clear ip access-list counters [ access-list-name ]
(Optional) Name of the IP ACL whose counters you want cleared. The name can be up to 64 alphanumeric, case-sensitive characters. |
|
|
If specifying an ACL by name, it can be up to 64 alphanumeric, case-sensitive characters.
This example shows how to clear counters for all IP ACLs:
This example shows how to clear counters for an IP ACL named acl-ip-101:
|
|
---|---|
To clear the counters for IPv6 access control lists (ACLs), use the clear ipv6 access-list counters command.
clear ipv6 access-list counters [ access-list-name ]
(Optional) Name of the IPv6 ACL whose counters you want cleared. The name can be up to 64 alphanumeric, case-sensitive characters. |
|
|
If specifying an ACL by name, it can be up to 64 alphanumeric, case-sensitive characters.
This example shows how to clear counters for all IPv6 ACLs:
This example shows how to clear counters for an IPv6 ACL named acl-ip-101:
|
|
---|---|
Displays information about one or all IPv4, IPv6 and MAC ACLs. |
|
To clear the Dynamic ARP Inspection (DAI) statistics for a specified VLAN, use the clear ip arp inspection statistics vlan command.
clear ip arp inspection statistics vlan vlan-list
Range of VLAN IDs from 1 to 4094 that you can clear DAI statistics from. |
|
|
This example shows how to clear the DAI statistics for VLAN 2:
This example shows how to clear the DAI statistics for VLANs 5 through 12:
This example shows how to clear the DAI statistics for VLAN 2 and VLANs 5 through 12:
|
|
---|---|
To clear dynamically added entries from the DHCP snooping binding database, use the clear ip dhcp snooping binding command.
clear ip dhcp snooping binding [ vlan vlan-id mac mac-addr ip ip-addr interface interface-id ]
(Optional) Specifies the MAC address associated with this VLAN. |
|
(Optional) Specifies the IP address associated with this VLAN. |
|
(Optional) Specifies the interface associated with this VLAN. |
|
network-admin
network-operator
|
|
This example shows how to clear dynamically added entries from the DHCP snooping binding database:
This example shows how to clear a DHCP snooping binding table entry for an interface:
#
clear ip dhcp snooping binding vlan 10 mac EEEE.EEEE.EEEE ip 10.10.10.1 interface vethernet 1
#
|
|
---|---|
To clear the IGMP statistics for an interface, use the clear ip igmp interface statistics command.
clear ip igmp interface statistics [ if-type if-number ]
(Optional) Interface type. For more information, use the question mark (?) online help function. |
|
|
|
This example shows how to clear IGMP statistics for an interface:
n1000v#
clear ip igmp interface statistics ethernet 2/1
n1000v#
|
|
---|---|
To clear the IGMP snooping statistics for VLANs, use the clear ip igmp snooping statistics vlan command.
clear ip igmp snooping statistics vlan { vlan-id | all }
|
|
This example shows how to clear IGMP snooping statistics for VLAN 1:
n1000v#
clear ip igmp snooping statistics vlan 1
n1000v#
|
|
---|---|
To clear the statistics for all interfaces for Link Aggregation Control Protocol (LACP) groups, use the clear lacp counters command.
clear lacp counters [ interface port-channel channel-number ]
(Optional) LACP port-channel number. The range of values is from 1 to 4096. |
|
|
If you clear counters for a specific port channel, the allowable port channel numbers are from 1 to 4096.
If you do not specify a channel number, the LACP counters for all LACP port groups are cleared.
If you clear counters for a static port-channel group, without the aggregation protocol enabled, the device ignores the command.
This example shows how to clear all the LACP counters:
n1000v(config)#
clear
lacp counters
n1000v(config) #
This example shows how to clear all LACP counters for the LACP port-channel group 20:
n1000v(config)#
clear
lacp counters interface port-channel 20
n1000v(config)#
|
|
---|---|
To uninstall a license file from a VSM, or to uninstall an evaluation license before installing a permanent license, use the clear license command.
|
|
---|---|
If a license is in use, you cannot uninstall it. Before uninstalling the license file, all licenses must first be transferred from the VEMs to the VSM license pool.
This example shows how to remove the Enterprise.lic license file from a VSM:
|
|
---|---|
Transfers licenses from a source VEM to another VEM, or to the VSM pool of available licenses. |
To end a session on a specified vty, use the clear line command.
network-admin
network-operator
|
|
This example shows how to end a session on a specified vty:
n1000v(
config)#
clear line
|
|
---|---|
Use the clear logging logfile command to clear messages from the logging file.
|
|
This example shows how to clear messages from the logging file:
|
|
---|---|
Use the clear logging session command to clear the current logging session.
|
|
This example shows how to clear the current logging session:
|
|
---|---|
To clear the counters for MAC access control lists (ACLs), use the clear mac access-list counters command.
clear mac access-list counters [ access-list-name ]
(Optional) Name of the MAC ACL whose counters you want to clear. The name can be up to 64 alphanumeric, case-sensitive characters. |
|
|
If you want counters cleared for a specific MAC ACL, the name can be up to 64 alphanumeric, case-sensitive characters.
This example shows how to clear counters for all MAC ACLs:
This example shows how to clear counters for a MAC ACL named acl-mac-0060:
|
|
---|---|
To clear the dynamic address entries from the MAC address table in Layer 2, use the clear mac address-table dynamic command.
clear mac address-table dynamic [[ address mac-addr ] [ vlan vlan-id ] [ interface { type slot/port | port-channel number }]
|
|
Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries from the table.
To clear static MAC addresses from the table, use the no mac address-table static command.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, the device removes all addresses on the specified interfaces.
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table:
n1000v(config)#
clear
mac address-table dynamic
n1000v(config) #
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table for VLAN 20 on port 2/20:
n1000v(config)#
clear
mac address-table dynamic vlan 20 interface ethernet 2/20
n1000v(config)#
|
|
---|---|
To clear the software installed address entries from the MAC address table. Clear commands allow for clearing up any stale MACs/VTEPs.
clear mac address-table sw-installed stale entries
Specifies that you want to clear software installed MAC addresses and VTEPs. |
|
|
|
Use the clear mac address-table sw-installed stale entries command to clear the software installed MAC addresses and any stale entries in the VSM.
This example shows how to clear the software installed address entries from the MAC address table:
n1000v(config)# clear mac address-table sw-installed stale-entries
|
|
---|---|
clear mac address-table sw-installed stale-entries module <module num> |
To clear the software installed MAC addresses of specific module. |
To clear the software installed address entries from the MAC address table of specific module. Clear commands allow for clearing up any stale MACs/VTEPs.
clear mac address-table sw-installed stale-entries module <module num>
Specifies that you want to clear software installed MAC addresses and VTEPs. |
|
|
|
Use the clear mac address-table sw-installed stale-entries module <module num> command to clear the software installed MAC addresses and any stale entries of the specific module in the VSM.
This example shows how to clear the software installed address entries from the MAC address table of specific module:
n1000v(config)# clear mac address-table sw-installed stale-entries module <module num>
|
|
---|---|
To clear the Network Time Protocol statistics, use the clear ntp statistics command.
clear ntp statistics { all-peers | io | local | memory }
|
|
This example shows how to clear statistics for all NTP peers:
n1000v(
config)#
clear ntp statistics all-peers
|
|
---|---|
To clear dynamically-learned, secure MAC address(es), use the clear port-security command.
clear port-security { dynamic } { interface vethernet veth-number | address address module module-number } [ vlan vlan-id ]
|
|
This example shows how to remove dynamically learned, secure MAC addresses from the veth1 interface:
This example shows how to remove the dynamically learned, secure MAC address 0019.D2D0.00AE:
|
|
---|---|
To clear the counters for QoS statistics, use the clear qos statistics command.
clear qos statistics { interface [ ethernet type/slot | vethernet number | port-channel number ] } [ input type qos | output type qos ]}
(Optional) Identifies a specific interface for which to clear statistics. |
|
|
|
If you do not specify an interface, the counters are cleared for all interfaces.
This example shows how to clear QoS statistics for all interfaces:
n1000v#
clear qos statistics
This example shows how to clear all input QoS statistics for veth2:
n1000v#
clear qos statistics veth2 input type qos
|
|
---|---|
Displays the policy map configuration for all policy maps or for a specified policy map. |
To clear the Secure Shell (SSH) host sessions, use the clear ssh hosts command.
|
|
This example shows how to clear all SSH host sessions:
|
|
---|---|
To clear the device reset-reason history, use the clear system reset-reason command.
|
|
---|---|
This example shows how to clear reset-reason history:
|
|
---|---|
To clear a user session, use the clear user command.
|
|
Use the show users command to display the current user sessions on the device.
This example shows how to clear all SSH host sessions:
|
|
---|---|
To clear the stale vteps entries from the address table. Clear commands allow for clearing up any stale MACs/VTEPs.
clear vtep-table stale-entries
|
|
Use the clear vtep-table stale-entries command to clear the stale vtep entries in the VSM.
This example shows how to clear the stale vtep entries:
|
|
---|---|
clear mac address-table sw-installed stale-entries module <module num> |
To clear the software installed MAC addresses of specific module. |
To clear the stale vteps entries from the address table of specific module. Clear commands allow for clearing up any stale MACs/VTEPs.
clear vtep-table stale-entries module <module num>
|
|
Use the clear vtep-table stale-entries module <module num> command to clear the stale vtep entries of specific module.
This example shows how to clear the stale vtep entries of specific module:
|
|
---|---|
clear mac address-table sw-installed stale-entries module <module num> |
To clear the software installed MAC addresses of specific module. |
To define a command line interface (CLI) variable for a terminal session, use the cli var name command. To remove the CLI variable, use the no form of this command.
cli var name variable-name variable-text
Name of the variable. The name is alphanumeric, case sensitive, and has a maximum of 31 characters. |
|
Variable text. The text is alphanumeric, can contain spaces, and has a maximum of 200 characters. |
|
|
---|---|
You can reference a CLI variable using the following syntax:
Instances where you can use variables in include the following:
You cannot reference a variable in the definition of another variable.
You can use the predefined variable, TIMESTAMP, to insert the time of day. You cannot change or remove the TIMESTAMP CLI variable.
You must remove a CLI variable before you can change its definition.
This example shows how to define a CLI variable:
This example shows how to reference the TIMESTAMP variable:
This example shows how to remove a CLI variable:
|
|
---|---|
To manually set the clock, use the clock set command.
Month of the year. The values are January, February, March, April, May, June, July, August, September, October, November, and December. |
|
|
|
---|---|
Use this command when you cannot synchronize your device with an outside clock source, such as NTP.
This example shows how to manually set the clock:
|
|
---|---|
To configure the summer-time (daylight saving time) offset, use the clock summer-time command. To revert to the default, use the no form of this command.
clock summer-time zone-name start-week start-day start-month start-time end-week end-day end-month end-time offset-minutes
|
|
---|---|
This example shows how to configure the offset for summer-time or daylight saving time:
This example shows how to remove the summer-time offset:
|
|
---|---|
To configure the time zone offset from Coordinated Universal Time (UTC), use the clock timezone command. To revert to the default, use the no form of this command.
clock timezone zone-name offset-hours offset-minutes
|
|
---|---|
This example shows how to configure the time zone offset from UTC:
This example shows how to remove the time zone offset:
|
|
---|---|
To configure Route Reflector Cluster-ID, use the cluster-id A.B.C.D command.
|
|
---|---|
This example shows how to manually specify the IP address to use as cluster-id for Route Reflector:
|
|
---|---|
To configure the number of bytes or packets in a flow as a non-key field and collect the number of bytes or packets seen for a Flexible NetFlow flow record, use the collect counter command. To disable the counters, use the no form of this command.
collect counter { bytes [ long ] | packets [ long ]}
no collect counter { bytes [ long ] | packets [ long ]}
Flow record configuration (config-flow-record)
|
|
---|---|
The following example enables collecting the total number of bytes from the flows as a non-key field:
The following example enables collecting the total number of bytes from the flows as a non-key field using a 64 bit counter:
The following example enables collecting the total number of packets from the flows as a non-key field:
The following example enables collecting the total number of packets from the flows as a non-key field using a 64 bit counter:
|
|
---|---|
Configures the counters as a non-key field and collects the counter values. |
|
To collect the TIMESTAMP SYS-UPTIME for a NetFlow flow record, use the collect timestamp sys-uptime command. To disable the collection, use the no form of this command.
collect timestamp sys-uptime { first | last }
no collect timestamp sys-uptime { first | last }
Flow record configuration (config-flow-record)
|
|
---|---|
The following example enables collecting the sys-uptime for the time the first packet was seen from the flows:
The following example enables collecting the sys-uptime for the time the most recent packet was seen from the flows:
|
|
---|---|
To collect a Transmission Control Protocol (TCP) flags for a NetFlow flow record, use the collect transport tcp flags command. To disable the collection, use the no form of this command.
no collect transport tcp flags
Flow record configuration (config-flow-record)
|
|
---|---|
The following example collects the TCP flags:
|
|
---|---|
To access configuration commands in the CLI global configuration mode, use the configure terminal command.
|
|
---|---|
The configuration changes you make in the global configuration mode are saved in the running configuration file. To save these changes persistently across reboots and restarts, you must copy them to the startup configuration file using the copy running-config startup-config command.
This example shows how to access configuration commands in the CLI global configuration mode:
|
|
---|---|
Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
To initiate a connection with vCenter, use the connect command. To disconnect from vCenter, use the no form of this command.
SVS connect configuration (config-svs-conn)
|
|
Upon connection to vCenter, if a username and password have not been configured for this connection, you are prompted to enter them.
There can be only one active connection at a time. If a previously-defined connection is up, an error message displays and the connect command is rejected until the previous connection is closed by entering no connect.
This example shows how to connect to vCenter:
n1000v(config#) svs connection vcWest
n1000v(config-svs-conn#) protocol vmware-vim
n1000v(config-svs-conn#) remote hostname vcMain
n1000v(config-svs-conn#) vmware dvs datacenter-name HamiltonDC
n1000v(config-svs-conn#) connect
This example shows how to disconnect from vCenter:
n1000v(config#) svs connection vcWest
n1000v(config-svs-conn#) no connect
|
|
---|---|
Configures the control type multicast in Layer 3 mode on the VSM. To disable the control type multicast, use the no form of this command.
SVS domain configuration (config-svs-domain)
|
|
The following example configures control type multicast::
|
|
---|---|
To assign a control VLAN to the Cisco Nexus 1000V domain, use the control vlan command. To remove the control VLAN, use the no form of this command.
SVS domain configuration (config-svs-domain)
|
|
Newly-created VLANs remain unused until Layer 2 ports are assigned to them.
If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error message.
This example shows how to configure control VLAN 70 for domain ID 32:
This example shows how to remove control VLAN 70 from domain ID 32:
|
|
---|---|
Creates the domain and places you into CLI SVS domain configuration mode. |
|
To copy a file from a source to a destination, use the copy command.
copy source-url destination-url
The format of the source and destination URLs varies according to the file or directory location. You may enter either a command-line interface (CLI) variable for a directory or a filename that follows the Cisco NX-OS file system syntax ( filesystem :[/ directory ][/ filename ]).
The following tables list URL prefix keywords by the file system type. If you do not specify a URL prefix keyword, the device looks for the file in the current directory.
Table 3-1 lists URL prefix keywords for bootflash and remote writable storage file systems.
Table 3-2 lists the URL prefix keywords for nonwritable file systems.
The default name for the destination file is the source filename.
|
|
---|---|
The entire copying process may take several minutes, depending on the network conditions and the size of the file, and differs from protocol to protocol and from network to network.
The colon character (:) is required after the file system URL prefix keywords (such as bootflash).
In the URL syntax for ftp:, scp:, sftp:, and tftp:, the server is either an IP address or a host name.
This example shows how to copy a file within the same directory:
This example shows how to copy a file to another directory:
This example shows how to copy a file to another supervisor module:
This example shows how to copy a file from a remote server:
|
|
---|---|
To copy the running configuration to the startup configuration, use the copy running-config startup-config command.
copy running-config startup-config
|
|
---|---|
Use this command to save configuration changes in the running configuration to the startup configuration in persistent memory. When a device reload or switchover occurs, the saved configuration is applied.
This example shows how to save the running configuration to the startup configuration:
|
|
---|---|
Displays the differences between the running configuration and the startup configuration. |
|
To configure a Cisco TrustSec device identifier, use the cts device-id command.
cts device-id device-id password [ 7 ] password
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command. The Cisco TrustSec device identifier name must be unique in your Cisco TrustSec network cloud. This command requires the Advanced Services license.
This example shows how to configure a Cisco TrustSec device identifier:
switch# configure terminal
swtich(config)# cts device-id DeviceA password Cisco321
|
|
---|---|
To enable the device tracking on Cisco TrustSec SXP for Cisco Nexus 1000V, use the cts device tracking command. To disable the device tracking on Cisco TrustSec SXP, use the no form of this command.
|
|
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to enable the device tracking on Cisco TrustSec SXP:
n1000v#
configure terminal
n1000v(
config)#
cts device tracking
n1000v(
config)#
|
|
---|---|
To configure the delete hold timer period for an interface, use the cts interface delete-hold command. To revert to the default, use the no form of this command.
cts interface delete-hold seconds
no cts interface delete-hold seconds
|
|
If the timer is set to 0, the IP-SGT mappings are deleted instantly.
The no form of this command does not start the timer when the interface goes to non-participating state and the IP-SGT entries are then always held on the interface.
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure the delete hold timer period for an interface:
n1000v#
configure terminal
n1000v(
config)#
cts interface delete-hold
|
|
---|---|
Displays the interface delete hold timer period for Cisco TrustSec |
To refresh the Cisco TrustSec security group access control list (SGACL) policies downloaded from the Cisco Secure ACS, use the cts refresh role-based-policy command.
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command. This command requires the Advanced Services license.
This example shows how to enter Cisco TrustSec manual configuration mode for an interface:
switch# cts refresh role-based-policy
|
|
---|---|
To create or specify a Cisco TrustSec security group access control list (SGACL) and enter role-based access control list configuration mode, use the cts role-based access-list command. To remove an SGACL, use the no form of this command.
cts role-based access-list list-name
no cts role-based access-list list-name
Name for the SGACL. The name is alphanumeric and case-sensitive. The maximum length is 32 characters. |
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command. This command requires the Advanced Services license.
This example shows how to create a Cisco TrustSec SGACL and enter role-based access list configuration mode:
switch# configure terminal
switch(config)# cts role-based access-list MySGACL
switch(config-rbacl)#
This example shows how to remove a Cisco TrustSec SGACL:
switch# configure terminal
switch(config)# no cts role-based access-list MySGACL
|
|
---|---|
To enable role-based access control list (RBACL) statistics, use the cts role-based counters enable command. To disabled RBACL statistics, use the no form of this command.
cts role-based counters enable
no cts role-based counters enable
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command.
To use this command, you must enable RBACL policy enforcement under the cts manual config mode at port-profiles conf.
When you enable RBACL statistics, each policy requires one entry in the. If you do not have enough space remaining in the, an error message appears, and you cannot enable the statistics.
When you modify an RBACL policy, statistics for the previously assigned access control entry (ACE) are displayed, and the newly assigned ACE statistics are initialized to 0.
RBACL statistics are lost only when the Cisco NX-OS device reloads or you deliberately clear the statistics.
This example shows how to enable RBACL statistics:
switch# configure terminal
switch(config)# cts role-based counters enable
This example shows how to disable RBACL statistics:
switch# configure terminal
switch(config)# no cts role-based counters enable
|
|
---|---|
Clears the RBACL statistics so that all counters are reset to 0. |
|
Displays the configuration status of RBACL statistics and lists statistics for all RBACL policies. |
To enable Cisco TrustSec security group access control list (SGACL) enforcement. use the cts role-based enforcement command under cys manual config level at port-profile configuration. To revert to the default, use the no form of this command.
cts manual (at port-profile configuration)
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command.
This example shows how to enable Cisco TrustSec SGACL enforcement in a port-profile:
switch(config)# port-profile type vethernet A-PP
switch(config-port-prof)# cts manual
switch(config-port-prof-cts-manual)# role-based enforcement
switch(config-port-prof-cts-manual)# no role-based enforcement
|
|
---|---|
Displays the Cisco TrustSec SGACL policy enforcement configuration. |
To manually configure mapping of Cisco TrustSec security group tags (SGTs) to a security group access control list (SGACL), use the cts role-based sgt command. To remove the SGT mapping to an SGACL, use the no form of this command.
cts role-based sgt { sgt-value | any | unknown } dgt { dgt-value | unknown }
no cts role-based sgt { sgt-value | any | unknown } dgt { dgt-value | unknown }
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command.
You must configure the SGACL before you can configure SGT mapping.
This example shows how to configure SGT mapping for an SGACL:
switch# configure terminal
switch(config)# cts role-based sgt 3 dgt 10 access-list MySGACL
This example shows how to remove SGT mapping for an SGACL:
switch# configure terminal
switch(config)# no cts role-based sgt 3 sgt 10
|
|
---|---|
To manually configure the Cisco TrustSec security group tag (SGT) mapping to the host IP addresses, use the cts role-based sgt-map command. To remove an SGT, use the no form of this command.
cts role-based sgt-map ip-address sgt
no cts role-based sgt-map ip-address sgt
Specifies the SGT corresponding to the IP address. The range is from 1-65519. |
VRF configuration (config-vrf)
|
|
You can use only IPv4 addressing with Cisco TrustSec.
The static IP-SGT bindings are configured in a context of a VRF and will be applied to the default VRF unless management VRF is specified.
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure mapping for a Cisco TrustSec SGT:
n1000v#
configure terminal
n1000v(
config)#
cts role-based sgt-map 1.1.1.1 100
n1000v(
config)#
|
|
---|---|
Displays the mapping of the IP address to SGT for Cisco TrustSec. |
|
To configure the security group tag (SGT) for Cisco TrustSec, use the cts sgt tag command. To remove the SGT tag, use the no form of this command.
Local SGT for the device that is a hexadecimal value with the format 0xhhhh. The range is from 1-65519. |
Port profile configuration (config-port-profile)
|
|
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure the Cisco TrustSec SGT for the device:
n1000v#
configure terminal
n1000v(
config)#
cts stg 0x00a2
n1000v(
config)#
|
|
---|---|
To configure a Security Group Tag (SGT) Exchange Protocol (SXP) peer connection for Cisco TrustSec, use the cts sxp connection peer command. To remove the SXP connection, use the no form of this command.
cts sxp connection peer peer ip-address [ source source ip-address ] password {[default] | [none] | [required] password [mode { listener}] [vrf {default | management}
no cts sxp connection peer peer ip-address [ source source ip-address ] password {[default] | [none] | [required] password [mode { listener}] [vrf {default | management}
|
|
Since Cisco Nexus 1000V can only act as the speaker in the connection, the peer must be configured as the listener.
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure an SXP peer connection:
n1000v#
configure terminal
n1000v(
config)# cts sxp connection peer 1.2.3.4 password none mode listener vrf management
n1000v(
config)#
|
|
---|---|
To configure the default SXP password for the device, use the cts sxp default password command. To remove the default, use the no form of this command.
cts sxp default password[ Word | 7 ] password
no cts sxp default password[ Word | 7 ] password
|
|
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure the default SXP password for the device:
n1000v#
configure terminal
n1000v(
config)#
cts sxp default password 7 CisocPassword
n1000v(
config)#
|
|
---|---|
To configure the default SXP source IPv4 address for the device, use the cts sxp default source-ip command. To revert to the default, use the no form of this command.
cts sxp default source-ip src-ip-addr
no cts sxp default source-ip src-ip-addr
|
|
You can use only IPv4 addressing with Cisco TrustSec.
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure the default SXP source IP address for the device:
n1000v#
configure terminal
n1000v(
config)#
cts sxp default source-ip 10.10.3.3
n1000v(
config)#
|
|
---|---|
To configure a Security Group Tag (SGT) Exchange Protocol (SXP) retry period timer, use the cts sxp retry-period command. To revert to the default, use the no form of this command.
no cts sxp retry-period seconds
|
|
Setting the SXP retry period to 0 seconds disables the timer and retries are not attempted.
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to configure the SXP retry period:
n1000v#
configure terminal
n1000v(
config)#
cts sxp retry-period 120
n1000v(
config)#
|
|
---|---|
To enable the Security Group Tag (SGT) Exchange Protocol (SXP) peer on a device, use the cts sxp enable command. To revert to the default, use the no form of this command.
|
|
This command requires an Advanced License. See the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV2(1.1) for more information on the licensing requirements for Cisco Nexus 1000V.
This example shows how to enable the Cisco TrustSec SXP:
n1000v#
configure terminal
n1000v(
config)#
cts sxp enable
This example shows how to disable the Cisco TrustSec SXP:
n1000v#
configure terminal