Cisco Virtual Security Gateway Commands
This chapter provides information about Cisco Virtual Security Gateway (VSG) commands.
action
To specify the actions to be executed when traffic characteristics match with an associated rule, use the action command. To remove the binding of the action with the given rule, use the no version of this command.
action {drop | permit | log | inspection protocol-type}
Syntax Description
drop |
Drops the incoming packets. |
permit |
Permits the incoming packets. |
log |
Logs the policy evaluation event. |
inspection |
Specifies the protocol be inspected. |
protocol-type |
Specific protocol type to be inspected. FTP, RSH, and TFTP are supported. |
Command Modes
Policy configuration (config-policy)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
Use the action command to specify the actions to be executed when traffic characteristics match with the associated rule. The command can be entered multiple times until the upper bound limit is reached.
Examples
This example shows how to specify that the policy is to drop packets:
vsg(config-rule)# action drop
Related Commands
|
|
rule |
Enters the rule configuration submode. |
attach
To access a module or the console of a module, use the attach command.
attach { console module module - number | module module - number }
Syntax Description
console module |
Specifies the console. |
module-number |
Module number. The range is from 1 to 66. |
module |
Specifies a module. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to attach to a module:
To exit type 'exit', to abort type '$.'
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Related Commands
|
|
show terminal |
Displays information about the terminal. |
attribute
To specify the particular attribute characteristics of a policy that is to be tested, use the attribute command.
attribute attr-seq-num attr-name value attr-value
Syntax Description
attr-seq-num |
Attribute input sequence number. |
attr-name |
Name of a VM or network attribute (for example, src.vm.name). |
value |
Designates the use of the following attribute value. |
attr-value |
Value of a VM or network attribute (for example, engg). |
Command Modes
Test policy-engine (test-policy-engine)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Examples
This example shows how to specify an attribute for a policy.
vsg(test-policy-engine)# attribute 1 src.vm.name value engg
vsg(test-policy-engine)# attribute 2 src.net.ip-address value 10.10.10.1
vsg(test-policy-engine)# exit
Result: DROP, Policy: p1, Rule: r1
Related Commands
|
|
test policy-engine simulate-pe-req policy |
Enters the test policy-engine submode. |
banner motd
To configure a message of the day (MOTD) banner, use the banner motd command.
banner motd [ delimiting-character message delimiting-character ]
no banner motd [ delimiting-character message delimiting-character ]
Syntax Description
delimiting-character |
(Optional) Character used to signal the beginning and end of the message text. For example, in the following message, the delimiting character is #:
|
message |
(Optional) Banner message. Up to 40 lines with a maximum of 80 characters in each line. |
Defaults
“User Access Verification” is the default message of the day.
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
The MOTD banner is displayed on the terminal before the login prompt whenever you log in.
The message is restricted to 40 lines and 80 characters per line.
To create a multiple-line MOTD banner, press Enter before typing the delimiting character to start a new line. You can enter up to 40 lines of text.
Follow these guidelines when choosing your delimiting character:
- Do not use the delimiting-character in the message string.
- Do not use " and % as delimiter.
Examples
This example shows how to configure and then display a banner message with the text, “Testing the MOTD”:
vsg(config)# banner motd #Testing the MOTD#
vsg(config)# show banner motd
This example shows how to configure and then display a multiple-line MOTD banner:
vsg(config)# banner motd #Welcome to authorized users.
> Unauthorized access prohibited.#
vsg(config)# show banner motd
Welcome to authorized users.
Unauthorized access prohibited.
This example shows how to revert to the default MOTD banner:
vsg(config)# no banner motd
vsg(config)# show banner motd
Related Commands
|
|
show banner motd |
Displays the MOTD banner. |
boot
To configure boot images, use the boot command. To revert to default settings, use the no form of this command.
boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
no boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
Syntax Description
asm-sfn |
Specifies a boot variable. |
auto-copy |
Enables or disables automatic copying of boot images to the standby Cisco VSG. |
kickstart bootflash |
Specifies the boot variable URI for the kickstart image. |
ssi |
Specifies a boot variable. |
system bootflash |
Specifies the boot variable URI for the system image. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to configure a boot variable:
vsg(config)# boot asm-sfn bootflash module 6
Related Commands
|
|
show boot |
Displays the current boot variables. |
cd
To change to a different directory, use the cd command.
cd { bootflash: | volatile: }
Syntax Description
bootflash: |
Specifies the bootflash directory. |
volatile: |
Specifies the volatile directory. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Use the pwd command to verify the name of the directory you are currently working in.
Examples
This example shows how to change to the volatile directory:
Related Commands
|
|
pwd |
Displays the name of the directory you are currently working in. |
cdp
To configure the Cisco Discovery Protocol (CDP), use the cdp command. To remove the CDP configuration, use the no form of this command.
cdp { advertise { v1 | v2 } | enable | format device-id | holdtime seconds | timer seconds }
no cdp { advertise | enable | format device-id | holdtime seconds | timer seconds }
Syntax Description
advertise |
Specifies the CDP version to advertise. |
v1 |
Specifies CDP Version 1. |
v2 |
Specifies CDP Version 2. |
enable |
Enables CDP globally on all interfaces and port channels. |
format device-id |
Specifies the device ID format for CDP. |
holdtime seconds |
Sets the maximum amount of time that CDP holds onto neighbor information before discarding it. The range is from 10 to 255. |
timer seconds |
Sets the refresh time for CDP to send advertisements to neighbors. The range is from 5 to 254. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set CDP Version 1 as the version to advertise:
vsg(
config)#
cdp advertise v1
This example shows how to remove CDP Version 1 as the version to advertise:
vsg(
config)#
no cdp advertise v1
Related Commands
|
|
show cdp global |
Displays the CDP configuration. |
clear accounting
To clear the accounting log, use the clear accounting command.
clear accounting log
Syntax Description
log |
Clears the accounting log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the accounting log:
vsg#
clear accounting log
Related Commands
|
|
show accounting log |
Displays the accounting log. |
clear ac-driver
To clear Application Container (AC) driver statistics, use the clear ac-driver command.
clear ac-driver statistics
Syntax Description
statistics |
Clears AC driver statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear AC driver statistics:
vsg#
clear ac-driver statistics
Related Commands
|
|
show ac-driver statistics |
Displays AC driver statistics. |
clear bootvar
To clear the boot variables log, use the clear bootvar command.
clear bootvar log
Syntax Description
log |
Clears the boot variables log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the boot variables log:
Related Commands
|
|
show bootvar log |
Displays the accounting log. |
clear cdp
To clear Cisco Discovery Protocol (CDP) information, use the clear cdp command.
clear cdp { counters [ interface { ethernet slot-number / port-number [. subinterface-number ]}] | mgmt 0 }] | table [ interface { ethernet slot-number / port-number [. subinterface-number ]}]}
Syntax Description
counters |
Clears the CDP counters. |
interface |
(Optional) Clears interfaces. |
ethernet |
Clears Ethernet interfaces. |
slot -number |
Slot. The range is from 1 to 66. |
port-number |
Port number. The range is from 1 to 128. |
. sub-interface |
(Optional) Subinterface number. The range of values is from 1 to 4094. |
mgmt 0 |
Clears the management 0 interface. |
table |
Clears the CDP statistics table. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear CDP counters on all interfaces:
Related Commands
|
|
show cdp all |
Displays all interfaces that are CDP enabled. |
show cdp entry |
Displays CDP information. |
clear cli
To clear command-line interface (CLI) command history, use the clear cli command.
clear cli history
Syntax Description
history |
Clears the CLI command history. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the CLI command history:
Related Commands
|
|
show cli history |
Displays the CLI command history. |
clear cores
To clear the core files, use the clear cores command.
clear cores [ archive file file-name ]
Syntax Description
archive file |
(Optional) Clears the archived core files. |
file-name |
Core filename. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all core files:
Related Commands
|
|
show cores |
Displays the core filename. |
clear counters
To clear interface loopback counters, use the clear counters command.
clear counters [interface {all | data | ethernet slot / port [.{ sub-interface }] | loopback virtual-interface-number | mgmt 0 | port-channel port-channel-number}]
Syntax Description
interface |
(Optional) Clears interface counters. |
all |
Clears all interface counters. |
ethernet |
Clears Ethernet interface counters. |
slot |
Slot. The range is from1 to 66. |
port |
Port. The range is from 1 to 128. |
sub-interface |
(Optional) Subinterface number. The range of values is from 1 to 4094. |
loopback |
Clears loopback interface counters. |
virtual-interface-number |
Virtual interface number. The range is from 0 to 1023. |
mgmt 0 |
Clears the management interface. |
port-channel |
Clears port-channel interfaces. |
port-channel-number |
Port channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a counter on a specific Ethernet interface:
vsg#
clear counters ethernet 2/1
Related Commands
|
|
show interface counters |
Displays the interface status, which includes the counters. |
clear debug-logfile
To clear the contents of the debug log, use the clear debug-logfile command.
clear debug-logfile log-name
Syntax Description
log-name |
Name of the debug log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the debug log:
vsg# clear debug-logfile syslog_debug
Related Commands
|
|
show debug logfile |
Displays the contents of the debug logfile. |
clear event-log policy_engine
To clear the event log buffer for the policy engine, use the clear event-log policy_engine command.
clear event-log policy_engine
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(4.1) |
This command was introduced. |
Examples
This example shows how to clear the event logs for the policy engine:
vsg# clear event-log policy_engine
Related Commands
|
|
event-log policy_engine |
Enables logging debugs for the policy engine. |
clear event-log service-path
To clear the event-log buffer for the service path, use the clear event-log service-path command.
clear event-log service-path
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(4.1) |
This command was introduced. |
Examples
This example shows how to clear the event logs for the service path:
vsg# event-log service-path
Related Commands
|
|
event-log service-path |
Enables logging debugs for the service-path process. |
clear frame
To clear Layer 2 traffic statistics, use the clear frame command.
clear frame statistics
Syntax Description
statistics |
Clears Layer 2 traffic statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the Layer 2 traffic statistics:
vsg# clear frame statistics
Related Commands
|
|
show vlan |
Displays VLAN information. |
clear fs-daemon
To clear the file sharing (FS) daemon log, use the clear fs-daemon command.
clear fs-daemon log
Syntax Description
log |
Clears the FS daemon log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the FS daemon log:
Related Commands
|
|
show logging |
Displays the logging configuration and the contents of the log file. |
clear inspect
To clear the File Transfer Protocol (FTP) inspection statistics, use the clear inspect command.
clear inspect ftp statistics [svs-domain-id domain-id module module-number ]
Syntax Description
ftp statistics |
Clears FTP statistics. |
svs-domain-id |
(Optional) Clears FTP statistics in the SVS domain. |
domain-id |
SVS domain ID. |
module |
(Optional) Clears FTP statistics on a specific module. |
module-number |
Module number. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the FTP inspection statistics:
vsg# clear inspect ftp statistics svs-domain-id 2 module 63
Related Commands
|
|
show vsg |
Displays Cisco VSG information. |
clear install
To clear the installation log, use the clear install command.
clear install {all failed-standby | failure-reason | status}
Syntax Description
all failed-standby |
Clears all the installation logs. |
failure-reason |
Clears the installation failure reason log. |
status |
Clear the installation status log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all the installation logs:
vsg# clear install all failed-standby
Related Commands
|
|
show install all status |
Displays the status of the current or last installation. |
clear ip adjacency statistics
To clear IP address adjacency statistics, use the clear ip adjacency statistics command.
clear ip adjacency statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear IP adjacency statistics:
vsg# clear ip adjacency statistics
Related Commands
|
|
show ipv6 adjacency |
Displays IP information. |
clear ip arp
To clear specific Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp command.
clear ip arp ip-address [ vrf { vrf-name | all | default | management }]
Syntax Description
ip-address |
IP address. The format is A.B.C.D. |
vrf |
Clears all virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range for number of characters is from 1 to 32. |
all |
Clears all ARP IP address statistics. |
default |
Clears default VRF ARP IP address statistics. |
management |
Clears management VRF ARP IP address statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a specific ARP IP address in EXEC mode:
vsg# clear ip arp 209.165.200.229
This example shows how to clear a specific ARP IP address in configuration mode:
vsg#(config) clear ip arp 209.165.200.229
Related Commands
|
|
show ip arp |
Displays IP ARP information. |
clear ip arp data
To clear Address Resolution Protocol (ARP) IP address statistics on the data 0 interface, use the clear ip arp data command.
clear ip arp data 0 [vrf { vrf-name | all | default | management } ]
Syntax Description
0 |
Clears data 0 interface ARP IP address statistics. |
vrf |
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range for number of characters is from 1 to 32. |
all |
Clears all ARP IP address statistics. |
default |
Clears default ARP IP address statistics. |
management |
Clears management interface ARP IP address statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all ARP IP address statistics on the data 0 interface:
vsg# clear ip arp data 0 all
Related Commands
|
|
show ip arp |
Displays IP ARP information. |
clear ip arp ethernet
To clear Address Resolution Protocol (ARP) IP address statistics on Ethernet interfaces, use the clear ip arp ethernet command.
clear ip arp ethernet slot-number / port-number [ . | vrf vrf-name ]
Syntax Description
slot-number |
Slot number. |
port-number |
Port number. |
vrf |
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range for number of characters is from 1 to 32. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ARP IP address statistics on an Ethernet interface:
vsg# clear ip arp ethernet 1 / 1
Related Commands
|
|
show ip arp |
Displays IP ARP information. |
clear ip arp loopback
To clear Address Resolution Protocol (ARP) IP address statistics on loopbacks, use the clear ip arp loopback command.
clear ip arp loopback loopback-number [vrf vrf-name ]
Syntax Description
loopback-number |
Loopback number. |
vrf |
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range is from 1 to 32. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ARP IP address statistics on a loopback:
vsg#
clear ip arp loopback 10
Related Commands
|
|
show ip arp |
Displays ARP IP address information. |
clear ip arp mgmt
To clear Address Resolution Protocol (ARP) IP address statistics on the management interface, use the clear ip arp mgmt command.
clear ip arp mgmt 0 [ vrf { vrf-name } | all | default | management} ]
Syntax Description
0 |
Clears management 0 interface ARP IP address statistics. |
vrf |
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
all |
Clears all ARP IP address statistics. |
default |
Clears default ARP IP address statistics. |
management |
Clears management interface ARP IP address statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ARP IP address statistics on the management interface:
vsg# clear ip arp mgmt all
Related Commands
|
|
show ip arp |
Displays IP ARP information. |
clear ip arp port-channel
To clear Address Resolution Protocol (ARP) IP address statistics on port channels, use the clear ip arp port-channel command.
clear ip arp port-channel port-channel-number [. sub-interface | vrf vrf-name ]
Syntax Description
port-channel-number |
Port channel number. |
sub-interface |
(Optional) Subinterface number. |
vrf |
(Optional) Clears virtual routing and forwarding (VRF) ARP IP address statistics. |
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ARP IP address statistics on a port channel:
vsg#
clear ip arp port-channel 2
Related Commands
|
|
show port-channel |
Displays port-channel information. |
clear ip arp statistics
To clear Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp statistics command.
clear ip arp statistics {data 0 | ethernet | loopback | mgmt | port-channel | vrf}
Syntax Description
data 0 |
Clears the data 0 interface. |
ethernet |
Clears the Ethernet interface. |
loopback |
Clears the loopback interface. |
mgmt |
Clears the management interface. |
port-channel |
Clears the port channel interface. |
vrf |
Clears the virtual routing and forwarding (VRF) interface. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ARP IP address statistics on data 0:
vsg#
clear ip arp statistics data 0
Related Commands
|
|
show ip |
Displays IP information. |
clear ip arp vrf
To clear Address Resolution Protocol (ARP) virtual routing and forwarding (VRF) IP address statistics, use the clear ip arp vrf command.
clear ip arp vrf { vrf-name | all | default | management}
Syntax Description
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
all |
Clears all ARP IP address statistics. |
default |
Clears default ARP IP address statistics. |
management |
Clears management interface ARP IP address statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear IP ARP VRF IP address statistics:
vsg# clear ip arp vrf vrf1
Related Commands
|
|
show vrf |
Displays VRF information. |
clear ip igmp event-history
To clear Internet Group Management Protocol (IGMP) IP address event history entries, use the clear ip igmp event-history command.
clear ip igmp event-history { cli | debugs | events | ha | igmp-internal | mtrace | policy | vrf }
Syntax Description
cli |
Clears the command-line interface (CLI) IGMP IP address event history entries. |
debugs |
Clears debug IGMP IP address event history entries. |
events |
Clears events IGMP IP address event history entries. |
ha |
Clears high-availability (HA) IGMP IP address event history entries. |
igmp-internal |
Clears internal IGMP IP address event history entries. |
mtrace |
Clears Mtrace IGMP IP address event history entries. |
policy |
Clears policy IGMP IP address event history entries. |
vrf |
Clears virtual routing and forwarding (VRF) IGMP IP address event history entries. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear HA IGMP IP address event history entries:
vsg# clear ip igmp event-history ha
Related Commands
|
|
show ip igmp |
Displays the IGMP status and the IGMP configuration. |
clear ip igmp snooping
To clear Internet Group Management Protocol (IGMP) IP address snooping entries, use the clear ip igmp snooping command.
clear ip igmp snooping { event-history [ VPC | igmp-snoop-internal | mfdm | mfdm-sum | vlan | vlan-events ] | explicit-tracking vlan vlan-id | statistics vlan [ vlan-id | all ]}
Syntax Description
event-history |
Clears event history IGMP IP address snooping entries. |
VPC |
(Optional) Clears virtual port channel (vPC) IGMP IP address snooping entries. |
igmp-snoop-internal |
(Optional) Clears internal IGMP IP address snooping entries. |
mfdm |
(Optional) Clears MFDM IGMP IP address snooping entries. |
mfdm-sum |
(Optional) Clears MFDM-sum IGMP IP address snooping entries. |
vlan |
(Optional) Clears VLAN IGMP IP address snooping entries. |
vlan-events |
(Optional) Clears VLAN event IGMP IP address snooping entries. |
explicit-tracking |
Clears explicit tracking IGMP IP address snooping entries. |
vlan-id |
(Optional) VLAN identification number. The range is from 1 to 3967 or 4048 to 4093. |
statistics vlan |
Clears VLAN statistical IGMP IP address snooping entries. |
all |
(Optional) Clears all IGMP IP address snooping entries. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IGMP IP address snooping entries:
vsg# clear ip igmp snooping all
Related Commands
|
|
show ip igmp |
Displays the IGMP status and configuration. |
clear ip interface
To clear IP address statistics on interfaces, use the clear ip interface command.
clear ip interface statistics [ data 0 | ethernet slot-number / port-number [. sub-interface-number ] | loopback loopback-number | mgmt | port-channel port-channel-number
[ . sub-interface-number ] ]
Syntax Description
statistics |
Clears IP address statistics on interfaces. |
data 0 |
(Optional) Clears IP address statistics on the data 0 interface. |
ethernet |
(Optional) C lears IP address statistics on Ethernet interfaces. |
slot-number |
Slot number. The range is from 1 to 66. |
port-number |
Port number. The range is from 1 to 128. |
subinterface-number |
(Optional) Subinterface number. The range is 1 to 4094. |
loopback |
(Optional) Clears IP address statistics on the loopback interface. |
loopback-number |
Loopback number. The range is from 0 to 123. |
mgmt 0 |
(Optional) Clears IP address statistics on the management 0 interface. |
port-channel |
(Optional) Clears IP address statistics on the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear IP address statistics on an Ethernet interface:
vsg# clear ip interface statistics ethernet 1 / 2
Related Commands
|
|
show ip interface |
Displays IP interface information. |
clear ip route
To clear IP routing information, use the clear ip route command.
clear ip route { * | A.B.C.D [ A.B.C.D { data 0 | ethernet slot / port | loopback loopback-number | port-channel portchannel-number }] | A.B.C.D/LEN [ A.B.C.D { data 0 | ethernet slot / port | loopback loopback-number | port-channel portchannel-number }] | vrf { vrf-name | default | management 0 }}
Syntax Description
* |
Clears all IP routing information. |
A.B.C.D |
Clears IP routing information at a specific IP address. |
data 0 |
Clears IP routing information on the management 0 interface. |
ethernet slot / port |
Clears IP routing information on a specific Ethernet interface. |
loopback |
Clears IP routing information on the loopback interface. |
loopback-number |
Loopback number. The range is from 0 to 1023. |
port-channel |
Clears IP routing information on the port channel. |
portchannel-number |
Port-channel number. The range is from 1 to 4096. |
A.B.C.D/LEN |
Clears IP routing information at a specific IP address. |
vrf |
Clears IP routing information for a VRF. |
vrf-name |
Virtual forwarding and routing (VRF) name. The range for the number of characters is from 1 to 32. |
default |
Clears default IP routing information. |
management 0 |
Clears IP routing information on the management 0 interface. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IP routing information:
Related Commands
|
|
show routing |
Displays routes. |
clear ip traffic
To clear global IP statistics, use the clear ip traffic command.
clear ip traffic [ vrf { vrf-name | default | management }]
Syntax Description
vrf |
Clears virtual routing and forwarding (VRF) global IP address statistics. |
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
default |
Clears default global IP address statistics. |
management |
Clears management global IP address statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear global IP statistics:
Related Commands
|
|
show ip traffic |
Displays IP traffic information. |
clear ipv6 adjacency statistics
To clear IPv6 address adjacency statistics, use the clear ipv6 adjacency statistics command.
clear ipv6 adjacency statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear IPv6 address adjacency statistics:
vsg# clear ipv6 adjacency statistics
Related Commands
|
|
show ipv6 adjacency |
Displays IPv6 statistics. |
clear ipv6 icmp interface statistics
To clear Internet Control Management Protocol (ICMP) IPv6 interface statistics, use the clear ipv6 icmp interface statistics command.
clear ipv6 icmp interface statistics [ data 0 | ethernet slot-number / port-number
[ . sub-interface-number ] | loopback virtual-interface-number | port-channel port-channel-number [ . sub-interface-number ] ]
Syntax Description
data 0 |
(Optional) Clears the data 0 interface. |
ethernet |
(Optional) Clears the Ethernet interface. |
slot-number |
Ethernet slot number. The range is from 1 to 66. |
/ |
Slot number port number separator. |
port-number |
Ethernet port number. The range is from 1 to 128. |
. |
Port number subinterface number separator. |
sub-interface-number |
(Optional) Subinterface number. The range is from 1 to 4094. |
loopback |
(Optional) Clears the loopback interface. |
virtual-interface-number |
Virtual interface number. The range is from 0 to 1023. |
port-channel |
(Optional) Clears the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear ICMP IPv6 Ethernet interface statistics:
vsg# clear ipv6 icmp interface statistics ethernet 1 / 2. 3
Related Commands
|
|
show ipv6 icmp |
Displays ICMPv6 information. |
clear ipv6 icmp mld groups
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) group IPv6 statistics, use the clear ipv6 icmp mld groups command.
clear ipv6 icmp mld groups { * [ vrf { vrf-name | all | default | management }] | A:B::C:D | A:B::C:D/LEN }
Syntax Description
* |
Clears all routes. |
vrf |
(Optional) Clears ICMP MLD virtual routing and forwarding (VRF) IPv6 routes. |
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
all |
(Optional) Clears all routing information. |
default |
(Optional) Clears default routing information. |
management |
(Optional) Clears management routing information. |
A:B::C:D |
Clears a specific IPv6 address. |
A:B::C:D/LEN |
Clears a specific IPv6 address. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all ICMP MLD group IPv6 statistics:
vsg# clear ipv6 icmp mld groups *
Related Commands
|
|
show ipv6 icmp |
Displays ICMPv6 information. |
clear ipv6 icmp mld route
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) routes, use the clear ipv6 icmp mld route command.
clear ipv6 icmp mld route { * [ vrf { vrf-name | all | default | management }] | A:B::C:D | A:B::C:D/LEN }
Syntax Description
* |
Clears all routes. |
vrf |
(Optional) Clears ICMP MLD virtual routing and forwarding (VRF) IPv6 routes. |
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
all |
Clears all routing information. |
default |
Clears default routing information. |
management |
Clears management routing information. |
A:B::C:D |
Clears a specific ICMP MLD IPv6 route. |
A:B::C:D/LEN |
Clears a specific ICMP MLD IPv6 route. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IPv6 ICMP MLD routes:
vsg# clear ipv6 icmp mld route *
Related Commands
|
|
show ipv6 icmp |
Displays ICMPv6 information. |
clear ipv6 nd interface statistics
To clear Neighbor Discovery (ND) IPv6 interface statistics, use the clear ipv6 nd interface statistics command.
clear ipv6 nd interface statistics [ data 0 | ethernet slot-number / port-number
[ . sub-interface-number ] | loopback virtual-interface-number | port-channel port-channel-number [ . sub-interface-number ] ]
Syntax Description
data 0 |
(Optional) Clears the data 0 interface. |
ethernet |
(Optional) Clears the Ethernet interface. |
slot-number |
Ethernet slot number. The range is from 1 to 66. |
/ |
Slot number port number separator. |
port-number |
Ethernet port number. The range is from 1 to 128. |
. |
Port number subinterface number separator. |
sub-interface-number |
(Optional) Subinterface number. The range is from 1 to 4094. |
loopback |
(Optional) Clears the loopback interface. |
virtual-interface-number |
Virtual interface number. The range is from 0 to 1023. |
port-channel |
(Optional) Clears the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear IPv6 ND interface statistics:
vsg# clear ipv6 nd interface statistics ethernet 2 / 3. 4
Related Commands
|
|
show ipv6 nd |
Displays Neighbor Discovery interface statistics. |
clear line
To end a session on a specified Virtual Teletype (VTY), use the clear line command.
clear line vty-name
Syntax Description
vty-name |
VTY name. The range for the number of characters is from 1 to 64. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to end a session on a specified VTY:
Related Commands
|
|
show users |
Displays active user sessions. |
clear logging
To clear logfile messages and logging sessions, use the clear logging command.
clear logging {logfile | session}
Syntax Description
logfile |
Clears log file messages. |
session |
Clears logging sessions. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear messages from the logging file:
vsg# clear logging logfile
Related Commands
|
|
show logging logfile |
Displays the contents of the log file. |
clear ntp
To clear the Network Time Protocol (NTP) sessions and statistics, use the clear ntp command.
clear ntp { session | statistics { all-peers | io | local | memory } }
Syntax Description
session |
Clears NTP sessions. |
statistics |
Clears NTP statistics. |
all-peers |
Clears all statistics. |
io |
Clears IO statistics. |
local |
Clears local statistics. |
memory |
Clears memory statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all NTP statistics:
vsg#
clear ntp statistics all-peers
Related Commands
|
|
show ntp peers |
Displays information about NTP peers. |
clear nvram
To clear the nonvolatile RAM (NVRAM), use the clear nvram command.
clear nvram
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the NVRAM:
Related Commands
|
|
show system resources |
Displays system resources. |
clear pktmgr client
To clear packet manager client counters, use the clear pktmgr client command.
clear pktmgr client [ client-counter-uuid ]
Syntax Description
client-counter-uuid |
(Optional) Client counter user identification. The range is from 0 to 4294967295. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a packet manager client counter :
vsg# clear pktmgr client 100
Related Commands
|
|
clear routing |
Clears routing information. |
clear pktmgr interface
To clear packet manager interface information, use the clear pktmgr interface command.
clear pktmgr interface [ data 0 | ethernet slot-number / port-number [ . sub-interface-number ] | loopback virtual-interface-number | mgm t 0 | port-channel [ . sub-interface-number ]]
Syntax Description
data 0 |
(Optional) Clears the data 0 interface. |
ethernet |
(Optional) Clears the Ethernet interface. |
slot-number |
Ethernet slot number. The range is from 1 to 66. |
/ |
Slot-number port-number separator. |
port-number |
Ethernet port number. The range is from 1 to 128. |
. |
Port-number subinterface number separator. |
sub-interface-number |
Subinterface number. The range is from 1 to 4094. |
loopback |
(Optional) Clears the loopback interface. |
virtual-interface-number |
Virtual interface number. The range is from 0 to 1023. |
port-channel |
(Optional) Clears the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear packet manager interface information:
vsg# clear pktmgr interface ethernet 10 / 11. 12
Related Commands
|
|
clear pktmgr client |
Clears the packet manager client. |
clear policy-engine
To clear policy engine statistics, use the clear policy-engine command.
clear policy-engine { policy-name stats | stats}
Syntax Description
policy-name |
Policy engine name. |
stats |
Clears policy engine statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear policy engine statistics:
vsg#
clear policy-engine stats
Related Commands
|
|
show policy-engine |
Displays the policy engine. |
clear processes
To clear process logs, use the clear processes command.
clear processes { log { all | archive [ archive-name ] | pid pid-number } | vdc vdc-name { all | pid pid-number } }
Syntax Description
log |
Clears process logs. |
all |
Clears all process logs. |
archive |
Clears archived process logs. |
archive-name |
(Optional) Archive name. |
pid |
Clears the process log for a specific process. |
pid-number |
PID number. |
vdc |
Clears process logs for a specific Cisco VSG. |
vdc-name |
VDC name. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all process logs:
vsg#
clear processes log all
Related Commands
|
|
show processes |
Displays all processes. |
clear rmon
To clear Remote Monitoring (RMON) logs, use the clear rmon command.
clear rmon { alarms | all-alarms | events | hcalarms }
Syntax Description
alarms |
Clears RMON alarms. |
all-alarms |
Clears all RMON alarms. |
events |
Clears RMON events. |
hcalarms |
Clears HC RMON alarms. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear RMON alarms:
Related Commands
|
|
show rmon |
Displays RMON information. |
clear role
To clear role session information, use the clear role command.
clear role session
Syntax Description
session |
Clears the role session information. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear role session information:
Related Commands
|
|
show role |
Displays role information. |
clear routing
To clear IP routes, use the clear routing command.
clear routing {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}]
Syntax Description
* |
Clears all routes. |
A.B.C.D |
Clears a specific IP route. |
A.B.C.D/LEN |
Clears an IP route and subnets. |
data 0 |
(Optional) Clears routing on the data 0 interface. |
ethernet |
(Optional) C lears routing on Ethernet interfaces. |
slot-number |
Slot number. The range is from 1 to 66. |
/ |
Slot and port number separator. |
port-number |
Port number. The range is from 1 to 128. |
. |
(Optional) Subinterface separator. |
subinterface-number |
Subinterface number. The range is from 1 to 4094. |
loopback |
(Optional) Clears routing on the loopback interface. |
virtual-interface-number |
Loopback number. The range is from 0 to 123. |
port-channel |
(Optional) Clears routing on the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all routes:
This example shows how to clear routes on the data 0 interface:
vsg#
clear routing 209.165.200.228 data 0
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing event-history
To clear routing event histories, use the clear routing event-history command.
clear routing event-history { add-route | cli | delete-route | errors | general | loop-detection | modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary }
Syntax Description
add-route |
Clears the added routes event history. |
cli |
Clears the command-line interface (CLI) routing event history. |
delete-route |
Clears the deleted routes event history. |
errors |
Clears the error routes event history. |
general |
Clears the general routes event history. |
loop-detection |
Clears the loop-detection routes event history. |
modify-route |
Clears the modified routes event history. |
notifications |
Clears the notification routes event history. |
recursive-next-hop |
Clears the recursive-next-hop routing event history. |
summary |
Clears the summary routing event history. |
ufdm |
Clears the UDFM routing event history. |
ufdm-summary |
Clears the UDFM summary routing event history. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the loop-detection routes event history :
vsg#
clear routing event-history loop-detection
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing ip
To clear IP routing statistics, use the clear routing ip command.
clear routing ip {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}]
Syntax Description
* |
Clears routing statistics for all routes. |
A.B.C.D |
Clears routing statistics for a specific IP route. |
A.B.C.D/LEN |
Clears routing statistics for an IP route and subnets. |
data 0 |
(Optional) Clears the data 0 interface. |
ethernet |
(Optional) Clears the Ethernet interface. |
slot-number |
Ethernet slot number. The range is from 1 to 66. |
/ |
Slot number port number separator. |
port-number |
Ethernet port number. The range is from 1 to 128. |
. |
Port number subinterface number separator. |
sub-interface-number |
Subinterface number. The range is from 1 to 4094. |
loopback |
(Optional) Clears the loopback interface. |
virtual-interface-number |
Virtual interface number. The range is from 0 to 1023. |
port-channel |
(Optional) Clears the port-channel interface. |
port-channel-number |
Port-channel number. The range is from 1 to 4096. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IP routes :
This example shows how to clear IP routes on slot 2, port 3 :
vsg#
clear routing ip ethernet 2 / 3
This example shows how to clear IP routes:
vsg#
clear routing ip 209.165.200.228
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing ip event-history
To clear routing event histories, use the clear routing ip event-history command.
clear routing ip event-history { add-route | cli | delete-route | errors | general | loop-detection | modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary }
Syntax Description
add-route |
Clears the added routes event history. |
cli |
Clears the command-line interface (CLI) routing event history. |
delete-route |
Clears the deleted routes event history. |
errors |
Clears the error routes event history. |
general |
Clears the general routes event history. |
loop-detection |
Clears the loop-detection routes event history. |
modify-route |
Clears the modified routes event history. |
notifications |
Clears the notification routes event history. |
recursive-next-hop |
Clears the recursive-next-hop routing event history. |
summary |
Clears the summary routing event history. |
udfm |
Clears the UDFM routing event history. |
udfm-summary |
Clears the UDFM summary routing event history. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the notifications routes event history :
vsg#
clear routing ip event-history notifications
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing ip unicast
To clear unicast routing entries, use the clear routing ip unicast command.
clear routing ip unicast { * | A.B.C.D | A.B.C.D/LEN | event-history }
Syntax Description
* |
Clears all IP unicast routes. |
A.B.C.D |
Clears a specific IP unicast route. |
A.B.C.D/LEN |
Clears a specific IP unicast route and subnets. |
event-history |
Clears the IP unicast event history. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IP unicast routes :
vsg#
clear routing ip unicast *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing ipv4
To clear IPv4 route entries, use the clear routing ipv4 command.
clear routing ipv4 { * | A.B.C.D | A.B.C.D/LEN | event-history | unicast }
Syntax Description
* |
Clears all IPv4 routes. |
A.B.C.D |
Clears a specific IPv4 route. |
A.B.C.D/LEN |
Clears a specific IPv4 route and subnets. |
event-history |
Clears the IPv4 routing event history. |
unicast |
Clears IPv4 unicast routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IPv4 routes :
vsg#
clear routing ipv4 *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing ipv6
To clear IPv6 route entries, use the clear routing ipv6 command.
clear routing ipv6 { * | A:B::C:D | A:B::C:D/LEN | event-history | unicast }
Syntax Description
* |
Clears all IPv6 routes. |
A:B::C:D |
Clears a specific IPv6 route. |
A:B::C:D/LEN |
Clears a specific IPv6 route and subnets. |
event-history |
Clears the IPv6 routing event history. |
unicast |
Clears IPv6 unicast routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IPv6 routes :
vsg#
clear routing ipv6 *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf command.
clear routing vrf vrf-name
Syntax Description
vrf-name |
VRF name. The range for the number of characters is from 1 to 32. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear VRF routes :
vsg#
clear routing vrf vrfTest
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf default
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf default command.
clear routing vrf default { * | A.B.C.D | A.B.C.D/LEN | ip | ipv4 | ipv6 | unicast }
Syntax Description
* |
Clears all VRF routes. |
A.B.C.D |
Clears a specific VRF route. |
A.B.C.D/LEN |
Clears a specific VRF route. |
ip |
Clears IP VRF routes. |
ipv4 |
Clears IPv4 VRF routes. |
ipv6 |
Clears IPv6 VRF routes. |
unicast |
Clears unicast VRF routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear VRF routes :
vsg#
clear routing vrf default *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management *
To clear all virtual routing and forwarding (VRF) management routes, use the clear routing vrf management * command.
clear routing vrf management *
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all VRF management routes:
vsg#
clear routing vrf management *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management
To clear specific virtual routing and forwarding (VRF) management routes, use the clear routing vrf management command.
clear routing vrf manageme nt ip-address [ ip-address {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }
Syntax Description
ip-address |
IP address. |
data 0 |
Clears VRF management routes. |
ethernet |
Clears VRF management routes on Ethernet ports. |
slot-number |
Ethernet port slot number. |
/ |
Slot and port separator. |
port-number |
Ethernet port number. |
. sub-interface |
(Optional) Ethernet subinterface. |
loopback |
Clears VRF management routes on a loopback. |
loopback-number |
Loopback number. |
port-channel |
Clears VRF management routes on a port channel. |
port-number |
Port-channel number. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a specific set of Ethernet routes:
vsg#
clear routing vrf management 209.165.200.226 209.165.200.236 ethernet 2 / 4
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management ip
To clear virtual routing and forwarding ( VRF) IP management routes, use the clear routing vrf management ip command.
clear routing vrf management ip {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [ . sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ]}]}
Syntax Description
* |
Clears all IP routes. |
A.B.C.D |
(Optional) Clears a specific VRF management IP route. |
data 0 |
Clears VRF management IP routes. |
ethernet |
Clears VRF management IP routes on Ethernet ports. |
slot-number |
Ethernet port slot number. |
/ |
Slot number and port number separator. |
port-number |
Ethernet port number. |
. |
Subinterface separator. |
sub-interface |
(Optional) Ethernet subinterface. |
loopback |
Clears VRF management IP routes on a loopback. |
loopback-number |
Loopback number. |
port-channel |
Clears VRF management IP routes on a port channel. |
port-number |
Port-channel number. |
unicast |
Clears unicast IP routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all IP unicast routes:
vsg#
clear routing vrf management ip unicast *
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management ipv4
To clear IPv4 virtual routing and forwarding (VRF) management routes, use the clear routing vrf management ipv4 command.
clear routing vrf management ipv4 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | unicast [ A.B.C.D { data 0 | ethernet slot-number / port-number [ . sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ]}]}
Syntax Description
* |
Clears all IPv4 routes. |
A.B.C.D |
Clears a specific VRF management IPv4 route. |
data 0 |
Clears VRF management IPv4 routes. |
ethernet |
Clears VRF management IPv4 routes on Ethernet ports. |
slot-number |
Ethernet port slot number. |
/ |
Slot number and port number separator. |
port-number |
Ethernet port number. |
. |
Subinterface separator. |
sub-interface |
Ethernet subinterface. |
loopback |
(Optional) Clears VRF management IPv4 routes on a loopback. |
loopback-number |
Loopback number. |
port-channel |
Clears VRF management IPv4 routes on a port channel. |
port-number |
Port-channel number. |
unicast |
Clears unicast IP routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear an IPv4 VRF management route:
vsg#
clear routing vrf management ipv4 209:165::200:229
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management ipv6
To clear IPv6 virtual routing and forwarding (VRF) management routes, use the clear routing vrf management ipv6 command.
clear routing vrf management ipv6 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }] | unicast [ A.B.C.D { data 0 | ethernet slot-number / port-number [ . sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ]}]}
Syntax Description
* |
Clears all IPv6 routes. |
A.B.C.D |
Clears a specific IPv6 route. |
data 0 |
Clears VRF management IPv6 routes. |
ethernet |
Clears VRF management IPv6 routes on Ethernet ports. |
slot-number |
Ethernet port slot number. |
/ |
Slot number and port number separator. |
port-number |
Ethernet port number. |
. |
Subinterface separator. |
sub-interface |
Ethernet subinterface. |
loopback |
(Optional) Clears VRF management IPv6 routes on a loopback. |
loopback-number |
Loopback number. |
port-channel |
Clears VRF management IPv6 routes on a port channel. |
port-number |
Port-channel number. |
unicast |
Clears unicast IP routes. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear an IPv6 VRF management route:
vsg#
clear routing vrf management ipv6 209:165::200:225
Related Commands
|
|
show routing |
Displays the IP route table. |
clear routing vrf management unicast
To clear unicast virtual routing and forwarding (VRF) management routes, use the clear routing vrf management unicast command.
clear routing vrf management unicast {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] } | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface ] | loopback loopback-number | port-channel port-number [ . sub-interface ] }]}
Syntax Description
* |
Clears all unicast routes. |
A.B.C.D |
Clears a specific VRF management unicast route. |
data 0 |
Clears VRF management unicast routes. |
ethernet |
Clears VRF management unicast routes on Ethernet ports. |
slot-number |
Ethernet port slot number. |
/ |
Slot number and port number separator. |
port-number |
Ethernet port number. |
. |
Subinterface separator. |
sub-interface |
Ethernet subinterface. |
loopback |
Clears VRF management unicast routes on a loopback. |
loopback-number |
Loopback number. |
port-channel |
Clears VRF management unicast routes on a port channel. |
port-number |
Port-channel number. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a specific unicast route:
vsg#
clear routing vrf management unicast 209.165.200.225
Related Commands
|
|
show routing |
Displays the IP route table. |
clear scheduler
To clear the scheduler log, use the clear scheduler command.
clear scheduler logfile
Syntax Description
logfile |
Clears the scheduler log. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the scheduler log file:
vsg#
clear scheduler logfile
Related Commands
|
|
show scheduler logfile |
Displays the scheduler log file. |
clear screen
To clear the screen, use the clear screen command.
clear screen
Syntax Description
This command has no key words or arguments.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the screen:
Related Commands
|
|
show terminal |
Displays terminal configuration parameters. |
clear service-path
To clear service path information, use the clear service-path command.
clear service-path {connection | statistics [ svs-domain-id id module module-number ]}
Syntax Description
connection |
Clears all the connection entries in the flow table. |
statistics |
Clears service path statistics. |
svs-domain- id |
(Optional) Clears the SVS domain identification number. |
id |
DVS domain identification number. |
module |
(Optional) Clears module information. |
module-number |
Module number. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear service path statistics:
vsg# clear service-path statistics
Related Commands
|
|
show service-path statistics |
Displays service path statistics. |
clear snmp
To clear Simple Network Management Protocol (SNMP) information, use the clear snmp command.
clear snmp {counters | hostconfig}
Syntax Description
counters |
Clears the SNMP counters. |
hostconfig |
Clears the SNMP host list. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear SNMP counters:
Related Commands
|
|
show snmp community |
Displays SNMP community strings. |
clear sockets
To clear socket statistics, use the clear sockets command.
clear sockets { all | raw | raw6 | tcp | tcp6 | udp | udp6 }
Syntax Description
all |
Clears all socket statistics. |
raw |
Clears RAW v4 statistics. |
raw6 |
Clears RAW v6 statistics. |
tcp |
Clears TCP v4 statistics. |
tcp6 |
Clears TCP v6 statistics. |
udp |
Clears UDP v4 statistics. |
udp6 |
Clears UDP v6 statistics. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear socket statistics:
Related Commands
|
|
show sockets statistics |
Displays TCP socket statistics. |
clear ssh
To clear the Secure Shell (SSH) host session, use the clear ssh command.
clear ssh hosts
Syntax Description
hosts |
Clears the SSH host session. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear all SSH host sessions:
Related Commands
|
|
show ssh |
Displays SSH information. |
clear system internal ac application
To clear application containers, use the clear system internal ac application command.
clear system internal ac application application-name instance instance-number [ fe fe-name ]
Syntax Description
application-name |
Application container name. |
instance |
Clears the application container instance. |
instance-number |
Application container instance number. |
fe |
(Optional) Clears the functional element. |
fe-name |
Functional element name. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear an application container:
vsg# clear system internal ac application core instance 1
Related Commands
|
|
show system internal ac application |
Displays application container information. |
clear system internal ac ipc-stats
To clear application container Instructions per Cycle (IPC) statistics, use the clear system internal ac ipc-stats command.
clear system internal ac ipc-stats fe { attribute-manager | inspection-ftp | inspection-rsh | inspection-tftp | service-path }
Syntax Description
fe |
Clears the functional element. |
attribute-manager |
Clears the attribute manager FE. |
inspection-ftp |
Clears the inspection FTP FE. |
inspection-rsh |
Clears the inspection remote shell (RSH) FE. |
inspection-tftp |
Clears the inspection TFTP FE. |
service-path |
Clears the service path FE. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear application container IPC statistics:
vsg# clear system internal ac ipc-stats
Related Commands
|
|
show system internal ac application |
Displays application container information. |
clear user
To clear a user session, use the clear user command.
clear user user-id
Syntax Description
user-id |
User identification number. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear a user session:
Related Commands
|
|
show users |
Displays user session information. |
cli
To define a command-line interface (CLI) variable for a terminal session, use the cli command. To remove the CLI variable, use the no form of this command.
cli var name variable-name variable-text
cli no var name variable-name
Syntax Description
variable-name |
Variable name. The name is alphanumeric, case sensitive, and has a maximum of 31 characters. |
variable-text |
Variable text. The text is alphanumeric, can contain spaces, and has a maximum of 200 characters. |
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
You can reference a CLI variable using the following syntax:
$( variable-name)
Instances where you can use variables are as follows:
- Command scripts
- Filenames
You cannot reference a variable in the definition of another variable.
You can use the predefined variable, TIMESTAMP, to insert the time of day. You cannot change or remove the TIMESTAMP CLI variable.
You must remove a CLI variable before you can change its definition.
Examples
This example shows how to define a CLI variable:
vsg# cli var name testinterface interface 2/3
This example shows how to reference the TIMESTAMP variable:
vsg# copy running-config > bootflash:run-config-$(TIMESTAMP).cnfg
This example shows how to remove a CLI variable:
vsg# cli no var name testinterface interface 2/3
Related Commands
|
|
show cli variables |
Displays the CLI variables. |
clock set
To manually set the clock, use the clock set command.
clock set time day month year
Syntax Description
time |
Time of the day. The format is HH : MM : SS. |
day |
Day of the month. The range is from 1 to 31. |
month |
Month of the year. The values are January, February, March, April, May, June, July, August, September, October, November, or December. |
year |
Year. The range is from 2000 to 2030. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Use the clock set command when you cannot synchronize your device with an outside clock source, such as a Network Time Protocol (NTP) server.
Examples
This example shows how to manually set the clock:
vsg# clock set 9:00:00 29 January 2011
Related Commands
|
|
show clock |
Displays the clock time. |
condition
To specify a condition statement used in a rule or zone, use the condition command. To remove the condition statement for a rule or zone, use the no form of this command.
condition attribute-name {eq | neq | gt | lt | prefix | contains | in-range | member-of | not-in-range | not-member-of} attribute-value1 [attribute-value2]
Syntax Description
attribute-name |
Name of the attribute for the rule object. |
eq |
Specifies equal to a number or exactly matched with a string. |
neq |
Specifies not equal to a number or not exactly matched with a string. |
gt |
Specifies greater than. |
lt |
Specifies less than. |
prefix |
Specifies a prefix of a string or an IP address. |
contains |
Specifies contains a substring. |
in-range |
Specifies a range of two integers, dates, times, or IP addresses. |
member-of |
Specifies a member of an object group. |
not-in-range |
Specifies negation of the in-range operator. |
not-member-of |
Specifies negation of the member. |
attribute-value1 |
Value of an attribute (for example, 10.10.10.1) or name of an object-group (for example, “ipaddr-group”). |
attribute-value2 |
(Optional) Value of an attribute or the netmask of a network address. |
Command Modes
Rule configuration (config-rule)
Zone configuration (config-zone)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
Use the condition command to specify a condition statement that is used in a rule. Each condition statement supports one of the Virtual Machine (VM), zone, network, or environment attributes. When multiple condition statements are used in a rule, all conditions are considered to be AND’d during a policy evaluation.
The following operators must have at least two attribute values:
- prefix—When applied against an IP address (for example, prefix 10.10.10.1 255.255.255.0)
- in-range—For all types of attribute values (for example, range 10.10.10.1 10.10.10.200)
- not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1 10.10.10.200)
Attribute values can be any of the following:
- Integer
- Integer range
- IP address and a netmask
- IP address range
- String
- Name of an object-group
Note ● Attributes used in rule conditions are mostly directional attributes.
- Attributes used in zone conditions are all neutral attributes.
Examples
This example shows how to set up conditions for a web server zone:
VSG(config)# zone web_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.1 10.10.1.20
This example shows how to set up conditions for an app server zone:
VSG(config)# zone app_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.21 10.10.1.40
This example shows how to set up conditions for a database server zone:
VSG(config)# zone db_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.41 10.10.1.60
Related Commands
|
|
rule |
Enters the rule configuration submode. |
zone |
Enters the zone configuration submode. |
cond-match-criteria
To specify the condition match criteria for a rule or zone, use the cond-match-criteria command.
cond-match-criteria {match-all | match-any}
Syntax Description
match-all |
Specifies that all conditions should be true. |
match-any |
Specifies that at least one condition from a column should be true. |
Command Modes
Rule configuration (config-rule)
Zone configuration (config-zone)
network-admin
network-operator
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Examples
This example shows how to specify the condition match criteria for a rule:
vsg(config)# rule inet_web_rule
vsg(config-rule)# cond-match-criteria match-any
vsg(config-rule)# condition 1 dst.zone.name eq web_servers
vsg(config-rule)# condition 2 dst.net.port member_of http_ports
vsg(config-rule)# action permit
Related Commands
|
|
condition |
Specifies a condition statement used in a rule or zone. |
rule |
Enters the rule configuration submode. |
zone |
Enters the zone configuration submode. |
configure
To enter configuration mode, use the configure command.
configure
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enter configuration mode:
Enter configuration commands, one per line. End with CNTL/Z.
Related Commands
|
|
interface data 0 |
Enters interface configuration mode. |
copy bootflash:
To copy files from the bootflash directory, use the copy bootflash: command.
copy bootflash:// file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy a file from a remote bootflash directory to a local bootflash directory:
vsg# copy bootflash://jsmith@209.193.10.10/ws/jsmith-sjc/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy volatile: |
Copies files from the volatile: directory. |
copy core:
To copy files from the core directory, use the copy core: command.
copy core: // file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- ftp:
- scp:
- sftp:
- tftp:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy a file from a remote core directory to a local volatile directory:
vsg# copy core://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Related Commands
|
|
copy log: |
Copies files from the log directory. |
copy debug:
To copy files from the debug directory, use the copy debug: command.
copy debug: // file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy a file from a remote debug directory to a local volatile directory:
vsg# copy debug://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Related Commandsv
|
|
copy bootflash: |
Copies files from the bootflash directory. |
copy ftp:
To copy files from the file transfer protocol (FTP) directory, use the copy ftp: command.
copy ftp:// file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- log:
- modflash:
- nvram:
- system:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to transfer a file from a remote FTP directory to a local bootflash directory:
vsg# copy ftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy sftp: |
Copies the files from the SFTP directory. |
copy log:
To copy files from the log directory, use the copy log: command.
copy log:// file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote log directory to a local volatile directory:
vsg# copy log://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
Related Commands
|
|
copy debug: |
Copies files from the debug directory. |
copy modflash:
To copy files from the modflash directory, use the copy modflash: command.
copy modflash: // file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote modflash directory to a local volatile directory:
vsg# copy modflash://user@209.193.10.10/ws/user-sjc/vsg-mod.bin volatile:/
Related Commands
|
|
copy nvram: |
Copies files from the NVRAM directory. |
copy nvram:
To copy files from the nonvolatile RAM (NVRAM) directory, use the copy nvram: command.
copy nvram:// file-address destination-address
Syntax Description
//file-address |
Address of the NVRAM files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote NVRAM directory to a local volatile directory:
vsg# copy nvram://user@209.193.10.10/ws/user-sjc/vsg-ram.bin volatile:/
Related Commands
|
|
copy modflash: |
Copies files from a modflash directory. |
copy running-config
To copy the running configuration, use the copy running-config command.
copy running-config destination-address [ all-vdc ]
Syntax Description
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- ftp:
- nvram:
- scp:
- sftp:
- tftp:
- volatile:
|
all-vdc |
(Optional) Copies to all virtual device contexts (VDC). |
Command Modes
EXEC
Global configuration
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy the running configuration to the bootflash directory:
vsg# copy running-config bootflash:
Related Commands
|
|
copy startup-config |
Copies a startup configuration to a specified destination. |
copy scp:
To copy files from the Secure Control Protocol (SCP) directory, use the copy scp: command.
copy scp:// file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- log:
- modflash:
- nvram:
- running-config
- startup-config
- system:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote SCP directory to a local volatile directory:
vsg# copy scp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin volatile:/
Related Commands
|
|
copy sftp: |
Copies files from the SFTP directory. |
copy sftp:
To copy files from the Secure File Transfer Protocol (SFTP) directory, use the copy sftp: command.
copy sftp:// file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- log:
- modflash:
- nvram:
- system:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to transfer a file from a remote SFTP directory to a local bootflash directory:
vsg# copy sftp://jjones@209.193.10.11/ps/jjones-rtg/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy tftp: |
Copies files from the Trivial File Transfer Protocol (TFTP) directory. |
copy startup-config
To copy the startup configuration, use the copy startup-config command.
copy startup-config destination-address [ all-vdc ]
Syntax Description
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- ftp:
- nvram:
- scp:
- sftp:
- tftp:
- volatile:
|
all-vdc |
(Optional) Copies to all virtual device contexts (VDC). |
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy the startup configuration to the bootflash directory:
vsg# copy startup-config bootflash:
Related Commands
|
|
copy running-config |
Copies a running configuration to a specified destination. |
copy system:
To copy files from the file directory, use the copy system: command.
copy system: // file-address destination-address
Syntax Description
//file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. You use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote file directory to a local bootflash directory:
vsg# copy system://pkim@209.193.10.12/ps/pkim-rich/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy bootflash: |
Copies files to the bootflash directory. |
copy tftp:
To copy files from the Trivial File Transfer Protocol (TFTP) directory, use the copy tftp: command.
copy tftp:// file-address destination-address
Syntax Description
// file-address |
Address of the files to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- log:
- modflash:
- nvram:
- system:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote TFTP directory to a local bootflash directory:
vsg# copy tftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy sftp: |
Copies files from the SFTP directory. |
copy volatile:
To copy files from the volatile directory, use the copy volatile: command.
copy volatile: // file-address destination-address
Syntax Description
//file-address |
Address of the file to copy. |
destination-address |
Address of the destination directory. Use one of the following directories in the destination address:
- bootflash:
- debug:
- ftp:
- log:
- modflash:
- nvram:
- scp:
- sftp:
- system:
- tftp:
- volatile:
|
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy files from a remote volatile directory to a local bootflash directory:
vsg# copy volatile://user@209.193.10.10/ws/user-sjc/vsg-dplug.bin bootflash:/
Related Commands
|
|
copy bootflash: |
Copies files from the bootflash directory. |
debug logfile
To direct the output of the debug command to a specified file, use the debug logfile command. To revert to the default, use the no form of the command.
debug logfile filename [ size bytes ]
no debug logfile filename [ size bytes ]
Syntax Description
filename |
Name of the file for debug command output. The filename is alphanumeric, case sensitive, and has a maximum of 64 characters. |
size |
(Optional) Specifies the size of the logfile in bytes. |
bytes |
(Optional) Bytes. The range is from 4096 to 10485760. |
Defaults
Default filename: syslogd_debugs
Default file size: 10485760 bytes
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
The logfile is created in the log: file system root directory.
Use the dir log: command to display the log files.
Examples
This example shows how to specify a debug logfile:
vsg# debug logfile debug_log
This example shows how to revert to the default debug logfile:
vsg# no debug logfile debug_log
Related Commands
|
|
dir |
Displays the contents of a directory. |
show debug |
Displays the debug configuration. |
show debug logfile |
Displays the debug logfile contents. |
debug logging
To enable debug command output logging, use the debug logging command. To disable debug logging, use the no form of this command.
debug logging
no debug logging
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enable the output logging for the debug command:
This example shows how to disable the output logging for the debug command:
Related Commands
|
|
debug logfile |
Configures the logfile for the debug command output. |
delete
To delete the contents of a directory, use the delete command.
delete { bootflash: | debug: | log: | modflash: | volatile: }
Syntax Description
bootflash: |
Specifies the bootflash directory. |
debug: |
Specifies the debug directory. |
log: |
Specifies the log directory. |
modflash: |
Specifies the modflash directory. |
volatile: |
Specifies the volatile directory. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to delete the contents of the bootflash directory:
Related Commands
|
|
copy |
Copies files to directories. |
dir
To display the contents of a directory or file, use the dir command.
dir [ bootflash: | debug: | log: | modflash: | volatile:]
Syntax Description
bootflash: |
(Optional) Specifies the directory or filename. |
debug: |
(Optional) Specifies the directory or filename on expansion flash. |
log: |
(Optional) Specifies the directory or filename on log flash. |
modflash: |
(Optional) Specifies the directory or filename on module flash. |
volatile: |
(Optional) Specifies the directory or filename on volatile flash. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Use the pwd command to identify the directory you are currently working in.
Use the cd command to change the directory you are currently working in.
Examples
This example shows how to display the contents of the bootflash: directory:
Related Commands
|
|
cd |
Changes the current working directory. |
pwd |
Displays the current working directory. |
echo
To echo an argument back to the terminal screen, use the echo command.
echo [ backslash-interpret ] [ text ]
Syntax Description
backslash-interpret |
(Optional) Interprets any character following a backslash character (\) as a formatting option. |
text |
(Optional) Text string to display. The text string is alphanumeric, case sensitive, can contain spaces, and has a maximum length of 200 characters. The text string can also contain references to CLI variables. |
Defaults
Displays a blank line.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
You can use this command in a command script to display information while the script is running.
Table 1 lists the formatting keywords that you can insert in the text when you include the backslash-interpret keyword.
Table 1 Formatting Options for the echo Command
|
|
\b |
Specifies back spaces. |
\c |
Removes the new line character at the end of the text string. |
\f |
Inserts a form feed character. |
\n |
Inserts a new line character. |
\r |
Returns to the beginning of the text line. |
\t |
Inserts a horizontal tab character. |
\v |
Inserts a vertical tab character. |
\\ |
Displays a backslash character. |
\ nnn |
Displays the corresponding ASCII octal character. |
Examples
This example shows how to display a blank line at the command prompt:
This example shows how to display a line of text at the command prompt:
vsg# echo Script run at $(TIMESTAMP).
Script run at 2008-08-12-23.29.24.
This example shows how to use a formatting option in the text string:
vsg# echo backslash-interpret This is line #1. \nThis is line #2.
Related Commands
|
|
run-script |
Runs command scripts. |
end
To return to EXEC mode from any lower-level mode, use the end command.
end
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enter Prime NSC policy agent mode and then how to return to EXEC mode:
vsg(config)# nsc-policy-agent
vsg(config-nsc-policy-agent)# end
Related Commands
|
|
configure |
Enters configuration mode. |
event
To clear the event counter, use the event command.
event manager clear counter counter - name
Syntax Description
event manager |
Places you in the event manager. |
clear counter |
Clears the counter. |
counter - name |
Counter name. The text string is alphanumeric, case sensitive, can contain spaces, and has a maximum length of 28 characters. |
Defaults
Displays a blank line.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to clear the event counter:
vsg# event manager clear counter default
Related Commands
|
|
show event |
Displays event information. |
event-log archive
To archive event logs for the policy engine or all modules, use the event-log archive command. The event logs are archived in a file with.gz extension in the bootflash: directory.
event-log archive {policy_engine | all}
Syntax Description
policy_engine |
Archives the event logs for the policy engine. |
all |
Archives the event logs for all modules. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Examples
This example shows how to archive event logs for the policy engine:
vsg# event-log archive policy_engine
Generated archive: event-logs.Mar_13_13-16_18_04.tar.gz
This example shows how to archive event logs for all modules:
vsg# event-log archive all
Generated archive: event-logs.Mar_13_13-16_15_23.tar.gz
Related Commands
|
|
clear event-log policy_engine |
Clears the event log buffer for the policy engine. |
event-log policy_engine |
Enables logging debugs for the policy engine. |
event-log inspect
To inspect the event log, use the event-log inspect command. To disable this feature, use the no form of this command.
event-log inspect {ac {error | info | inst-error | inst-info} | error | ftp {error | info | pkt_trace | warn} | info | rsh {error | info | pkt_trace} | tftp {error | info}}
no event-log inspect {ac {error | info | inst-error | inst-info} | error | ftp {error | info | pkt_trace | warn} | info | rsh {error | info | pkt_trace} | tftp {error | info}}
Syntax Description
ac |
Enables event logging for the AC module. |
error |
Enables logging for error events. |
info |
Enables logging for informational events. |
inst-error |
Enables logging for the AC instance error event. |
inst-info |
Enables logging for the AC instance informational events. |
ftp |
Enables event logging for the FTP module. |
pkt_trace |
Enables logging for the packet trace event. |
warn |
Enables logging for the warning event. |
rsh |
Enables event logging for the Remote Shell (RSH) module. |
pkt_trace |
Enables logging for the packet trace event. |
tftp |
Enables event logging for the TFTP module. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Examples
This example shows how to inspect the event log:
vsg# event-log inspect ac error
event-log policy_engine
To enable logging debugs for the policy engine, use the event-log policy_engine command. To disable this feature, use the no form of this command.
event-log policy_engine {ac {error | info | inst-error | inst-info} | attr-mgr {control | data | error} | data | data-detail}
no event-log policy_engine {ac {error | info | inst-error | inst-info} | attr-mgr {control | data | error} | data | data-detail}
Syntax Description
ac |
Enables event logging for the AC module. |
error |
Enables logging for error events. |
info |
Enables logging for informational events. |
inst-error |
Enables logging for the AC instance error event. |
inst-info |
Enables logging for the AC instance informational events. |
attr-mgr |
Enables event logging for the Attribute Manager module. |
control |
Enables display of the control plane event. |
data |
Enables event logging for the service path module. |
data-detail |
Enables the display of data path events details. |
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Examples
This example shows how to archive event logs for all modules:
vsg# event-log policy_engine ac inst-error
Related Commands
|
|
clear event-log policy_engine |
Clears the event log buffer for the policy engine. |
event-log save config
To save the current configuration of event-logs, use the event-log save config command.
event-log save config
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Usage Guidelines
Use this command to save the current configuration of event-logs in persistent memory. When a device reload or switchover occurs, the saved event-log configuration is applied.
Examples
This example shows how to save the current configuration of event-logs:
vsg# event-log save config
event-log service-path
To enable logging debugs for the service-path process, use the event-log service-path command. To disable this feature, use the no form of this command.
event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp {error | info | pkt-detail | pkt-error | pkt-info | vptah-lib-error | vpath-lib-info | vpath-lib-frag} [terminal]}
no event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp {error | info | pkt-detail | pkt-error | pkt-info | vpath-lib-error | vpath-lib-info | vpath-lib-frag} [terminal]}
Syntax Description
ac |
Enables event logging for the AC module. |
error |
Enables logging for error events. |
info |
Enables logging for informational events. |
inst-error |
Enables logging for installation errors. |
inst-info |
Enables logging for installation information. |
fm |
Enables event logging for the Flow Manager module. |
debug |
Enables debug information. |
sp |
Enables event logging for the service path module. |
pkt-detail |
Enables the display of packet details events. |
pkt-error |
Enables the display of packet errors events. |
pkt-info |
Enables the display of packet information events. |
vpath-lib-error |
Enables logging of vPath library errors events. |
vpath-lib-info |
Enables logging of vPath library information events. |
vpath-lib-frag |
Enables logging of vPath library fragmentation events. |
terminal |
(Optional) Enables logging to be displayed at the terminal. |
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was modified to include sp {vpath-lib-error | vpath-lib-info | vpath-lib-frag}. |
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Event logs are written to the process buffer and can be viewed by the show system internal event-log service-path command. When the terminal option is entered, the event logs are displayed on the terminal.
Examples
This example shows how to display the event logs for the service-path vPath library errors on the terminal:
vsg# event-log service-path sp vpath-lib-error terminal
Related Commands
|
|
show event-log all |
Displays all the event-logs turned on in the system. |
show system internal event-log service-path |
Displays the debug logs logged as a result of using the event-log service-path sp command. |
event-log save |
Saves the event-log configuration across reboots. |
exit
To exit the current mode, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to exit the current mode:
Related Commands
|
|
end |
Places you in EXEC mode. |
find
To find filenames that begin with a character string, use the find command.
find filename-prefix
Syntax Description
filename-prefix |
First part or all of a filename. The filename prefix is case sensitive. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
The find command searches all subdirectories under the current working directory. You can use the cd and pwd commands to navigate to the starting directory.
Examples
This example shows how to find a filename that has a prefix of “a”:
Related Commands
|
|
pwd |
Lists the directory you are currently in. |
gunzip
To uncompress a compressed file, use the gunzip command.
gunzip filename
Syntax Description
filename |
Name of the file. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
The compressed filename must have the.gz extension.
You do not have to enter the.gz extension as part of the filename.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples
This example shows how to uncompress a compressed file:
Related Commands
|
|
dir |
Displays the directory contents. |
gzip |
Compresses a file. |
gzip
To compress a file, use the gzip command.
gzip filename
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
After you use this command, the file is replaced with the compressed filename that has the.gz extension.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples
This example shows how to compress a file:
Related Commands
|
|
dir |
Displays the directory contents. |
gunzip |
Uncompresses a compressed file. |
install
To install an image upgrade, use the install command.
install all { iso | kickstart }
Syntax Description
iso |
Specifies an ISO image. |
kickstart |
Specifies a kickstart image. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to install an ISO image upgrade:
vsg# install all iso bootflash://smith@209.165.200.226/test
Related Commands
|
|
show install |
Displays the software installation impact between two images. |
interface
To configure an interface on the Cisco VSG, use the interface command. To remove an interface, use the no form of this command.
interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel channel-number }
no interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel channel-number }
Syntax Description
data |
Specifies the data interface number. |
number |
Data interface number. The number is 0. |
ethernet |
Specifies the slot and port number for the Ethernet interface. |
slot/port |
Slot and port number of the interface. |
loopback |
Specifies a virtual interface number. |
number |
Virtual interface number. The range is from 0 to 1023. |
mgmt |
Specifies the management interface number. |
number |
Management interface number. The number is 0. |
port-channel |
Specifies a port-channel interface number. |
channel-number |
Port-channel interface number. The range is from 0 to 1023. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to configure an interface:
This example shows how to remove an interface:
Related Commands
|
|
show interface |
Displays the interface and IP details, including Rx and Tx packets or bytes. |
ip
To configure IP details, use the ip command. To revert to the default settings, use the no form of this command.
ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup | host name | igmp | name-server | route | routing event-history | tcp | tftp path-mtu-discovery}
no ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup | host name | igmp | name-server | route | routing event-history | tcp | tftp path-mtu-discovery}
Syntax Description
access-list match-local-traffic |
Specifies the access-list matching for locally generated traffic. |
arp timeout seconds |
Specifies the Address Resolution Protocol (ARP) timeout. The range is from 60 to 28800. |
domain-list name |
Specifies an additional domain name. The name has a maximum of 64 characters. |
domain-lookup |
Specifies the domain name server (DNS). |
host name |
Specifies an entry to the IP hostname table. |
igmp |
Specifies event-history buffers or snooping in Internet Gateway Management Protocol (IGMP) global configuration mode. |
name-server |
Specifies the name-server address, IPv4 or IPv6. |
route |
Specifies the route IP prefix information. |
routing event-history |
Specifies the logs for routing events. |
tcp |
Configures global Transfer Control Protocol (TCP) parameters. |
tftp path-mtu-discovery |
Specifies path-MTU discovery on the Trivial File Transfer Protocol (TFTP). |
Command Modes
Global configuration
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows the ip command being used to configure IP details:
vsg(config)# ip host testOne 209.165.200.231
Related Commands
|
|
show ip |
Displays IP details. |
line
To specify the line configuration, use the line command.
line {com1 | console | vty}
Syntax Description
com1 |
Specifies the COM1 port and enters the COM1 port configuration mode. |
console |
Specifies the console port and enters the console port configuration mode. |
vty |
Specifies the virtual terminal and enters the line configuration mode. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enter the COM1 port configuration mode:
This example shows how to enter the console port configuration mode:
vsg(config)# line console
This example shows how to enter the line configuration mode:
Related Commands
|
|
show line |
Displays information about the COM1 port, console port configuration, and the line configuration. |
logging
To configure logging, use the logging command.
logging {abort | commit | console severity-level | distribute | event | level | logfile name | module severity-level | monitor severity-level | server | source-interface loopback number | timestamp time-type}
Syntax Description
abort |
Discards the logging Cisco Fabric Services (CFS) distribution session in progress without committing and then releases the lock. |
commit |
Applies the pending configuration pertaining to the logging CFS distribution session in progress in the fabric and then releases the lock. |
console severity-level |
Enables logging messages to the console session. To disable, use the no logging console command. The range is from 0 to 7. |
distribute |
Enables fabric distribution using CFS distribution for logging. To disable, use the no logging distribute command. |
event |
Logs interface events. To disable, use the no logging event command. |
level |
Enables logging of messages from a named facility at a specified severity level. To disable, use the no logging level command. |
logfile name |
Configures the specified log file that stores system messages. To disable, use the no logging logfile command. |
module severity-level |
Starts logging of module messages to the log file. To disable, use the no logging module command. The range is from 0 to 7. |
monitor severity-level |
Enables the logging of messages to the monitor (terminal line). To disable, use the no logging monitor command. The range is from 0 to 7. |
server |
Designates and configures a remote server for logging system messages. To disable, use the no logging server command. |
source-interface loopback number |
Enables a source interface for the remote syslog server, To disable, use the no logging source-interface command. The range is from 0 to 1023. |
timestamp time-type |
Sets the unit of time used for the system messages time stamp, in microseconds, milliseconds, or seconds. To disable, use the no logging timestamp command. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to discard logging a CFS distribution session in progress:
vsg(config)# logging abort
Related Commands
|
|
show logging |
Displays logging information. |
match
To specify a condition used in an object group, use the match command. To remove a condition in an object group, use the no form of this command.
match {eq | gt | lt | prefix | contains | in-range | neq | not-in-range} attribute-value1 [attribute-value2]
Syntax Description
eq |
Specifies equal to a number or exactly matched with a string. |
gt |
Specifies greater than. |
lt |
Specifies less than. |
prefix |
Specifies a prefix of a string or an IP address. |
contains |
Contains a substring. |
in-range |
Specifies a range of two integers, dates, times, or IP addresses. |
neq |
Specifies not equal to a number or not exactly matched with a string. |
not-in-range |
Negates the in-range operator. |
attribute-value1 |
Value of the attribute such as 10.10.10.10 or name of an object-group such as “ipaddr-group.” |
attribute-value2 |
(Optional) Value of an attribute or netmask of a network address. |
Command Modes
Policy configuration (config-policy)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
When multiple condition statements are used in an object group, all conditions are considered to be OR’d during policy evaluation. The following operators require at least two attribute values:
- prefix—When applied against a subnet mask (for example, prefix 10.10.10.1 255.255.255.0)
- in-range—For all types of attribute values (for example, in-range 10.10.10.1 10.10.10.200)
- not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1 10.10.10.200)
Attribute values can be any of the following:
- Integer
- Integer range
- IP address, or a netmask
- IP address range
- String
Examples
This example shows how to set conditions to be used in an object group:
vsg(config-object-group)# match 1 eq 80
vsg(config-object-group)# match 2 eq 443
vsg(config-object-group)# exit
Related Commands
|
|
object-group |
Enters the object-group configuration submode. |
mkdir (VSG)
To create a new directory, use the mkdir command.
mkdir {bootflash: | debug: | modflash: | volatile:}
Syntax Description
bootflash: |
Specifies bootflash: as the directory name. |
debug: |
Specifies debug: as the directory name. |
modflash: |
Specifies modflash: as the directory name. |
volatile: |
Specifies volatile: as the directory name. |
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
Examples
This example shows how to create the bootflash: directory:
Related Commands
|
|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
no event-log all
To remove the event-log configuration for all modules, use the no event-log command.
no event-log all
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG2(1.1) |
This command was introduced. |
Examples
This example shows how to remove the event-log configuration for all modules:
Related Commands
|
|
event-log inspect |
Enables or disables event logging for inspection engine. |
event-log policy_engine |
Enables or disables event logging for policy engine. |
event-log service-path |
Enables or disables event logging for service path. |
ntp sync-retry (VSG)
To retry synchronization with configured servers, use the ntp sync-retry command. To stop this process, use the no form of this command.
ntp sync-retry
no ntp sync-retry
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
Examples
This example shows how to enable the Network Time Protocol (NTP) synchronization retry:
This example shows how to disable the NTP synchronization retry:
Related Commands
|
|
show clock |
Displays the time and date. |
object-group
To reduce the number of rule configurations to accommodate the OR conditions for the HTTP/HTTPS ports, use the object-group command. To remove the given object group object and all the relevant configurations, use the no form of this command.
object-group group-name attribute-name
Syntax Description
group-name |
Name of the object group. |
attribute-name |
Attribute designated for the group. The attribute used in an object group must be a neutral attribute. |
Command Modes
Cisco VSG global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
This command enters the object-group submode. This command can be used to build a group of attribute values so the group can be used in a condition statement later on with the operator member.
Examples
This example shows how to use the object-group command:
vsg(config)# object-group http_ports net.port
vsg(config-object-group)#
Related Commands
|
|
match |
Specifies a condition used in an object group. |
password strength-check
To enable password strength checking, use the password strength-check command. To disable the password strength checking, use the no form of this command.
password strength-check
no password strength-check
Syntax Description
This command has no arguments or keywords.
Defaults
This feature is enabled by default.
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enable the checking of the password strength:
vsg(config)# password strength-check
This example shows how to disable the checking of the password strength:
vsg(config)# no password strength-check
Related Commands
|
|
show password strength-check |
Displays the configuration for checking the password strength. |
username |
Creates a user account. |
role name |
Names a user role and places you in role configuration mode for that role. |
policy
To enter the policy configuration submode for constructing a firewall policy on the Cisco VSG, use the policy command. To remove the given policy object and all its bindings with other policy objects, use the no form of this command.
policy policy-name
Syntax Description
policy-name |
Policy-map object. |
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
Use the policy command to enable the policy configuration subcommand mode when the variable policy-name is used to specify the policy-map object.
The policy command configuration submode provides the following functions:
- Binding rules to a given policy.
- Creating rank or precedence among all the bound rules.
- Binding zones to a given policy.
Examples
This example shows how to set a 3-tiered policy object:
vsg(config)# policy 3-tiered-policy
vsg(config-policy)# rule inet_web_rule order 10
vsg(config-policy)# rule office_app_ssh_rule order 20
vsg(config-policy)# rule web_app_rule order 40
vsg(config-policy)# rule app_db_rule order 50
vsg(config-policy)# rule default_deny_rule order 60
Related Commands
|
|
rule |
Configures the binding of the policy with a given rule. |
zone |
Configures the binding of the policy with a given zone. |
pwd
To view the current directory, use the pwd command.
pwd
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
Examples
This example shows how to view the current directory:
Related Commands
|
|
cd |
Changes the current directory. |
reload
To reboot both the primary and secondary Cisco VSG in a redundant pair, use the reload command.
reload
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
Usage Guidelines
To reboot only one of the Cisco VSGs in a redundant pair, use the reload module command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
Examples
This example shows how to reload both the primary and secondary Cisco VSG:
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface
Related Commands
|
|
reload module |
Reloads the specified Cisco VSG (1 or 2) in a redundant pair. |
reload module
To reload one of the Cisco VSGs in a redundant pair, use the reload module command.
reload module module [ force-dnld ]
Syntax Description
module |
Module number (use 1 for the primary Cisco VSG or 2 for the secondary Cisco VSG). |
force-dnld |
(Optional) Reboots the specified module to force NetBoot and image download. |
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
Usage Guidelines
To reboot both the Cisco VSGs in a redundant pair, use the reload command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
Examples
This example shows how to reload Cisco VSG 2, the secondary Cisco VSG in a redundant pair:
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface
Related Commands
|
|
show version |
Displays information about the software version. |
reload |
Reboots both the primary and secondary Cisco VSG. |
restart
To manually restart a component, use the restart command. To disable manual restart, use the no form of this command.
restart
no restart
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Do not use this command unless you are absolutely certain that there is no one else using the system.
Examples
This example shows how to restart the Cisco VSG:
Related Commands
|
|
reload |
Reboots the entire device. |
rmdir (VSG)
To remove a directory, use the rmdir command.
rmdir {bootflash: | debug: | modflash: | volatile:}
Syntax Description
bootflash: |
Deletes the bootflash: directory. |
debug: |
Deletes the debug: directory. |
modflash: |
Deletes the modflash: directory. |
volatile: |
Deletes the volatile: directory. |
Defaults
Removes the directory from the current working directory.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to remove the bootflash directory:
Related Commands
|
|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
role
To configure a user role, use the role command. To delete a user role, use the no form of this command.
role {feature-group feature-group-name | name { name | network-observer}}
no role {feature-group name | [name name | network-observer] }
Syntax Description
feature-group name |
Specifies a role for a feature group. The name can be any alphanumeric string up to 32 characters. |
name name |
Specifies the role name. The name can be any alphanumeric string up to 16 characters. |
network-observer |
Specifies the user role. |
Defaults
This feature is enabled by default.
Command Modes
Global configuration
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to configure a user role for a feature group:
vsg(config)# role feature-group name abc
vsg(config-role-featuregrp)#
Related Commands
|
|
show role |
Displays the role configuration. |
role name |
Names a user role and places you in role configuration mode for that role. |
rule
To enter the configuration submode to build a firewall rule that consists of multiple conditions and actions, use the rule command. To remove the given rule object and all the relevant configurations, use the no form of this command.
rule rule-name
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
Use the rule command to enter the rule configuration submode. The rule-name variable is used to specify the rule object that is to be configured.
Examples
This example shows how to build firewall rules on the Cisco VSG:
vsg(config)# rule inet_web_rule
vsg(config-rule)# cond-match-criteria match-any
vsg(config-rule)# condition 1 dst.zone.name eq web_servers
vsg(config-rule)# condition 2 dst.net.port member_of http_ports
vsg(config-rule)# action permit
vsg(config)# rule office_app_ssh_rule
vsg(config-rule)# cond-match-criteria match-all
vsg(config-rule)# condition 1 dst.zone.name eq app_servers
vsg(config-rule)# condition 2 src.net.ip-address prefix 192.10.1.0 \
vsg(config-rule)# condition 3 dst.net.port eq 22
vsg(config-rule)# action permit
vsg(config)# rule web_app_https_rule
vsg(config-rule)# cond-match-criteria match-all
vsg(config-rule)# condition 1 src.zone.name eq web_servers
vsg(config-rule)# condition 2 dst.zone.name eq app_servers
vsg(config-rule)# condition 3 dst.net.port member_of http_ports
vsg(config-rule)# action permit
vsg(config)# rule app_db_rule
vsg(config-rule)# cond-match-criteria match-any
vsg(config-rule)# condition 1 src.zone.name eq app_servers
vsg(config-rule)# condition 2 dst.zone.name eq db_servers
vsg(config-rule)# action permit
vsg(config)# rule default_deny_rule
vsg(config-rule)# cond-match-criteria match-any
vsg(config-rule)# action deny
vsg(config-rule)# action log
Related Commands
|
|
condition |
Specifies a condition statement used in a rule. |
action |
Specifies the actions to be executed when traffic characteristics match with the associated rule. |
cond-match-criteria |
Specifies the condition match criteria for a rule. |
run-script (VSG)
To run a command script that is saved in a file, use the run-script command.
run-script [ bootflash: [> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more | sed | sort | sscp | tr | uniq | vsh | wc | xml | begin | count | end | exclude | include] ] | volatile: [> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more | sed | sort | sscp | tr | uniq | vsh | wc | xml | begin | count | end | exclude | include] ] ] [ filename]
Syntax Description
bootflash: |
(Optional) Indicates that the file containing the command script is located in the bootflash file system. |
> |
(Optional) Redirects the output to a file. |
ftp: |
(Optional) Designates the destination file system path; in this case, the ftp: directory. |
scp: |
(Optional) Designates the destination file system path; in this case, the scp: directory. |
sftp: |
(Optional) Designates the destination file system path; in this case, the sftp: directory. |
tftp: |
(Optional) Designates the destination file system path; in this case, the tftp: directory. |
volatile: |
(Optional) Indicates that the file containing the command script is located in the volatile file system. |
>> |
(Optional) Redirects the output to a file in append mode. |
| |
(Optional) Pipes the command output to a filter. |
cut |
(Optional) Prints selected parts of lines. |
diff |
(Optional) Shows the difference between the current and previous invocation (creates temporary files. |
egrep |
(Optional) Prints lines that match a pattern. |
grep |
(Optional) Prints lines that match a pattern. |
head |
(Optional) Displays only the first lines. |
human |
(Optional) Provides command output in human readable format if permanently set to XML; otherwise, it turns on XML for the next command. |
last |
(Optional) Displays only the last lines. |
less |
(Optional) Designates filter for paging. |
no-more |
(Optional) Turns off the pagination for command output. |
sed |
(Optional) Enables the stream editor (SED). |
sort |
(Optional) Enables the stream sorter. |
sscp |
(Optional) Enables the stream secure copy (SSCP). |
tr |
(Optional) Translates, squeezes, and/or deletes characters. |
uniq |
(Optional) Discards all but one of successive identical lines. |
vsh |
(Optional) Enables the shell that understands command-line interface (CLI) commands. |
wc |
(Optional) Enables word count, line count, and character count. |
xml |
(Optional) Enables output in XML format (according to.xsd definitions). |
begin |
(Optional) Begins with the line that matches the variable included after the command keyword. |
count |
(Optional) Enables a count of the number of lines. |
end |
(Optional) Ends the display with the line that matches the string input after the command keyword. |
exclude |
(Optional) Excludes the lines that match the string input after the command keyword. |
include |
(Optional) Includes the lines that match the string input after the command keyword. |
filename |
(Optional) Name of the file containing the command script. The name is case sensitive. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to run a command script that is saved in a file called Sample:
vsg(
config)#
run-script volatile:Sample
Related Commands
|
|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the contents of the working directory. |
pwd |
Displays the name of the present working directory (pwd). |
send
To send a message to an open session, use the send command.
send { message | session device message }
Syntax Description
message |
Message. |
session |
Specifies a specific session. |
device |
Device type. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to send a message to an open session:
vsg# send session sessionOne testing
Related Commands
|
|
show banner |
Displays a banner. |
setup
To use the basic system configuration dialog for creating or modifying a configuration file, use the setup command.
setup
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
The Basic System Configuration Dialog assumes the factory defaults.
All changes made to your configuration are summarized for you at the completion of the setup sequence with an option to save the changes or not.
You can exit the setup sequence at any point by pressing Ctrl-C.
Examples
This example shows how to use the setup command to create or modify a basic system configuration:
Enter the domain id<1-4095>: 400
Enter HA role[standalone/primary/secondary]: standalone
[########################################] 100%
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
*Note: setup is mainly used for configuring the system initially,
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): y
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Configure the default gateway? (yes/no) [y]: n
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]:
Configure the ntp server? (yes/no) [n]:
Configure vem feature level? (yes/no) [n]:
Configure svs domain parameters? (yes/no) [y]:
Enter SVS Control mode (L2 / L3) : l2
Enter SVS Control mode (L2 / L3) : L2
Enter control vlan <1-3967, 4048-4093> : 400
Enter packet vlan <1-3967, 4048-4093> : 405
The following configuration will be applied:
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n
Related Commands
|
|
show running-config |
Displays the running configuration. |
sleep
To set a sleep time, use the sleep command.
sleep time
Syntax Description
time |
Sleep time, in seconds. The range is from 0 to 2147483647. |
Defaults
Sleep time is not set.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
When you set time to 0, sleep is disabled.
Examples
This example shows how to set a sleep time:
This example shows how to disable sleep:
Related Commands
|
|
reload |
Reboots the Cisco VSG. |
snmp-server
To configure the Simple Network Management Protocol (SNMP) values, use the snmp-server command. To revert to the default, use the no form of this command.
snmp-server {aaa-user cache-timeout seconds | community word | contact | context word | counter | enable traps | globalEnforcePriv | host | location name | mib community-map name | protocol | source-interface | tcp-session auth | user name}
no snmp-server {aaa-user cache-timeout seconds | community word | contact | context word | counter | enable traps | globalEnforcePriv | host | location name | mib community-map name | protocol | source-interface | tcp-session auth | user name}
Syntax Description
aaa-user cache-timeout seconds |
Configures an SNMP timeout value for synchronized AAA users. To revert to the default, use no snmp-server aaa-user cache-timeout. The range is from 1 to 86400. |
community word |
Creates an SNMP community name and assigns access privileges for the community. To remove the community or its access privileges, use the no snmp-server community command. The maximum number of characters is 32. |
contact |
Configures the sysContact, which is the SNMP contact name. To remove or modify the sysContact, use the no snmp-server contact command. |
context word |
Configures an SNMP context name to logical network entity mapping. To remove the context, use the no snmp-server context command. The maximum number of characters is 32. |
counter |
Enables the SNMP cache counter and sets the timeout. To remove the counter, use the no snmp-server counter command. |
enable traps |
Enables SNMP notifications for traps of module notifications. To disable, use the no snmp-server enable traps command. |
globalEnforcePriv |
Globally enforces privacy for all SNMP users. To disable, use the no snmp-server globalEnforcePriv command. |
host |
Configures a host receiver for SNMPv1 or SNMPv2c traps. To remove the host, use the no snmp-server host command. |
location name |
Configures the sysLocation, which is the SNMP location name. To remove the sysLocation, use the no snmp-server location command. The maximum number of characters is 32. |
mib community-map name |
Configures the SNMP MIB community map. To remove, use the no snmp-server mib community-map command. The maximum number of characters is 32. |
protocol |
Enables SNMP protocol operations. To disable, use the no snmp-server protocol command. |
source-interface |
Configures the SNMP source interface through which notifications are sent. To remove the notifications, use the no snmp-server source-interface command. |
tcp-session auth |
Enables a one-time authentication for SNMP over a TCP session. To disable authentication, use the no snmp-server tcp-session auth command. |
user name |
Defines a user who can access the SNMP engine. To deny access, use the no snmp-server user command. The maximum number of characters is 32. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to configure the AAA user synchronization timeout value:
vsg(config)# snmp-server aaa-user cache-timeout 6000
Related Commands
|
|
show snmp |
Displays information about SNMP. |
ssh
To create a Secure Shell (SSH) session, use the ssh command.
ssh { hostname | connect | name }
Syntax Description
hostname |
Hostname or user@hostname for the SSH session. The hostname is not case sensitive. The maximum number of characters is 64. |
connect |
Connects to a named remote host. |
name |
Specifies the name of the SSH connection. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Cisco NX-OS software supports SSH version 2.
Examples
This example shows how to start an SSH session:
vsg# ssh 10.10.1.1 vrf management
The authenticity of host '10.10.1.1 (10.10.1.1)' can't be established.
RSA key fingerprint is 9b:d9:09:97:f6:40:76:89:05:15:42:6b:12:48:0f:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.1.1' (RSA) to the list of known hosts.
Related Commands
|
|
clear ssh session |
Clears SSH sessions. |
ssh server enable |
Enables the SSH server. |
ssh key
To generate a secure-shell (SSH) session key with a specific security configuration, use the ssh key command.
ssh key {dsa | rsa}
Syntax Description
dsa |
Generates DSA security keys. There is an option to force the generation of keys, even if the previous ones are present. |
rsa number |
Generates RSA security keys at a specified level of bits. The range is from 768 to 2048. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Cisco NX-OS software supports SSH version 2.
Examples
This example shows how to generate an SSH session key:
vsg(config)# ssh key rsa 770
Related Commands
|
|
clear ssh session |
Clears SSH sessions. |
ssh server enable |
Enables the SSH server. |
system clis
To generate an event history, use the system clis command. To disable the event history, use the no form of this command.
system clis event-history {client | errors | ha | nvdb | parser}
no system clis event-history {client | errors | ha | nvdb | parser}
Syntax Description
event-history |
Generates event history logs for the command-line interface (CLI). |
client |
Generates a client interaction event history log. |
errors |
Generates an error event history log. |
ha |
Generates a high-availability (HA) event history log. |
nvdb |
Generates an NVDB and PSS event history log. |
parser |
Generates a parser event history event log. |
Command Modes
Global configuration (config)
network-administrator
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to generate an error event history log:
vsg# system clis event-history errors
Related Commands
|
|
show system clis event-history |
Displays the event history of the CLI servers. |
system cores
To copy cores to a destination, use the system cores command. To disable, use the no form of this command.
system cores tftp: // server @ ip-address
no system cores tftp: // server @ ip-address
Syntax Description
tftp: |
Specifies the Trivial File Transfer Protocol (TFTP) protocol. |
server |
Destination server. |
ip-address |
Destination IP address. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy cores to a destination:
vsg# system cores tftp://jjones@209.165.200.229
Related Commands
|
|
show system cores |
Displays the core transfer option. |
system default switchport
To return to system-level default values, use the system default switchport command. To disable the default switchport feature, use the no form of this command.
system default switchport [shutdown]
no system default switchport [shutdown]
Syntax Description
shutdown |
(Optional) Shuts down the admin state. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to return to system-level default values :
vsg# system default switchport shutdown
Related Commands
|
|
show system resources |
Displays system resources. |
system hap-reset
To reset local or remote supervisors after a high-availability (HA) failure, use the system hap-reset command. To disable the hap-reset feature, use the n o form of this command.
system hap-reset
system no hap-reset
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to switch over to the standby supervisor:
Related Commands
|
|
show system redundancy |
Displays the system redundancy status. |
system health
To check the system health, use the system health command.
system health check bootflash
Syntax Description
check |
Runs a consistency check on the compact flash. |
bootflash |
Checks the internal bootflash. |
Command Modes
EXEC
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to check the system health:
vsg# system health check bootflash
Related Commands
|
|
show system resources |
Displays system resources. |
system heartbeat
To enable the system heartbeat, use the system heartbeat command. To disable the system heartbeat, use the no form of the command.
system heartbeat
system no heartbeat
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enable the system heartbeat:
Related Commands
|
|
system health |
Checks the system health status. |
system internal
To generate debug snapshots for services, use the system internal command.
system internal snapshot service service-name
Syntax Description
snapshot |
Generates debug snapshots. |
service |
Generates a debug snapshot for a service. |
service-name |
Service name. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to generate debug snapshots for services:
vsg# system internal snapshot service
Related Commands
|
|
show system internal |
Displays all internal commands. |
system jumbomtu
To set the maximum transmission units (MTU) to jumbo, use the system jumbomtu command.
system jumbomtu 9000
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the MTU size to jumbo:
vsg# system jumbomtu 9000
Related Commands
|
|
show system resources |
Displays the system resource details. |
system memlog
To generate a memory log in bootflash, use the system memlog command.
system memlog
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to generate a memory log in bootflash:
Related Commands
|
|
show system memory-alerts-log |
Displays a detailed log for memory alerts. |
show system memory-status |
Displays memory status information. |
system memory-thresholds
To set system memory thresholds, use the system memory-thresholds command.
system memory-thresholds {minor minor-memory-threshold severe severe memory-threshold critical critical-memory-threshold | threshold critical no-process-kill}
Syntax Description
minor |
Sets the minor memory threshold. |
minor-memory-threshold |
Minor threshold as a percentage of memory. The range is from 50 to 100. |
severe |
Sets the severe memory threshold. |
severe memory-threshold |
Severe threshold as a percentage of memory. The range is from 50 to 100. |
critical |
Sets the critical memory threshold. |
critical-memory-threshold |
Critical threshold as a percentage of memory. The range is from 50 to 100. |
threshold |
Sets the threshold behavior. |
critical |
Sets the critical memory threshold. |
no-process-kill |
Specifies to not kill processes when out of memory. |
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the memory threshold:
vsg# system memory-thresholds minor 60
Related Commands
|
|
show system resources |
Displays the system resources. |
system pss
To shrink PSS files, use the system pss command.
system pss shrink
Syntax Description
shrink |
Shrinks the PSS files. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to shrink PSS files:
Related Commands
|
|
show system pss |
Displays the PSS shrink status. |
system redundancy
To set a system redundancy policy, use the system redundancy command.
system redundancy role { primary | secondary | standalone }
Syntax Description
role |
Sets the redundancy role. |
primary |
Specifies the primary redundant Cisco VSG. |
secondary |
Specifies the secondary redundant Cisco VSG. |
standalone |
Specifies no redundant Cisco VSG. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the redundancy role:
vsg# system redundancy role primary
Related Commands
|
|
show system redundancy |
Displays the system redundancy status. |
system standby
To enable a system standby manual boot, use the system standby command. To disable a system standby manual boot, use the no form of this command.
system standby manual-boot
no system standby manual-boot
Syntax Description
manual-boot |
Specifies to perform a manual boot. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set a system standby manual boot:
vsg# system standby manual-boot
Related Commands
|
|
show system standby |
Displays the system standby manual boot option. |
system startup-config
To initialize or unlock the system startup configuration, use the system startup-config command.
system startup-config { init | unlock lock id }
Syntax Description
init |
Initializes the startup configuration. |
unlock |
Unlocks the startup configuration. |
lock id |
Lock identification number. The range is from 0 to 65536. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to unlock the system startup configuration:
vsg# system startup-config unlock 1324
Related Commands
|
|
show startup-config |
Displays startup system information. |
system statistics
To reset the system statistics, use the system statistics command.
system statistics reset
Syntax Description
reset |
Resets the system statistics. |
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to reset the system statistics:
vsg# system statistics reset
Related Commands
|
|
show system redundancy |
Displays the system redundancy status. |
system switchover
To switch over to the standby supervisor in EXEC mode, use the system switchover command.
system switchover
To configure a system switchover in configuration mode, use the system switchover command.
system switchover {ha | warm}
Syntax Description
ha |
Enables high availability. |
warm |
Enables a warm switchover. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to switch over to the standby supervisor:
Related Commands
|
|
show redundancy |
Displays the system redundancy status. |
system trace
To configure the system trace level, use the system trace command.
system trace {mask}
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to configure the system trace level:
Related Commands
|
|
system default |
Configures system-level default values. |
system watchdog kdgb
To enable a system watchdog, use the system watchdog command. To disable a system watchdog, use the no form of this command.
system watchdog kdgb
no system watchdog kdgb
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to enable watchdog:
Related Commands
|
|
system default |
Configures system-level default values. |
tail
To display the end of a file, use the tail command.
tail { bootflash: filename [number] | debug: filename [number] | modflash: filename [number] | volatile: filename [number]}
Syntax Description
bootflash: |
Specifies the bootflash directory. |
filename |
Name of the file. |
number |
(Optional) Number of lines to display. |
debug: |
Specifies the debug directory. |
modflash: |
Specifies the modflash directory. |
volatile: |
Specifies the volatile directory. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to display the last 10 lines of a file:
vsg# tail bootflash:startup.cfg
ip arp inspection filter marp vlan 9
ip arp inspection vlan 13
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
This example shows how to display the last 20 lines of a file:
vsg# tail bootflash:startup.cfg 20
area 99 virtual-link 1.2.3.4
address-family ipv4 unicast
event manager applet sdtest
ip arp inspection filter marp vlan 9
ip arp inspection vlan 13
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
Related Commands
|
|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
telnet
To create a Telnet session, use the telnet command.
telnet { ipv4-address | hostname } [ port-number | vrf vrf-name ]
Syntax Description
ipv4-address |
IPv4 address of the remote device. |
hostname |
Hostname of the remote device. The name is alphanumeric, case sensitive, and has a maximum of 64 characters. |
port-number |
(Optional) Port number for the Telnet session. The range is from 1 to 65535. |
vrf vrf-name |
(Optional) Specifies the virtual routing and forwarding (VRF) name used for the Telnet session. The name is case sensitive. |
Defaults
Port 23
Default VRF
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to start a Telnet session:
vsg# telnet 10.10.1.1 vrf management
Related Commands
|
|
clear line |
Clears Telnet sessions. |
telnet server enable |
Enables the Telnet server. |
terminal alias
To display a terminal alias, use the terminal alias command. To disable the terminal alias, use the no form of this command.
terminal alias word persist
no terminal alias word persist
Syntax Description
word |
Name of the alias. |
persist |
Alias configuration saved. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to display an alias for engineering:
vsg#
terminal alias engineering
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal color
To enable colorization of the command prompt, command line, and output, use the terminal color command. To disable the terminal color, use the no form of this command.
terminal color [ evening | persist]
no terminal color [ evening | persist]
Syntax Description
evening |
Sets the screen background to black. |
persist |
Saves the configuration. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the colorization of the command line:
vsg#
terminal color evening persist
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal dont-ask
To turn off the “ Are you sure?”
questions when a command is entered, use the terminal dont-ask command. To disable the terminal don’t ask question, use the no form of this command.
terminal dont-ask persist
no terminal dont-ask persist
Syntax Description
persist |
Saves the configuration. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to turn off the “Are you sure?” question when a command is entered:
vsg#
terminal dont-ask persist
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal edit-mode
To set the edit mode to vi, use the terminal edit-mode command. To return the edit mode to emacs, use the no form of this command.
terminal edit-mode vi
no terminal edit-mode vi
Syntax Description
vi |
Sets the edit mode to vi. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the command line edition keys:
vsg#
terminal edit-mode vi
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal event-manager
To bypass the CLI event manager, use the terminal event-manager command.
terminal event-manager bypass
Syntax Description
bypass |
Bypasses the CLI event manager. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to bypass the CLI event manager:
vsg#
terminal event-manager bypass
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal history
To disable the recall of EXEC mode commands when in configuration mode, use the terminal history command. To enable recall, use the no form of this command.
terminal history no-exec-in-config
no terminal history no-exec-in-config
Syntax Description
no-exec-in-config |
Disables the recall of EXEC mode commands when in configuration mode. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set terminal history properties:
vsg# terminal history no-exec-in-config
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal length
To set the number of lines that appear on the terminal screen, use the terminal length command.
terminal length number
Syntax Description
number |
Number of lines. The range is from 0 to 511. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Set number to 0 to disable pausing.
Examples
This example shows how to set the number of lines that appear on the screen:
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal log-all
To log all commands including the show commands, use the terminal log-all command.
terminal log-all
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to log all commands:
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal monitor
To copy syslog output to the current terminal line, use the terminal monitor command.
terminal monitor
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to copy syslog output to the current terminal line:
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal output
To display show command output in XML, use the terminal output command. To display show command output in text, use the no form of this command.
terminal output xml
no terminal output xml
Syntax Description
xml |
Displays show command output in XML. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to display show command output in XML:
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal redirection-mode
To set the redirection mode, use the terminal redirection-mode command.
terminal redirection-mode {ascii | zipped }
Syntax Description
ascii |
Sets the redirection mode to ASCII. |
zipped |
Sets the redirection mode to zipped. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the redirection mode to ASCII:
vsg# terminal redirection-mode ascii
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal session-timeout
To set the terminal session timeout, use the terminal session-timeout command.
terminal session-timeout time
Syntax Description
time |
Timeout time, in seconds. The range is from 0 to 525600. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Set time to 0 to disable terminal session timeout.
Examples
This example shows how to set the terminal session timeout:
vsg#
terminal session-timeout 100
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal terminal-type
To specify the terminal type, use the terminal terminal-type command.
terminal terminal-type type
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to specify the terminal type:
vsg#
terminal terminal-type vt100
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal tree-update
To update the main parse tree, use the terminal tree-update command.
terminal tree-update
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to update the main parse tree:
vsg#
terminal tree-update
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal verify-only
To verify commands, use the terminal verify-only command.
terminal verify-only username word
Syntax Description
username |
Specifies the username for AAA authorization. |
word |
Username. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to verify commands:
vsg#
terminal verify-only
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
terminal width
To set the terminal width, use the terminal width command.
terminal width width
Syntax Description
width |
Sets the number of characters on a single line. The range is from 24 to 511. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set the terminal width:
Related Commands
|
|
show terminal |
Displays the terminal configuration. |
test policy-engine
To test the policy engine on a RADIUS server or in a server group, use the test policy-engine command.
test policy-engine { simulate-pe-req | simulate-zone-req }
Syntax Description
|
Simulates the policy engine lookup.
|
simulate-zone-req |
Simulates the policy engine zone. |
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to test the policy engine:
vsg# test policy-engine simulate-zone-req
Related Commands
|
|
show policy-engine |
Displays policy-engine statistics. |
test-policy-engine simulate-pe-req policy
To enter the policy-engine configuration submode for unit testing or verification of a policy configuration, use the test-policy-engine simulate-pe-req policy command.
test-policy-engine simulate-pe-req policy policy-name
Syntax Description
policy-name |
Policy to be tested or verified for configuration parameters. |
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Examples
This example shows how to test the ext-company policy.
vsm(config)# test policy-engine simulate-pe-req policy ext-company
Related Commands
|
|
attribute |
Specifies the particular attribute to be tested in the policy configuration. |
traceroute
To discover routes, use the traceroute command.
traceroute { A.B.C.D. | host-name } [ source src-ipv4-addr | vrf vrf-name | show-mpls-hops ]
Syntax Description
A.B.C.D. | host-name |
IPv4 address or hostname of the destination device. The name is case sensitive. |
vrf vrf-name |
(Optional) Specifies the virtual routing and forwarding (VRF) instance to use. The name is case sensitive. |
show-mpls-hops |
(Optional) Displays the Multiprotocol Label Switching (MPLS) hops. |
source src-ipv4-addr |
(Optional) Specifies a source IPv4 address. The format is A . B . C . D. |
Defaults
Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
Command Modes
EXEC
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
Use the traceroute6 command to use IPv6 addressing for discovering the route to a device.
Examples
This example shows how to discover a route to a device:
vsg# traceroute 172.28.255.18 vrf management
traceroute to 172.28.255.18 (172.28.255.18), 30 hops max, 40 byte packets
1 172.28.230.1 (172.28.230.1) 0.746 ms 0.595 ms 0.479 ms
2 172.24.114.213 (172.24.114.213) 0.592 ms 0.51 ms 0.486 ms
3 172.20.147.50 (172.20.147.50) 0.701 ms 0.58 ms 0.486 ms
4 172.28.255.18 (172.28.255.18) 0.495 ms 0.43 ms 0.482 ms
Related Commands
|
|
traceroute6 |
Discovers the route to a device using IPv6 addressing. |
username name password
To set a password for the username, use the username name password command.
username name password { 0 password | 5 password | password }
Syntax Description
name |
Username. |
0 password |
Specifies a password. 0 denotes that the password that follows should be set in clear text. The maximum size for password is 64 characters. |
5 password |
Specifies a password. 5 denotes that the password that follows should be encrypted. The maximum size for password is 64 characters. |
password |
Password in clear text. The maximum size for password is 64 characters. |
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to set a password for the username:
vsg(config)# username admin password 5 q0w9e8R7
Usage Guidelines
The Cisco VSG does not support multiple user accounts. It supports only the default admin user account.
Related Commands
|
|
show users |
Displays users. |
where
To display your current context, use the where command.
where [ detail ]
Syntax Description
detail |
(Optional) Displays detailed context information. |
Defaults
Displays summary context information.
Command Modes
EXEC
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Examples
This example shows how to display summary context information:
Related Commands
|
|
pwd |
Displays what directory you are in. |
write erase
To erase configurations in persistent memory areas, use the write erase command.
write erase [ boot | debug ]
Syntax Description
boot |
(Optional) Erases the boot variable and management 0 interface configurations. |
debug |
(Optional) Erases only the debug configuration. |
Defaults
Erases all configuration in persistent memory except for the boot variable, mgmt0 interface, and debug configuration.
Command Modes
Global configuration (config)
network-admin
network-operator
Command History
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Usage Guidelines
When information is corrupted or unusable, use the write erase command to erase the startup configuration in the persistent memory. Entering this command returns the device to its initial state, except for the boot variable, mgmt0 interface, and debug configurations. To erase those configurations, specifically use the boot and debug options.
Examples
This example shows how to erase the startup configuration:
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
This example shows how to erase the boot variable and mgmt0 interface configuration in the persistent memory:
vsg(config)# write erase boot
This example shows how to erase the debug configuration in the persistent memory:
vsg(config)# write erase debug
Related Commands
|
|
copy running-config startup-config |
Copies the running configuration to the startup configuration. |
show running-config |
Displays the startup configuration. |
zone
To configure a zone definition that is used to build Virtual Machine(VM)-to-zone mapping on the control plane, use the zone command to enter the zone configuration submode. To disable this feature, use the no form of this command.
zone zone-name
no zone zone-name
Syntax Description
zone-name |
Zone object that is to be configured. |
Command Modes
Global configuration (config)
network-admin
Command History
|
|
4.2(1)VSG1(2) |
This command was introduced. |
Usage Guidelines
Use the zone command to enter the zone configuration submode. The zone-name variable specifies a zone object.
The no option removes the given zone object and all relevant configurations (for example, condition statements).
Note Attributes used in a zone condition are all neutral attributes.
Examples
This example shows how to enter the zone configuration submode:
Related Commands
|
|
condition |
Specifies the parameters and rules for the security zone. |
cond-match-criteria |
Specifies the condition match criteria for a zone. |