The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about Cisco Virtual Security Gateway (VSG) commands.
To specify the actions to be executed when traffic characteristics match with an associated rule, use the action command. To remove the binding of the action with the given rule, use the no version of this command.
action {drop | permit | log | inspection protocol-type}
None
Policy configuration (config-policy)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
Use the action command to specify the actions to be executed when traffic characteristics match with the associated rule. The command can be entered multiple times until the upper bound limit is reached.
This example shows how to specify that the policy is to drop packets.
vsm(config-policy)# action drop
|
|
---|---|
rule |
Enters the rule configuration submode. |
To access a module or the console of a module, use the attach command.
attach {console module module-number | module module-number}
console module |
Specifies the console. |
module-number |
Module number. The range is from 1 to 66. |
module |
Specifies a module. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to attach to a module:
VSG# attach module 1
Attaching to module 1 ...
To exit type 'exit', to abort type '$.'
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
vsg#
|
|
---|---|
show terminal |
Displays information about the terminal. |
To specify the particular attribute characteristics of a policy that is to be tested, use the attribute command.
attribute attr-seq-num attr-name value attr-value
None
Test policy-engine (test-policy-engine)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
This example shows how to specify an attribute for a policy.
vsg(test-policy-engine)# attribute 1 src.vm.name value engg
vsg(test-policy-engine)# attribute 2 src.net.ip-address value 10.10.10.1
vsg(test-policy-engine)# exit
Result: DROP, Policy: p1, Rule: r1
|
|
---|---|
test policy-engine simulate-pe-req policy |
Enters the test policy-engine submode. |
To configure a message of the day (MOTD) banner, use the banner motd command.
banner motd [delimiting-character message delimiting-character]
no banner motd [delimiting-character message delimiting-character]
"User Access Verification" is the default message of the day.
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
The MOTD banner is displayed on the terminal before the login prompt whenever you log in.
The message is restricted to 40 lines and 80 characters per line.
To create a multiple-line MOTD banner, press Enter before typing the delimiting character to start a new line. You can enter up to 40 lines of text.
Follow these guidelines when choosing your delimiting character:
•Do not use the delimiting-character in the message string.
•Do not use " and % as delimiters.
This example shows how to configure and then display a banner message with the text, "Testing the MOTD:"
vsg# configure
vsg(config)# banner motd #Testing the MOTD#
vsg(config)# show banner motd
Testing the MOTD
This example shows how to configure and then display a multiple-line MOTD banner:
vsg(config)# banner motd #Welcome to authorized users.
> Unauthorized access prohibited.#
vsg(config)# show banner motd
Welcome to authorized users.
Unauthorized access prohibited.
This example shows how to revert to the default MOTD banner:
vsg# configure
vsg(config)# no banner motd
vsg(config)# show banner motd
User Access Verification
|
|
---|---|
show banner motd |
Displays the MOTD banner. |
To configure boot images, use the boot command. To revert to default settings, use the no form of this command.
boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
no boot {asm-sfn | auto-copy | kickstart bootflash | ssi | system bootflash}
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to configure a boot variable:
vsg# configure
vsg(config)# boot asm-sfn bootflash module 6
|
|
---|---|
show boot |
Displays the current boot variables. |
To change to a different directory, use the cd command.
cd {bootflash: | volatile:}
bootflash: |
Specifies the bootflash directory. |
volatile: |
Specifies the volatile directory. |
bootflash:
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
Use the pwd command to verify the name of the directory you are currently working in.
This example shows how to change to the volatile directory:
vsg# cd volatile
vsg#
|
|
---|---|
pwd |
Displays the name of the directory you are currently working in. |
To configure the Cisco Discovery Protocol (CDP), use the cdp command. To remove the CDP configuration, use the no form of this command.
cdp {advertise {v1 | v2} | enable | format device-id | holdtime seconds | timer seconds}
no cdp {advertise | enable | format device-id | holdtime seconds | timer seconds}
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set CDP Version 1 as the version to advertise:
vsg(
config)#
cdp advertise v1
This example shows how to remove CDP Version 1 as the version to advertise:
vsg(
config)#
no cdp advertise v1
|
|
---|---|
show cdp global |
Displays the CDP configuration. |
To clear Application Container (AC) driver statistics, use the clear ac-driver command.
clear ac-driver statistics
statistics |
Clears AC driver statistics. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear AC driver statistics:
vsg#
clear ac-driver statistics
|
|
---|---|
show ac-driver statistics |
Displays AC driver statistics. |
To clear the accounting log, use the clear accounting command.
clear accounting log
log |
Clears the accounting log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the accounting log:
vsg#
clear accounting log
|
|
---|---|
show accounting log |
Displays the accounting log. |
To clear the boot variables log, use the clear bootvar command.
clear bootvar log
log |
Clears the boot variables log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the boot variables log:
vsg#
clear bootvar log
|
|
---|---|
show bootvar log |
Displays the accounting log. |
To clear Cisco Discovery Protocol (CDP) information, use the clear cdp command.
clear cdp {counters [interface {ethernet slot-number / port-number [. subinterface-number]}] | mgmt 0}] | table [interface {ethernet slot-number / port-number [. subinterface-number]}]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear CDP counters on all interfaces:
vsg#
clear cdp counters
|
|
---|---|
show cdp all |
Displays all interfaces that are CDP enabled. |
show cdp entry |
Displays CDP information. |
To clear command line interface (CLI) command history, use the clear cli command.
clear cli history
history |
Clears the CLI command history. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the CLI command history:
vsg# clear cli history
|
|
---|---|
show cli history |
Displays the CLI command history. |
To clear the core files, use the clear cores command.
clear cores [archive file file-name]
archive file |
(Optional) Clears the archived core files. |
file-name |
Core filename. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all core files:
vsg# clear cores
|
|
---|---|
show cores |
Displays the core filename. |
To clear interface loopback counters, use the clear counters command.
clear counters [interface {all | data | ethernet slot / port [.{sub-interface}] | loopback virtual-interface-number | mgmt 0 | port-channel port-channel-number}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a counter on a specific Ethernet interface:
vsg#
clear counters ethernet 2/1
|
|
---|---|
show interface counters |
Displays the interface status, which includes the counters. |
To clear the contents of the debug log, use the clear debug-logfile command.
clear debug-logfile log-name
log-name |
Name of the debug log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the debug log:
vsg# clear debug-logfile syslog_debug
|
|
---|---|
show debug logfile |
Displays the contents of the debug logfile. |
To clear Layer 2 traffic statistics, use the clear frame command.
clear frame statistics
statistics |
Clears Layer 2 traffic statistics. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the Layer 2 traffic statistics:
vsg# clear frame traffic
|
|
---|---|
show vlan |
Displays VLAN information. |
To clear the file sharing (FS) dameon log, use the clear fs-daemon command.
clear fs-daemon log
log |
Clears the FS daemon log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the FS dameon log:
vsg# clear fs-daemon log
|
|
---|---|
show logging |
Displays the logging configuration and the contents of the log file. |
To clear the File Transfer Protocol (FTP) inspection statistics, use the clear inspect command.
clear inspect ftp statistics [svs-domain-id domain-id module module-number]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the FTP inspection statistics:
vsg# clear inspect ftp statistics svs-domain-id 2 module 63
|
|
---|---|
show vsg |
Displays Cisco VSG information. |
To clear the installation log, use the clear install command.
clear install {all failed-standby | failure-reason | status}
all failed-standby |
Clears all the installation logs. |
failure-reason |
Clears the installation failure reason log. |
status |
Clear the installation status log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all the installation logs:
vsg# clear install all failed-standby
|
|
---|---|
show install all status |
Displays the status of the current or last installation. |
To clear IP address adjacency statistics, use the clear ip adjacency statistics command.
clear ip adjacency statistics
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IP adjacency statistics:
vsg# clear ip adjacency statistics
|
|
---|---|
show ipv6 adjacency |
Displays IP information. |
To clear specific Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp command.
clear ip arp ip-address [vrf {vrf-name | all | default | management}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a specific ARP IP address in EXEC mode:
vsg# clear ip arp 209.165.200.229
This example shows how to clear a specific ARP IP address in configuration mode:
vsg# configure
vsg#(config) clear ip arp 209.165.200.229
|
|
---|---|
show ip arp |
Displays IP ARP information. |
To clear Address Resolution Protocol (ARP) IP address statistics on the data 0 interface, use the clear ip arp data command.
clear ip arp data 0 [vrf {vrf-name | all | default | management}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all ARP IP address statistics on data 0 interface:
vsg# clear ip arp data 0 all
|
|
---|---|
show ip arp |
Displays IP ARP information. |
To clear ARP IP address statistics on Ethernet interfaces, use the clear ip arp ethernet command.
clear ip arp ethernet slot-number / port-number [. | vrf vrf-name]
slot-number |
Slot number. |
port-number |
Port number. |
vrf |
(Optional) Clears VRF ARP IP address statistics. |
vrf-name |
VRF name. The range is from 1 to 32. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ARP IP address statistics on an Ethernet interface:
vsg# clear ip arp ethernet 1 / 1
|
|
---|---|
show ip arp |
Displays IP ARP information. |
To clear Address Resolution Protocol (ARP) IP address statistics on loopbacks, use the clear ip arp loopback command.
clear ip arp loopback loopback-number [vrf vrf-name]
loopback-number |
Loopback number. |
vrf |
(Optional) Clears VRF ARP IP address statistics. |
vrf-name |
VRF name. The range is from 1 to 32. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ARP IP address statistics on a loopback:
vsg# clear ip arp loopback 10
|
|
---|---|
show ip arp |
Displays ARP IP address information. |
To clear Address Resolution Protocol (ARP) IP address statistics on the management interface, use the clear ip arp mgmt command.
clear ip arp mgmt 0 [vrf {vrf-name} | all | default | management}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ARP IP address statistics on the management interface:
vsg# clear ip arp mgmt all
|
|
---|---|
show ip arp |
Displays IP ARP information. |
To clear Address Resolution Protocol (ARP) IP address statistics on port channels, use the clear ip arp port-channel command.
clear ip arp port-channel port-channel-number [. sub-interface | vrf vrf-name]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ARP IP address statistics on a port channel:
vsg#
clear ip arp port-channel 2
|
|
---|---|
show port-channel |
Displays port-channel information. |
To clear Address Resolution Protocol (ARP) IP address statistics, use the clear ip arp statistics command.
clear ip arp statistics {data 0 | ethernet | loopback | mgmt | port-channel | vrf}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ARP IP address statistics on data 0:
vsg#
clear ip arp statistics data 0
|
|
---|---|
show ip |
Displays IP information. |
To clear Address Resolution Protocol (ARP) Virtual Routing and Forwarding (VRF) IP address statistics, use the clear ip arp vrf command.
clear ip arp vrf {vrf-name | all | default | management}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IP ARP VRF IP address statistics:
vsg# clear ip arp vrf vrf1
|
|
---|---|
show vrf |
Displays VRF information. |
To clear Internet Group Management Protocol (IGMP) IP address event history entries, use the clear ip igmp event-history command.
clear ip igmp event-history {cli | debugs | events | ha | igmp-internal | mtrace | policy | vrf}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear HA IGMP IP address event history entries:
vsg# clear ip igmp event-history ha
|
|
---|---|
show ip igmp |
Displays the IGMP status and the IGMP configuration. |
To clear Internet Group Management Protocol (IGMP) IP address snooping entries, use the clear ip igmp snooping command.
clear ip igmp snooping {event-history [VPC | igmp-snoop-internal | mfdm | mfdm-sum | vlan | vlan-events] | explicit-tracking vlan vlan-id | statistics vlan [vlan-id | all]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IGMP IP address snooping entries:
vsg# clear ip igmp snooping all
|
|
---|---|
show ip igmp |
Displays IGMP status and configuration. |
To clear IP address statistics on interfaces, use the clear ip interface command.
clear ip interface statistics [data 0 | ethernet slot-number / port-number [. sub-interface-number] | loopback loopback-number | mgmt | port-channel port-channel-number
[. sub-interface-number]]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IP address statistics on an Ethernet interface:
vsg# clear ip interface statistics ethernet 1 / 2
|
|
---|---|
show ip interface |
Displays IP interface information. |
To clear IP routing information, use the clear ip route command.
clear ip route {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot / port | loopback loopback-number | port-channel portchannel-number}] | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot / port | loopback loopback-number | port-channel portchannel-number}] | vrf {vrf-name | default | management 0}}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IP routing information:
vsg# clear ip route *
|
|
---|---|
show routing |
Displays routes. |
To clear global IP statistics, use the clear ip traffic command.
clear ip traffic [vrf {vrf-name | default | management}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear global IP statistics:
vsg# clear ip traffic
|
|
---|---|
show ip traffic |
Displays IP traffic information. |
To clear IPv6 address adjacency statistics, use the clear ipv6 adjacency statistics command.
clear ipv6 adjacency statistics
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IPv6 address adjacency statistics:
vsg# clear ipv6 adjacency statistics
|
|
---|---|
show ipv6 adjacency |
Displays IPv6 statistics. |
To clear Internet Control Management Protocol (ICMP) IPv6 interface statistics, use the clear ipv6 icmp interface statistics command.
clear ipv6 icmp interface statistics [data 0 | ethernet slot-number / port-number
[. sub-interface-number] | loopback virtual-interface-number | port-channel port-channel-number [. sub-interface-number] ]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear ICMP IPv6 Ethernet interface statistics:
vsg# clear ipv6 icmp interface statistics ethernet 1 / 2 . 3
|
|
---|---|
show ipv6 icmp |
Displays ICMPv6 information. |
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) group IPv6 statistics, use the clear ipv6 icmp mld groups command.
clear ipv6 icmp mld groups {* [vrf {vrf-name | all | default | management}] | A:B::C:D | A:B::C:D/LEN}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all ICMP MLD group IPv6 statistics:
vsg# clear ipv6 icmp mld groups *
|
|
---|---|
show ipv6 icmp |
Displays ICMPv6 information. |
To clear Internet Control Message Protocol (ICMP) Multitask Listener Discovery (MLD) routes, use the clear ipv6 icmp mld route command.
clear ipv6 icmp mld route {* [vrf {vrf-name | all | default | management}] | A:B::C:D | A:B::C:D/LEN}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IPv6 ICMP MLD routes:
vsg# clear ipv6 icmp mld route *
|
|
---|---|
show ipv6 icmp |
Displays ICMPv6 information. |
To clear Neighbor Discovery (ND) IPv6 interface statistics, use the clear ipv6 nd interface statistics command.
clear ipv6 nd interface statistics [data 0 | ethernet slot-number / port-number
[. sub-interface-number] | loopback virtual-interface-number | port-channel port-channel-number [. sub-interface-number] ]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IPv6 ND interface statistics:
vsg# clear ipv6 nd interface statistics ethernet 2 / 3 . 4
|
|
---|---|
show ipv6 nd |
Displays Neighbor Discovery interface statistics. |
To clear packet manager client counters, use the clear pktmgr client command.
clear pktmgr client [client-counter-uuid]
client-counter-uuid |
(Optional) Client counter user identification. The range is from 0 to 4294967295. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a packet manager client counter:
vsg# clear pktmgr client 100
|
|
---|---|
clear routing |
Clears routing information. |
To clear packet manager interface information, use the clear pktmgr interface command.
clear pktmgr interface [data 0 | ethernet slot-number / port-number [. sub-interface-number] | loopback virtual-interface-number | mgmt 0 | port-channel [. sub-interface-number]]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear packet manager interface information:
vsg# clear pktmgr interface ethernet 10 / 11 . 12
|
|
---|---|
clear pktmgr client |
Clears the packet manager client. |
To end a session on a specified Virtual Teletype (VTY), use the clear line command.
clear line vty-name
vty-name |
VTY name. The range is from 1 to 64. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to end a session on a specified VTY:
vsg#
clear line VTY100
|
|
---|---|
show users |
Displays active user sessions. |
To clear logfile messages and logging sessions, use the clear logging command.
clear logging {logfile | session}
logfile |
Clears log file messages. |
session |
Clears logging sessions. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear messages from the logging file:
vsg# clear logging logfile
|
|
---|---|
show logging logfile |
Displays the contents of the log file. |
To clear the Network Time Protocol (NTP) sessions and statistics, use the clear ntp command.
clear ntp {session | statistics {all-peers | io | local | memory}}
session |
Clears NTP sessions. |
statistics |
Clears NTP statistics. |
all-peers |
Clears all statistics. |
io |
Clears IO statistics. |
local |
Clears local statistics. |
memory |
Clears memory statistics. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all NTP statistics:
vsg#
clear ntp statistics all-peers
|
|
---|---|
show ntp peers |
Displays information about NTP peers. |
To clear the nonvolatile RAM (NVRAM), use the clear nvram command.
clear nvram
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the NVRAM:
vsg#
clear nvram
|
|
---|---|
show system resources |
Displays system resources. |
To clear policy engine statistics, use the clear policy-engine command.
clear policy-engine {policy-name stats | stats}
policy-name |
Policy engine name. |
stats |
Clears policy engine statistics. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear policy engine statistics:
vsg#
clear policy-engine stats
|
|
---|---|
show policy-engine |
Displays the policy engine. |
To clear process logs, use the clear processes command.
clear processes {log {all | archive [archive-name] | pid pid-number} | vdc vdc-name {all | pid pid-number}}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all process logs:
vsg#
clear processes log all
|
|
---|---|
show processes |
Displays all processes. |
To clear Remote Monitoring (RMON) logs, use the clear rmon command.
clear rmon {alarms | all-alarms | events | hcalarms}
alarms |
Clears RMON alarms. |
all-alarms |
Clears all RMON alarms. |
events |
Clears RMON events. |
hcalarms |
Clears HC RMON alarms. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear RMON alarms:
vsg#
clear rmon alarms
|
|
---|---|
show rmon |
Displays RMON information. |
To clear role session information, use the clear role command.
clear role session
session |
Clears the role session information. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear role session information:
vsg#
clear role session
|
|
---|---|
show role |
Displays role information. |
To clear all routes, use the clear routing * command.
clear routing *
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all routes:
vsg#
clear routing *
Clearing ALL routes
vsg#
|
|
---|---|
show routing |
Displays the IP route table. |
To clear specific routes, use the clear routing A.B.C.D command.
clear routing ip-address [ip-address {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear routes on the data 0 interface:
vsg#
clear routing 209.165.200.228 data 0
|
|
---|---|
show routing |
Displays the IP route table. |
To clear specific routes, use the clear routing A.B.C.D command.
clear routing ip-address [ip-address {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear routes on the data 0 interface:
vsg#
clear routing 209.165.200.228 data 0
|
|
---|---|
show routing |
Displays the IP route table. |
To clear routing event histories, use the clear routing event-history command.
clear routing event-history {add-route | cli | delete-route | errors | general | loop-detection | modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the loop-detection routes event history:
vsg#
clear routing event-history loop-detection
|
|
---|---|
show routing |
Displays the IP route table. |
To clear all IP routes, use the clear routing ip * command.
clear routing ip *
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IP routes:
vsg#
clear routing ip *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear IP routing statistics, use the clear routing ip command.
clear routing ip ip-address [data 0 | ethernet slot-number / port-number [. sub-interface-number] | loopback virtual-interface-number | mgmt 0 | port-channel [. sub-interface-number]]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IP routes on slot 2, port 3:
vsg#
clear routing ip ethernet 2 / 3
|
|
---|---|
show routing |
Displays the IP route table. |
To clear routing, use the clear routing ip A.B.C.D/LEN command.
clear routing ip ip-address [ip-address {data 0 | ethernet slot-number / port-number [.{sub-interface-number}] | loopback virtual-interface-number | port-channel port-channel-number}]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear IP routes:
vsg#
clear routing ip 209.165.200.228
|
|
---|---|
show routing |
Displays the IP route table. |
To clear routing event histories, use the clear routing ip event-history command.
clear routing ip event-history {add-route | cli | delete-route | errors | general | loop-detection | modify-route | notifications | recursive-next-hop | summary | udfm | udfm-summary}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the notifications routes event history:
vsg#
clear routing ip event-history notifications
|
|
---|---|
show routing |
Displays the IP route table. |
To clear unicast routing entries, use the clear routing ip unicast command.
clear routing ip unicast {* | A.B.C.D | A.B.C.D/LEN | event-history}
* |
Clears all IP unicast routes. |
A.B.C.D |
Clears a specific IP unicast route. |
A.B.C.D/LEN |
Clears a specific IP unicast route. |
event-history |
Clears the IP unicast event history. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IP unicast routes:
vsg#
clear routing ip unicast *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear IPv4 route entries, use the clear routing ipv4 command.
clear routing ipv4 {* | A.B.C.D | A.B.C.D/LEN | event-history | unicast}
* |
Clears all IPv4 routes. |
A.B.C.D |
Clears a specific IPv4 route. |
A.B.C.D/LEN |
Clears a specific IPv4 route. |
event-history |
Clears the IPv4 routing event history. |
unicast |
Clears IPv4 unicast routes. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IPv4 routes:
vsg#
clear routing ipv4 *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear IPv6 route entries, use the clear routing ipv6 command.
clear routing ipv6 {* | A:B::C:D | A:B::C:D/LEN | event-history | unicast}
* |
Clears all IPv6 routes. |
A:B::C:D |
Clears a specific IPv6 route. |
A:B::C:D/LEN |
Clears a specific IPv6 route. |
event-history |
Clears the IPv6 routing event history. |
unicast |
Clears IPv6 unicast routes. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IPv6 routes:
vsg#
clear routing ipv6 *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf command.
clear routing vrf vrf-name
vrf-name |
VRF name. The range is from 1 to 32. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear VRF routes:
vsg#
clear routing vrf vrfTest
|
|
---|---|
show routing |
Displays the IP route table. |
To clear virtual routing and forwarding (VRF) routes, use the clear routing vrf default command.
clear routing vrf default {* | A.B.C.D | A.B.C.D/LEN | ip | ipv4 | ipv6 | unicast}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear VRF routes:
vsg#
clear routing vrf default *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear all virtual routing and forwarding (VRF) management routes, use the clear routing vrf management * command.
clear routing vrf management *
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all VRF management routes:
vsg#
clear routing vrf management *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear specific virtual routing and forwarding (VRF) management routes, use the clear routing vrf management command.
clear routing vrf managment ethernet-address [ethernet-address {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a specific set of Ethernet routes:
vsg#
clear routing vrf management 209.165.200.226 209.165.200.236 ethernet 2 / 4
|
|
---|---|
show routing |
Displays the IP route table. |
To clear specific virtual routing and forwarding (VRF) management routes, use the clear routing vrf management command.
clear routing vrf managment ethernet-address [ethernet-address {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a specific set of Ethernet routes:
vsg#
clear routing vrf management 209.165.200.226 209.165.200.236 ethernet 2 / 4
|
|
---|---|
show routing |
Displays the IP route table. |
To clear virtual routing and forwarding (VRF) IP management routes, use the clear routing vrf management ip command.
clear routing vrf managment ip {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all IP unicast routes:
vsg#
clear routing vrf management ip unicast *
|
|
---|---|
show routing |
Displays the IP route table. |
To clear IPv4 virtual routing and forwarding (VRF) management routes, use the clear routing vrf management ipv6 command.
clear routing vrf managment ipv4 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear an IPv4 VRF management route:
vsg#
clear routing vrf management ipv4 209:165::200:229
|
|
---|---|
show routing |
Displays the IP route table. |
To clear IPv6 virtual routing and forwarding (VRF) management routes, use the clear routing vrf management ipv6 command.
clear routing vrf managment ipv6 {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | unicast [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear an IPv6 VRF management route:
vsg#
clear routing vrf management ipv6 209:165::200:225
|
|
---|---|
show routing |
Displays the IP route table. |
To clear unicast virtual routing and forwarding (VRF) management routes, use the clear routing vrf management unicast command.
clear routing vrf managment unicast {* | A.B.C.D [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]} | A.B.C.D/LEN [A.B.C.D {data 0 | ethernet slot-number / port-number [. sub-interface] | loopback loopback-number | port-channel port-number [. sub-interface]}]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a specific unicast route:
vsg#
clear routing vrf management unicast 209.165.200.225
|
|
---|---|
show routing |
Displays the IP route table. |
To clear the scheduler log, use the clear scheduler command.
clear scheduler logfile
logfile |
Clears the scheduler log. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the scheduler log file:
vsg#
clear scheduler logfile
|
|
---|---|
show scheduler logfile |
Displays the scheduler log file. |
To clear the screen, use the clear screen command.
clear screen
This command has no key words or arguments.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the screen:
vsg#
clear screen
|
|
---|---|
show terminal |
Displays terminal configuration parameters. |
To clear service path information, use the clear service-path command.
clear service-path {connection | statistics [svs-domain-id id module module-number]}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear service path statistics:
vsg# clear service-path statistics
|
|
---|---|
show service-path statistics |
Displays service path statistics. |
To clear Simple Network Management Protocol (SNMP) information, use the clear snmp command.
clear snmp {counters | hostconfig}
counters |
Clears the SNMP counters. |
hostconfig |
Clears the SNMP host list. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear SNMP counters:
vsg# clear snmp counters
|
|
---|---|
show snmp community |
Displays SNMP community strings. |
To clear socket statistics, use the clear sockets command.
clear sockets {all | raw | raw6 | tcp | tcp6 | udp | udp6}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear socket statistics:
vsg# clear sockets all
|
|
---|---|
show sockets statistics |
Displays TCP socket statistics. |
To clear the Secure Shell (SSH) host session, use the clear ssh command.
clear ssh hosts
hosts |
Clears the SSH host session. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear all SSH host sessions:
vsg# clear ssh hosts
|
|
---|---|
show ssh |
Displays SSH information. |
To clear application containers, use the clear system internal ac application command.
clear system internal ac application application-name instance instance-number [fe fe-name]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear an application container:
vsg# clear system internal ac application core instance 1
|
|
---|---|
show system internal ac application |
Displays application container information. |
To clear application container Instructions per Cycle (IPC) statistics, use the clear system internal ac ipc-stats command.
clear system internal ac ipc-stats fe {attribute-manager | inspection-ftp | inspection-rsh | inspection-tftp | service-path}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear application container IPC statistics:
vsg# clear system internal ac ipc-stats
vsg#
|
|
---|---|
show system internal ac application |
Displays application container information. |
To clear a user session, use the clear user command.
clear user user-id
user-id |
User identification number. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear a user session:
vsg# clear user user1
|
|
---|---|
show users |
Displays user session information. |
To define a command line interface (CLI) variable for a terminal session, use the cli command. To remove the CLI variable, use the no form of this command.
cli var name variable-name variable-text
cli no var name variable-name
None
EXEC
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
You can reference a CLI variable using the following syntax:
$(variable-name)
Instances where you can use variables are as follows:
•Command scripts
•Filenames
You cannot reference a variable in the definition of another variable.
You can use the predefined variable, TIMESTAMP, to insert the time of day. You cannot change or remove the TIMESTAMP CLI variable.
You must remove a CLI variable before you can change its definition.
This example shows how to define a CLI variable:
vsg# cli var name testinterface interface 2/3
vsg#
This example shows how to reference the TIMESTAMP variable:
vsg# copy running-config > bootflash:run-config-$(TIMESTAMP).cnfg
vsg#
This example shows how to remove a CLI variable:
vsg# cli no var name testinterface interface 2/3
vsg#
|
|
---|---|
show cli variables |
Displays the CLI variables. |
To manually set the clock, use the clock set command.
clock set time day month year
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
Use the clock set command when you cannot synchronize your device with an outside clock source, such as a Network Time Protocol (NTP) server.
This example shows how to manually set the clock:
vsg# clock set 9:00:00 29 January 2011
vsg#
|
|
---|---|
show clock |
Displays the clock time. |
To specify a condition statement used in a rule or zone, use the condition command. To remove the condition statement for a rule or zone, use the no form of this command
condition attribute-name {eq | neq | gt | lt | prefix | contains | in-range | member-of | not-in-range | not-member-of} attribute-value1 [attribute-value2]
None
Policy configuration (config-policy)
Zone configuration (config-zone)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
Use the condition command to specify a condition statement that is used in a rule. Each condition statement supports one of the virtual machine (VM), zone, network, or environment attributes. When multiple condition statements are used in a rule, all conditions are considered to be AND'd during a policy evaluation.
The following operators must have at least two attribute values:
•prefix—When applied against an IP address (for example, prefix 10.10.10.1 255.255.255.0)
•in-range—For all types of attribute values (for example, range 10.10.10.1 10.10.10.200)
•not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1 10.10.10.200)
Attribute values can be any of the following:
•Integer
•Integer range
•IP address and a netmask
•IP address range
•String
•Name of an object-group
Note•Attributes used in rule conditions are mostly directional attributes.
•Attributes usd in zone conditions are all neutral atributes.
This example shows the command condition used to set up conditions for a web server zone:
VSG(config)# zone web_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.1 10.10.1.20
VSG(config-zone# exit
This example shows the command condition used to set up conditions for an app server zone:
VSG(config)# zone app_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.21 10.10.1.40
VSG(config-zone)# exit
This example shows the command condition used to set up conditions for a database server zone:
VSG(config)# zone db_servers
VSG(config-zone)# condition 1 net.ip-address range 10.10.1.41 10.10.1.60
VSG(config-zone)# exit
|
|
---|---|
rule |
Enters the rule configuration submode. |
zone |
Enters the zone configuration submode. |
To enter configuration mode, use the configure command.
configure
This command has no arguments or keywords.
None
EXEC
network-admin
netwotk operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enter configuration mode:
vsg# configure
Enter configuration commands, one per line. End with CNTL/Z.
vsg(config)#
|
|
---|---|
interface data 0 |
Enters interface configuration mode. |
To copy files from the bootflash directory, use the copy bootflash: command.
copy bootflash://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy a file from a remote bottflash directory to a local bootflash directory:
vsg# copy bootflash://jsmith@209.193.10.10/ws/jsmith-sjc/vsg-dplug.bin bootflash:/
|
|
---|---|
copy volatile: |
Copies files from the volatile: directory. |
To copy files from the core directory, use the copy core: command.
copy core: //file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
None
This example shows how to copy a file from a remote core directory to a local volatile directory:
vsg# copy core://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
|
|
---|---|
copy log: |
Copies files from the log directory. |
To copy files from the debug directory, use the copy debug: command.
copy debug: //file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy a file from a remote debug directory to a local volatile directory:
vsg# copy debug://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
|
|
---|---|
copy bootflash: |
Copies files from the bootflash directory. |
To copy files from the file transfer protocol (FTP) directory, use the copy ftp: command.
copy ftp://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to transfer a file from a remote FTP directory to a local bootflash directory:
vsg# copy ftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
|
|
---|---|
copy sftp: |
Copies the files from the SFTP directory. |
To copy files from the log directory, use the copy log: command.
copy log://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote log directory to a local volatile directory:
vsg# copy log://user@209.193.10.11/ps/user-rtg/vsgLog.txt volatile:/
|
|
---|---|
copy debug: |
Copies files from the debug directory. |
To copy files from the modflash directory, use the copy modflash: command.
copy modflash: //file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote modflash directory to a local volatile directory:
vsg# copy modflash://user@209.193.10.10/ws/user-sjc/vsg-mod.bin volatile:/
|
|
---|---|
copy nvram: |
Copies files from the NVRAM directory. |
To copy files from the nonvolatile RAM (NVRAM) directory, use the copy nvram: command.
copy nvram://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote NVRAM directory to a local volatile directory:
vsg# copy nvram://user@209.193.10.10/ws/user-sjc/vsg-ram.bin volatile:/
|
|
---|---|
copy modflash: |
Copies files from a modflash directory. |
To copy the running configuration, use the copy running-config command.
copy running-config destination-address [all-vdc]
None
EXEC
Global configuration
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy the running configuration to the bootflash directory:
vsg# copy running-config bootflash:
|
|
---|---|
copy startup-config |
Copies a startup configuration to a specified destination. |
To copy files from the Secure Control Protocol (SCP) directory, use the copy scp: command.
copy scp://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote SCP directory to a local volatile directory:
vsg# copy scp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin volatile:/
|
|
---|---|
copy sftp: |
Copies files from the SFTP directory. |
To copy files from the Secure File Transfer Protocol (SFTP) directory, use the copy sftp: command.
copy sftp://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to transfer a file from a remote SFTP directory to a local bootflash directory:
vsg# copy sftp://jjones@209.193.10.11/ps/jjones-rtg/vsg-dplug.bin bootflash:/
|
|
---|---|
copy tftp: |
Copies files from the Trivial File Transfer Protocol (TFTP) directory. |
To copy the startup configuration, use the copy startup-config command.
copy startup-config destination-address [all-vdc]
None
EXEC
Global configuration
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy the startup configuration to the bootflash directory:
vsg# copy startup-config bootflash:
|
|
---|---|
copy running-config |
Copies a running configuration to a specified destination. |
To copy files from the file directory, use the copy system: command.
copy system: //file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote file directory to a local bootflash directory:
vsg# copy system://pkim@209.193.10.12/ps/pkim-rich/vsg-dplug.bin bootflash:/
|
|
---|---|
copy bootflash: |
Copies files to the bootflash directory. |
To copy files from the Trivial File Transfer Protocol (TFTP) directory, use the copy tftp: command.
copy tftp://file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote TFTP directory to a local bootflash directory:
vsg# copy tftp://user@209.193.10.11/ps/user-rtg/vsg-dplug.bin bootflash:/
|
|
---|---|
copy sftp: |
Copies files from the SFTP directory. |
To copy files from the volatile directory, use the copy volatile: command.
copy volatile: //file-address destination-address
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy files from a remote volatile directory to a local bootflash directory:
vsg# copy volatile://user@209.193.10.10/ws/user-sjc/vsg-dplug.bin bootflash:/
|
|
---|---|
copy bootflash: |
Copies files from the bootflash directory. |
To direct the output of the debug command to a specified file, use the debug logfile command. To revert to the default, use the no form of the command.
debug logfile filename [size bytes]
no debug logfile filename [size bytes]
Default filename: syslogd_debugs
Default file size: 10485760 bytes
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
The logfile is created in the log: file system root directory.
Use the dir log: command to display the log files.
This example shows how to specify a debug logfile:
vsg# debug logfile debug_log
This example shows how to revert to the default debug logfile:
vsg# no debug logfile debug_log
|
|
---|---|
dir |
Displays the contents of a directory. |
show debug |
Displays the debug configuration. |
show debug logfile |
Displays the debug logfile contents. |
To enable debug command output logging, use the debug logging command. To disable debug logging, use the no form of this command.
debug logging
no debug logging
This command has no arguments or keywords.
Disabled
EXEC
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enable the output logging for the debug command:
vsg# debug logging
This example shows how to disable the output logging for the debug command:
vsg# no debug logging
|
|
---|---|
debug logfile |
Configures the logfile for the debug command output. |
To delete the contents of a directory, use the delete command.
delete {bootflash: | debug: | log: | modflash: | volatile:}
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to delete the contents of the bootflash directory:
vsg# delete bootflash:
|
|
---|---|
copy |
Copies files to directories. |
To display the contents of a directory or file, use the dir command.
dir [bootflash: | debug: | log: | modflash: | volatile:]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Use the pwd command to identify the directory you are currently working in.
Use the cd command to change the directory you are currently working in.
This example shows how to display the contents of the bootflash: directory:
vsg#
dir bootflash:
|
|
---|---|
cd |
Changes the current working directory. |
pwd |
Displays the current working directory. |
To echo an argument back to the terminal screen, use the echo command.
echo [backslash-interpret] [text]
Displays a blank line.
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
You can use this command in a command script to display information while the script is running.
Table 1 lists the formatting keywords that you can insert in the text when you include the backslash-interpret keyword.
This example shows how to display a blank line at the command prompt:
vsg# echo
vsg#
This example shows how to display a line of text at the command prompt:
vsg# echo Script run at $(TIMESTAMP).
Script run at 2008-08-12-23.29.24.
vsg#
This example shows how to use a formatting option in the text string:
vsg# echo backslash-interpret This is line #1. \nThis is line #2.
This is line #1.
This is line #2.
vsg#
|
|
---|---|
run-script |
Runs command scripts. |
To return to EXEC mode from any lower-level mode, use the end command.
end
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enter VNMC policy agent mode and then how to return to EXEC mode:
vsg# configure
VSG(config)# vnm-policy-agent
VSG(config-vnm-policy-agent)#
vsg(config-vnm-policy-agent)# end
vsg#
|
|
---|---|
configure |
Enters configuration mode. |
To clear the event counter, use the event command.
event manager clear counter counter-name
Displays a blank line.
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to clear the event counter:
vsg# event manager clear counter default
|
|
---|---|
show event |
Displays event information. |
To enable logging debugs for the service-path process, use the event-log service-path command. To disable this feature, use the no form of this command..
event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp {error | info | pkt-detail | pkt-error | pkt-info | vptah-lib-error | vpath-lib-info | vpath-lib-frag} [terminal]
no event-log service-path {ac {error | info | inst-error | inst-info} | fm {debug | error | info} | sp {error | info | pkt-detail | pkt-error | pkt-info | vpath-lib-error | vpath-lib-info | vpath-lib-frag} [terminal]
None
EXEC
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was modified to include sp {vpath-lib-error | vpath-lib-info | vpath-lib-frag} |
4.2(1)VSG1(1) |
This command was introduced. |
Event logs are written to the process buffer and can be viewed by the show system internal event-log service-path command. When the terminal option is entered, the event logs are displayed on the terminal.
This example shows how to diplay on the terminal the event logs for the service-path vPath library errors:
vsg# event-log service-path sp vpath-lib-error terminal
vsg#
To exit the current mode, use the exit command.
exit
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to exit the current mode:
vsg(config)# exit
vsg#
|
|
---|---|
end |
Places you in EXEC mode. |
To find file names that begin with a character string, use the find command.
find filename-prefix
filename-prefix |
First part or all of a filename. The filename prefix is case sensitive. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
The find command searches all subdirectories under the current working directory. You can use the cd and pwd commands to navigate to the starting directory.
This example shows how to find a file name that has a prefix of "a":
vsg# find a
|
|
---|---|
pwd |
Lists the directory you are currently in. |
To uncompress a compressed file, use the gunzip command.
gunzip filename
filename |
Name of the file. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
The compressed filename must have the .gz extension.
You do not have to enter the .gz extension as part of the filename.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
This example shows how to uncompress a compressed file:
vsg# gunzip run_cnfg.cfg
|
|
---|---|
dir |
Displays the directory contents. |
gzip |
Compresses a file. |
To compress a file, use the gzip command.
gzip filename
filename |
File name. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
After you use this command, the file is replaced with the compressed filename that has the .gz extension.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
This example shows how to compress a file:
vsg# gzip run_cnfg.cfg
|
|
---|---|
dir |
Displays the directory contents. |
gunzip |
Uncompresses a compressed file. |
To install an image upgrade, use the install command.
install all {iso | kickstart}
iso |
Specifies an ISO image. |
kickstart |
Specifies a kickstart image. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to install an ISO image upgrade:
vsg# install all iso bootflash://smith@209.165.200.226/test
|
|
---|---|
show install |
Displays the software installation impact between two images. |
To configure an interface on the Cisco VSG, use the interface command. To remove an interface, use the no form of the command.
interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel channel-number}
no interface {data number | ethernet slot/port | loopback number | mgmt number | port-channel channel-number}
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to configure an interface:
vsg# interface data 0
This example shows how to remove an interface:
vsg# no interface data 0
|
|
---|---|
show interface |
Displays the interface and IP details, including Rx and Tx packets or bytes. |
To configure IP details, use the ip command. To revert to the detault settings, use the no form of this command.
ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup | host name | igmp | name-server | route | routing event-history | tcp | tftp path-mtu-discovery}
no ip {access-list match-local-traffic | arp timeout seconds | domain-list name | domain-lookup | host name | igmp | name-server | route | routing event-history | tcp | tftp path-mtu-discovery}
1500
Global configuration
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows the ip command being used to configure IP details:
vsg# configure
vsg(config)# ip host testOne 209.165.200.231
|
|
---|---|
show ip |
Displays IP details. |
To specify the line configuration, use the line command.
line {com1 | console | vty}
None
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enter the COM1 port configuration mode:
vsg(config)# line com1
vsg(config-com1)#
This example shows how to enter the console port configuration mode:
vsg(config)# line console
vsg(config-console)#
This example shows how to enter the line configuration mode:
vsg(config)# line vty
vsg(config-line)#
|
|
---|---|
show line |
Displays information about the COM1 port, console port configuration, and the line configuration. |
To configure logging, use the logging command.
logging {abort | commit | console severity-level | distribute | event | level | logfile name | module severity-level | monitor severity-level | server | source-interface loopback number | timestamp time-type}
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to discard logging a CFS distribution session in progress:
vsg# configure
vsg(config)# logging abort
vsg(config)#
|
|
---|---|
show logging |
Displays logging information. |
T o specify a condition used in an object-group, use the match command. To remove a condition in an object group, use the no version of this command.
match {eq | gt | lt | prefix | contains | in-range | neq | not-in-range} attribute-value1 [attribute-value2]
None
Policy configuration (config-policy)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
When multiple condition statements are used in an object-group, all conditions are considered to be OR'd during policy evaluation. The following operators require at least two attribute values:
•prefix—When applied agains a subnet mask (for example, prefix 10.10.10.1 255.255.255.0)
•in-range—For all types of attribute values (for example, in-range 10.10.10.1 10.10.10.200)
•not-in-range—For all types of attribute values (for example, not-in-range 10.10.10.1 10.10.10.200)
Attribute values can be any of the following:
•Integer
•Integer range
•IP address, or a netmask
•IP address range
•String
This example shows how to set conditions to be used in an object group:
vsg(config-policy)# match 1 eq 80
vsg(config-policy)# match 2 eq 443
vsg(config-policy)# exit
vsg(config)#
|
|
---|---|
object-group |
Enters the object-group configuration submode. |
To create a new directory, use the mkdir command.
mkdir {bootflash: | debug: | modflash: | volatile:}
None
EXEC
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
This example shows how to create the bootflash: directory:
vsg#
mkdir bootflash:
|
|
---|---|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To retry synchronization with configured servers, use the ntp sync-retry command. To stop this process, use the no form of this command.
ntp sync-retry
no ntp sync-retry
This command has no arguments or keywords.
Enabled
EXEC
Global configuration (config)
network-admin
|
|
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
This example shows how to enable the Network Time Protocol (NTP) synchronization retry:
vsg#
ntp sync-retry
This example shows how to disable the NTP synchronization retry:
vsg#
no ntp sync-retry
|
|
---|---|
show clock |
Displays the time and date. |
To reduce the number of rule configurations to accomodate the "or" conditions for the HTTP/HTTPS ports, use the object-group command. To remove the given object group object and all the relevant configurations, use the no form of this command.
object-group group-name attribute-name
group-name |
Name of the object group. |
attribute-name |
Attribute designated for the group. The attribute used in an object group must be a neutral attribute. |
None
Cisco VSG global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
This command enters the object-group submode. This command can be used to build a group of attribute values so the group can be used in a condition statement later on with the operator member.
This example shows how to use the object-group command:
vsg(config)# object-group http_ports net.port
vsg(config-object-group)#
|
|
---|---|
match |
Specifies a condition used in an object group. |
To enable password strength checking, use the password strength-check command. To disable the password strength checking, use the no form of this command.
password strength-check
no password strength-check
This command has no arguments or keywords.
This feature is enabled by default.
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enable the checking of the password strength:
vsg# config t
vsg(config)# password strength-check
vsg(config)#
This example shows how to disable the checking of the password strength:
vsg# config t
vsg(config)# no password strength-check
vsg(config)#
To enter the policy configuration submode for constructing a firewall policy on the Cisco VSG, use the policy command. To remove the given policy object and all its bindings with other policy objects, use the no form of this command.
policy policy-name
policy-name |
Policy-map object. |
None
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
Use the policy command to enable the policy configuration subcommand mode when the variable policy-name is used to specify the policy-map object.
The policy command configuration submode provides the following functions:
•Binding rules to a given policy.
•Creating rank or precedence among all the bound rules.
•Binding zones to a given policy.
This example shows how to set a 3-tiered policy object:
vsg(config)# policy 3-tiered-policy
vsg(config-policy)# rule inet_web_rule order 10
vsg(config-policy)# rule office_app_ssh_rule order 20
vsg(config-policy)# rule web_app_rule order 40
vsg(config-policy)# rule app_db_rule order 50
vsg(config-policy)# rule default_deny_rule order 60
vsg(config-policy)# exit
vsg(config)#
|
|
---|---|
rule |
Configures the binding of the policy with a given rule. |
zone |
Configures the binding of the policy with a given zone. |
To view the current directory, use the pwd command.
pwd
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
This example shows how to view the current directory:
vsg# pwd
bootflash:
vsg#
|
|
---|---|
cd |
Changes the current directory. |
To configure a user role, use the role command. To delete a user role, use the no form of this command.
role {feature-group feature-group-name | name {name | network-observer}}
no role { feature-group name | [name name | network-observer] }
This feature is enabled by default.
Global configuration
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to configure a user role for a feature group:
vsg# configure
vsg(config)# role feature-group name abc
vsg(config-role-featuregrp)#
|
|
---|---|
show role |
Displays the role configuration. |
role name |
Names a user role and places you in role configuration mode for that role. |
To reboot both the primary and secondary Cisco VSG in a redundant pair, use the reload command.
reload
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
|
|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
To reboot only one of the Cisco VSGs in a redundant pair, use the reload module command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
This example shows how to reload both the primary and secondary Cisco VSG:
vsg(
config)#
reload
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface
|
|
---|---|
reload module |
Reloads the specified Cisco VSG (1 or 2) in a redundant pair. |
To reload one of the Cisco VSGs in a redundant pair, use the reload module command.
reload module module [force-dnld]
module |
The module number (use 1 for the primary Cisco VSG or 2 for the secondary Cisco VSG). |
force-dnld |
(Optional) Reboots the specified module to force NetBoot and image download. |
None
EXEC
Global configuration (config)
network-admin
|
|
---|---|
4.0(4)SV1(1) |
This command was introduced. |
4.2(1)VSG1(1) |
This command was introduced for the Cisco VSG. |
To reboot both the Cisco VSGs in a redundant pair, use the reload command instead.
Before reloading, use the copy running-configuration to startup-configuration command to preserve any configuration changes made since the previous reboot or restart.
After reloading it, you must manually restart the Cisco VSG.
This example shows how to reload Cisco VSG 2, the secondary Cisco VSG in a redundant pair:
vsg# reload module 2
!!!WARNING! there is unsaved configuration!!!
This command will reboot the system. (y/n)? [n] y
2010 Dec 20 11:33:35 bl-vsg %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface
|
|
---|---|
show version |
Displays information about the software version. |
reload |
Reboots both the primary and secondary Cisco VSG. |
To manually restart a component, use the restart command. To disable manual restart, use the no form of this command.
restart
no restart
This command has no arguments or keywords.
Disabled
EXEC
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
Do not use this command unless you are absolutely certain that there is no one else using the system.
This example shows how to restart the Cisco VSG:
vsg# restart
|
|
---|---|
reload |
Reboots the entire device. |
To remove a directory, use the rmdir command.
rmdir {bootflash: | debug: | modflash: | volatile:}
bootflash: |
Deletes the bootflash: directory. |
debug: |
Deletes the debug: directory. |
modflash: |
Deletes the modflash: directory. |
volatile: |
Deletes the volatile: directory. |
Removes the directory from the current working directory.
EXEC
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to remove the bootflash directory:
vsg# rmdir bootflash:
|
|
---|---|
cd |
Changes the current working directory. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To enter the configuration submode to build a firewall rule that consists of multiple conditions and actions, use the rule command. To remove the given rule object and all the relevant configurations, use the no form of this command.
rule rule-name
rule-name |
Specifies a rule object. |
None
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
Use the rule comandto enter the rule configuration submode. The rule-name variable is used to specify the rule object that is to be configured.
This example shows how to build firewall rules on the Cisco VSG:
vsg(config)# rule inet_web_rule
vsg(config-rule)# condition 1 dst.zone.name eq web_servers
vsg(config-rule)# condition 2 dst.net.port member_of http_ports
vsg(config-rule)# action permit
vsg(config-rule)# exit
vsg(config)# rule office_app_ssh_rule
vsg(config-rule)# condition 1 dst.zone.name eq app_servers
vsg(config-rule)# condition 2 src.net.ip-address prefix 192.10.1.0 \
255.255.255.0
vsg(config-rule)# condition 3 dst.net.port eq 22
vsg(config-rule)# action permit
vsg(config-rule)# exit
vsg(config)# rule web_app_https_rule
vsg(config-rule)# condition 1 src.zone.name eq web_servers
vsg(config-rule)# condition 2 dst.zone.name eq app_servers
vsg(config-rule)# condition 3 dst.net.port member_of http_ports
vsg(config-rule)# action permit
vsg(config-rule)# exit
vsg(config)# rule app_db_rule
vsg(config-rule)# condition 1 src.zone.name eq app_servers
vsg(config-rule)# condition 2 dst.zone.name eq db_servers
vsg(config-rule)# action permit
vsg(config-rule)# exit
vsg(config)# rule default_deny_rule
vsg(config-rule)# action 1 deny
vsg(config-rule)# action 2 log
vsg(config-rule)# exit
|
|
---|---|
condition |
Specifies an condition statement used in a rule. |
action |
Specifies the actions to be executed when traffic characteristics match with the associated rule. |
To run a command script that is saved in a file, use the run-script command.
run-script [bootflash: [> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more | sed | sort | sscp | tr | uniq | vsh | wc | xml | begin | count | end | exclude | include] | volatile: [> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | >> [bootflash: | ftp: | scp: | sftp: | tftp: | volatile:] | | [cut | diff | egrep | grep | head | human | last | less | no-more | sed | sort | sscp | tr | uniq | vsh | wc | xml | begin | count | end | exclude | include] ] [filename]
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to run a command script that is saved in a file called Sample:
vsg(
config)#
run-script volatile:Sample
|
|
---|---|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the contents of the working directory. |
pwd |
Displays the name of the present working directory (pwd). |
To send a message to an open session, use the send command.
send {message | session device message}
message |
Message. |
session |
Specifies a specific session. |
device |
Device type. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to send a message to an open session:
vsg# send session sessionOne testing
vsg#
|
|
---|---|
show banner |
Displays a banner. |
To use the basic system configuration dialog for creating or modifying a configuration file, use the setup command.
setup
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
The Basic System Configuration Dialog assumes the factory defaults.
All changes made to your configuration are summarized for you at the completion of the setup sequence with an option to save the changes or not.
You can exit the setup sequence at any point by pressing Ctrl-C.
This example shows how to use the setup command to create or modify a basic system configuration:
vsg# setup
Enter the domain id<1-4095>: 400
Enter HA role[standalone/primary/secondary]: standalone
[########################################] 100%
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): y
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the vsg name : vsg
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Mgmt0 IPv4 address :
Configure the default gateway? (yes/no) [y]: n
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]:
Configure the ntp server? (yes/no) [n]:
Configure vem feature level? (yes/no) [n]:
Configure svs domain parameters? (yes/no) [y]:
Enter SVS Control mode (L2 / L3) : l2
Invalid SVS Control Mode
Enter SVS Control mode (L2 / L3) : L2
Enter control vlan <1-3967, 4048-4093> : 400
Enter packet vlan <1-3967, 4048-4093> : 405
The following configuration will be applied:
vsgname vsg
telnet server enable
no ssh server enable
svs-domain
svs mode L2
control vlan 400
packet vlan 405
domain id 400
vlan 400
vlan 405
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n
vsgvsgvsg#
|
|
---|---|
show running-config |
Displays the running configuration. |
To set a sleep time, use the sleep command.
sleep time
time |
Sleep time, in seconds. The range is from 0 to 2147483647. |
Sleep time is not set.
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
When you set time to 0, sleep is disabled.
This example shows how to set a sleep time:
vsg#
sleep 100
vsg#
This example shows how to disable sleep:
vsg#
sleep 0
vsg#
|
|
---|---|
reload |
Reboots the Cisco VSG. |
To configure the Simple Network Management Protocol (SNMP) values, use the snmp-server command. To revert to default, use the no form of this command.
snmp-server {aaa-user cache-timeout seconds | community word | contact | context word | counter | enable traps | globalEnforcePriv | host | location name | mib community-map name | protocol | source-interface | tcp-session auth | user name}
no snmp-server {aaa-user cache-timeout seconds | community word | contact | context word | counter | enable traps | globalEnforcePriv | host | location name | mib community-map name | protocol | source-interface | tcp-session auth | user name}
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to configure the AAA user synchronization timeout value:
vsg# configure
vsg(config)# snmp-server aaa-user cache-timeout 6000
vsg(config)#
|
|
---|---|
show snmp |
Displays information about SNMP. |
To create a Secure Shell (SSH) session, use the ssh command.
ssh {hostrname| connect | name}
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Cisco NX-OS software supports SSH version 2.
This example shows how to start an SSH session:
vsg# ssh 10.10.1.1 vrf management
The authenticity of host '10.10.1.1 (10.10.1.1)' can't be established.
RSA key fingerprint is 9b:d9:09:97:f6:40:76:89:05:15:42:6b:12:48:0f:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.1.1' (RSA) to the list of known hosts.
User Access Verification
Password:
|
|
---|---|
clear ssh session |
Clears SSH sessions. |
ssh server enable |
Enables the SSH server. |
To generate a secure-shell (SSH) session key with a specific security configuration, use the ssh key command.
ssh key {dsa | rsa}
None
Global configuration
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Cisco NX-OS software supports SSH version 2.
This example shows how to generate an SSH session key:
vsg# configure
vsg(config)# ssh key rsa 770
|
|
---|---|
clear ssh session |
Clears SSH sessions. |
ssh server enable |
Enables the SSH server. |
To generate an event history, use the system clis command. To disable the event history, use the no form of this command.
system clis event-history {client | errors | ha | nvdb | parser}
no system clis event-history {client | errors | ha | nvdb | parser}
None
Global configuration (config)
network-administrator
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to generate an error event history log:
vsg# system clis event-history errors
|
|
---|---|
show system clis event-history |
Displays the event history of the ClI servers. |
To copy cores to a destination, use the system cores command. To disable, use the no form of the command.
system cores tftp: //server@ip-address
no system cores tftp: //server@ip-address
tftp: |
Specifies the Trivial File Transfer Protocol (TFTP) protocol. |
server |
Destination server. |
ip-address |
Destination IP address. |
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy cores to a destination:
vsg# system cores tftp://jjones@209.165.200.229
|
|
---|---|
show system cores |
Displays the core transfer option. |
To return to system-level default values, use the system default command. To disable the default switchport feature, use the no form of this command.
system default switchport [shutdown]
no system default switchport [shutdown]
shutdown |
(Optional) Shuts down the admin state. |
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to return to system-level default values:
vsg# system default switchport shutdown
|
|
---|---|
show system resources |
Displays system resources. |
To reset local or remote supervisors after a high-availability (HA) failure, use the system hap-reset command. To disable the hap-reset feature, use the no form of the command.
system hap-reset
system no hap-reset
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to switch over to the standby supervisor:
vsg# system hap-reset
|
|
---|---|
show system redundancy |
Displays the system redundancy status. |
To check the system health, use the system health command.
system health check bootflash
check |
Runs a consistency check on the compact flash. |
bootflash |
Checks the internal bootflash. |
None
EXEC
network-admin
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to check the system health:
vsg# system health check bootflash
|
|
---|---|
show system resources |
Displays system resources. |
To enable the system heartbeat, use the system heartbeat command. To disable the system heartbeat, use the no form of the command.
system heartbeat
system no heartbeat
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enable the system heartbeat:
vsg# system heartbeat
|
|
---|---|
system health |
Checks the system health status. |
To generate debug snapshots for services, use the system internal command.
system internal snapshot service service-name
snapshot |
Generates debug snapshots. |
service |
Generates a debug snapshot for a service. |
service-name |
Service name. |
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to generate debug snapshots for services:
vsg# system internal snapshot service
|
|
---|---|
show system internal |
Displays all internal commands. |
To set the maximum transmission units (MTU) to jumbo, use the system jumbomtu command.
system jumbomtu 9000
9000 |
MTU size. |
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the MTU size to jumbo:
vsg# system jumbomtu 9000
|
|
---|---|
show system resources |
Displays the system resource details. |
To generate a memory log in bootflash, use the system memlog command.
system memlog
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to generate a memory log in bootflash:
vsg# system memlog
|
|
---|---|
show system memory-alerts-log |
Displays a detailed log for memory alerts. |
show system memory-status |
Displays memory status information. |
To set system memory thresholds, use the system memory-thresholds command.
system memory-thresholds {minor minor-memory-threshold severe servere memory-threshold critical critical-memory-threshold | threshold critical no-process-kill}
None
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the memory threshold:
vsg# system memory-thresholds minor 60
|
|
---|---|
show system resources |
Displays the system resources. |
To shrink PSS files, use the system pss command.
system pss shrink
shrink |
Shrinks the PSS files. |
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to shrink PSS files:
vsg# system shrink pss
|
|
---|---|
show system pss |
Displays the PSS shrink status. |
To set a system redundancy policy, use the system redundancy command.
system redundancy role {primary | secondary | standalone}
role |
Sets the redundancy role. |
primary |
Specifies the primary redundant Cisco VSG. |
secondary |
Specifies the secondary redundant Cisco VSG. |
standalone |
Specifies no redundant Cisco VSG. |
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the redundancy role:
vsg# system redundancy role primary
|
|
---|---|
show system redundancy |
Displays the system redundancy status. |
To enable a system standby manual boot, use the system standby command. To disable a system standby manual boot, use the no form of this command.
system standby manual-boot
no system standby manual-boot
manual-boot |
Performs manual boot. |
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set a system standby manual boot:
vsg# system standby manual-boot
|
|
---|---|
show system standby |
Displays the system standby manual boot option. |
To initialize or unlock the system startup configuration, use the system startup-config command.
system startup-config {init | unlock lock id}
init |
Initializes the startup configuration. |
unlock |
Unlocks the startup configuration. |
lock id |
Lock identification number. The range is from 0 to 65536. |
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to unlock the system startup configuration:
vsg# system startup-config unlock 1324
|
|
---|---|
show startup-config |
Displays startup system information. |
To reset the system statistics, use the system statistics command.
system statistics reset
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to reset the system statistics:
vsg# system statistics reset
|
|
---|---|
show system redundancy |
Displays the system redundancy status. |
To switch over to the standby supervisor in EXEC mode, use the system switchover command.
system switchover
To configure a system switchover in configuration mode, use the system switchover command.
system switchover {ha | warm}
ha |
Enables high availability. |
warm |
Enables a warm switchover. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to switch over to the standby supervisor:
vsg# system switchover
|
|
---|---|
show redundancy |
Displays the system redundancy status. |
To configure the system trace level, use the system trace command.
system trace {mask}
mask |
Mask name. |
None
Global configuration (config)
network-admin
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to configure the system trace level:
vsg# system trace dc1
|
|
---|---|
system default |
Configures system-level default values. |
To enable a system watchdog, use the system watchdog command. To disable a system watchdog, use the no form of this command.
system watchdog kgdb
no system watchdog kgdb
This command has no arguments or keywords.
None
EXEC
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to enable watchdog:
vsg# system watchdog
|
|
---|---|
system default |
Configures system-level default values. |
To display the end of a file, use the tail command.
tail {bootflash: filename [number] | debug: filename [number] | modflash: filename [number] | volatile: filename [number]}
10 lines
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to display the last 10 lines of a file:
vsg# tail bootflash:startup.cfg
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
This example shows how to display the last 20 lines of a file:
vsg# tail bootflash:startup.cfg 20
area 99 virtual-link 1.2.3.4
router rip Enterprise
router rip foo
address-family ipv4 unicast
router bgp 33.33
event manager applet sdtest
monitor session 1
monitor session 2
ip dhcp snooping vlan 1
ip arp inspection vlan 1
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
|
|
---|---|
cd |
Changes the current working directory. |
copy |
Copies files. |
dir |
Displays the directory contents. |
pwd |
Displays the name of the current working directory. |
To create a Telnet session, use the telnet command.
telnet {ipv4-address | hostname} [port-number | vrf vrf-name]
Port 23
Default VRF
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to start a Telnet session:
vsg# telnet 10.10.1.1 vrf management
|
|
---|---|
clear line |
Clears Telnet sessions. |
telnet server enable |
Enables the Telnet server. |
To display a terminal alias, use the terminal alias command. To disable the terminal alias, use the no form of this command.
terminal alias word persist
no terminal alias word persist
word |
Name of the alias. |
persist |
Alias configuration saved. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to displays an alias for engineering:
vsg#
terminal alias engineering
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To enable colorization of the command prompt, command line, and output, use the terminal color command. To disable terminal color, use the no form of this command.
terminal color evening persist
no terminal color evening persist
evening |
Designator that sets the screen background to black. |
persist |
Designator that saves the configuration. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the colorization of the command line:
vsg#
terminal color evening persist
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To turn off the "Are you sure?" questions when a command is entered, use the terminal dont-ask command. To disable the terminal don't ask question, use the no form of this command.
terminal dont-ask persist
no terminal dont-ask persist
persist |
Designator that saves the configuration. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to turn off the "Are you sure?" question when a command is entered:
vsg#
terminal dont-ask persist
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set the edit mode to vi, use the terminal edit-mode command. To return the edit mode to emacs, use the no form of this command.
terminal edit-mode vi
no terminal edit-mode vi
vi |
Sets the edit mode to vi. |
emacs
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the command line edition keys:
vsg#
terminal edit-mode vi
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To bypass the CLI event manager, use the terminal event-manager command.
terminal event-manager bypass
bypass |
Bypasses the CLI event manager. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to bypass the CLI event manager:
vsg#
terminal event-manager bypass
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To disable the recall of EXEC mode commands when in configuration mode, use the terminal history command. To enable recall, use the no form of this command.
terminal history no-exec-in-config
no terminal history no-exec-in-config
no-exec-in-config |
Disables the recall of EXEC mode commands when in configuration mode. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set terminal history properties:
vsg#
terminal history no-exec-in-config
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set the number of lines that appear on the terminal screen, use the terminal length command.
terminal length number
number |
Number of lines. The range of valid values is 0 to 511. |
28 lines
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Set number to 0 to disable pausing.
This example shows how to set the number of lines that appear on the screen:
vsg#
terminal length 60
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To log all commands including the show commands, use the terminal log-all command.
terminal log-all
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to log all commands:
vsg#
terminal log-all
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To copy syslog output to the current terminal line, use the terminal monitor command.
terminal monitor
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to copy syslog output to the current terminal line:
vsg# terminal monitor
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To display show command output in XML, use the terminal output command. To display show command output in text, use the no form of this command.
terminal output xml
no terminal output xml
xml |
Displays show command output in XML. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to display show command output in XML:
vsg#
terminal output xml
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set the redirection mode, use the terminal redirection-mode command.
terminal redirection-mode {ascii | zipped}
ascii |
Sets the redirection mode to ASCII. |
zipped |
Sets the redirection mode to zipped. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the redirecton mode to ASCII:
vsg#
terminal redirection-mode ascii
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set the terminal session timeout, use the terminal session-timeout command.
terminal session-timeout time
time |
Timeout time, in seconds. The range is from 0 to 525600. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
Set time to 0 to disable terminal session timeout.
This example shows how to set the terminal session timeout:
vsg#
terminal session-timeout 100
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To specify the terminal type, use the terminal terminal-type command.
terminal terminal-type type
type |
Terminal type. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to specify the terminal type:
vsg#
terminal terminal-type vt100
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To update the main parse tree, use the terminal tree-update command.
terminal tree-update
This command has no arguments or keywords.
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to update the main parse tree:
vsg#
terminal tree-update
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To verify commands, use the terminal verify-only command.
terminal verify-only username word
username |
Specifies the username for AAA authorization. |
word |
Username. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to verify commands:
vsg#
terminal verify-only
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To set the terminal width, use the terminal width command.
terminal width width
width |
Sets the number of characters on a single line. The range is from 24 to 511. |
102 columns
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set the terminal width:
vsg#
terminal width 60
|
|
---|---|
show terminal |
Displays the terminal configuration. |
To test the policy engine on a RADIUS server or in a server group, use the test policy-engine command.
test policy-engine {simulate-pe-req | simulate-zone-req}
|
|
simulate-zone-req |
Simulates the policy engine zone. |
None
EXEC
Global configuration (config)
network-admin
network-operator
|
|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to test the policy engine:
vsg# test policy-engine simulate-zone-req
|
|
---|---|
show policy-engine |
Displays policy-engine statistics. |
To enter the policy-engine configuration submode for unit testing or verification of a policy configuration, use the test-policy-engine command is used .
test-policy-engine simulate-pe-req policy policy-name
policy-name |
Policy to be tested or verified for configuration parameters. |
None
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
This example shows how to test the ext-company policy.
vsm(config)# test policy-engine simulate-pe-req policy ext-company
|
|
---|---|
attribute |
Specifies the particular attribute to be tested in the policy configuration. |
To discover routes, use the traceroute command.
traceroute {A.B.C.D. | host-name} [source src-ipv4-addr | vrf vrf-name | show-mpls-hops]
Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
EXEC
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
Use the traceroute6 command to use IPv6 addressing for discovering the route to a device.
This example shows how to discover a route to a device:
vsg# traceroute 172.28.255.18 vrf management
traceroute to 172.28.255.18 (172.28.255.18), 30 hops max, 40 byte packets
1 172.28.230.1 (172.28.230.1) 0.746 ms 0.595 ms 0.479 ms
2 172.24.114.213 (172.24.114.213) 0.592 ms 0.51 ms 0.486 ms
3 172.20.147.50 (172.20.147.50) 0.701 ms 0.58 ms 0.486 ms
4 172.28.255.18 (172.28.255.18) 0.495 ms 0.43 ms 0.482 ms
|
|
---|---|
traceroute6 |
Discovers the route to a device using IPv6 addressing. |
To set a password for the username, use the username name password command.
username name password {0 password | 5 password | password}
None
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to set a password for the username:
vsg# configure
vsg(config)# username admin password 5 q0w9e8R7
The Cisco VSG does not support multiple user accounts. It supports only the default admin user account.
|
|
---|---|
show users |
Displays users. |
To display your current context, use the where command.
where [detail]
detail |
(Optional) Displays detailed context information. |
Displays summary context information.
EXEC
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
This example shows how to display summary context information:
vsg# where
admin@firewall
vsg#
|
|
---|---|
pwd |
Displays what directory you are in. |
To erase configurations in persistent memory areas, use the write erase command.
write erase [boot | debug]
boot |
(Optional) Erases the boot variable and management 0 interface configurations. |
debug |
(Optional) Erases only the debug configuration. |
Erases all configuration in persistent memory except for the boot variable, mgmt0 interface, and debug configuration.
Global configuration (config)
network-admin
network-operator
|
|
---|---|
4.2(1)VSG1(1) |
This command was introduced. |
When information is corrupted or unusable, use the write erase command to erase the startup configuration in the persistent memory . Entering this command returns the device to its initial state, except for the boot variable, mgmt0 interface, and debug configurations. To erase those configurations, specifically use the boot and debug options.
This example shows how to erase the startup configuration:
vsg(config)# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
This example shows how to erase the boot variable and mgmt0 interface configuration in the persistent memory:
vsg(config)# write erase boot
This example shows how to erase the debug configuration in the persistent memory:
vsg(config)# write erase debug
|
|
---|---|
copy running-config startup-config |
Copies the running configuration to the startup configuration. |
show running-config |
Displays the startup configuration. |
To configure a zone definition that is used to build VM-to-zone mapping on the control plane, use the zone command to enter the zone configuration submode. To disable this feature, use the no form of this command.
zone zone-name
zone-name |
Zone object that is to be configured. |
None
Global configuration (config)
network-admin
|
|
---|---|
4.2(1)VSG1(2) |
This command was introduced. |
Use the zone command to enter the zone configuration submode. The zone-name variable specifies a zone object.
The no option removes the given zone object and all relevant configurations (for example, condition statements).
Note Attributes used in a zone condition are all neutral attributes.
This example shows how to enter the zone configuration submode:
vsg(config)# zone zone-name
vsg(config-zone)#
|
|
---|---|
condition |
Specifies the parameters and rules for the security zone. |