Copyright © 2014-2019 VMware, Inc. All rights reserved. Copyright and trademark information.
EN-002526-00
NSX-T Command-Line Interface Reference
NSX-T Data Center 2.5.0
Table of Contents
start capture node <cap-node-id> vnic <vnic-id> direction <capture-direction> parameters <arguments>
About This Book
The NSX-T Command-Line Interface Reference describes how to use the NSX-T
Command-Line Interface (CLI) and includes examples and command overviews.
Intended Audience
The information in this guide is written
for experienced systems and network administrators who are familiar with virtual
machine technology and virtual datacenter operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might
be unfamiliar to you. For definitions of terms as they are used in
VMware technical documentation go to
http://www.vmware.com/support/pubs.
Document Feedback
VMware welcomes your suggestions for improving our documentation.
If you have comments, send your feedback to
docfeedback@vmware.com.
Introduction to the NSX-T CLI
Each NSX-T virtual appliance contains a command-line interface (CLI).
The command syntax and output format of NSX-T commands are not guaranteed
to be the same from release to release. If you are automating tasks, please use the
API. See the NSX-T API Guide for details.
Logging In and Out of the CLI
Before you can run CLI commands, you must connect to
an NSX-T virtual appliance. You can connect to the console or through
SSH.
If you did not enable SSH while installing the appliance, you can use the
set service ssh start-on-boot command to enable
the SSH service.
To log out, type exit from Basic mode.
CLI Command Modes
The commands available to you at any given time depend on the mode you
are currently in.
Important Note
Starting with NSX-T 2.1, the NSX Manager GUI uses the term N-VDS
(NSX managed virtual distributed switch) to refer to what was known as
host switch in previous releases. In this document, the term
host switch is still used. The two terms are synonyms.
NSX-T CLI Commands
Create a backup of an NSX KeyManager node.
If you do not provide a passphrase on the command line, you will be prompted to enter one. The passphrase is used to encrypt the backup. If you forget the passphrase, you will not be able to restore the backup.
Important: This backup command is one part of the backup process. You must complete all backup and restore tasks in the correct order. See the NSX-T Administration Guide for information and instructions about performing backups and restores.
| Option | Description |
|---|---|
| <filename> | Filename argument Allowed pattern: ^[^/ *;&|]+$ |
| <passphrase> | Backup passphrase |
Example
nsx-keymanager-1> backup node file backup-node-timestamp.tar.gz
Passphrase:
nsx-keymanager-1>
Mode
Basic
Availability
Key Manager
Move to the bottom of the path. The arrow moves to show which interface is current.
Example
nsx-edge-1(path)> bottom
interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
->port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
Mode
Path
Availability
Edge, Public Cloud Gateway
Clear the vidm service's enabled property.
Example
nsx-manager-1> clear auth-policy vidm enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Clear the external load balancer enabled property.
Example
nsx-manager-1> clear auth-policy vidm lb-extern enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Clear the security banner or message of the day. The banner is reset to the system default banner.
Example
nsx> clear banner
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Clear the statistics for the specified BFD session
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> clear bfd-session local-ip 192.168.250.60 remote-ip 192.168.250.61 stats
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for all BFD sessions.
Example
nsx-edge-1> clear bfd-session stats
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Reset specific BGP neighbor session.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1(tier0_sr)> clear bgp 2005::2828:280a
nsx-edge-1(tier0_sr)>
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Reset all BGP neighbor sessions.
Example
nsx-edge-1(tier0_sr)> clear bgp neighbors
nsx-edge-1(tier0_sr)>
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Clear flow cache statistics for all fastpath cores.
Example
nsx-edge-1> clear dataplane flow-cache stats
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Turn off BGP debugging.
Example
nsx-edge-1(tier0_sr)> clear debug bgp
nsx-edge-1(tier0_sr)>
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Clear the Edge cluster state history.
Example
nsx-edge-1> clear edge-cluster history state
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
This command disables mandatory access control on the node. Usage for the command is
clear hardening-policy mandatory-access-control enabledExample
nsx-edge-1> clear hardening-policy mandatory-access-control enabled
Mandatory Access Control is disabled.
Mode
Basic
Availability
Controller, Edge, Manager, Policy Manager, Public Cloud Gateway
Clear statistics for the specified high-availability channel
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> clear high-availability channel local-ip 30.0.246.232 remote-ip 30.0.29.0 stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear statistics for all high-availability channels.
Example
nsx-edge-1> clear high-availability channels stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the high availability state history for the logical router in the VRF context.
Example
nsx-edge-1(tier1_sr)> clear high-availability history state
nsx-edge-1(tier1_sr)>
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Clear statistics for the specified high-availability session
| Option | Description |
|---|---|
| <service-id> | Service id (0-65535) |
Example
nsx-edge-1> clear high-availability session local-service-id 101 peer-service-id 101 stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear statistics for all high-availability sessions.
Example
nsx-edge-1> clear high-availability sessions stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Delete the specified VLAN network interface and all it's configuration. Users must configure an alternate interface for management.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
Example
nsx-edge> clear interface eth0.100
Deleted interface eth0.11. The system does not have a management
IP address, you may configure one.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Remove all network configuration from the specified interface.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
Example
nsx-edge> clear interface eth0 ip
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the network interface plane configuration.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
Example
nsx-edge> clear interface eth0 plane
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Deletes LLDP Neighbor information on all devices.
Example
nsx-edge-1> clear lldp neighbors
Mode
Basic
Availability
Edge, Public Cloud Gateway
Deletes LLDP Neighbor information on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
nsx-edge-1> clear lldp neighbors eth0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Deletes LLDP Statistics on all devices.
Example
nsx-edge-1> clear lldp stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Deletes LLDP Statistics on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
nsx-edge-1> clear lldp stats eth0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for a specific load balancer and pool.
In rare cases some of the counters may not be cleared and when that
happens please try issuing the command again.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
Example
nsx-edge-1> clear load-balancer ed785df6-2143-4944-b918-66470886be83 pool 46e57906-413e-4075-98b1-49a3e73a2c62 stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for all pools of a specific load balancer.
In rare cases some of the counters may not be cleared and when that
happens please try issuing the command again.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> clear load-balancer ed785df6-2143-4944-b918-66470886be83 pools stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> clear load-balancer ed785df6-2143-4944-b918-66470886be83 stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for a specific load balancer and virtual server.
In rare cases some of the counters may not be cleared and when that
happens please try issuing the command again.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> clear load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-server 46e57906-413e-4075-98b1-49a3e73a2c62 stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the statistics for all virtual servers of a specific load balancer.
In rare cases some of the counters may not be cleared and when that
happens please try issuing the command again.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> clear load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-servers stats
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear load balancer performance profile parameter settings from edge.
Example
nsx-edge-1> clear load-balancer perf-profile
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear all logging server configuration.
Example
nsx> clear logging-servers
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Clear the high availability state history for the specified logical router. Only service routers have a high availability status. Use the
get logical-routers command to get a list of logical routers and their router types.| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> clear logical-router 4e425c9e-09c6-4021-bbc7-fab2895a2c09 high-availability history state
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Deletes all NSX configuration and modules from the host only. Please delete the corresponding transport node entries from NSX manager using GUI/API.
Example
host-1> clear management-plane
host-1>
Mode
Basic
Availability
ESXi, KVM
Clear all name servers from the DNS configuration.
Example
nsx> clear name-servers
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Clear statistics for the specified physical port.
| Option | Description |
|---|---|
| <physical-port-name> | Datapath String argument |
Example
nsx-edge-1> clear physical-port fp-eth2 stats
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Remove all domain names from the DNS search list.
Example
nsx> clear search-domains
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Clear the HTTP service redirect host.
Example
nsx-manager-1> clear service http redirect-host
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Clear the install-upgrade service's enabled property.
Example
nsx-manager-1> clear service install-upgrade enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Configure the NTP service to not start on boot.
Example
nsx> clear service ntp start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Configure the snmp service to not start on boot.
Example
nsx> clear service snmp start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Configure the SSH service to not start on boot.
Example
nsx> clear service ssh start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Disable password expiration for the user.
| Option | Description |
|---|---|
| <username> | Username of user |
Example
nsx> clear user audit password-expiration
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Copy a local file to a remote destination.
| Option | Description |
|---|---|
| <filename> | Existing file argument |
| <url> | Remote file url (e.g. scp://username@ip_address/filepath/filename) |
Example
nsx> copy file support-bundle-0.tgz url scp://admin@192.168.210.200/home/admin/
admin@192.168.210.200's password:
nsx>
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Copy a remote file to the local file store. If no destination file is specified, the copied file has the same file name as the source file. You can use the
file argument to specify a different destination file name.| Option | Description |
|---|---|
| <url> | Remote file url (e.g. scp://username@ip_address/filepath/filename) |
| <filename> | Filename argument Allowed pattern: ^[^/ *;&|]+$ |
Example
nsx> copy url scp://admin@192.168.210.200/home/admin/file-0.txt
admin@192.168.210.200's password:
nsx>
or
nsx> copy url scp://admin@192.168.210.200/home/admin/file-1.txt file newfile-1.txt
admin@192.168.210.200's password:
nsx>
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Remove all other management nodes from the cluster. This will effectively convert
a multi-node management cluster into a single node setup. The system will prompt
for confirmation for this operation. It is recommended to use GSS guidance before
using this command.
Example
nsx-manager-1> deactivate cluster
Are you sure you want to remove all other nodes from this cluster (yes/no)
Cluster has been deactivated.
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Delete all packet capture sessions.
Example
nsx-manager> del all capture sessions
Session Count: 1
Session ID: 62fd4a28-5463-4f92-af34-42e55547ec7e
Session Status: deleted
Start Time: 2018-07-31 07:09:36
Stop Time: 2018-07-31 07:09:51
Request:
Node: af1c570b-f78d-4ea3-8858-219f9fe73511
Capture Type: vmknic
Capture Value: vmk0
Capture Direction: input
Capture Mode: standalone
Mode
Basic
Availability
Manager
Delete a packet capture session configuration.
| Option | Description |
|---|---|
| <esx-session-id-arg> | Packet Capture session id parameter |
Example
esx-1> del capture session 1
esx-1>
Mode
Basic
Availability
ESXi
Delete the specified packet capture session.
| Option | Description |
|---|---|
| <session-id-arg> | Packet capture session id parameter |
Example
nsx-manager> del capture session 2e4d5f24-88a9-4d88-8af0-e588833064d9
Session ID: 2e4d5f24-88a9-4d88-8af0-e588833064d9
Session Status: deleted
Start Time: 2018-07-31 07:10:35
Stop Time: 2018-07-31 07:10:45
Request:
Node: af1c570b-f78d-4ea3-8858-219f9fe73511
Capture Type: vmknic
Capture Value: vmk0
Capture Direction: input
Capture Mode: standalone
Mode
Basic
Availability
Manager
Delete a packet capture session configuration.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
kvm-1> del capture session 1
kvm-1>
Mode
Basic
Availability
KVM
Delete a packet capture session configuration.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
nsx-edge-1(path)> del capture session 1
nsx-edge-1(path)>
Mode
Path
Availability
Edge, Public Cloud Gateway
Delete a packet capture session configuration.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
nsx-edge-1> del capture session 1
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Delete the specified interface from a packet capture session configuration. If you are only monitoring one interface, this deletes the monitoring session configuration.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <interface-name> | Network interface argument |
Example
kvm-1> del capture session 1 interface b592a7c8-4e21-493e-b0fc-0b1d152c949c
kvm-1>
Mode
Basic
Availability
KVM
Delete the specified interface from a packet capture session configuration. If you are only monitoring one interface, this deletes the monitoring session configuration.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <port-uuid-name> | Datapath String argument |
Example
nsx-edge-1> del capture session 1 interface fp-eth1
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Delete a local file.
| Option | Description |
|---|---|
| <filename> | Existing file argument |
Example
nsx> del file support-bundle-0.tgz
nsx>
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete the host's public cloud gateway certificate
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
host-1> del gateway certificate 13.14.41.34
Mode
Basic
Availability
NSX Cloud VM
Delete all the host's public cloud gateway certificates
Example
host-1> del gateway certificates
Mode
Basic
Availability
NSX Cloud VM
Remove public cloud VM certificate
| Option | Description |
|---|---|
| <vm-id> | VM ID |
Mode
Basic
Availability
Public Cloud Gateway
Delete NSX Edge service container image.
Only images that are not in use can be deleted.
| Option | Description |
|---|---|
| <image-name> | Edge service container image name |
| <image-version> | Edge service container image version |
Example
nsx-edge> del image nsx-edge-mdproxy version ob-22302541
Image deleted successfully
Mode
Basic
Availability
Edge, Public Cloud Gateway
Delete the specified logging server configuration. You can use the
get logging-servers command to display the current logging server configuration.| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | A hostname or IP address with optional port delimited by a colon |
| <proto> | Logging server protocol Allowed values: tcp, udp, tls, li, li-tls |
| <level> | Level of log entries to export Allowed values: emerg, alert, crit, err, warning, notice, info, debug |
| <facility> | Comma delimited list of facilities of log entries to export |
| <messageid> | Comma delimited list of MSGIDs of log entries to export |
| <structured-data> | Structured data of log entries to export Allowed pattern: ^(comp|subcomp|s2comp|security|audit|reqId|ereqId|entId|errorCode|eventId|euser|level|username|threadId|splitId|splitIndex)=.+$ |
Example
nsx> del logging-server 192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC structured-data audit=true
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete the specified name server from the DNS configuration.
| Option | Description |
|---|---|
| <ip-address> | Name server IP address argument |
Example
nsx> del name-server 192.168.110.11
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Destroy NSX environment on this host without removing its transport node from management plane.
Example
host-1> del nsx
host-1>
Mode
Basic
Availability
ESXi, KVM
Remove an existing NTP server.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
Example
nsx-manager-1> del ntp-server 172.31.32.2
nsx-manager-1>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete the specified network route.
| Option | Description |
|---|---|
| <prefix> | CIDR notation argument |
| <gateway-ip> | Gateway IP address argument |
| <interface-name> | Configurable network interface argument |
Example
nsx> del route prefix 10.10.10.0/24 gateway 192.168.110.1
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete the specified domain name from the DNS search list.
| Option | Description |
|---|---|
| <domain> | Search domain argument |
Example
nsx> del search-domains eng.example.com
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete SNMP V3 Users.
| Option | Description |
|---|---|
| <user-id> | SNMP V3 user-id Allowed pattern: ^[\S]{1,32}$ |
Example
nsx> del snmp v3-users user1
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete the specified host entry from the SSH known hosts file.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | A hostname or IP address with optional port delimited by a colon |
Example
nsx> del ssh-known-host 192.168.110.105
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Delete any SSH key with specified label from specified user's authorized_keys file. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.
| Option | Description |
|---|---|
| <username> | Username of user |
| <key-label> | Unique label for SSH key |
| <password> | Password of user |
Example
nsx> del user admin ssh-keys label user1@domain1 password Pa$$w0rd
nsx>
or
nsx> del user admin ssh-keys label user1@domain1
Password (required only for users root and admin):
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Detach this hypervisor host from the management plane. You can specify any NSX Manager in the management cluster in this command.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
host-1> detach management-plane 192.168.110.105 username admin thumbprint 898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
Password for API user:
Node successfully removed
Mode
Basic
Availability
ESXi, KVM
Detach this Edge from the management plane.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
nsx-edge> detach management-plane 192.168.110.105 username admin thumbprint 7f1374c339b592da504b352857a0bdc4e77b9b998a9971f9335633210f667c97
Password for API user:
Node successfully deregistered
Mode
Basic
Availability
Edge, Public Cloud Gateway
Detach this keymanager from the management plane. You can specify any NSX Manager in the management cluster in this command.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager.
| Option | Description |
|---|---|
| <ip-address[:port]> | IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
nsx-keymanager-1> detach management-plane 192.168.110.105 username admin
thumbprint fef089bbfbd2e10da6ee08c7ff4a95da1368587abfd2c6db59c8db540bc43e58
Password for API user:
Node successfully unregistered and keymanager service stopped
Mode
Basic
Availability
Key Manager
Detach the specified node from the cluster.
| Option | Description |
|---|---|
| <node-id> | Node ID of cluster node to detach Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-manager-1> detach node ac5d4a62-3203-4b31-922e-d166a4f7e860
Node has been detached. Detached node must be deleted permanently.
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Detach specified node from the cluster without checking repository-ip modification errors.
| Option | Description |
|---|---|
| <node-id> | Node ID of cluster node to detach Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-manager-1> detach node ac5d4a62-3203-4b31-922e-d166a4f7e860 ignore-repository-ip-check
Node has been detached. Detached node must be deleted permanently.
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Display the result of the specified packet capture session with the tcpdump command.
| Option | Description |
|---|---|
| <session-id-arg> | Packet capture session id parameter |
Example
nsx-manager> display capture session 0fea2cac-5a13-44cf-b92e-b63f69572268
reading from file /tmp/pktcap/0fea2cac-5a13-44cf-b92e-b63f69572268.pcap, link-type EN10MB (Ethernet)
07:10:46.513603 IP w1-mvpcloud-164.eng.vmware.com.31181 > nsx-controller-leng1.eng.vmware.com.1235: Flags [.], ack 2218716988, win 128, length 0
07:10:48.460753 IP w1-mvpcloud-164.eng.vmware.com.52976 > nsx-controller-leng4.eng.vmware.com.amqps: Flags [P.], seq 768580848:768580898, ack 2927523439, win 128, length 50
07:10:48.463135 IP w1-mvpcloud-164.eng.vmware.com.52976 > nsx-controller-leng4.eng.vmware.com.amqps: Flags [P.], seq 50:100, ack 554, win 128, length 50
Mode
Basic
Availability
Manager
Display packet capture result with command tcpdump.
| Option | Description |
|---|---|
| <session-id-arg> | Packet capture session id parameter |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> display capture session ed0a79df-4e4d-4784-9f2a-d14327e511a1 parameters -c 2
nsx-manager-1>
Mode
Basic
Availability
Manager
Move down the path. The arrow moves to show which interface is current.
Example
nsx-edge-1(path)> get path
interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
->port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
nsx-edge-1(path)> down
interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
->interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
Mode
Path
Availability
Edge, Public Cloud Gateway
Exit the VRF context mode if you are in it. Otherwise, exit the CLI.
Example
nsx-edge-1> vrf 1
nsx-edge-1(tier1_sr)> exit
nsx-edge-1>
Mode
Availability
Controller, Edge, ESXi, KVM, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information for all packet capture sessions.
Example
nsx-manager> get all capture sessions
Session Count: 1
Session ID: 0fea2cac-5a13-44cf-b92e-b63f69572268
Session Status: stopped
Start Time: 2018-07-31 07:11:54
Stop Time: 2018-07-31 07:12:10
Request:
Node: af1c570b-f78d-4ea3-8858-219f9fe73511
Capture Type: vmknic
Capture Value: vmk0
Capture Direction: input
Capture Mode: standalone
Mode
Basic
Availability
Manager
Display the ARP table.
Example
nsx-manager-1> get arp-table
Protocol Address Hardware Addr Type Interface
Internet 192.168.110.201 00:50:56:a9:8a:8c ether eth0
Internet 192.168.110.101 00:50:56:a9:45:29 ether eth0
Internet 192.168.110.1 68:ef:bd:4e:98:7f ether eth0
Internet 192.168.110.10 00:50:56:a6:e0:14 ether eth0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the ARP table.
Example
nsx-manager-1> get arp-table
Protocol Address Hardware Addr Type Interface
Internet 192.168.110.201 00:50:56:a9:8a:8c ether eth0
Internet 192.168.110.101 00:50:56:a9:45:29 ether eth0
Internet 192.168.110.1 68:ef:bd:4e:98:7f ether eth0
Internet 192.168.110.10 00:50:56:a6:e0:14 ether eth0
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Get the amount of time, in seconds, that an account will remain locked
out of the API after exceeding the maximum number of failed
authentication attempts.
Example
nsx> get auth-policy api lockout-period
900 seconds
Mode
Basic
Availability
Manager, Policy Manager
In order to trigger an account lockout, all authentication
failures must occur in this time window. If the reset
period exprires, the failed login count is reset to zero.
Example
nsx> get auth-policy api lockout-reset-period
900 seconds
Mode
Basic
Availability
Manager, Policy Manager
Get the number of failed API authentication attempts that are
allowed before the account is locked. If set to 0, account
lockout is disabled.
Example
nsx> get auth-policy api max-auth-failures
5
Mode
Basic
Availability
Manager, Policy Manager
Get the amount of time, in seconds, that an account will remain locked
out of the CLI after exceeding the maximum number of failed
authentication attempts.
Example
nsx> get auth-policy cli lockout-period
900 seconds
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get the number of failed CLI authentication attempts that are
allowed before the account is locked. If set to 0, account
lockout is disabled.
Example
nsx> get auth-policy cli max-auth-failures
3
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get the minimum number of characters that passwords must have.
Example
nsx> get auth-policy minimum-password-length
8 characters
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get the vidm's properties.
Example
nsx-manager-1> get auth-policy vidm
nsx-manager-1>
LB enabled: True
vIDM Enabled: True
Hostname: jt-vidm.eng.vmware.com
Thumbprint: 898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
Client Id: OAuth2Client_NsxClientId
Node Hostname: jt-nsx.eng.vmware.com
Mode
Basic
Availability
Manager, Policy Manager
Display parameters defined in global logical router BFD
Example
nsx-edge(tier0_sr)> get bfd-config
Logical Router
UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
vrf : 6
lr-id : 6
name :
type : SERVICE_ROUTER_TIER0
BFD global configuration
Enabled : True
Min RX Interval: 1000
Min TX Interval: 1000
Min RX TTL : 255
Multiplier : 3
Port : 4451c48f-8cff-4444-8e10-bff403783dca
BFD session configuration
Source : 192.168.50.1
Peer : 192.168.50.10
Enabled : True
Min RX Interval: 1000
Min TX Interval: 1000
RX TTL : 255
Multiplier : 3
Source : 192.168.50.1
Peer : 192.168.50.20
Enabled : True
Min RX Interval: 3000
Min TX Interval: 3000
RX TTL : 255
Multiplier : 5
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display information about the specified BFD session.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get bfd-session local-ip 192.168.250.60 remote-ip 192.168.250.61
BFD Session
Diag : Control Detection Time Expired(from local)
Forwarding : last true (current true)
Last_down_time : 2016-02-09 22:38:47
Last_up_time : 2016-02-09 22:38:52
Local_address : 192.168.250.60
Remote_address : 192.168.250.61
Remote_diag : No Diagnostic
Remote_state : up
Rx_cfg_min : 500
Rx_interval : 500
State : up
Tx_cfg_min : 100
Tx_interval : 500
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified BFD session.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get bfd-session local-ip 192.168.250.60 remote-ip 192.168.250.61 stats
BFD Session
Admin_down_count : 0
Cpath_down_count : 0
Down_count : 1
Local_address : 192.168.250.60
Remote_address : 192.168.250.61
Rx_drop : 0
Rx_drop_admin_down : 0
Rx_drop_auth_set : 0
Rx_drop_bad_version : 0
Rx_drop_intf_unmatch : 0
Rx_drop_multipoint_set: 0
Rx_drop_null_my_disc : 0
Rx_drop_null_your_disc: 0
Rx_drop_pkt_len_unmatch: 0
Rx_drop_pkt_too_short: 0
Rx_drop_rx_ttl_small : 0
Rx_drop_your_disc_unmatch: 0
Rx_drop_zero_multipier: 0
Rx_packets : 44993
Tx_error : 0
Tx_packets : 49249
Up_count : 2
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about BFD sessions.
Example
nsx-edge-1> get bfd-sessions
BFD Session
Diag : Control Detection Time Expired(from local)
Forwarding : last true (current true)
Last_down_time : 2016-02-09 22:38:47
Last_up_time : 2016-02-09 22:38:52
Local_address : 192.168.250.60
Remote_address : 192.168.250.62
Remote_diag : No Diagnostic
Remote_state : up
Rx_cfg_min : 500
Rx_interval : 500
State : up
Tx_cfg_min : 100
Tx_interval : 500
BFD Session
Diag : Control Detection Time Expired(from local)
Forwarding : last true (current true)
Last_down_time : 2016-02-09 22:38:47
Last_up_time : 2016-02-09 22:38:52
Local_address : 192.168.250.60
Remote_address : 192.168.250.61
Remote_diag : No Diagnostic
Remote_state : up
Rx_cfg_min : 500
Rx_interval : 500
State : up
Tx_cfg_min : 100
Tx_interval : 500
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display BFD sessions in a logical router
Example
nsx-edge(tier0_sr)> get bfd-sessions
BFD Session
Dest_port : 3784
Diag : No Diagnostic
Encap : vlan
Forwarding : last false (current false)
Interface : 4451c48f-8cff-4444-8e10-bff403783dca
Last_cp_diag : No Diagnostic
Last_cp_rmt_diag : No Diagnostic
Last_cp_rmt_state : admin_down
Last_cp_state : admin_down
Last_fwd_state : NONE
Local_address : 192.168.50.1
Local_discr : 2830404107
Min_rx_ttl : 255
Multiplier : 5
Prev_failure_diag : No Diagnostic
Received_remote_diag : No Diagnostic
Received_remote_state : down
Remote_address : 192.168.50.20
Remote_admin_down : false
Remote_diag : No Diagnostic
Remote_discr : 0
Remote_min_rx_interval : 0
Remote_min_tx_interval : 0
Remote_multiplier : 0
Remote_state : down
Rx_cfg_min : 3000
Rx_interval : 3000
Session_type : LR_PORT
State : down
Tx_cfg_min : 3000
Tx_interval : 3000
.
.
.
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display the BFD sessions statistics.
Example
nsx-edge-1> get bfd-sessions stats
BFD Global Counters
Bfd_sessions_count : 2
Last_notify_time : 2016-02-09 22:38:52
Last_nsxa_msg_receive_time: 2016-02-09 22:38:52
Nsxa_connect_count : 1
Nsxa_disconnect_count: 0
Nsxa_err_msg_receive_count: 0
Nsxa_msg_receive_count: 166085
Nsxa_notify_count : 107287
Rx_drop_bad_csum : 0
Rx_drop_count : 32
Rx_drop_intf_type : 0
Rx_drop_ip_mismatch : 0
Rx_drop_non_bfd : 0
Rx_drop_non_udp : 0
Rx_drop_null_bfd_session: 32
Rx_drop_null_intf : 0
Rx_drop_runt_pkt : 0
Rx_drop_udp_len : 0
BFD Session
Admin_down_count : 0
Cpath_down_count : 0
Down_count : 1
Local_address : 192.168.250.60
Remote_address : 192.168.250.62
Rx_drop : 0
Rx_drop_admin_down : 0
Rx_drop_auth_set : 0
Rx_drop_bad_version : 0
Rx_drop_intf_unmatch : 0
Rx_drop_multipoint_set: 0
Rx_drop_null_my_disc : 0
Rx_drop_null_your_disc: 0
Rx_drop_pkt_len_unmatch: 0
Rx_drop_pkt_too_short: 0
Rx_drop_rx_ttl_small : 0
Rx_drop_your_disc_unmatch: 0
Rx_drop_zero_multipier: 0
Rx_packets : 44754
Tx_error : 0
Tx_packets : 48989
Up_count : 2
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPv4 & IPv6 BGP routes.
Example
nsx-edge-1(tier0_sr)> get bgp
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
> 2002::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
> 2001::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display detailed information about BGP IPv4 route.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get bgp 111.111.0.0/16
BGP routing table entry for 111.111.0.0/16
Prefix advertised to: 50.50.50.10
1 Paths available:
Origin incomplete, Metric 0, LocalPref 100, Weight 32768, best, valid
Peer is 0.0.0.0 with router id 50.50.50.1
Last Updated: Sat Dec 8 03:54:07 2018
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display detailed information about BGP IPv6 route.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get bgp 2003::/24
BGP routing table entry for 2003::/24
Prefix advertised to:
1 Paths available:
Origin incomplete, Metric 0, LocalPref 100, Weight 32768, best, valid
Peer is :: with router id 50.50.50.1
Last Updated: Sat Dec 8 03:54:06 2018
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all BGP NLRI matching the community.
| Option | Description |
|---|---|
| <bgp-community> | BGP community argument, either NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED or community in AA:NN format |
Example
nsx-edge-1(tier0_sr)> get bgp community 1:1
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all IPv4 BGP routes.
Example
nsx-edge-1(tier0_sr)> get bgp ipv4
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all IPv6 BGP routes.
Example
nsx-edge-1(tier0_sr)> get bgp ipv6
BGP table version is 3, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 2003::/24 :: 0 100 32768 2000 ?
> 2002::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
> 2001::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all BGP NLRI matching the large-community.
| Option | Description |
|---|---|
| <bgp-large-community> | BGP large-community argument in AA:BB:CC format |
Example
nsx-edge-1(tier0_sr)> get bgp large-community 1:1:1
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all BGP neighbor information.
Example
nsx-edge-1(tier0_sr)> get bgp neighbor
BGP neighbor is 50.50.50.10, remote AS 1000, local AS 2000, external link
Hostname: prome-mdt-dhcp412
BGP version 4, remote router ID 50.50.50.10, local router ID 50.50.50.1
BGP state = Established, up for 2d13h18m
Last read 00:00:00, Last write 00:00:02
Hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
AddPath:
IPv4 Unicast: RX advertised IPv4 Unicast and received
Route refresh: advertised and received(old & new)
Address Family IPv4 Unicast: advertised and received
Hostname Capability: advertised (name: nsx-edge-1,domain name: n/a) received (name: prome-mdt-dhcp412,domain name: n/a)
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
Graceful restart informations:
End-of-RIB send: IPv4 Unicast
End-of-RIB received: IPv4 Unicast
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 14 13
Notifications: 2 16
Updates: 10 10
Keepalives: 3822 3817
Route Refresh: 0 0
Capability: 0 0
Total: 3848 3856
Minimum time between advertisement runs is 0 seconds
Update source is 50.50.50.1
For address family: IPv4 Unicast
Update group 49, subgroup 49
Packet Queue length 0
Community attribute sent to this neighbor(all)
0 accepted prefixes
Connections established 6; dropped 5
Last reset 2d13h18m, due to Interface down
Local host: 50.50.50.1, Local port: 179
Foreign host: 50.50.50.10, Foreign port: 39948
Nexthop: 50.50.50.1
Nexthop global: 2005::2828:2801
Nexthop local: fe80::53ff:feb2:c1ad
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Estimated round trip time: 1 ms
Read thread: on Write thread: on
BFD Status: peer 50.50.50.10 status down
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display information about a specifie BGP neighbor.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1(tier0_sr)> get bgp neighbor 50.50.50.10
BGP neighbor is 50.50.50.10, remote AS 1000, local AS 2000, external link
Hostname: prome-mdt-dhcp412
BGP version 4, remote router ID 50.50.50.10, local router ID 50.50.50.1
BGP state = Established, up for 2d13h46m
Last read 00:00:30, Last write 00:00:32
Hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
AddPath:
IPv4 Unicast: RX advertised IPv4 Unicast and received
Route refresh: advertised and received(old & new)
Address Family IPv4 Unicast: advertised and received
Hostname Capability: advertised (name: nsx-edge-1,domain name: n/a) received (name: prome-mdt-dhcp412,domain name: n/a)
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
Graceful restart informations:
End-of-RIB send: IPv4 Unicast
End-of-RIB received: IPv4 Unicast
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 14 13
Notifications: 2 16
Updates: 10 10
Keepalives: 3850 3845
Route Refresh: 0 0
Capability: 0 0
Total: 3876 3884
Minimum time between advertisement runs is 0 seconds
Update source is 50.50.50.1
For address family: IPv4 Unicast
Update group 49, subgroup 49
Packet Queue length 0
Community attribute sent to this neighbor(all)
0 accepted prefixes
Connections established 6; dropped 5
Last reset 2d13h46m, due to Interface down
Local host: 50.50.50.1, Local port: 179
Foreign host: 50.50.50.10, Foreign port: 39948
Nexthop: 50.50.50.1
Nexthop global: 2005::2828:2801
Nexthop local: fe80::53ff:feb2:c1ad
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Estimated round trip time: 1 ms
Read thread: on Write thread: on
BFD Status: peer 50.50.50.10 status down
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display routes advertised to a BGP neighbor.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1(tier0_sr)> get bgp neighbor 50.50.50.10 advertised-routes
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display routes learnt from a BGP neighbor.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1(tier0_sr)> get bgp neighbor 50.50.50.10 routes
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 11.11.0.0/16 100.64.0.2 0 100 32768 2000 ?
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display summarized BGP neighbor information.
Example
nsx-edge-1(tier0_sr)> get bgp neighbor summary
BFD States: NC - Not configured, AC - Activating,DC - Disconnected
AD - Admin down, DW - Down, IN - Init,UP - Up
BGP summary information for VRF default for address-family: ipv4Unicast
Router ID: 50.50.50.1 Local AS: 2000
Neighbor AS State Up/DownTime BFD InMsgs OutMsgs InPfx OutPfx
50.50.50.10 1000 Estab 2d13h52m DW 3890 3882 0 1
BFD States: NC - Not configured, AC - Activating,DC - Disconnected
AD - Admin down, DW - Down, IN - Init,UP - Up
BGP summary information for VRF default for address-family: ipv6Unicast
Router ID: 50.50.50.1 Local AS: 2000
Neighbor AS State Up/DownTime BFD InMsgs OutMsgs InPfx OutPfx
2005::2828:280a 1000 Idle never NC 0 0 0 0
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display the bond interface with the specified name. Specify the
stats argument to display the statistics for the interface.| Option | Description |
|---|---|
| <bond-name> | Datapath device name argument |
Example
nsx-edge-1> get bond bond0
Bond
Hash algorithm : layer 2+3+4
Mode : lacp active
Name : bond0
Port id : 2
Slaves :
Name : fp-eth0
LACP state :
Local admin key : 11
Local oper key : 11
Local oper port state : ACT FTO AGG DEF
Local port internal state: LACP_ENABLED
Local port number : 1
Local port priority : 255
Local port rx machine state: DEFAULTED
Local timeout cfg : fast
Partner age in sec : 2
Partner device id : 00:00:00:00:00:00
Partner mode : LACP passive
Partner oper key : 0
Partner oper port state:
Partner port number : 0
Partner port priority : 0
Partner timeout cfg : slow
State : stand-alone
State : active
Name : fp-eth1
LACP state :
Local admin key : 11
Local oper key : 11
Local oper port state : ACT FTO AGG DEF
Local port internal state: LACP_ENABLED
Local port number : 2
Local port priority : 255
Local port rx machine state: DEFAULTED
Local timeout cfg : fast
Partner age in sec : 2
Partner device id : 00:00:00:00:00:00
Partner mode : LACP passive
Partner oper key : 0
Partner oper port state:
Partner port number : 0
Partner port priority : 0
Partner timeout cfg : slow
State : stand-alone
State : active
Status : up
nsx-edge-1> get bond bond0 stats
Bond
Name : bond0
Slaves :
Name : fp-eth0
LACP drops : 0
Rx LACP errors : 0
Rx LACP pdus : 10
Tx LACP errors : 0
Tx LACP pdus : 10
Name : fp-eth1
LACP drops : 0
Rx LACP errors : 0
Rx LACP pdus : 10
Tx LACP errors : 0
Tx LACP pdus : 10
name : bond0
rx_bytes : 1488
rx_drop_no_match : 0
rx_errors : 0
rx_misses : 0
rx_nombufs : 0
rx_packets : 12
tx_bytes : 0
tx_drops : 0
tx_errors : 0
tx_packets : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all bond interfaces. Specify the
stats argument to display the statistics for the interfaces.Example
nsx-edge-1> get bonds
Bond
Hash algorithm : layer 2+3+4
Mode : lacp active
Name : bond0
Port id : 2
Slaves :
Name : fp-eth0
LACP state :
Local admin key : 11
Local oper key : 11
Local oper port state : ACT FTO AGG DEF
Local port internal state: LACP_ENABLED
Local port number : 1
Local port priority : 255
Local port rx machine state: DEFAULTED
Local timeout cfg : fast
Partner age in sec : 2
Partner device id : 00:00:00:00:00:00
Partner mode : LACP passive
Partner oper key : 0
Partner oper port state:
Partner port number : 0
Partner port priority : 0
Partner timeout cfg : slow
State : stand-alone
State : active
Name : fp-eth1
LACP state :
Local admin key : 11
Local oper key : 11
Local oper port state : ACT FTO AGG DEF
Local port internal state: LACP_ENABLED
Local port number : 2
Local port priority : 255
Local port rx machine state: DEFAULTED
Local timeout cfg : fast
Partner age in sec : 2
Partner device id : 00:00:00:00:00:00
Partner mode : LACP passive
Partner oper key : 0
Partner oper port state:
Partner port number : 0
Partner port priority : 0
Partner timeout cfg : slow
State : stand-alone
State : active
Status : up
nsx-edge-1> get bonds stats
Bond
Name : bond0
Slaves :
Name : fp-eth0
LACP drops : 0
Rx LACP errors : 0
Rx LACP pdus : 10
Tx LACP errors : 0
Tx LACP pdus : 10
Name : fp-eth1
LACP drops : 0
Rx LACP errors : 0
Rx LACP pdus : 10
Tx LACP errors : 0
Tx LACP pdus : 10
name : bond0
rx_bytes : 1488
rx_drop_no_match : 0
rx_errors : 0
rx_misses : 0
rx_nombufs : 0
rx_packets : 12
tx_bytes : 0
tx_drops : 0
tx_errors : 0
tx_packets : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified bridge.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get bridge 69377c84-c661-4935-956b-e42399411b2b
Bridge
-------------------------------------------------------------------------------------
Bridge UUID : 69377c84-c661-4935-956b-e42399411b2b
DVS name : nsxvswitch
Ref count : 2
Number of networks : 2
Number of uplinks : 0
Mode
Basic
Availability
ESXi
Display MAC table for the specified bridge.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get bridge 255e190d-2a9e-4ca0-917e-80dfbb89ac34 mac-table
Bridge MAC Table
-----------------------------------------------------------------------------------------------
MAC Address Type VLAN ID VXLAN ID Destination Port Age
===============================================================================================
00:50:56:86:7c:9f Dynamic 0 33672 50331650 2
00:50:56:86:ee:f1 Dynamic 16 0 50331650 2
Mode
Basic
Availability
ESXi
Display networks on the specified bridge.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get bridge 69377c84-c661-4935-956b-e42399411b2b networks
Bridge Networks
-----------------------------------------------------------------------------------------------
Network name : vxlan-48009-type-bridging
Ref count : 2
Network type : 1
VLAN ID : 0
VXLAN ID : 48009
Ageing time : 300
Fdb entry hold time : 1
FRP filter enable : True
port ID : 50331679
Ref count : 1
VLAN ID : 4095
IOChains installed : 0
Network name : vlan-150-type-bridging
Ref count : 2
Network type : 1
VLAN ID : 150
VXLAN ID : 0
Ageing time : 300
Fdb entry hold time : 1
FRP filter enable : True
port ID : 50331679
Ref count : 1
VLAN ID : 4095
IOChains installed : 0
Mode
Basic
Availability
ESXi
Display information about bridges on this bridge node.
Example
esx-1> get bridges
Bridges Summary
----------------------------------------------------------------------
Bridge UUID Number of networks Ref count
69377c84-c661-4935-956b-e42399411b2b 2 1
Mode
Basic
Availability
ESXi
Display information about the specified packet capture session.
| Option | Description |
|---|---|
| <esx-session-id-arg> | Packet Capture session id parameter |
Example
esx-1> get capture session 1
Packet Capture Session
ID : 1
PORT : b2dce32f-8312-4c10-a7fe-320d4cb226ff
VNI : 24580
Mode
Basic
Availability
ESXi
Display information for the specified packet capture session.
| Option | Description |
|---|---|
| <session-id-arg> | Packet capture session id parameter |
Example
nsx-manager-leng5> get capture session 0fea2cac-5a13-44cf-b92e-b63f69572268
Session ID: 0fea2cac-5a13-44cf-b92e-b63f69572268
Session Status: stopped
Start Time: 2018-07-31 07:11:54
Stop Time: 2018-07-31 07:12:10
Request:
Node: af1c570b-f78d-4ea3-8858-219f9fe73511
Capture Type: vmknic
Capture Value: vmk0
Capture Direction: input
Capture Mode: standalone
Mode
Basic
Availability
Manager
Display information about the specified packet capture session.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
nsx-edge-1> get capture session 1
Packet Capture Session
ID : 1
PORTS : ['fp-eth0', 'fp-eth1']
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified packet capture session.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
kvm-1> get capture session 1
Packet Capture Session
ID : 1
PORTS : ['b592a7c8-4e21-493e-b0fc-0b1d152c949c']
Mode
Basic
Availability
KVM
Display configured packet capture sessions.
Example
esx-1> get capture sessions
Packet Capture Session
ID : 0
PORT : b2dce32f-8312-4c10-a7fe-320d4cb226ff
VNI : 24580
Packet Capture Session
ID : 1
PORT : 10
Packet Capture Session
ID : 2
TRACE : True
Packet Capture Session
ID : 3
PORT : uplink1
Mode
Basic
Availability
ESXi
Display configured packet capture sessions. Session 0 is reserved for captures started with the
start capture interface <interface-name> command.Example
kvm-1> get capture sessions
Packet Capture Session
ID : 0
PORTS : []
Packet Capture Session
ID : 1
PORTS : ['b592a7c8-4e21-493e-b0fc-0b1d152c949c']
Packet Capture Session
ID : 2
PORTS : ['b592a7c8-4e21-493e-b0fc-0b1d152c949c', 'd0c59cee-6095-5eeb-815b-ae6732d749e4']
Packet Capture Session
ID : 3
PORTS : []
Mode
Basic
Availability
KVM
Display configured packet capture sessions. Session 0 is reserved for captures started with the
start capture interface <interface-name> command.Example
nsx-edge-1> get capture sessions
Packet Capture Session
ID : 0
PORTS : []
Packet Capture Session
ID : 1
PORTS : ['fp-eth0', 'fp-eth1']
Packet Capture Session
ID : 2
PORTS : ['d0c59cee-6095-5eeb-815b-ae6732d749e4']
Packet Capture Session
ID : 3
PORTS : []
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the API server's certificate.
Example
nsx-manager-1> get certificate api
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIEVQEDTTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzELMAkGA1UE
...
/JbzbimmEgaC3Yy5rOZXUnhn+dANkUShIeGIpOnH7rpLrrPYcB1Hx31jieY=
-----END CERTIFICATE-----
Mode
Basic
Availability
Manager, Policy Manager
Display the API server's certificate thumbprint.
Example
nsx-manager-1> get certificate api thumbprint
82d99b793ff84f1f1f01f420656975522a03b9bebe87c50bcff80e7d3ebe8705
Mode
Basic
Availability
Manager, Policy Manager
Display the clsuter certificate.
Example
nsx-manager-1> get certificate cluster
-----BEGIN CERTIFICATE-----
MIIDfjCCAmagAwIBAgIETzOK8zANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJV
...
QaWyyFxNFfuCLibJPuiO5scGJmGB6UvZLGt/7stcuLIQ3A==
-----END CERTIFICATE-----
Mode
Basic
Availability
Manager, Policy Manager
Display the cluster certificate thumbprint.
Example
nsx-manager-1> get certificate cluster thumbprint
40a5d453ea43ef1e21597d9d14749d4c6b0874402ed0b4c2d6a212a4fe7819c5
Mode
Basic
Availability
Manager, Policy Manager
Display the translations for the specified container group. Optionally specify a translation type to display translations of that type.
| Option | Description |
|---|---|
| <uuid> | Cgroup identifier |
| <translation-type> | Translation type Allowed values: logical-objects, ips, vifs, macs, tns, vms |
Example
nsx-controller-1> get cgroup 2d22c229-bffb-405a-8246-8e50c01d1fc6 logical-objects
id: 2d22c229-bffb-405a-8246-8e50c01d1fc6, type: Container
id: 1d467d11-df42-4eff-96d0-3018c0fc6e93, type: Container
id: 6e05fa9f-72d2-4102-8970-d93a301b93d8, type: Container
Mode
Basic
Availability
Controller
Display all container groups.
Example
nsx-controller-1> get cgroups
id: 2d22c229-bffb-405a-8246-8e50c01d1fc6, type: Container
id: 31c4853f-3e2e-458b-ad64-6164c66ebb66, type: Container
id: fb4781b1-a748-4009-bfa6-06ab7edeb98e, type: Container
id: d807d5d9-f9ca-4863-8ab5-b209ba42ed64, type: Container
Mode
Basic
Availability
Controller
Display container groups with the specified IP address.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-controller-1> get cgroups with ip 192.168.1.2
id: fb4781b1-a748-4009-bfa6-06ab7edeb98e, type: Container
Mode
Basic
Availability
Controller
Display container groups with the specified MAC address.
| Option | Description |
|---|---|
| <hardware-address> | Network hardware address argument |
Example
nsx-controller-1> get cgroups with mac 00:50:56:8e:13:51
id: 31c4853f-3e2e-458b-ad64-6164c66ebb66, type: Container
Mode
Basic
Availability
Controller
Display container groups with the specified network interface.
| Option | Description |
|---|---|
| <vif> | VIF ID |
Example
nsx-controller-1> get cgroups with vif vif-15
id: d807d5d9-f9ca-4863-8ab5-b209ba42ed64, type: Container
Mode
Basic
Availability
Controller
Show inactivity timeout in seconds.
Example
nsx> get cli-timeout
1200 seconds
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the current date and time.
Example
nsx> get clock
Sat Dec 12 2015 UTC 00:11:33.168
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get Cluster Config.
Example
nsx-manager-1> get cluster config
Cluster Id: 27589e28-66c1-4fa4-aca9-7c336d43a276
Cluster Configuration Version: 1
Number of nodes in the cluster: 2
Node UUID: ac5d4a62-3203-4b31-922e-d166a4f7e860
Node Status: JOINED
ENTITY UUID IP ADDRESS PORT FQDN
DATASTORE b920c7ef-b951-4490-9d82-0314074a10d9 192.168.0.2 9000 nsxmanager-sb-16755132-1
MANAGER d1763d71-d660-458d-bbb4-39c103cab7ae 192.168.0.2 - nsxmanager-sb-16755132-1
CLUSTER_BOOT_MANAGER 3ddbc3d4-16a6-404d-9737-b8e7726f89eb 192.168.0.2 - nsxmanager-sb-16755132-1
HTTP 560ddc87-d318-4a2f-ad48-89678126dd20 192.168.0.2 443 nsxmanager-sb-16755132-1
Node UUID: f024fffb-e63e-4b58-88ba-a92b01467460
Node Status: JOINED
ENTITY UUID IP ADDRESS PORT FQDN
DATASTORE dedb1f73-82a5-4c3f-a26e-cabe80c60151 192.168.0.3 9000 nsxmanager-sb-16755132-2
MANAGER 5311d3c2-4840-49c3-81e2-a524e5af0245 192.168.0.3 - nsxmanager-sb-16755132-2
CLUSTER_BOOT_MANAGER e17a1a5e-eb89-431c-b27c-a5346078468d 192.168.0.3 - nsxmanager-sb-16755132-2
HTTP c82547f6-e75c-473b-ba69-54ec4986390a 192.168.0.3 443 nsxmanager-sb-16755132-2
Mode
Basic
Availability
Manager, Policy Manager
Get status of all the groups.
Example
nsx-manager-1> get cluster status
Cluster Id: 27589e28-66c1-4fa4-aca9-7c336d43a276
Overall Status: STABLE
Group Type: HTTP
Group Status: STABLE
Members:
UUID FQDN IP STATUS
c0a1cbad-2506-400d-be22-9fd4d71c9a6f nsx-a01.vmware.com 1.1.1.1 UP
Group Type: CLUSTER_BOOT_MANAGER
Group Status: STABLE
Members:
UUID FQDN IP STATUS
331dcb2e-c339-4111-bc74-3fed715d735e nsx-a01.vmware.com 1.1.1.1 UP
Group Type: DATASTORE
Group Status: STABLE
Members:
UUID FQDN IP STATUS
c3801017-42ba-45d2-9ef7-f4f9717c49a2 nsx-a01.vmware.com 1.1.1.1 UP
Group Type: MANAGER
Group Status: STABLE
Members:
UUID FQDN IP STATUS
dfb2eea5-cd45-40c7-be0d-683f277c1bbf nsx-a01.vmware.com 1.1.1.1 UP
Mode
Basic
Availability
Manager, Policy Manager
Get status of all the groups. Show leadership if there is any.
Example
nsx-manager-1> get cluster status verbose
Cluster Id: 27589e28-66c1-4fa4-aca9-7c336d43a276
Overall Status: STABLE
Group Type: HTTP
Group Status: STABLE
Members:
UUID FQDN IP STATUS
c0a1cbad-2506-400d-be22-9fd4d71c9a6f nsx-a01.vmware.com 1.1.1.1 UP
Group Type: CLUSTER_BOOT_MANAGER
Group Status: STABLE
Members:
UUID FQDN IP STATUS
331dcb2e-c339-4111-bc74-3fed715d735e nsx-a01.vmware.com 1.1.1.1 UP
Group Type: DATASTORE
Group Status: STABLE
Members:
UUID FQDN IP STATUS
c3801017-42ba-45d2-9ef7-f4f9717c49a2 nsx-a01.vmware.com 1.1.1.1 UP
Group Type: MANAGER
Group Status: STABLE
Members:
UUID FQDN IP STATUS
dfb2eea5-cd45-40c7-be0d-683f277c1bbf nsx-a01.vmware.com 1.1.1.1 UP
Leaders:
SERVICE LEADER LEASE VERSION
POLICY_SVC_GROUPING dfb2eea5-cd45-40c7-be0d-683f277c1bbf 379
ActivityPurger dfb2eea5-cd45-40c7-be0d-683f277c1bbf 379
POLICY_SVC_IDENTITY dfb2eea5-cd45-40c7-be0d-683f277c1bbf 379
Mode
Basic
Availability
Manager, Policy Manager
Display configuration settings in command line syntax.
Example
nsx> get configuration
!
set route prefix 0.0.0.0/0 gateway 192.168.110.1 interface eth0
set route prefix 192.168.110.0/24 interface eth0
set search-domains example.com
set timezone Etc/UTC
set name-servers 192.168.110.10
set ntp-server 0.ubuntu.pool.ntp.org
set ntp-server 1.ubuntu.pool.ntp.org
set ntp-server 2.ubuntu.pool.ntp.org
set ntp-server 3.ubuntu.pool.ntp.org
set ntp-server ntp.ubuntu.com
set hostname nsx
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the controllers connected to this node.
Example
nsx> get controllers
Controller IP Port SSL Status Is Physical Master Session State Controller FQDN
NA 1234 enabled not used false null CCP1.COM
10.160.193.174 1234 enabled connected true up CCP2.COM
NA 1234 enabled not used false null CCP3.COM
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Display the system CPU information.
Example
nsx-manager-1> get cpu-stats
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 62
model name : Intel(R) Xeon(R) CPU E5-2440 v2 @ 1.90GHz
stepping : 4
microcode : 0x427
cpu MHz : 1900.000
cache size : 20480 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm ida arat pln pts dtherm fsgsbase tsc_adjust smep
bogomips : 3800.00
clflush size : 64
cache_alignment : 64
address sizes : 42 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 62
model name : Intel(R) Xeon(R) CPU E5-2440 v2 @ 1.90GHz
stepping : 4
microcode : 0x427
cpu MHz : 1900.000
cache size : 20480 KB
physical id : 2
siblings : 1
core id : 0
cpu cores : 1
apicid : 2
initial apicid : 2
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm ida arat pln pts dtherm fsgsbase tsc_adjust smep
bogomips : 3800.00
clflush size : 64
cache_alignment : 64
address sizes : 42 bits physical, 48 bits virtual
power management:
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the current interface.
Example
nsx-edge-1(path)> get current
{
"admin": "up",
"enable-firewall": false,
"enable-span": false,
"force-reassemble": false,
"ifuid": 289,
"ifuuid": "de650f56-276d-46ef-959e-960752acfe19",
"internal_operation": "up",
"ipns": [
"192.168.130.3/24"
],
"lrouter": "f2a25dd6-4ceb-4bf5-8ad5-3e80d2970d60",
"mac": "02:50:56:00:00:04",
"mtu": 1600,
"peer": "54710465-99a0-481b-ac04-2ff4eda2f270",
"redirect-to-kernel": true,
"stats": {
"rx_bytes": 1564840,
"rx_drop_blocked": 0,
"rx_drop_dst_unsupported": 0,
"rx_drop_firewall": 0,
"rx_drop_ipv6": 0,
"rx_drop_kni": 0,
"rx_drop_l4port_unsupported": 0,
"rx_drop_malformed": 0,
"rx_drop_no_receiver": 0,
"rx_drop_no_route": 0,
"rx_drop_proto_unsupported": 0,
"rx_drop_rpf_check": 0,
"rx_drop_ttl_exceeded": 3,
"rx_drops": 3,
"rx_frag_error": 0,
"rx_frag_ok": 0,
"rx_frag_timeout": 0,
"rx_frags": 0,
"rx_pkts": 23609,
"tx_bytes": 957372,
"tx_drop_blocked": 0,
"tx_drop_firewall": 0,
"tx_drop_frag_needed": 0,
"tx_drop_no_arp": 0,
"tx_drops": 0,
"tx_frag_error": 0,
"tx_frag_ok": 0,
"tx_pkts": 14312
},
"ttl": 1,
"type": "lif",
"urpf-mode": "STRICT_MODE"
}
or
nsx-edge-1(path)> get current
{
"ifuid": 285,
"ifuuid": "9eff9e4e-9157-4107-a0dd-c79350dce6f7",
"lswitch": "d5af58f5-0616-46fd-af83-242d82983c65",
"peer": "140ca8de-61e0-4bba-b429-6a3791b0846a",
"stats": {
"rx_bytes": 9150,
"rx_drop_l2_loop": 0,
"rx_drop_malformed": 0,
"rx_drop_no_match": 0,
"rx_drops": 0,
"rx_pkts": 127,
"tx_bytes": 2807,
"tx_drop_no_mem": 0,
"tx_drops": 0,
"tx_pkts": 38
}
}
Mode
Path
Availability
Edge, Public Cloud Gateway
Display the datum ID(s) and span(s) for the specified message ID.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get data c22a70f9-c592-49fb-9df7-33b161160354
id: c22a70f9-c592-49fb-9df7-33b161160354, type: vmware.nsx.nestdb.RuleSectionMsg
span: 7c72c4ae-8fe8-4449-a4e2-c5e53ab0bb4f, 6ca7e1fc-1690-450f-aad3-a2f642fb70c5
Mode
Basic
Availability
Controller
Display datum ID(s) for the specified receiver.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get data with receiver 7c72c4ae-8fe8-4449-a4e2-c5e53ab0bb4f
id: c22a70f9-c592-49fb-9df7-33b161160354, type: vmware.nsx.nestdb.RuleSectionMsg
id: 7c72c4ae-8fe8-4449-a4e2-c5e53ab0bb4f, type: vmware.nsx.nestdb.TransportNodeConfigMsg
id: 4e5d3a8c-5be8-4df6-9a0f-b0458715b036, type: vmware.nsx.nestdb.IpfixConfigurationMsg
id: 73f0fe85-4b28-42d3-8b7c-94cec3879451, type: vmware.nsx.nestdb.RuleSectionMsg
id: 00000000-0000-0000-0000-000000000001, type: vmware.nsx.nestdb.RuleMsg
id: 00000000-0000-0000-0000-000000000002, type: vmware.nsx.nestdb.RuleMsg
status: synced
Mode
Basic
Availability
Controller
Display Data Plane Development Kit (DPDK) configurations, which include fastpath cores, hugepage reserved, NUMA, physical port bindings, etc.
Example
nsx-edge-1> get dataplane
Bfd_ring_size : 512
Corelist : 0
Ctrl_prio_on : True
Fc_max_mem_percore : 394
Fc_mega_cache_size : 262144
Fc_mega_hard_timeout_ms: 423
Fc_mega_soft_timeout_ms: 353
Fc_micro_cache_size: 262144
Firewall_flow_cache_on: 1
Firewall_max_purge_rate: 5
Firewall_max_sessions: 8388608
Firewall_purge_timeout_ms: 10
Firewall_timer_resolution_ms: 50
Flow_cache_mega : True
Flow_cache_micro : True
Hugepage_mem : 1974
Intr_mode_on : True
Ip_reass4_gc_period: 2
Ip_reass4_interfrag_ms: 1000
Ip_reass4_max_ms : 5000
Ip_reass4_maxq_len : 45
Ip_reass4_qhash_order: 8
Ip_reass4_qlist_order: 9
Lacp_ring_size : 512
Learning_ring_size : 512
Link_speed : 0
Mainloop_sleep_threshold: 10
Mainloop_wait_timeout_ms: 1
Mbuf_pool_size : 48128
N_mem_channel : 3
Numa_on : True
Pkt_queue_limit : 0
Pkt_queue_rx_burst_size: 128
Pkt_seg_pnic_limit : 24
Prio_rx_queue_per_core: 8
Rss : c0=0:2:1
Rx_queue_per_core : 8
Rx_ring_size : 512
Slowpath_ring_size : 512
Stt_frag_queue_expire_ms: 3000
Stt_mbuf_queued_limit: 16000
Stt_reass_gc_period_ms: 3000
Tx_ring_size : 512
Devices:
Device_id : 0x07b0
Name : fp-eth0
Numa_node : -1
Pci : 0000:0b:00.00
Vendor : 0x15ad
Device_id : 0x07b0
Name : fp-eth1
Numa_node : -1
Pci : 0000:13:00.00
Vendor : 0x15ad
Device_id : 0x07b0
Name : fp-eth2
Numa_node : -1
Pci : 0000:1b:00.00
Vendor : 0x15ad
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display data plane cpu statistics.
Example
nsx-edge-1> get dataplane cpu stats
CPU Usage
Core : 0
Crypto : 0 pps
Intercore : 0 pps
Kni : 0 pps
Rx : 0 pps
Slowpath : 0 pps
Tx : 0 pps
Usage : 0%
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get the list of supported devices on the system.
Example
edge> get dataplane device list
System datapath-supported devices:
0000:03:00.0 - VMXNET3 Ethernet Controller | Vendor: VMware
^ Kernel interfaces detected: eth0
0000:0b:00.0 - VMXNET3 Ethernet Controller | Vendor: VMware
0000:13:00.0 - VMXNET3 Ethernet Controller | Vendor: VMware
0000:04:00.0 - Ethernet Controller XL710 for 40GbE QSFP+ | Vendor: Intel Corporation
0000:1b:00.0 - VMXNET3 Ethernet Controller | Vendor: VMware
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the flow cache configurations.
Example
nsx-edge-1> get dataplane flow-cache config
Enabled : true
Mega_hard_timeout_ms: 4944
Mega_size : 262144
Mega_soft_timeout_ms: 4874
Micro_size : 262144
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display flow cache statistics for all fastpath cores.
Example
nsx-edge-1> get dataplane flow-cache stats
Micro
Core : 0
Active : 0/262144
Dont cache : 0
Hit rate : 0%
Hits : 0
Insertions : 0
Misses : 1602651
Skipped : 1018653
Bucket collisions : 0
Key collisions : 0
Mega
Core : 0
Active : 0/262144
Dont cache : 2693444
Hit rate : 0%
Hits : 0
Insertions : 0
Misses : 1602651
Skipped : 1018653
Bucket collisions : 0
Key collisions : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the flow cache statistics for the specified fastpath cores.
| Option | Description |
|---|---|
| <lcore-list-all> | Specify a list of lcore ids or "all" Allowed pattern: ^([0-9]+,)*([0-9]+)$|(all)$ |
Example
nsx-edge-1> get dataplane flow-cache stats 0
Micro
Core : 0
Active : 0/262144
Dont cache : 0
Hit rate : 0%
Hits : 0
Insertions : 0
Misses : 1602797
Skipped : 1018748
Bucket collisions : 0
Key collisions : 0
Mega
Core : 0
Active : 0/262144
Dont cache : 2693695
Hit rate : 0%
Hits : 0
Insertions : 0
Misses : 1602797
Skipped : 1018748
Bucket collisions : 0
Key collisions : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the l3vpn pmtu configurations.
Example
nsx-edge-1> get dataplane l3vpn-pmtu config
Enabled : true
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display data plane memory statistics.
Example
nsx-edge-1> get dataplane memory stats
Memory Usage
Available_entries : 55712
Available_entries_in_cache : 39
Cache_size_per_core : 128
Name : mbuf_pool_socket_0
Per_core_cache
Available_entries : 39
Core_id : 0
Size : 56704
Available_entries : 17407
Cache_size_per_core : 0
Name : sp_pktmbuf_pool
Size : 17408
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display data plane performance statistics.
| Option | Description |
|---|---|
| <interval> | Specify sample interval |
Example
nsx-edge-1> get dataplane perfstats 2
[
{
"CpuStats": [
{
"core": "0",
"tx": "0 pps",
"kni": "0 pps",
"rx": "0 pps",
"intercore": "0 pps",
"usage": "0%",
"slowpath": "0 pps"
},
{
"core": "1",
"tx": "0 pps",
"kni": "0 pps",
"rx": "0 pps",
"intercore": "0 pps",
"usage": "0%",
"slowpath": "0 pps"
},
{
"core": "2",
"tx": "0 pps",
"kni": "0 pps",
"rx": "0 pps",
"intercore": "0 pps",
"usage": "0%",
"slowpath": "0 pps"
},
{
"core": "3",
"tx": "0 pps",
"kni": "0 pps",
"rx": "0 pps",
"intercore": "0 pps",
"usage": "0%",
"slowpath": "0 pps"
}
]
},
{
"PortStats": [
{
"RxPkts": 5.0,
"RxTput": 375.0,
"TxThput": 309.0,
"PortID": "fp-eth0",
"TxPkts": 4.0
},
{
"RxPkts": 0.0,
"RxTput": 0.0,
"TxThput": 0.0,
"PortID": "fp-eth1",
"TxPkts": 0.0
},
{
"RxPkts": 0.0,
"RxTput": 0.0,
"TxThput": 0.0,
"PortID": "fp-eth2",
"TxPkts": 0.0
}
]
},
{
"FlowCacheStats": {
"micro": [
{
"core": "0",
"hits": "0",
"skipped": "1235795",
"insertions": "0",
"active": "0/262144",
"misses": "0",
"bucket collisions": "0",
"dont cache": "0",
"key collisions": "0",
"hit rate": "n/a"
},
{
"core": "1",
"hits": "0",
"skipped": "19380",
"insertions": "0",
"active": "0/262144",
"misses": "1104864",
"bucket collisions": "0",
"dont cache": "0",
"key collisions": "0",
"hit rate": "0%"
},
{
"core": "2",
"hits": "0",
"skipped": "9701",
"insertions": "0",
"active": "0/262144",
"misses": "2754887",
"bucket collisions": "0",
"dont cache": "0",
"key collisions": "0",
"hit rate": "0%"
},
{
"core": "3",
"hits": "0",
"skipped": "8",
"insertions": "0",
"active": "0/262144",
"misses": "904935",
"bucket collisions": "0",
"dont cache": "0",
"key collisions": "0",
"hit rate": "0%"
}
],
"mega": [
{
"core": "0",
"hits": "0",
"skipped": "1235795",
"insertions": "0",
"active": "0/262144",
"misses": "0",
"bucket collisions": "0",
"dont cache": "6567381",
"key collisions": "0",
"hit rate": "n/a"
},
{
"core": "1",
"hits": "0",
"skipped": "19380",
"insertions": "0",
"active": "0/262144",
"misses": "1104864",
"bucket collisions": "0",
"dont cache": "2932004",
"key collisions": "0",
"hit rate": "0%"
},
{
"core": "2",
"hits": "0",
"skipped": "9701",
"insertions": "0",
"active": "0/262144",
"misses": "2754887",
"bucket collisions": "0",
"dont cache": "3457790",
"key collisions": "0",
"hit rate": "0%"
},
{
"core": "3",
"hits": "0",
"skipped": "8",
"insertions": "0",
"active": "0/262144",
"misses": "904935",
"bucket collisions": "0",
"dont cache": "2503080",
"key collisions": "0",
"hit rate": "0%"
}
]
}
},
{
"NUMAStats": "CPU model not supported"
},
{
"PerfStats": "CPU model not supported"
}
]
Mode
Basic
Availability
Edge, Public Cloud Gateway
Calculate all nics throughput given an interval
| Option | Description |
|---|---|
| <time> | Time measurement in seconds Allowed pattern: [1-9][0-9]*$ |
Example
nsx-edge-1> get physical-port throughput 1
{
"fp-eth0": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth1": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth2": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth3": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth4": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth5": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
},
"fp-eth6": {
"rx Gbps": 0,
"rx K err/s": 0,
"rx MB/s": 0,
"rx k_err/s": 0,
"rx k_miss/s": 0,
"rx k_no_mbufs/s": 0,
"rx kpps": 0,
"tx Gbps": 0,
"tx K drops/s": 0,
"tx MB/s": 0,
"tx kpps": 0
}
}
Mode
Basic
Availability
Edge, Public Cloud Gateway
Show BGP debugging.
Example
nsx-edge-1(tier0_sr)> get debug bgp
2017-09-07 20:47:20.853: A BGP message has been received from a peer.
2017-09-07 20:47:20.853: A BGP message has been received from a peer.
2017-09-07 20:47:20.857: The destination address is the same as the next hop that would be
2017-09-07 20:47:20.857: DC-BGP Policy Manager filtered out a route.
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display a specific DHCP IP pool.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dhcp ip-pool 31b79159-c160-40ba-a9d7-be37186ac658
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
ERROR_THRESHOLD: 100
ID: 31b79159-c160-40ba-a9d7-be37186ac658
OPTIONS:
GENERIC_OPTIONS:
CODE: 51
VALUES:
86400
CODE: 3
VALUES:
192.168.1.1
RANGE:
END:
IPV4: 192.168.1.200
START:
IPV4: 192.168.1.100
WARNING_THRESHOLD: 80
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all DHCP IP pools.
Example
nsx-edge-1> get dhcp ip-pools
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
ERROR_THRESHOLD: 100
ID: 31b79159-c160-40ba-a9d7-be37186ac658
OPTIONS:
GENERIC_OPTIONS:
CODE: 51
VALUES:
86400
CODE: 3
VALUES:
192.168.1.1
RANGE:
END:
IPV4: 192.168.1.200
START:
IPV4: 192.168.1.100
WARNING_THRESHOLD: 80
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display DHCP IP pools which matched a specific server UUID.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dhcp ip-pools server-uuid efc4fc20-e00d-416d-819a-88eff8674602
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
ERROR_THRESHOLD: 100
ID: 31b79159-c160-40ba-a9d7-be37186ac658
OPTIONS:
GENERIC_OPTIONS:
CODE: 51
VALUES:
86400
CODE: 3
VALUES:
192.168.1.1
RANGE:
END:
IPV4: 192.168.1.200
START:
IPV4: 192.168.1.100
WARNING_THRESHOLD: 80
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific DHCP lease. You can specify a DHCP server's UUID, or a MAC address, or an IP address.
| Option | Description |
|---|---|
| <string> | Generic string argument Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
nsx-edge-1> get dhcp lease efc4fc20-e00d-416d-819a-88eff8674602
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-11 23:48:07.136000 (timestamp: 1476229687136)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-10 23:48:07.136000 (timestamp: 1476143287136)
SUBNET: 192.168.1.0
nsx-edge-1> get dhcp lease 00:0c:29:03:9c:b2
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-12 19:53:13.057000 (timestamp: 1476301993057)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-11 19:53:13.057000 (timestamp: 1476215593057)
SUBNET: 192.168.1.0
nsx-edge-1> get dhcp lease 192.168.1.100
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-12 19:53:13.057000 (timestamp: 1476301993057)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-11 19:53:13.057000 (timestamp: 1476215593057)
SUBNET: 192.168.1.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific DHCP lease. You can specify a DHCP server's UUID, or a MAC address, or an IP address.
| Option | Description |
|---|---|
| <string> | Generic string argument Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
nsx-edge-1> get dhcp lease efc4fc20-e00d-416d-819a-88eff8674602
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-11 23:48:07.136000 (timestamp: 1476229687136)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 0
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-10 23:48:07.136000 (timestamp: 1476143287136)
SUBNET: 192.168.1.0
nsx-edge-1> get dhcp lease 00:0c:29:03:9c:b2
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-12 19:53:13.057000 (timestamp: 1476301993057)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-11 19:53:13.057000 (timestamp: 1476215593057)
SUBNET: 192.168.1.0
nsx-edge-1> get dhcp lease 192.168.1.100
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-12 19:53:13.057000 (timestamp: 1476301993057)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-11 19:53:13.057000 (timestamp: 1476215593057)
SUBNET: 192.168.1.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all non-released DHCP leases.
Example
nsx-edge-1> get dhcp leases
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-11 23:48:07.136000 (timestamp: 1476229687136)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 86400
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-10 23:48:07.136000 (timestamp: 1476143287136)
SUBNET: 192.168.1.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all DHCP leases.
Example
nsx-edge-1> get dhcp leases
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
DHCP_SUBNET_MAC: efc4fc20-e00d-416d-819a-88eff8674602_192.168.1.100_00:0c:29:03:9c:b2
EXPIRE_TIME: 2016-10-11 23:48:07.136000 (timestamp: 1476229687136)
IP:
IPV4: 192.168.1.100
LEASE_TIME: 0
MAC:
MAC: 00:0c:29:03:9c:b2
START_TIME: 2016-10-10 23:48:07.136000 (timestamp: 1476143287136)
SUBNET: 192.168.1.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific DHCP server. Optionally specify an argument to display only the status or the synchronization information.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dhcp server efc4fc20-e00d-416d-819a-88eff8674602
EDGE_CLUSTER_ID: 46944f73-89d0-40b8-86f2-6fd651ba4fb9
EDGE_NODE_ID:
0e10a15f-ca0d-47a7-92ff-9b0aa8d18b4d
b084f07f-bd1f-4d91-bf48-775b896296d5
ID: efc4fc20-e00d-416d-819a-88eff8674602
OPTIONS:
GENERIC_OPTIONS:
CODE: 54
VALUES:
192.168.1.2
CODE: 1
VALUES:
255.255.255.0
SERVER_MAC:
MAC: 00:50:56:98:7d:d7
SERVER_PREFIX:
IPV4: 192.168.1.2
PREFIX_LENGTH: 24
nsx-edge-1> get dhcp server efc4fc20-e00d-416d-819a-88eff8674602 status
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
STATUS: READY
nsx-edge-1> get dhcp server efc4fc20-e00d-416d-819a-88eff8674602 sync
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
LAST_ERROR_TIME: N/A
LAST_SYNC_TIME: N/A
STATUS: OK
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all DHCP servers. Optionally specify an argument to display only the status or the synchronization information.
If the edge node is the only member of the edge cluster, the STATUS property will be displayed as UNKNOWN when you call get dhcp servers status because HA (high availability) is not available.
If the edge node is the only member of the edge cluster, the STATUS property will be displayed as UNKNOWN when you call get dhcp servers status because HA (high availability) is not available.
Example
nsx-edge-1> get dhcp servers
EDGE_CLUSTER_ID: 46944f73-89d0-40b8-86f2-6fd651ba4fb9
EDGE_NODE_ID:
0e10a15f-ca0d-47a7-92ff-9b0aa8d18b4d
b084f07f-bd1f-4d91-bf48-775b896296d5
ID: efc4fc20-e00d-416d-819a-88eff8674602
OPTIONS:
GENERIC_OPTIONS:
CODE: 54
VALUES:
192.168.1.2
CODE: 1
VALUES:
255.255.255.0
SERVER_MAC:
MAC: 00:50:56:98:7d:d7
SERVER_PREFIX:
IPV4: 192.168.1.2
PREFIX_LENGTH: 24
nsx-edge-1> get dhcp servers status
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
STATUS: READY
nsx-edge-1> get dhcp servers sync
DHCP_ID: efc4fc20-e00d-416d-819a-88eff8674602
LAST_ERROR_TIME: N/A
LAST_SYNC_TIME: N/A
STATUS: OK
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific DHCP static binding.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dhcp static-binding 3773289c-32f6-4892-a94e-c74a47bf1e71
DHCP_ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 3773289c-32f6-4892-a94e-c74a47bf1e71
MAC:
MAC: 12:34:56:78:9a:bc
OPTIONS:
GENERIC_OPTIONS:
CODE: 3
VALUES:
192.168.150.1
CODE: 12
VALUES:
machine-1
CODE: 51
VALUES:
86400
PREFIX:
IPV4: 192.168.150.201
PREFIX_LENGTH: 24
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all DHCP static bindings.
Example
nsx-edge-1> get dhcp static-bindings
DHCP_ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 3773289c-32f6-4892-a94e-c74a47bf1e71
MAC:
MAC: 12:34:56:78:9a:bc
OPTIONS:
GENERIC_OPTIONS:
CODE: 3
VALUES:
192.168.150.1
CODE: 12
VALUES:
machine-1
CODE: 51
VALUES:
86400
PREFIX:
IPV4: 192.168.150.201
PREFIX_LENGTH: 24
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific DHCP static bindings which matched a specific server UUID.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dhcp static-bindings server-uuid 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
DHCP_ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 3773289c-32f6-4892-a94e-c74a47bf1e71
MAC:
MAC: 12:34:56:78:9a:bc
OPTIONS:
GENERIC_OPTIONS:
CODE: 3
VALUES:
192.168.150.1
CODE: 12
VALUES:
machine-1
CODE: 51
VALUES:
86400
PREFIX:
IPV4: 192.168.150.201
PREFIX_LENGTH: 24
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get edge config diagnosis
Example
nsx-edge-1> get diagnosis config
Passed:
Manager, Controller, Nsxa-state, Nsxa-lrouter, Nsxa-service-router
Failed:
Nsxa-edge-cluster : no peers
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get diagnosis analysis
Example
nsx-edge-c0-1> get diagnosis log
2018-01-03T20:04:14.767Z host-326432070547636738750820273082671025578 NSX 6190 SYSTEM [nsx@6876 comp="nsx-edge" subcomp="lb-dispatcher.nestdb" level="INFO"] nsx-agent nestdb thread started
2018-01-03T20:04:14.767431Z host-326432070547636738750820273082671025578 NSX 5929 - [nsx@6876 comp="nsx-edge" subcomp="nestdb" tid="5929" level="INFO"] CreateVDb: main_vdb
2018-01-03T20:04:14.767467Z host-326432070547636738750820273082671025578 NSX 5929 - [nsx@6876 comp="nsx-edge" subcomp="nestdb" tid="5929" level="ERROR" errorCode="NST0601"] CreateVDb failed: Attempt to create main VDb
***********************************************************************
ERROR:2018-01-03T20:04:14.767523Z host-326432070547636738750820273082671025578 NSX 5929 - [nsx@6876 comp="nsx-edge" subcomp="nsx-rpc" tid="5929" level="ERROR" errorCode="RPC102"] Server:UnaryCall[Service[nestdb::NestDbServer, vmware.nsx.nestdb.NestDb/CreateVDb, RMT_SIMPLE], 0x0000, LOCAL_ERROR] Is in error state (INVALID_ARGUMENT: Attempt to create main VDb, status is reported to the Client)
***********************************************************************
2018-01-03T20:04:14.767728Z host-326432070547636738750820273082671025578 NSX 6190 - [nsx@6876 comp="nsx-edge" subcomp="nsx-rpc" tid="6192" level="ERROR" errorCode="RPC102"] Client:UnaryCall[RpcMethod[vmware.nsx.nestdb.NestDb/CreateVDb, RMT_SIMPLE], 0x0000, REMOTE_ERROR] Is in error state (INVALID_ARGUMENT reported by Server)
2018-01-03T20:04:14.767741Z host-326432070547636738750820273082671025578 NSX 5929 - [nsx@6876 comp="nsx-edge" subcomp="nestdb" tid="5929" level="INFO"] GetVDbId:
2018-01-03T20:04:14.767Z host-326432070547636738750820273082671025578 NSX 6190 SYSTEM [nsx@6876 comp="nsx-edge" subcomp="lb-dispatcher.nestdb" level="WARN"] Failed to create vdb object. The vdb may already exist. RPC status 2: INVALID_ARGUMENT
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get number of diagnosis entries
| Option | Description |
|---|---|
| <log-num> | Specify number of log entries Allowed pattern: ^([0-9]+)$ |
Example
nsx-edge-c0-1> get diagnosis log limit 1
2018-01-03T20:04:16.548319+00:00 host-326432070547636738750820273082671025578 netcpa 6075 - - [DEBUG] Attempting to send data to client 11
2018-01-03T20:04:16.548798+00:00 host-326432070547636738750820273082671025578 netcpa 6075 - - [DEBUG] Sent Data to Client 11
2018-01-03T20:04:17.102262+00:00 host-326432070547636738750820273082671025578 NSX 5838 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO" audit="True"] 127.0.0.1 - - [2018-01-03 20:04:17] 'GET /api/v1/node/configuration' 200 1201 "" "curl/7.47.0" 0.144964
***********************************************************************
ERROR:2018-01-03T20:04:17.421993+00:00 host-326432070547636738750820273082671025578 NSX 5838 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="ERROR" errorCode="NODE10"] Error setting system time, rc: 1, err: Failed to create bus connection: No such file or directory
***********************************************************************
2018-01-03T20:04:17.526811Z host-326432070547636738750820273082671025578 NSX 6075 - [nsx@6876 comp="nsx-controller" subcomp="netcpa" tid="71757700" level="verbose"] Checking global lock, current checked count: 1
2018-01-03T20:04:17.577539Z host-326432070547636738750820273082671025578 NSX 6075 - [nsx@6876 comp="nsx-controller" subcomp="netcpa" tid="71757700" level="verbose"] TCP connection started: 127.0.0.1:0::00000000-0000-0000-0000-000000000000:1234
2018-01-03T20:04:17.577589Z host-326432070547636738750820273082671025578 NSX 6075 - [nsx@6876 comp="nsx-controller" subcomp="netcpa" tid="71757700" level="warning"] socket async connect callback failed. Error code: Connection refused, system
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get two number of diagnosis entries
| Option | Description |
|---|---|
| <log-num> | Specify number of log entries Allowed pattern: ^([0-9]+)$ |
| <context-line-num> | Specify the numbers of context logs before and after the error log Allowed pattern: ^([0-9]+)$ |
Example
nsx-edge-c0-1> get diagnosis log limit 1 context 1
2018-01-03T20:04:17.102262+00:00 host-326432070547636738750820273082671025578 NSX 5838 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO" audit="True"] 127.0.0.1 - - [2018-01-03 20:04:17] 'GET /api/v1/node/configuration' 200 1201 "" "curl/7.47.0" 0.144964
***********************************************************************
ERROR:2018-01-03T20:04:17.421993+00:00 host-326432070547636738750820273082671025578 NSX 5838 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="ERROR" errorCode="NODE10"] Error setting system time, rc: 1, err: Failed to create bus connection: No such file or directory
***********************************************************************
2018-01-03T20:04:17.526811Z host-326432070547636738750820273082671025578 NSX 6075 - [nsx@6876 comp="nsx-controller" subcomp="netcpa" tid="71757700" level="verbose"] Checking global lock, current checked count: 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get logical topology on edge
Example
nsx-edge-1> get diagnosis topology
Edge node
=========
UUID: 5214.*f675 / status: Up
MGMT 10.172.153.228 / VTEP 26.23.26.4
Loss of all tunnels events: (none)
Max BFD rx packet gap: 887 ms @ 2019-01-11 18:20:01
peer edge ca17.*e06c
--> 10.172.155.100 (mgm BFD) Dn/Dn tx/rx: 654437/650396
--> 26.23.26.3 (tun BFD) Dn/Dn tx/rx: 654495/650490
peer edge cc02.*2111
--> 10.172.154.85 (mgm BFD) Up/Up tx/rx: 654514/654360
--> 27.23.27.3 (tun BFD) Up/Up tx/rx: 654498/654290
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Cache Entries.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dns-forwarder 9b032ded-a109-42ee-b49b-ae05e7b9edf6 cache
CACHE:
Cache size: 150
Cache insertions 0
Cache-Live-freed 0.
Queries forwarded 0,
Queries answered locally 0Host Address Flags Expires
ERR_MSG:
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Config.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dns-forwarder 7f304144-9df2-477f-ad36-89232200a6a7 config
CACHE_SIZE: 1024
DEFAULT_ZONE:
SOURCE_IP:
IPV4: 11.11.11.11
UPSTREAM_SERVERS:
IPV4: 10.117.0.1
ID: 7f304144-9df2-477f-ad36-89232200a6a7
LISTENER_IP:
IPV4: 11.11.11.11
LOG_LEVEL: LB_LOG_LEVEL_INFO
LOGICAL_ROUTER_ID: a5e4fb83-ed0a-45ef-9407-b73740ca9277
SR_CLUSTER_ID: 00002000-0000-0000-0000-000000000001
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Stats Entries.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dns-forwarder 9b032ded-a109-42ee-b49b-ae05e7b9edf6 stats
STATS:
CACHED_ENTRIES: 3
CONDITIONAL_FORWARDER_STATISTICS:
DOMAIN_NAMES:
vmc.example.com
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 2
UPSTREAM_SERVER: 3.3.5.10
DOMAIN_NAMES:
2.199.199.in-addr.arpa
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.20
CONFIGURED_CACHE_SIZE: 300
DEFAULT_FORWARDER_STATISTICS:
DOMAIN_NAMES:
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 3
UPSTREAM_SERVER: 1.1.5.10
QUERIES_FAILED: 2
QUERIES_SUCCEEDED: 1
UPSTREAM_SERVER: 1.1.5.20
QUERIES_ANSWERED_LOCALLY: 1
QUERIES_FORWARDED: 5
RECEIVED_QUERIES_NUMBER: 6
TIME_STAMP: 2018-07-24 10:05:19.895000 (timestamp: 1532426719895)
USED_CACHE_SIZE: 0
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display DNS Forwarder Status
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dns-forwarder 7f304144-9df2-477f-ad36-89232200a6a7 status
ID : 7f304144-9df2-477f-ad36-89232200a6a7
STATUS : up
ERR_MSG :
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Entries.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get dns-forwarder 9b032ded-a109-42ee-b49b-ae05e7b9edf6 table
ERR_MSG:
TABLE:
Domain-name Forwarder-Source-Address DNS-Server-Address Number-of-Queries Failed-Queries
(null) 10.117.0.1 11.11.11.13 0 0
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Cache Entries Per SR.
Example
nsx-edge-1(tier0_sr)> get dns-forwarder cache
CACHE:
Cache size: 150
Cache insertions 0
Cache-Live-freed 0.
Queries forwarded 0,
Queries answered locally 0Host Address Flags Expires
ERR_MSG:
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Stats Entries Per SR.
Example
nsx-edge-1(tier0_sr)> get dns-forwarder stats
STATS:
CACHED_ENTRIES: 3
CONDITIONAL_FORWARDER_STATISTICS:
DOMAIN_NAMES:
vmc.example.com
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 2
UPSTREAM_SERVER: 3.3.5.10
DOMAIN_NAMES:
2.199.199.in-addr.arpa
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.20
CONFIGURED_CACHE_SIZE: 300
DEFAULT_FORWARDER_STATISTICS:
DOMAIN_NAMES:
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 3
UPSTREAM_SERVER: 1.1.5.10
QUERIES_FAILED: 2
QUERIES_SUCCEEDED: 1
UPSTREAM_SERVER: 1.1.5.20
QUERIES_ANSWERED_LOCALLY: 1
QUERIES_FORWARDED: 5
RECEIVED_QUERIES_NUMBER: 6
TIME_STAMP: 2018-07-24 10:05:19.895000 (timestamp: 1532426719895)
USED_CACHE_SIZE: 0
UUID: 630ccdc4-4b8e-4d2e-9242-b27b689e0feb
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Entries Per SR.
Example
nsx-edge-1(tier0_sr)> get dns-forwarder status
ERR_MSG:
STATUS: up
UUID: 14590164-e8fc-4949-bad7-fe6909fb1099
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarder Entries Per SR.
Example
nsx-edge-1(tier0_sr)> get dns-forwarder table
ERR_MSG:
TABLE:
Domain-name Forwarder-Source-Address DNS-Server-Address Number-of-Queries Failed-Queries
(null) 10.117.0.1 11.11.11.13 0 0
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the DNS Forwarders Config.
Example
nsx-edge-1> get dns-forwarders config
CACHE_SIZE: 1024
DEFAULT_ZONE:
SOURCE_IP:
IPV4: 11.11.11.11
UPSTREAM_SERVERS:
IPV4: 10.117.0.1
ID: 7f304144-9df2-477f-ad36-89232200a6a7
LISTENER_IP:
IPV4: 11.11.11.11
LOG_LEVEL: LB_LOG_LEVEL_INFO
LOGICAL_ROUTER_ID: a5e4fb83-ed0a-45ef-9407-b73740ca9277
SR_CLUSTER_ID: 00002000-0000-0000-0000-000000000001
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display DNS Forwarder Status
Example
nsx-edge-1> get dns-forwarders status
ERR_MSG:
STATUS: up
UUID: 14590164-e8fc-4949-bad7-fe6909fb1099
ERR_MSG:
STATUS: up
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified domain object.
| Option | Description |
|---|---|
| <uuid> | Domain object identifier |
Example
nsx-controller-1> get domain-object 348e20a9-8b6e-4209-81df-779bff97781d
id: 348e20a9-8b6e-4209-81df-779bff97781d
type: RuleSection
content: com.vmware.nsx.ccp.domain.entity.RuleSection@1642d5b0[message=priority: 2305843009213693951
name: "Default Layer2 Section"
version: "0"
,id=348e20a9-8b6e-4209-81df-779bff97781d,resolver=com.vmware.nsx.falcon.FalconImpl@6306e14c]
Mode
Basic
Availability
Controller
Display domain objects of the specified type.
| Option | Description |
|---|---|
| <domain_object_type> | Domain object type Allowed values: ArpTableConfig, Container, ContextProfile, Cif, DhcpIpPool, DhcpStaticBinding, EdgeNode, Hypervisor, EdgeClusterConfig, SiRedirectionPolicy, IpfixCollectorConfiguration, IpfixDfwConfiguration, LogicalDhcpServer, LogicalMDProxyServer, LogicalSwitch, LogicalSwitchPort, LogicalRouter, LogicalRouterPort, MacAddress, PublicCloudGatewayNode, Rule, RuleSection, Vif, ServicePath, ServiceChain, ServiceVM, ServiceVmStatus, EwSiRedirectionPolicy, NsSiRedirectionPolicy, ServiceProfile, SiService, ComputedDadState, LogicalRouterPortDadState, VifTnBindingExpiration |
Example
nsx-controller-1> get domain-objects RuleSection
id: 348e20a9-8b6e-4209-81df-779bff97781d, type: RuleSection
id: a9ccd570-9b6f-42e9-a372-162c4b00238e, type: RuleSection
id: 00003200-0000-0000-0000-000000000001, type: RuleSection
id: 00003200-0000-0000-0000-000000000002, type: RuleSection
Mode
Basic
Availability
Controller
Display domain objects of the specified type with the specified component name
| Option | Description |
|---|---|
| <objects_type_with_component_name> | Object type with component name Allowed values: rule, rulesection |
| <component-name> | Component name Allowed values: dfw |
Example
nsx-controller-1> get domain-objects rule dfw
id: 00000000-0000-0000-0000-000000000401, type: Rule, rule config message id: 1025, section: 17df3754-73df-4809-8820-fe01ee57d02a
id: 00000000-0000-0000-0000-000000000402, type: Rule, rule config message id: 1026, section: ba6ae44f-4ea2-4167-a298-75849a458273
Mode
Basic
Availability
Controller
Display the Edge cluster state history.
Example
nsx-edge-1> get edge-cluster history state
State : Disabled
Time : 2016-09-12 18:07:03.20
Event : Init
Reason : Init
State : Offline
Time : 2016-09-20 10:19:24.22
Event : Config Updated
Reason : Config
State : Discover
Time : 2016-09-20 10:19:24.22
Event : Config Updated
Reason : Config
State : StateSync
Time : 2016-09-20 10:19:25.19
Event : BFD State Updated
Reason : Updated
State : Inactive
Time : 2016-09-20 10:19:30.50
Event : State Sync Completed
Reason : Updated
State : Active
Time : 2016-09-20 10:19:30.50
Event : State Sync Completed
Reason : Updated
State : Inactive
Time : 2016-10-10 13:53:30.88
Event : Node State Changed
Reason : Tunnels Down
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the Edge cluster status.
Example
nsx-edge-1> get edge-cluster status
High Availability State : Inactive
Since : 2016-10-10 13:53:30.88
Edge Node Id : f9933e11-96a5-48fa-9f64-9c3b789d530c
Edge Node Status : Down
Admin State : Up
Vtep State : Up
Configuration : applied
Health Check Config :
Interval : 1000 msec
Deadtime : 3000 msec
Max Hops : 255
Service Status :
Datapath Config Channel : Up
Datapath Status Channel : Up
Routing Status Channel : Up
Routing Status : Down
Peer Status :
Node Id : 14693d4d-de8b-417e-a53c-315702fc72c5
Node Status : Admin Down
Healthcheck Sessions :
Interface : eth0
Session : 192.168.110.111:192.168.110.112
Status : Admin Down
Interface : nsx-edge-vtep
Device : fp-eth0
Session : 192.168.150.201:192.168.150.202
Status : Unreachable
Mode
Basic
Availability
Edge, Public Cloud Gateway
Show the current mode of enhanced datapath lcore assignment.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
esx-1> get ens lcore-assignment-mode nsxvswitch
LCore assignment mode for nsxvswitch is vNIC count
Mode
Basic
Availability
ESXi
Show the content of End User License Agreement
Mode
Basic
Availability
Manager
Display information about the specified file in the filestore.
| Option | Description |
|---|---|
| <filename> | Existing file argument |
Example
nsx> get file support-bundle-0.tgz
Directory of filestore:/
-rw- 24932275 Feb 05 2016 05:58:46 UTC support-bundle-0.tgz
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the file thumbprint.
| Option | Description |
|---|---|
| <filename> | Existing file argument |
Example
nsx> get file support-bundle-0.tgz thumbprint
SHA1SUM: d0fc5c741bdc0be8eacce3e8f581b74c32bc4d62
SHA256SUM: 13cfaccbfc44193eaee3a729b6c4a810b276df6d8086fc82ed1720d23906473d
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the files in the filestore.
Example
nsx> get files
Directory of filestore:/
-rw- 24950960 Feb 05 2016 05:59:23 UTC support-bundle-1.tgz
-rw- 24932275 Feb 05 2016 05:58:46 UTC support-bundle-0.tgz
Mode
Basic
Availability
Controller, Edge, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the file system information.
Example
nsx-manager-1> get filesystem-stats
Filesystem Size Used Avail Use% Mounted on
udev 7.9G 4.0K 7.9G 1% /dev
tmpfs 1.6G 768K 1.6G 1% /run
/dev/sda2 19G 2.2G 16G 13% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 5.0M 0 5.0M 0% /run/lock
none 7.9G 4.0K 7.9G 1% /run/shm
none 100M 0 100M 0% /run/user
/dev/mapper/nsx-repository 19G 302M 18G 2% /repository
/dev/mapper/nsx-tmp 3.7G 8.0M 3.5G 1% /tmp
/dev/sda1 945M 6.0M 874M 1% /boot
/dev/mapper/nsx-config 19G 44M 18G 1% /config
/dev/mapper/nsx-config__bak 19G 44M 18G 1% /config_bak
/dev/mapper/nsx-image 19G 44M 18G 1% /image
/dev/sda3 19G 44M 18G 1% /os_bak
/dev/mapper/nsx-var+log 9.3G 623M 8.2G 7% /var/log
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the specified firewall address set for the logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
| <string> | Generic string argument Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e addrset name srcep
Addrset count: 1
Name : srcep
Address(es) : 11.1.1.1,11.1.2.1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all the firewall address sets for the logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e addrset sets
Addrset count: 2
Name : dstep
Address(es) : 11.1.1.1,11.1.2.1
Name : srcep
Address(es) : 10.1.1.1,10.1.1.10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the specified firewall attribute set for the logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
| <string> | Generic string argument Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e attrset name attriSet1
Container count: 1
Name : attriSet1
Element(s) : APP_ID : 1, APP_ID : 2
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all the firewall attribute sets for the logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e attrset sets
Container count: 2
Name : attriSet1
Element(s) : APP_ID : 1, APP_ID : 2
Name : attriSet2
Element(s) : TLS_VERSION : 1.1, TLS_VERSION : 1.2
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the firewall connections on the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e connection
Connection count: 1
0x00001c0c08000007: 192.168.130.254:57336 -> 172.16.10.11:80 (80.80.80.11:80) in protocol tcp state ESTABLISHED:ESTABLISHED
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the firewall connection count.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e connection count
Connection count: 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the state of the firewall connections.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e connection state
Connection count: 1
192.168.130.254:57101 -> 172.16.10.11:80 (80.80.80.11:80) in protocol tcp state ESTABLISHED:ESTABLISHED f-0 n-421
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IKE policy for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
| <rule-id> | Rule ID Allowed pattern: ^[1-9][0-9]*$ |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e ike policy 2052
Policy count: 1
Rule ID : 2052
Policy : in protocol any from ip 2.2.2.0/24 to ip 1.1.1.0/24 encrypt keypolicy 00000000-0000-0000-0b00-000000000000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall interface statistics for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e interface stats
Failed IP option : 0
Failed NAT translation : 0
Failed SYN proxy : 0
Failed Spoofguard : 0
Failed bad offset : 0
Failed bad timestamp : 0
Failed checksum : 0
Failed congestion : 0
Failed expected state : 0
Failed fragment : 0
Failed memory allocation : 0
Failed normalization : 0
Failed short header : 0
Failed source limit : 0
Failed state insertion : 0
Failed state limit : 0
Firewall deletions : 13
Firewall insertions : 15
Firewall lookups : 0
Found match : 67
Input bytes allowed : 5741
Input bytes dropped : 0
Input packets allowed : 61
Input packets dropped : 0
Number of state collisions : 0
Number of states : 2
Output bytes allowed : 12628
Output bytes dropped : 0
Output packets allowed : 138
Output packets dropped : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall rules with expanded address sets for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e ruleset rules
DNAT rule count: 1
Rule ID : 2053
Rule : in protocol any from any to ip 80.80.80.11 dnat ip 172.16.10.11
SNAT rule count: 1
Rule ID : 2052
Rule : out protocol any from ip 172.16.10.11 to any snat ip 80.80.80.11
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall rule statistics for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e ruleset stats
DNAT rule count: 1
Rule ID : 2053
Input bytes : 1367
Output bytes : 2374
Input packets : 24
Output packets : 19
Evaluations : 8
Active connections : 1
SNAT rule count: 1
Rule ID : 2052
Input bytes : 4478
Output bytes : 6106
Input packets : 39
Output packets : 68
Evaluations : 7
Active connections : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the active/standby configuration for the firewall on the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e sync config
HA mode : primary-active
Firewall enabled : true
Sync pending : false
Bulk sync pending : false Last status: ok
Local VTEP IP : 192.168.250.62
Peer VTEP IP : 192.168.250.63
Local context : 56eead22-3bb9-4586-8de3-9412941f9116
Peer context : 56eead22-3bb9-4586-8de3-9412941f9116
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the firewall synchronization statistics.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e sync stats
bad-action : 0
bad-c-delete : 0
bad-c-update : 0
bad-delete : 0
bad-header : 0
bad-len : 0
bad-request : 0
bad-rule-id : 0
bad-stale-c-update : 0
bad-stale-update : 0
bad-state-c-update : 0
bad-state-insert : 0
bad-state-update : 0
bad-total : 0
bad-ttl : 0
bad-update : 0
bad-val : 0
bad-version : 0
failed-module-insert : 0
failed-no-mem : 0
failed-no-module : 0
failed-output : 0
input-ipv4 : 5
output-ipv4 : 138
send-bulk-update : 0
send-c-delete : 13
send-c-update : 135
send-update : 0
state-c-delete : 0
state-c-update : 0
state-delete : 0
state-insert : 0
state-request : 2
state-update : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the fixed timeouts for connection events.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge-1> get firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e timeouts
Timeout count: 12
dfw.icmp.error_reply : 10
dfw.icmp.first_packet : 20
dfw.ip.frag : 30
dfw.tcp.closed : 5
dfw.tcp.closing : 900
dfw.tcp.established : 7200
dfw.tcp.fin_wait : 7
dfw.tcp.first_packet : 120
dfw.tcp.opening : 30
dfw.udp.first_packet : 60
dfw.udp.multiple : 60
dfw.udp.single : 30
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall address sets
| Option | Description |
|---|---|
| <vifuuid> | UUID argument |
Example
> get firewall e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0 addrset
Firewall Address Sets
--------------------------------------------------
Mode
Basic
Availability
ESXi, KVM
Display firewall fqdn attribute of profiles.
| Option | Description |
|---|---|
| <vifuuid> | UUID argument |
Example
> get firewall 89e14dfc-98a8-47bc-adb1-ed26091123ee fqdn
Firewall Profile FQDN
----------------------------------------------------------------------
Profiles count : 1
Profile UUID : 941e03a3-1da9-43ba-963e-9e6e467e9ce0
FQDN count : 2
FQDN UUID : 2b90ce0d-f1d2-4092-adb8-1e61b5c05ca8
Value : .*\.office\.com
IP set : 192.168.11.1, 2001::192:168:11:1
FQDN UUID : 15d3bd4f-3e23-41ef-955f-5d2c3df49c3c
Value : .*\.outlook\.com
IP set : 192.168.22.1, 2001::192:168:22:1
Mode
Basic
Availability
KVM
Display firewall attribute profiles.
| Option | Description |
|---|---|
| <vifuuid> | UUID argument |
Example
> get firewall e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0 profiles
Firewall Profiles
--------------------------------------------------
Profiles count : 1
UUID : 35ab482b-1c37-4168-a7d4-176a0c91788e
Attribute count : 2
APP_ID : APP_NTP
APP_ID : APP_SVN
Mode
Basic
Availability
ESXi, KVM
Display firewall rules
| Option | Description |
|---|---|
| <vifuuid> | UUID argument |
Example
> get firewall e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0 ruleset rules
Firewall Rules
--------------------------------------------------
VIF UUID : e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0
Ruleset UUID : 3d04fa69-5faa-4127-b55f-c08c5de5a134
Rule count : 4
rule 1031 inout protocol any from any to any accept;
rule 1032 inout protocol any from any to any accept;
rule 1033 inout protocol any from any to any accept;
rule 1034 inout protocol any from any to any accept;
Mode
Basic
Availability
ESXi, KVM
Display the logical router or switch interfaces which have firewall rules.
Example
nsx-edge-1> get firewall interfaces
Interface : e159f0db-d8e4-4973-9cbb-8cc30def2c3e
Type : UPLINK
Sync enabled : true
Name : lrp265
VRF ID : 22
Context entity : 627171f9-ba99-4d81-971e-54ec857b9693
Context name : SR-Tier0-LR-1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall addresses for the specified address set.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
host-1> get firewall addrset name 986cf106-b987-48bb-bdaa-8b55e1e82756
Address Count: 2
Address : ip 14.14.14.14
Address : ip 12.12.12.12
Mode
Basic
Availability
NSX Cloud VM
Display firewall address sets for the available virtual interface.
Example
host-1> get firewall addrset sets
VIF ID : eni-d36ce980
Addrset Count : 1
Addrset UUID : 986cf106-b987-48bb-bdaa-8b55e1e82756
Address Count : 2
Address : 14.14.14.14
Address : 12.12.12.12
Mode
Basic
Availability
NSX Cloud VM
Display the state of the firewall connections in the VRF context.
Example
nsx-edge-1(vrf)> get firewall connection state
Connection count: 1
192.168.130.254:57101 -> 172.16.10.11:80 (80.80.80.11:80) in protocol tcp state ESTABLISHED:ESTABLISHED f-0 n-421
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display firewall exclude interfaces.
Example
host-1> get firewall exclude
VIF count: 1
VIF ID : eni-d36ce980
Mode
Basic
Availability
NSX Cloud VM
Display the firewall exclusion list.
Example
nsx-manager-1> get firewall exclude-list
target_id target_type target_display_name
---------- ------------ --------------------
954dd9f7-0280-4aff-aebd-8323fd00d770 LogicalSwitch ls01
3b30045a-9166-43b6-85a0-a07d23af5e01 LogicalPort lport02
2 row (s)
Mode
Basic
Availability
Manager
Display firewall exclusions.
Example
esx-1> get firewall exclusion
Firewall Exclusion
----------------------------------------------------------------------
None
Mode
Basic
Availability
ESXi, KVM
Display firewall interface statistics for the specified logical router interface in the VRF context.
Example
nsx-edge-1(vrf)> get firewall interface stats
Failed IP option : 0
Failed NAT translation : 0
Failed SYN proxy : 0
Failed Spoofguard : 0
Failed bad offset : 0
Failed bad timestamp : 0
Failed checksum : 0
Failed congestion : 0
Failed expected state : 0
Failed fragment : 0
Failed memory allocation : 0
Failed normalization : 0
Failed short header : 0
Failed source limit : 0
Failed state insertion : 0
Failed state limit : 0
Firewall deletions : 13
Firewall insertions : 15
Firewall lookups : 0
Found match : 67
Input bytes allowed : 5741
Input bytes dropped : 0
Input packets allowed : 61
Input packets dropped : 0
Number of state collisions : 0
Number of states : 2
Output bytes allowed : 12628
Output bytes dropped : 0
Output packets allowed : 138
Output packets dropped : 0
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the logical router or switch interfaces which have firewall rules.
Example
nsx-edge-1(vrf)> get firewall interfaces
Interface : e159f0db-d8e4-4973-9cbb-8cc30def2c3e
Type : UPLINK
Sync enabled : true
Name : lrp265
VRF ID : 22
Context entity : 627171f9-ba99-4d81-971e-54ec857b9693
Context name : SR-Tier0-LR-1
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display sync configuration for logical router interfaces with firewall rules.
Example
nsx-edge-1> get firewall interfaces sync
Total count: 1
Interface : e159f0db-d8e4-4973-9cbb-8cc30def2c3e
HA mode : primary-active
Firewall enabled : true
Sync pending : false
Bulk sync pending : false Last status: ok
Local VTEP IP : 192.168.250.62
Peer VTEP IP : 192.168.250.63
Local context : 56eead22-3bb9-4586-8de3-9412941f9116
Peer context : 56eead22-3bb9-4586-8de3-9412941f9116
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display firewall ipfix containers.
Example
esx-1> get firewall ipfix-containers
Firewall IPFIX Containers
----------------------------------------------------------------------
Container UUID VIF UUID
daa4a875-9050... 1b78faa3-d8b9...
879e25c1-cf28... 14417daf-ce52...
a0286cfe-73d2... 36124bcf-5bdf...
14417daf-ce52...
e30a0072-1930...
e5e6fee8-61f7...
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display firewall ipfix filters.
Example
esx-1> get firewall ipfix-filters
Firewall IPFIX VIFs
----------------------------------------------------------------------
e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0
e30a0072-1930-48a0-adaa-9412e758eea7
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display firewall ipfix profile configration.
Example
esx-1> get firewall ipfix-profiles
Firewall IPFIX Profiles
----------------------------------------------------------------------
UUID Priority Timeout Domain ID AppliedTo Count Collector UUID
0a988e9e-725d... 10 5 100 8 035cad05-0dc8...
6f25a736-646e... 0 3 1 2 188da901-1bd0...
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display firewall ipfix statistics.
Example
esx-1> get firewall ipfix-stats
Firewall IPFIX Statistics
----------------------------------------------------------------------
Collector config: 188da901-1bd0-402b-9b57-3521cb59910b
IP address port # bytes sent sequence # sent errors
10.2.117.211 2828 38016 355 0
Collector config: 035cad05-0dc8-44a8-b320-d6ebb8112515
IP address port # bytes sent sequence # sent errors
2.2.2.2 200 344 0 0
1.1.1.1 100 344 0 0
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Get orphaned sections from the firewall.
Example
nsx-manager-1> get firewall orphan_section
----------------------
delta_in_section_table
----------------------
id enforced_on section_type
------------------------------------ ----------- ------------
1a91e6de-cf01-4610-a1a0-535e51500c6d DFW LAYER2
1 row(s)
----------------------
delta_in_priority_list
----------------------
id enforced_on section_type
------------------------------------ ----------- ------------
166abe33-8ea6-4cf0-a264-a6a2496fffca EDGE LAYER3
1 row(s)
Mode
Basic
Availability
Manager
Display the contents of the DFW packet log file.
Example
2018-07-17T18:41:20.708Z f1007e48 INET match PASS 2 OUT 84 ICMP 1.1.1.10->1.1.3.10
2018-07-17T18:41:20.716Z a8de7313 INET match PASS 2 IN 84 ICMP 1.1.1.10->1.1.3.10
.
.
.
Mode
Basic
Availability
ESXi, KVM
Display last lines of the DFW packet log file.
| Option | Description |
|---|---|
| <lines> | Line count, up to 80 |
Example
.
.
.
2018-07-17T18:41:20.708Z f1007e48 INET match PASS 2 OUT 84 ICMP 1.1.1.10->1.1.3.10
2018-07-17T18:41:20.716Z a8de7313 INET match PASS 2 IN 84 ICMP 1.1.1.10->1.1.3.10
Mode
Basic
Availability
ESXi, KVM
Get list of published entities from the firewall.
Example
nsx-manager-1> get firewall published-entity
entity_id entity_type sync_operation_type firewall_type priority last_modified_time entity_revision
------------------------------------ ------------ ------------------- ------------- ------------------- ------------------ ---------------
1a91e6de-cf01-4610-a1a0-535e51500c6d RULE_SECTION FULLSYNC DFW 2089670227099910143 1537220678865 0
166abe33-8ea6-4cf0-a264-a6a2496fffca RULE_SECTION FULLSYNC DFW 2089670227099910143 1537220678841 0
2 row(s)
Mode
Basic
Availability
Manager
Get a published entity of given type and id.
| Option | Description |
|---|---|
| <published-entity-type> | Firewall entity type Allowed values: section |
| <published-entity-id> | Firewall entity id |
Example
nsx-manager-1> get firewall published-entity section 1a91e6de-cf01-4610-a1a0-535e51500c6d
entity_id entity_type sync_operation_type firewall_type priority last_modified_time entity_revision
------------------------------------ ------------ ------------------- ------------- ------------------- ------------------ ---------------
1a91e6de-cf01-4610-a1a0-535e51500c6d RULE_SECTION FULLSYNC DFW 2089670227099910143 1537220678865 0
Mode
Basic
Availability
Manager
Display firewall rule statistics.
Example
sc-rdops-vm09-dhcp-1-10.eng.vmware.com> get firewall rule-stats total
Firewall Rule Statistics
------------------------------------------------------------------------------------------
RuleId Packets Bytes Sessions hits
1 0 0 0 0
2 511 33276 0 511
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display total firewall rule statistics.
Example
sc-rdops-vm09-dhcp-1-10.eng.vmware.com> get firewall rule-stats total
Firewall Rule Statistics
------------------------------------------------------------------------------------------
RuleId Packets Bytes Sessions hits
1 0 0 0 0
2 511 33276 0 511
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display the summary of firewall rules.
Example
host-1> get firewall rules
VIF ID : eni-d36ce980
Rule Count : 2
Ruleset UUID : e83c8855-2541-4965-90dd-522435853409
Rule ID : 1025
Rule : inout protocol any from any to addrset 986cf106-b987-48bb-bdaa-8b55e1e82756 accept
Rule ID : 2
Rule : inout protocol any from any to any accept
Rule UUID : 8f03714c-4d60-48d2-9767-7654d90c079e
Rule ID : 1
Rule : inout ethertype any stateless from any to any accept
Mode
Basic
Availability
NSX Cloud VM
Display the firewall status.
Example
esx-1> get firewall status
Firewall Status
----------------------------------------------------------------------
enabled
Mode
Basic
Availability
ESXi, KVM
Display the firewall status.
Example
nsx-manager-1> get firewall status
context global_status _revision
------- ------------- ---------
logical_routers ENABLED 0
transport_nodes ENABLED 0
2 row(s)
Mode
Basic
Availability
Manager
Display the firewall summary.
Example
nsx-manager-1> get firewall summary
section_type section_count rule_count
------------ ------------- ----------
L2DFW 1 1
L3DFW 1 1
2 row(s)
Mode
Basic
Availability
Manager
Display the firewall synchronization statistics in the VRF context.
Example
nsx-edge-1(vrf)> get firewall sync stats
bad-action : 0
bad-c-delete : 0
bad-c-update : 0
bad-delete : 0
bad-header : 0
bad-len : 0
bad-request : 0
bad-rule-id : 0
bad-stale-c-update : 0
bad-stale-update : 0
bad-state-c-update : 0
bad-state-insert : 0
bad-state-update : 0
bad-total : 0
bad-ttl : 0
bad-update : 0
bad-val : 0
bad-version : 0
failed-module-insert : 0
failed-no-mem : 0
failed-no-module : 0
failed-output : 0
input-ipv4 : 5
output-ipv4 : 138
send-bulk-update : 0
send-c-delete : 13
send-c-update : 135
send-update : 0
state-c-delete : 0
state-c-update : 0
state-delete : 0
state-insert : 0
state-request : 2
state-update : 0
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display firewall thresholds.
Example
kvm> get firewall thresholds
Firewall Threshold Monitors
-------------------------------------------------------------------------------------------
# Name Raised Threshold CurrValue CurrSize MaxSize PeakEver EverTime(ago)
1 total-cpu False 90 0 -- -- 0 --:--:--
2 total-memory False 90 2 2 MB 96 MB 2 05:42:08
Mode
Basic
Availability
KVM
Display firewall thresholds.
Example
esx> get firewall thresholds
Firewall Threshold Monitors
-------------------------------------------------------------------------------------------
# Name Raised Threshold CurrValue CurrSize MaxSize PeakEver EverTime(ago)
1 dfw-cpu False 90 0 -- -- 0 --:--:--
2 vsip-attr False 90 2 2 MB 96 MB 2 05:42:08
3 vsip-flow False 90 0 0 MB 168 MB 0 --:--:--
4 vsip-fqdn False 90 0 0 MB 96 MB 0 --:--:--
5 vsip-module False 90 4 22 MB 512 MB 4 05:42:08
6 vsip-rules False 90 0 0 MB 128 MB 0 --:--:--
7 vsip-state False 90 0 0 MB 192 MB 0 --:--:--
Mode
Basic
Availability
ESXi
Display firewall VIFs
Example
> get firewall vifs
Firewall VIFs
--------------------------------------------------
VIF count: 2
1. e0b4c45b-7df8-40d5-a229-2b2a5be2d4d0
2. e30a0072-1930-48a0-adaa-9412e758eea7
Mode
Basic
Availability
ESXi, KVM
Display forwarding information for the current interface. If the interface is a switch port, the MAC address table is displayed. If the interface is a router interface, the IP forwarding table is displayed.
Example
nsx-edge-1(path)> get forwarding
IP Neighbor Table:
IP UUID MAC State Last Update Time
IP Forwarding Table:
IP Prefix Type UUID Gateway IP Gateway MAC
0.0.0.0/0 route 2a7bf881-1f89-4833-833e-47673b79901a 169.0.0.2
80.80.80.11/32 route 3eb2d5aa-3d11-4de3-98df-3cdebf5094e0 100.64.1.3
100.64.1.0/32 route 01f737d3-a66a-5b14-9ff7-6fc64af6a613
100.64.1.0/31 route bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
100.64.1.2/32 route 01f737d3-a66a-5b14-9ff7-6fc64af6a613
100.64.1.2/31 route 3eb2d5aa-3d11-4de3-98df-3cdebf5094e0
169.0.0.0/28 route 2a7bf881-1f89-4833-833e-47673b79901a
169.0.0.1/32 route 01f737d3-a66a-5b14-9ff7-6fc64af6a613
172.16.10.0/24 route bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a 100.64.1.1
172.16.20.0/24 route bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a 100.64.1.1
172.16.30.0/24 route bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a 100.64.1.1
172.16.40.0/24 route 3eb2d5aa-3d11-4de3-98df-3cdebf5094e0 100.64.1.3
192.168.130.0/24 route 2a7bf881-1f89-4833-833e-47673b79901a 169.0.0.2
192.168.130.3/32 route 2a7bf881-1f89-4833-833e-47673b79901a 169.0.0.2
or
nsx-edge-1(path)> get forwarding
MAC Table:
MAC UUID Source
02:50:56:00:00:00 5b2068d0-8c28-4427-8be4-48f422f92309 controller
02:50:56:00:00:02 eb3bd495-9ce3-40b4-a955-c2ddc4893cfa controller
02:50:56:56:44:52 5b2068d0-8c28-4427-8be4-48f422f92309 controller
Replication Tunnels:
UUID Local VTEP Remote VTEP MTEP
704d9577-39d4-5b7c-b890-5e5e0bba8d0e 192.168.250.62 192.168.250.63 False
Mode
Path
Availability
Edge, Public Cloud Gateway
Display the forwarding table for the logical router in the VRF context. Optionally specify a prefix to display only the entry that matches that network.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get forwarding
Logical Router
UUID VRF LR-ID Name Type
e9d3379d-aba7-4459-9262-18bc95eaeec1 1 1 SERVICE_ROUTER_TIER0
IPv4 Forwarding Table
IP Prefix Gateway IP Type UUID Gateway MAC
127.0.0.1/32 route 4b115e5f-1395-54c3-aaf0-0de5736f99df
172.20.1.0/24 route 6c427841-e151-4479-9184-4196cfcef3b6
172.20.1.60/32 route 4b115e5f-1395-54c3-aaf0-0de5736f99df
172.24.4.1/32 172.20.1.50 route 6c427841-e151-4479-9184-4196cfcef3b6
or
nsx-edge-1(tier0_sr)> get forwarding 172.16.110.0/24
Logical Router
UUID VRF Name Type
e9d3379d-aba7-4459-9262-18bc95eaeec1 1 SERVICE_ROUTER_TIER0
IPv4 Forwarding Table
IP Prefix Gateway IP Type UUID Gateway MAC
172.24.4.1/32 172.20.1.50 route 6c427841-e151-4479-9184-4196cfcef3b6
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Dump the host's public cloud gateway certificate
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
host-1> get gateway certificate 13.14.41.34
Public Cloud Gateway : 13.14.41.34
Certificate Thumbprint : 2A0489D8990FFB51D9F72190FBCC4052E42BB31F
SHA : sha256
Mode
Basic
Availability
NSX Cloud VM
Dump the host's public cloud gateway certificates.
Example
host-1> get gateway certificates
Public Cloud Gateway : 13.14.41.34
Certificate Thumbprint : 2A0489D8990FFB51D9F72190FBCC4052E42BB31F
SHA : sha256
Public Cloud Gateway : 13.14.41.35
Certificate Thumbprint : 345489B8990FDB51D9A72190FB0A7042842BB32C
SHA : sha256
Mode
Basic
Availability
NSX Cloud VM
Dump the host's public cloud gateway connection status.
Example
host-1> get gateway connection status
Public Cloud Gateway : 13.14.41.34:5555
Connection Status : ESTABLISHED
Connection Time : Thu Jun 15 19:12:34 2017
Last Known Error : None
Mode
Basic
Availability
NSX Cloud VM
Dump public cloud gateway connections
Example
nsx-public-cloud-gateway> get gw-controller connections
ConnectionId Remote IP Endpoint
0 10.10.4.226 ccp
1 127.0.0.1 edge-nsx-agent
6 10.10.4.65 i-0c61c378b52c1588c
7 10.10.4.247 i-05e1618bdffb8e521
8 10.10.4.170 i-0b28602753dbf4e51
Mode
Basic
Availability
Public Cloud Gateway
Get gw-controller logging level.
Mode
Basic
Availability
Public Cloud Gateway
Display public cloud VM certificate
| Option | Description |
|---|---|
| <vm-id> | VM ID |
Example
nsx-public-cloud-gateway>get gw-controller vm-certificate i-00dd27a50b99b29b6
[{'ID': 'i-00dd27a50b99b29b6', 'Thumbprint': '9EB31557EE6B4733E588F4CA51449707132DDC79', 'SHA': 'sha256'}]
Mode
Basic
Availability
Public Cloud Gateway
Display all public cloud VM certificates
Example
nsx-public-cloud-gateway> get gw-controller vm-certificates
ID Thumbprint SHA
i-00dd27a50b99b29b6 9EB31557EE6B4733E588F4CA51449707132DDC79 sha256
i-05e1618bdffb8e521 2966DCA6F755D04FA87625A18A2671460A753A9E sha256
Mode
Basic
Availability
Public Cloud Gateway
Display public cloud VM state for all VMs
Example
nsx-public-cloud-gateway-AWS> get gw-controller vm-state
ConnID VM ID InstanceName State Quarantine Valid
3 i-00275186c5eab8d1e vm1-test-1 VM_STATE_NORMAL QUARANTINE_STATE_NORMAL TRUE
5 i-00dd27a50b99b29b6 vm2-test-2 VM_STATE_NORMAL QUARANTINE_STATE_NORMAL TRUE
NO_AGENT i-00aa27a50b99b2999 vm3-test-3 VM_STATE_NORMAL QUARANTINE_STATE_NORMAL TRUE
nsx-gw1-AZURE> get gw-controller vm-state
ConnID VM ID InstanceName State Quarantine Valid
8 0502182d-4db9-48d2-aaf7-a737c8a2f630 vm-test-102 VM_STATE_NORMAL QUARANTINE_STATE_NORMAL TRUE
- 3ad0eb11-23c0-4f2f-8855-ee69e747a7a9 vm-test-101 VM_STATE_UNKNOWN QUARANTINE_STATE_ENABLED FALSE
NO_AGENT 7aeeeb11-23c0-4f2f-8855-ee69e747a711 vm-test-103 VM_STATE_NORMAL QUARANTINE_STATE_ENABLED FALSE
Mode
Basic
Availability
Public Cloud Gateway
Display public cloud VM state for specific VM
| Option | Description |
|---|---|
| <vm-id> | VM ID |
Example
nsx-public-cloud-gateway>get gw-controller vm-state i-0c61c378b52c1588c
ID: i-0c61c378b52c1588c
Config:
Name: vm-10-overlay-test-5
VM ID: i-0c61c378b52c1588c
Power State: POWER_STATE_ON
Desired version:
Interfaces:
{'attachment_id': 'eni-b0dd8c8c', 'mac_address_string': '06:95:92:91:ba:0c', 'Secondary_IP': [], 'Tags': [{'value': 'b15e32de-5c02-4b12-999b-86595e3bfa46', 'key': 'nsx:network'}], 'IP': '10.10.4.65', 'Name': u'', 'Device index': '0', 'MAC address': '06:95:92:91:ba:0c', 'ID': 'eni-b0dd8c8c', 'NSX assigned IP': []}
Tags:
{'value': 'vm-10-overlay-test-5', 'key': 'Name'}
{'value': 'vpc-7d0fea1b', 'key': 'aws:vpc'}
{'value': 'us-west-2b', 'key': 'aws:availabilityzone'}
VM Services: []
Quarantine state: QUARANTINE_STATE_NORMAL
SystemTags: []
VM Security groups: [{'Security group': 'sg-6e300315'}]
VM Identifiers: [{'value': 'vpc-7d0fea1b', 'key': 'vpc-id'}]
State:
{'timestamp(ms)': '0', 'VM Version': '2.0.0.0.0.5706753', 'VM OS Version': '14.04', 'VM OS Type': 'UBUNTU', 'State': 'VM_STATE_NORMAL'}
ActiveConn: 14
Valid: 1
Mode
Basic
Availability
Public Cloud Gateway
Display the mandatory access control report for possible policy violations. Specify the
file argument to write the information to a file with the specified file name. The report is written to this file in a concise format. You can specify the all argument to have a verbose report, which includes exact log messages.| Option | Description |
|---|---|
| <filename> | Name of file to generate, for example report-bundle.tgz Allowed pattern: ^[^/ *;&|]+$ |
Example
nsx-edge-1> get hardening-policy mandatory-access-control report
ACTION OPERATION PROFILE
DENIED Capable /usr/sbin/tcpdump
DENIED Capable /sbin/dhclient
nsx-edge-1> get hardening-policy mandatory-access-control report file report.tar.gz
report.tar.gz created, use the following command to transfer the file:
copy file report.tar.gz url <url>
After transferring report.tar.gz, extract it using: tar xzf report.tar.gz
nsx-edge-1> get hardening-policy mandatory-access-control report file report_all.tar.gz all
report_all.tar.gz created, use the following command to transfer the file:
copy file report_all.tar.gz url <url>
After transferring report.tar.gz, extract it using: tar xzf report_all.tar.gz
Mode
Basic
Availability
Controller, Edge, Manager, Policy Manager, Public Cloud Gateway
This command gets the current status of mandatory access control. Usage for the command is
get hardening-policy mandatory-access-control status Example
nsx-edge-1> get hardening-policy mandatory-access-control status
Mandatory Access Control is enabled.
Mode
Basic
Availability
Controller, Edge, Manager, Policy Manager, Public Cloud Gateway
Display information about the specified high-availability channel.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get high-availability channel local-ip 30.0.246.232 remote-ip 30.0.29.0
High-Availability Channel
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Channel_if_uuid : 0f02ccfe-0cbf-524a-ba32-6bedaa0429ec
Channel_sessions : 1
Channel_state : SYN
Ctl_req_seq : 1
Egress_inst_id : b75cdf09-e71f-4574-960a-45f7cc43300b
Ingress_inst_id : 00000000-0000-0000-0000-000000000000
Last_tx : 0x1eff538
Local_address : 30.0.246.232
Next_tx : 0x1eff894
Remote_address : 30.0.29.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified high-availability channel.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get high-availability channel local-ip 30.0.246.232 remote-ip 30.0.29.0 stats
High-Availability Session
Local_address : 30.0.246.232
Remote_address : 30.0.29.0
Rx_ack_packets : 0
Rx_drop : 0
Rx_drop_bad_version : 0
Rx_drop_inst_unmatch : 0
Rx_drop_intf_unmatch : 0
Rx_drop_ip_unmatch : 0
Rx_drop_pkt_len_unmatch : 0
Rx_drop_pkt_too_short : 0
Rx_drop_seq_unmatch : 0
Rx_drop_wait_syn_ack : 0
Rx_packets : 0
Tx_drop : 0
Tx_error : 0
Tx_packets : 754
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about high-availability channels.
Example
nsx-edge-1> get high-availability channels
High-Availability Channel
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Channel_if_uuid : 0f02ccfe-0cbf-524a-ba32-6bedaa0429ec
Channel_sessions : 1
Channel_state : SYN
Ctl_req_seq : 1
Egress_inst_id : b75cdf09-e71f-4574-960a-45f7cc43300b
Ingress_inst_id : 00000000-0000-0000-0000-000000000000
Last_tx : 0x1eb115c
Local_address : 30.0.246.232
Next_tx : 0x1eb1512
Remote_address : 30.0.29.0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the high-availability channels.
Example
nsx-edge-1> get high-avaiability channels stats
High-Availability Session
Local_address : 30.0.246.232
Remote_address : 30.0.29.0
Rx_ack_packets : 0
Rx_drop : 0
Rx_drop_bad_version : 0
Rx_drop_inst_unmatch : 0
Rx_drop_intf_unmatch : 0
Rx_drop_ip_unmatch : 0
Rx_drop_pkt_len_unmatch : 0
Rx_drop_pkt_too_short : 0
Rx_drop_seq_unmatch : 0
Rx_drop_wait_syn_ack : 0
Rx_packets : 0
Tx_drop : 0
Tx_error : 0
Tx_packets : 476
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the high availability state history for the logical router in the VRF context.
Example
nsx-edge-1(tier0_sr)> get high-availability history state
State : Down
Event : Init
Resources :
Time : 2016-02-02 18:41:22.80
State : Active
Event : Node Up
Resources : 0
Time : 2016-02-02 18:41:26.91
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display information about the specified high-availability session.
| Option | Description |
|---|---|
| <service-id> | Service id (0-65535) |
Example
nsx-edge-1> get high-availability session local-service-id 5 peer-service-id 5
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified high-availability session.
| Option | Description |
|---|---|
| <service-id> | Service id (0-65535) |
Example
nsx-edge-1> get high-availability session local-service-id 5 peer-service-id 5
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about high-availability sessions.
Example
nsx-edge-1> get high-availability sessions
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about high-availability sessions by remote-ip of the channel
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get high-availability sessions remote-ip 30.0.29.0
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about high-availability sessions by service-type.
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
Example
nsx-edge-1> get high-availability sessions service-type service-router
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about high-availability sessions by service-type and remote-ip of the channel
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get high-availability sessions service-type service-router remote-ip 30.0.29.0
High-Availability Session
Cfg_flags : 0x00000000
Ha_transport : 0bb0495e-b525-11e8-b7e8-020045ee019c
Last_tx : 0x0
Local_address : 30.0.246.232
Local_service_id : 5
Next_tx : 0x0
Nsxa_req_ha_state : 1
Nsxa_req_msg_type : 0
Peer_ha_state : 255
Peer_service_id : 5
Remote_address : 30.0.29.0
Req_seq : 1
Req_state : active
Service_type : service-router
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the high-availability sessions of specified service-type.
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
Example
nsx-edge-1> get high-availability session service-type service-router stats
High-Availability Session
Local_service_id : 5
Peer_service_id : 5
Rx_ack_packets : 0
Rx_drop : 0
Rx_drop_bad_version : 0
Rx_drop_inst_unmatch : 0
Rx_drop_intf_unmatch : 0
Rx_drop_ip_unmatch : 0
Rx_drop_pkt_len_unmatch : 0
Rx_drop_pkt_too_short : 0
Rx_drop_seq_unmatch : 0
Rx_packets : 0
Rx_packets_to_conf_thread : 0
Service_type : service-router
Tx_drop : 0
Tx_error : 0
Tx_packets : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays any high-availability sessions of a given type who have completed synchronization with peer
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
Example
nsx-edge-1> get high-availability sessions service-type service-router sync complete
Total : 2
UUID : e371701a-3e7d-4173-a0fc-7311d70f50e6
Type : TIER1
State : Active
UUID : 4e425c9e-09c6-4021-bbc7-fab2895a2c09
Type : TIER1
State : Standby
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays any high-availability sessions of a given type who have not yet completed synchronization with peer
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
Example
nsx-edge-1> get high-availability sessions service-type service-router sync in-progress
Total : 2
UUID : e371701a-3e7d-4173-a0fc-7311d70f50e6
Type : TIER1
State : Active, waiting for peer to confirm
UUID : 4e425c9e-09c6-4021-bbc7-fab2895a2c09
Type : TIER1
State : Down
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the synchronization status of high-availability sessions of a given type on current node
| Option | Description |
|---|---|
| <service-type> | Service type argument is one of {service-router} Allowed values: service-router, l2-bridge |
Example
nsx-edge-1> get high-availability service-type service-router sync summary
Overview
Sync in progress: 2
Sync done : 100
All sync done : false
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the high-availability sessions.
Example
nsx-edge-1> get high-availability sessions stats
High-Availability Global Counters
Ha_sessions : 1
Nsxa_err_msg_receive_count : 0
Nsxa_msg_receive_count : 0
Nsxa_notify_count : 0
Nsxa_notify_drop_count : 0
Rx_drop_bad_csum : 0
Rx_drop_bad_version : 0
Rx_drop_count : 0
Rx_drop_intf_type : 0
Rx_drop_non_app : 0
Rx_drop_non_udp : 0
Rx_drop_null_app_peer_session : 0
Rx_drop_null_app_session : 0
Rx_drop_null_intf : 0
Rx_drop_runt_pkt : 0
Rx_drop_udp_len : 0
Tx_drop_count : 0
Tx_drop_no_route : 0
High-Availability Session
Local_service_id : 5
Peer_service_id : 5
Rx_ack_packets : 0
Rx_drop : 0
Rx_drop_bad_version : 0
Rx_drop_inst_unmatch : 0
Rx_drop_intf_unmatch : 0
Rx_drop_ip_unmatch : 0
Rx_drop_pkt_len_unmatch : 0
Rx_drop_pkt_too_short : 0
Rx_drop_seq_unmatch : 0
Rx_packets : 0
Rx_packets_to_conf_thread : 0
Service_type : service-router
Tx_drop : 0
Tx_error : 0
Tx_packets : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the high availability status for the logical router in the VRF context.
Example
nsx-edge-1(tier1_sr)> get high-availability status
Service Router
UUID : 4e425c9e-09c6-4021-bbc7-fab2895a2c09
state : Active
type : TIER1
mode : A/S
failover mode : Non-preemptive
rank : 0
service count : 1
service score : 0
HA ports state
UUID : 733d7ed3-1daa-4c28-bc0a-77e3736fea14
op_state : Up
addresses : 169.0.0.2/28
Peer Routers
Node UUID : e13dbba8-542e-11e9-a177-020021d58d1d
HA state : Standby
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display IPFIX setting on the specified DVPort of the specified host switch
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch dvport cdb36fdd-a3ec-494e-9b7b-60a8c6af5b70 ipfix setting
Host IPFIX setting
--------------------------------------------------------------------------
activeTimeout : 8
idleTimeout : 15
sampleRate : 1000
obsDomainID : 0
sourceIP : 0.0.0.0
internalFlowsOnly : False
vNICFlowOnly : False
virtualObsID :
collectors : 192.168.7.3 5003
Mode
Basic
Availability
ESXi
Display IPFIX stats on the specified DVPort of the specified host switch
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch dvport cdb36fdd-a3ec-494e-9b7b-60a8c6af5b70 ipfix stats
Host IPFIX stats
--------------------------------------------------------------------------
flows : 0
currentFlows : 0
pktsSent : 10
pktsSenterrors : 0
sampleok : 0
ipv4ok : 0
ipv6ok : 0
sampleerrors : 0
unsupportedproto : 0
ipv4errors : 0
ipv6errors : 0
etherrors : 0
inputiferrors : 0
outputiferrors : 0
allocerrors : 0
ipv4headererrors : 0
ipv6headererrors : 0
ipv4unsupportedproto: 0
ipv6unsupportedproto: 0
ipv4missingfrags : 0
ipv6missingfrags : 0
pktattrerrors : 0
Mode
Basic
Availability
ESXi
Display the mcast filter mode for the specified host switch and dvPort
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch dvport 73c6d671-32e0-4e74-95a0-bf604c0e0669 mcast-filter
Host Switch DVPort Mcast Filter Entry
---------------------------------------------------------------------------
Legacy Filter Entry
===========================================================================
33:33:ff:69:ae:cd
33:33:00:00:00:01
01:00:5e:00:00:01
IGMP Filter Entry
===========================================================================
224.1.1.2
MLD Filter Entry
===========================================================================
Mode
Basic
Availability
ESXi
Display the mcast filter stata of the specified entry
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
| <entry-mode> | Mode of a mcast filter entry Allowed values: igmp, mld |
| <entry-group> | Group address of a mcast filter entry Allowed pattern: ^([A-Fa-f0-9.:]+)$ |
Example
esx-1> get host-switch nsxvswitch dvport 73c6d671-32e0-4e74-95a0-bf604c0e0669 mcast-filter igmp 224.1.1.2
Host Switch DVPort Mcast Filter Entry Status
---------------------------------------------------------------------------
VNI : 41864
version : 3
srcIPFilterMode : INCLUDE
updateTime : 35
srcIPs :
192.168.1.4
192.168.1.5
Mode
Basic
Availability
ESXi
Display IPFIX stats on the specified host switch
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
esx-1> get host-switch nsxvswitch ipfix stats
Host IPFIX stats
--------------------------------------------------------------------------
flows : 0
currentFlows : 0
pktsSent : 10
pktsSenterrors : 0
sampleok : 0
ipv4ok : 0
ipv6ok : 0
sampleerrors : 0
unsupportedproto : 4
ipv4errors : 0
ipv6errors : 0
etherrors : 0
inputiferrors : 0
outputiferrors : 0
allocerrors : 0
ipv4headererrors : 0
ipv6headererrors : 0
ipv4unsupportedproto: 0
ipv6unsupportedproto: 0
ipv4missingfrags : 0
ipv6missingfrags : 0
pktattrerrors : 0
Mode
Basic
Availability
ESXi
Display the mcast filter mode for the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
esx-1> get Host-switch nsxvswitch mcast-filter
Host Switch Mcast Filter
---------------------------------------------------------------------------
Mode : Snooping
Mode
Basic
Availability
ESXi
Display the stats of mirror on the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <mirror-session-id> | Mirror session identifier UUID Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch mirror-session a779b62e-7711-47ad-8d54-
5cb166d061af
Mirror Session
==========================================================
UUID : a779b62e-7711-47ad-8d54-5cb166d061af
Direction : Both
Snap Length : 0
Source : 9484c882-76e6-4f9e-85c4-087968963769;34b19ace-8396-4
dd2-9b92-5867b1bf30ef;vmnic1(Encap)
Destination : 79b8f233-4c22-49ce-b270-3802796de856
EncapVlan :
OrigialVlan :
EncapType :
GreKey :
ERspanID :
Filter :
Source IPs : 10.1.1.1
: 2000:1/64
Destination IPs : 20.1.1.1
: 2000:2/64
IP Protocol : TCP
Source Ports : 234
Destination Ports : 2999-4000
Action : Mirror
Mode
Basic
Availability
ESXi
Display the mirror settings on the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
esx-1> get host-switch nsxvswitch mirror-sessions
Mirror Session Summary
============================================================
Mirror UUID Direction Snap Length
a779b62e-7711-47ad-8d54-5cb166d061af Both 0
Mode
Basic
Availability
ESXi
Display Tunnel Detail info on the specified DVPort of the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <local_ip> | Local IP |
| <remote_ip> | Remote IP |
Example
esx-1> get host-switch tunnel 10.0.0.1 20.0.0.1
Local State :up
Remote State :up
Local Diag :None
Remote Diag :None
min_rx :100
min_tx :1000
local_disc :0xabcdef
remote_disc :0x123456
Tx Interval :1000
Rx Interval :100
mult :3
Mode
Basic
Availability
ESXi
Display Tunnels info on the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
esx-1> get host-switch tunnels
Local IP Remote IP Local State Remote State
10.0.0.1 20.0.0.1 Up Init
10.0.0.1 30.0.0.1 Up Up
10.0.0.1 40.0.0.1 Down Down
Mode
Basic
Availability
ESXi
Display IPFIX setting on the specified uplink of the specified host switch
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <uplink> | Uplink identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch uplink vmnic1 ipfix setting
Host IPFIX setting
--------------------------------------------------------------------------
activeTimeout : 8
idleTimeout : 15
sampleRate : 1000
obsDomainID : 0
sourceIP : 0.0.0.0
internalFlowsOnly : False
vNICFlowOnly : False
virtualObsID : Uplink-0x03000002
collectors : 192.168.7.3 5003
Mode
Basic
Availability
ESXi
Display IPFIX stats on the specified uplink of the specified host switch
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <uplink> | Uplink identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get host-switch nsxvswitch uplink vmnic1 ipfix stats
Host IPFIX stats
--------------------------------------------------------------------------
flows : 0
currentFlows : 0
pktsSent : 0
pktsSenterrors : 0
sampleok : 0
ipv4ok : 0
ipv6ok : 0
sampleerrors : 0
unsupportedproto : 4
ipv4errors : 0
ipv6errors : 0
etherrors : 0
inputiferrors : 0
outputiferrors : 0
allocerrors : 0
ipv4headererrors : 0
ipv6headererrors : 0
ipv4unsupportedproto: 0
ipv6unsupportedproto: 0
ipv4missingfrags : 0
ipv6missingfrags : 0
pktattrerrors : 0
Mode
Basic
Availability
ESXi
Display VLAN table for the host switch.
Example
nsx-edge-1> get host-switch vlan-table
VLAN : 100
MAC : 02:50:56:00:00:03
Ingress Port
name : fp-eth0
ID : 0
Egress Port
port : 783a05cd-033d-4891-ad11-7c082641e069
ifuid : 274
VLAN : 250
MAC : 04:00:c0:a8:fa:a2
Ingress Port
name : fp-eth1
ID : 1
Egress Port
port : 7bd1dd3d-97eb-5312-9d0d-b26c148a4fac
ifuid : 296
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all host switches.
Example
nsx-edge-1> get host-switches
Host Switch : 8d4c2128-e748-4878-8314-ad8414f7f943
Switch Name : vlanswitch
Transport Zone : 4e9a90b7-96de-4102-a9bf-1f3733eb3375
Physical Port : fp-eth0
Uplink Name : uplink1
Host Switch : d7ea327f-2569-4b1c-b7cf-8cd4c85ebb18
Switch Name : hostswitch
Transport Zone : 9bc2392d-b7ee-4cf9-9200-7d082f199aef
Physical Port : fp-eth1
Uplink Name : uplink1
Transport VLAN : 250
Default Gateway : 192.168.250.1
Subnet Mask : 255.255.255.0
Local VTEP Device : fp-eth1
Local VTEP IP : 192.168.250.162
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the system hostname.
Example
nsx> get hostname
nsx
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display hugepage information, including total system memory, hugepage sizes supported and hugepage pools.
Example
nsx-edge-1> get hugepage
Total system memory
3949 MB
Hugepage sizes supported
2097152
Hugepage pools
Size Minimum Current Maximum Default
2097152 987 987 987 *
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the container interface (CIF) configuration for the specified app.
| Option | Description |
|---|---|
| <string> | Application ID Allowed pattern: ^.*$ |
Example
kvm-1> get hyperbus app-id c1-vm2ebc cif-config
AppID LSPID LRPID VIFID LSID MAC IP GatewayIP Vlan Version
c1-vm2ebc 939e3ef4-3f42-4a12-a125-24a9ef5035a9 00000000-0000-0000-0000-000000000000 b819f915-6f8f-4b9d-a816-9c7c3f44f830 db3d238f-4528-4fb3-9f94-bb2f61cc49b5 aa:bb:cc:dd:ee:11 192.168.102.11 0.0.0.0 11 1
Mode
Basic
Availability
ESXi, KVM
Display the container interface (CIF) configuration table.
Example
kvm-1> get hyperbus cif-table
Type AppID LSPID LRPID VIFID LSID MAC IP GatewayIP Vlan Version
Parent VIF 93d80cc9-9654-4300-93d2-8a27925feebd 00000000-0000-0000-0000-000000000000 b819f915-6f8f-4b9d-a816-9c7c3f44f830 775a3d45-063d-40b2-8a89-8e102fc7bbb9 00:00:00:00:00:00 0.0.0.0 0.0.0.0 0 1
Link LSP 0dd90579-e3cc-4f9c-b5f3-cfbe16d82d0d be3d0a5a-f80d-456f-89c7-33219090fdcb db3d238f-4528-4fb3-9f94-bb2f61cc49b5 00:00:00:00:00:00 0.0.0.0 192.168.102.1 0 1
Link LSP 22e38f1c-453a-4821-a0f1-de77af397000 3ad6ec1f-72f3-45ad-8201-eb8b67d25682 18f9821a-9844-4ba1-bb0e-b975eacbdabf 00:00:00:00:00:00 0.0.0.0 192.168.101.1 0 1
Child CIF c1-vm2ebc 939e3ef4-3f42-4a12-a125-24a9ef5035a9 00000000-0000-0000-0000-000000000000 b819f915-6f8f-4b9d-a816-9c7c3f44f830 db3d238f-4528-4fb3-9f94-bb2f61cc49b5 aa:bb:cc:dd:ee:11 192.168.102.11 0.0.0.0 11 1
Mode
Basic
Availability
ESXi, KVM
Display the virtual interface (VIF) connection information.
Example
kvm-1> get hyperbus connection info
VIFID Connection Status
db4f717e-d0dd-4552-a99b-5a5839f3e06d 169.254.1.10:2345 HEALTHY
Mode
Basic
Availability
ESXi, KVM
Display the container interface (CIF) configuration for the specified logical switch port.
| Option | Description |
|---|---|
| <logical-switch-port-ID> | Logical switch port ID Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get hyperbus logical-switch-port 939e3ef4-3f42-4a12-a125-24a9ef5035a9 cif-config
Type AppID LSPID LRPID VIFID LSID MAC IP GatewayIP Vlan Version
Child CIF c1-vm2ebc 939e3ef4-3f42-4a12-a125-24a9ef5035a9 00000000-0000-0000-0000-000000000000 b819f915-6f8f-4b9d-a816-9c7c3f44f830 db3d238f-4528-4fb3-9f94-bb2f61cc49b5 aa:bb:cc:dd:ee:11 192.168.102.11 0.0.0.0 11 1
Mode
Basic
Availability
ESXi, KVM
Display the connection information for the specified virtual interface (VIF).
| Option | Description |
|---|---|
| <vif-ID> | VIF ID Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get hyperbus vif-id db4f717e-d0dd-4552-a99b-5a5839f3e06d connection info
VIFID Connection Status
db4f717e-d0dd-4552-a99b-5a5839f3e06d 169.254.1.10:2345 HEALTHY
Mode
Basic
Availability
ESXi, KVM
Display the logical IP (LIP) for the specified virtual interface (VIF).
| Option | Description |
|---|---|
| <vif-ID> | VIF ID Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get hyperbus vif-id db4f717e-d0dd-4552-a99b-5a5839f3e06d lip
VIFID LIP
db4f717e-d0dd-4552-a99b-5a5839f3e06d 169.254.1.10
Mode
Basic
Availability
ESXi, KVM
Display the VIF (virtual interface) LIP (logical IP) table.
Example
kvm-1> get hyperbus vif-lip-table
VIFID LIP State
db4f717e-d0dd-4552-a99b-5a5839f3e06d 169.254.1.10 LSP_ATTACHMENT/VIF_CONNECT
Mode
Basic
Availability
ESXi, KVM
Display the connected virtual interfaces (VIFs). For ESXi, all connected container host VIFs are displayed. For KVM, all connected container host VIFs and CIFs are displayed.
Example
kvm-1> get hyperbus vif-table
VIFID Version
b819f915-6f8f-4b9d-a816-9c7c3f44f830 1
c1-vm2ebc 1
Mode
Basic
Availability
ESXi, KVM
List all container images for given service.
| Option | Description |
|---|---|
| <image-name> | Edge service container image name |
Example
nsx-edge> get image nsx-edge-iked
Image Name Version Tag Created
nsx-edge-iked ob-13148208 previous 2019-04-04 (40 hours ago)
nsx-edge-iked ob-13129113 current 2019-04-03 (2 days ago)
nsx-edge-iked ob-13094493 2019-04-01 (4 days ago)
Mode
Basic
Availability
Edge, Public Cloud Gateway
List install history of container images for given service.
| Option | Description |
|---|---|
| <image-name> | Edge service container image name |
Example
nsx-edge> get image nsx-edge-datapath install history
Image Name Version Install time Uninstall time
nsx-edge-datapath ob-13336865 2019-04-16 23:16:47.502 UTC 2019-04-16 23:17:12.213 UTC
nsx-edge-datapath ob-13344839 2019-04-16 23:17:15.314 UTC 2019-04-16 23:16:44.372 UTC
Mode
Basic
Availability
Edge, Public Cloud Gateway
List all service container images.
Example
nsx-edge> get images
Image Name Version Tag Created
nsx-edge-iked ob-13148208 previous 2019-04-04 (40 hours ago)
nsx-edge-mdproxy ob-13135660 current 2019-04-03 (2 days ago)
nsx-edge-iked ob-13129113 current 2019-04-03 (2 days ago)
nsx-edge-dispatcher ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-datapath ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-frr ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-lb ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-iked ob-13094493 2019-04-01 (4 days ago)
nsx-edge-nsxa ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-mdproxy ob-13094493 previous 2019-04-01 (4 days ago)
nsx-edge-dhcp ob-13094493 current 2019-04-01 (4 days ago)
nsx-edge-dns ob-13094493 current 2019-04-01 (4 days ago)
Mode
Basic
Availability
Edge, Public Cloud Gateway
List install history for all service container images.
Example
nsx-edge> get images install history
Image Name Version Install time Uninstall time
nsx-edge-nsxa ob-13336865 2019-04-16 23:14:45.050 UTC 2019-04-16 23:15:33.223 UTC
nsx-edge-nsxa ob-13344839 2019-04-16 22:52:17.530 UTC
nsx-edge-nsxa ob-13348244 2019-04-16 23:15:33.781 UTC 2019-04-16 23:14:44.427 UTC
nsx-edge-datapath ob-13336865 2019-04-16 23:16:47.502 UTC 2019-04-16 23:17:12.213 UTC
nsx-edge-datapath ob-13344839 2019-04-16 23:17:15.314 UTC 2019-04-16 23:16:44.372 UTC
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display NSX Intelligence flows configuration.
Example
> get intelligence flows config
NSX Intelligence Host Flows Configuration
----------------------------------------------------------------------
Enabled Max Active Max Nonactive Interval(min) Long Lived(min)
True 100 100 10 5
V4 Private IP count: 0
V4 Private CIDR count: 3
1. ip 10.0.0.0/8
2. ip 172.16.0.0/12
3. ip 192.168.0.0/16
V6 Private IP count: 0
V6 Private CIDR count: 2
1. ip fc00::/7
2. ip fe80::/10
Mode
Basic
Availability
ESXi
Display NSX Intelligence flows aggregation mask.
Example
>get intelligence flows mask
NSX Intelligence Host Flows Aggregation Masks
------------------------------------------------------------
1. Source IP
2. Destination IP
3. Protocol
4. Destination Port
5. Direction
6. Rule ID
7. SID and Hash
Mode
Basic
Availability
ESXi
Display NSX Intelligence flows statistics.
Example
>get intelligence flows stats
NSX Intelligence Host Flows Statistics
-----------------------------------------------------------------
Topic Items Sent Msgs Sent Bytes Sent
raw_flow 18 9 2955
demo-kifstats-topic 0 0 0
Mode
Basic
Availability
ESXi
Display NSX Intelligence flows acknowledgement statistics.
Example
>get intelligence flows stats ack
NSX Intelligence Host Flows Acknowledgement Statistics
------------------------------------------------------------
Total Sent Total Ack'ed
9 9
Mode
Basic
Availability
ESXi
Display information about the specified network interface.
| Option | Description |
|---|---|
| <interface-name> | Network interface argument |
Example
nsx> get interface eth0
Interface: eth0
Address: 192.168.110.108/24
MAC address: 00:50:56:8e:13:51
MTU: 1500
Default gateway: 192.168.110.1
Broadcast address: 192.168.110.255
Link status: up
Admin status: up
RX packets: 1634378
RX bytes: 333335650
RX errors: 0
RX dropped: 276
TX packets: 1441590
TX bytes: 286624283
TX errors: 0
TX dropped: 0
TX collisions: 0
Mode
Basic
Availability
Controller, Manager, Policy Manager
Display information about the specified network interface.
| Option | Description |
|---|---|
| <interface-name> | Network interface argument |
Example
nsx-edge> get interface eth0
Interface: eth0
Address: 192.168.110.111/24
MAC address: 00:50:56:8e:e8:2e
MTU: 1500
Default gateway: 192.168.110.1
Broadcast address: 0.0.0.0
Link status: up
Admin status: up
RX packets: 66493
RX bytes: 12712191
RX errors: 0
RX dropped: 0
TX packets: 58436
TX bytes: 15051574
TX errors: 0
TX dropped: 0
TX collisions: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display interface information for the logical router in the VRF context.
Example
nsx-edge-1(vrf)> get interfaces
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL
interfaces
interface : 9fd3c667-32db-5921-aaad-7a88c80b5e9f
ifuid : 258
mode : blackhole
interface : 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
ifuid : 261
mode : lif
IP/Mask : 142.134.61.36/24
MAC : 00:0c:29:5a:96:2b
VLAN id : untagged
LS port : 238d7422-e488-5cee-9639-1894b8ab56e2
urpf-mode : NONE
admin : up
op_state : up
MTU : 1600
interface : f322c6ca-4298-568b-81c7-a006ba6e6c88
ifuid : 257
mode : cpu
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display information about all network interfaces.
Example
nsx-edge> get interfaces
Interface: eth0
Address: 192.168.110.111/24
MAC address: 00:50:56:8e:e8:2e
MTU: 1500
Default gateway: 192.168.110.1
Broadcast address: 0.0.0.0
Link status: up
Admin status: up
RX packets: 66307
RX bytes: 12698263
RX errors: 0
RX dropped: 0
TX packets: 58340
TX bytes: 15041724
TX errors: 0
TX dropped: 0
TX collisions: 0
Interface: lo
Address: 127.0.0.1/8
MTU: 65536
Link status: up
Admin status: up
RX packets: 221628
RX bytes: 54868485
RX errors: 0
RX dropped: 0
TX packets: 221628
TX bytes: 54868485
TX errors: 0
TX dropped: 0
TX collisions: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all network interfaces.
Example
nsx> get interfaces
Interface: eth0
Address: 192.168.110.108/24
MAC address: 00:50:56:8e:13:51
MTU: 1500
Default gateway: 192.168.110.1
Broadcast address: 192.168.110.255
Link status: up
Admin status: up
RX packets: 1636181
RX bytes: 333661267
RX errors: 0
RX dropped: 276
TX packets: 1443225
TX bytes: 286925131
TX errors: 0
TX dropped: 0
TX collisions: 0
Interface: lo
Address: 127.0.0.1/8
MTU: 65536
Link status: up
Admin status: up
RX packets: 10410417
RX bytes: 2281216307
RX errors: 0
RX dropped: 0
TX packets: 10410417
TX bytes: 2281216307
TX errors: 0
TX dropped: 0
TX collisions: 0
Mode
Basic
Availability
Controller, Manager, Policy Manager
Display the interface statistics for the logical router in the VRF context.
Example
nsx-edge-1(tier0_sr)> get interfaces stats
Logical Router
UUID : e9d3379d-aba7-4459-9262-18bc95eaeec1
VRF : 1
LR-ID : 1
name : R2
type : SERVICE_ROUTER_TIER0
Statistics
Interface Type RX PKTS TX PKTS RX BYTES TX BYTES RX Drops TX Drops
b83cb77f-ca34-595c-a3e1-76278f0dcb00 blackhole 0 0 0 0 0 0
4b115e5f-1395-54c3-aaf0-0de5736f99df cpu 8 0 648 0 8 0
6c427841-e151-4479-9184-4196cfcef3b6 lif 5601 11 1915542 462 5601 0
081e2e50-2f0e-42e1-8764-80a127dd3918 lif 0 0 0 0 0 0
00003300-0000-0000-0000-000000000002 loopback 8 0 648 0 8 0
Total 5617 11 1916838 462 5617 0
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display discovered bindings.
Example
kvm-1> get ip-discovery bindings
IP Discovery Bindings
--------------------------------------------------------------------------------------------------------------------------------------------
Logical Port Discovery Type IP MAC VLAN Expires In Sec
d722c9c8-cd9d-4218-91c0-2728ced19d74 ND_Snooping 5000::10 ca:2c:ff:ec:3c:87 0 403
d722c9c8-cd9d-4218-91c0-2728ced19d74 ND_Snooping fe80::c82c:ffff:feec:3c87 ca:2c:ff:ec:3c:87 0 413
d722c9c8-cd9d-4218-91c0-2728ced19d74 ARP_Snooping 172.16.1.10 ca:2c:ff:ec:3c:87 0 153
Mode
Basic
Availability
KVM
Display ip discovery bindings for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery bindings nsxvswitch nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
IP Discovery Bindings
----------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires in sec
ARP Snooping 192.168.1.10 00:50:56:a9:fb:f1 0 599
Mode
Basic
Availability
ESXi
Display ipv4 discovery bindings for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery bindings nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473 ipv4
IP Discovery Bindings
----------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires in sec
ARP Snooping 192.168.1.10 00:50:56:a9:fb:f1 0 599
Mode
Basic
Availability
ESXi
Display ipv6 discovery bindings for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery bindings nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473 ipv6
IP Discovery Bindings
----------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires in sec
ARP Snooping 2000::1 00:50:56:a9:fb:f1 0 599
Mode
Basic
Availability
ESXi
Display discovered bindings for a given logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get ip-discovery bindings d722c9c8-cd9d-4218-91c0-2728ced19d74
IP Discovery Bindings
--------------------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires In Sec
ND_Snooping 5000::10 ca:2c:ff:ec:3c:87 0 598
ARP_Snooping 172.16.1.10 ca:2c:ff:ec:3c:87 0 600
ND_Snooping fe80::c82c:ffff:feec:3c87 ca:2c:ff:ec:3c:87 0 598
Mode
Basic
Availability
KVM
Display discovered bindings for a given logical port and type.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
| <ip-version> | Internet Protocol Version (IPV4 or IPV6) Allowed values: ipv4, ipv6 |
Example
kvm-1> get ip-discovery bindings d722c9c8-cd9d-4218-91c0-2728ced19d74 ipv4
IP Discovery Bindings
--------------------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires In Sec
ARP_Snooping 172.16.1.10 ca:2c:ff:ec:3c:87 0 600
kvm-1> get ip-discovery bindings d722c9c8-cd9d-4218-91c0-2728ced19d74 ipv6
IP Discovery Bindings
--------------------------------------------------------------------------------------------------------------
Discovery Type IP MAC VLAN Expires In Sec
ND_Snooping 5000::10 ca:2c:ff:ec:3c:87 0 598
Mode
Basic
Availability
KVM
Display ip-discovery profile for all logical ports.
Example
kvm-1> get ip-discovery config
IP Discovery Config
---------------------------------------------------------------------------
Logical Port : d722c9c8-cd9d-4218-91c0-2728ced19d74
ARP Snooping : Enabled
DHCPV4 Snooping : Enabled
ND Snooping : Disabled
DHCPV6 Snooping : Disabled
ARP/ND Expiry Timeout : 10 min
Logical Port : 0fe4864f-b2d9-4a91-af8b-9b92593f548e
ARP Snooping : Enabled
DHCPV4 Snooping : Enabled
ND Snooping : Disabled
DHCPV6 Snooping : Disabled
ARP/ND Expiry Timeout : 10 min
Mode
Basic
Availability
KVM
Display IP discovery config for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery config nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
IP Discovery Config
---------------------------------------------------------------------------
ARP Snooping : Enabled
DHCPV4 Snooping : Enabled
ND Snooping : Enabled
DHCPV6 snooping : Enabled
ARP/ND Expiry Timeout : 600
Mode
Basic
Availability
ESXi
Display ip-discovery config for a given logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get ip-discovery config 2339fe58-b71f-42d3-ae67-41957cbb18da
IP Discovery Config
---------------------------------------------------------------------------
ARP Snooping : Enabled
DHCPV4 Snooping : Enabled
ND Snooping : Disabled
DHCPV6 Snooping : Disabled
ARP/ND Expiry Timeout : 10 min
Mode
Basic
Availability
KVM
Display ignore bindings list.
Example
kvm-1> get ip-discovery ignore-list
IP Discovery Ignore List
--------------------------------------------------------------------------------------------------------------
LogicalPort IP MAC VLAN
2339fe58-b71f-42d3-ae67-41957cbb18da 6000::254 00:23:20:05:5f:5d 0
2339fe58-b71f-42d3-ae67-41957cbb18da 192.168.37.143 00:23:20:05:5f:5d 0
2339fe58-b71f-42d3-ae67-41957cbb18da 192.168.37.150 00:23:20:05:5f:5d 0
Mode
Basic
Availability
KVM
Display ip discovery ignore list for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery ignore-list nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
IP Discovery Ignore List
------------------------------------------------------------------------------------------------------------------------
Mode
Basic
Availability
ESXi
Display ignore bindings list for a given logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get ip-discovery ignore-list 2339fe58-b71f-42d3-ae67-41957cbb18da
IP Discovery Ignore List
---------------------------------------------------------------------------
IP MAC VLAN
6000::254 00:23:20:05:5f:5d 0
192.168.37.143 00:23:20:05:5f:5d 0
192.168.37.150 00:23:20:05:5f:5d 0
Mode
Basic
Availability
KVM
Display ignore bindings list for a given logical port and type.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
| <ip-version> | Internet Protocol Version (IPV4 or IPV6) Allowed values: ipv4, ipv6 |
Example
kvm-1> get ip-discovery ignore-list 2339fe58-b71f-42d3-ae67-41957cbb18da ipv6
IP Discovery Ignore List
---------------------------------------------------------------------------
IP MAC VLAN
6000::254 00:23:20:05:5f:5d 0
Mode
Basic
Availability
KVM
Display ip-discovery ignore list stats for all logical ports.
Example
kvm-1> get ip-discovery ignore-list stats
IP Discovery Ignore List Stats
------------------------------------------------------------------------------------------
LogicalPort V4 Ignore Count V6 Ignore Count
2339fe58-b71f-42d3-ae67-41957cbb18da 0 0
Mode
Basic
Availability
KVM
Display ip discovery ignore list stats for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery ignore-list stats nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
IP Discovery Ignorelist Stats
------------------------------------------------------------------------------------------------------------------------
V4 Ignore Count : 0
V6 Ignore Count : 0
Mode
Basic
Availability
ESXi
Display ip-discovery ignore list stats for a given logical ports.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get ip-discovery ignore-list stats 2339fe58-b71f-42d3-ae67-41957cbb18da
IP Discovery Ignore List Stats
--------------------------------------------------
V4 Ignore Count V6 Ignore Count
0 0
Mode
Basic
Availability
KVM
Display ip-discovery stats for all logical ports.
Example
kvm-1> get ip-discovery stats
IP Discovery Stats
---------------------------------------------------------------------------
Logical Port : 2339fe58-b71f-42d3-ae67-41957cbb18da
MAX ARP Entries : 3
Total Active ARP Entries : 0
Total Expired ARP Entries : 3
MAX DHCPV4 Entries : 128
Total DHCPV4 Entries : 0
MAX Pending DHCPV4 Reqs : 128
Total Pending DHCPV4 Reqs : 0
MAX ND Entries : 3
Total Active ND Entries : 0
Total Expired ND Entries : 0
MAX DHCPV6 Entries : 15
Total DHCPV6 Entries : 0
MAX Pending DHCPV6 Reqs : 15
Total Pending DHCPV6 Reqs : 0
Mode
Basic
Availability
KVM
Display ip discovery stats for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get ip-discovery stats nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
IP Discovery Stats
------------------------------------------------------------------------------------------------------------------------
MAX ARP Entries : 256
Total Active ARP Entries : 0
Total Expired ARP Entries : 0
MAX DHCPV4 Entries : 128
Total DHCPV4 Entries : 0
MAX Pending DHCPV4 Reqs : 128
Total Pending DHCPV4 Reqs : 0
MAX ND Entries : 30
Total Active ND Entries : 0
Total Expired ND Entries : 0
MAX DHCPV6 Entries : 15
Total DHCPV6 Entries : 0
MAX Pending DHCPV6 Reqs : 15
Total Pending DHCPV6 Reqs : 0
Mode
Basic
Availability
ESXi
Display ip-discovery profile for a given logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get ip-discovery stats 2339fe58-b71f-42d3-ae67-41957cbb18da
IP Discovery Stats
---------------------------------------------------------------------------
MAX ARP Entries : 3
Total Active ARP Entries : 0
Total Expired ARP Entries : 3
MAX DHCPV4 Entries : 128
Total DHCPV4 Entries : 0
MAX Pending DHCPV4 Reqs : 128
Total Pending DHCPV4 Reqs : 0
MAX ND Entries : 3
Total Active ND Entries : 0
Total Expired ND Entries : 0
MAX DHCPV6 Entries : 15
Total DHCPV6 Entries : 0
MAX Pending DHCPV6 Reqs : 15
Total Pending DHCPV6 Reqs : 0
Mode
Basic
Availability
KVM
Display full information from a specific CA Certificate
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn ca-certificate 77d3d1fb-82f9-4805-b7db-848465304001
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Certificate:
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Subject Name from all CA Certificates.
Example
nsx-edge-1>get ipsecvpn ca-certificates
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Subject :
UUID : 77d3d1fb-82f9-4805-b7db-848465304002
Subject :
UUID : 77d3d1fb-82f9-4805-b7db-848465304003
Subject :
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display full information from all CA Certificates.
Example
nsx-edge-1>get ipsecvpn ca-certificates verbose
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Certificate:
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Certificate:
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Certificate:
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display complete information from a specific Certifiate.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn certificate 77d3d1fb-82f9-4805-b7db-848465304000
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Certificate:
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Subject Names from all Certificates.
Example
nsx-edge-1> get ipsecvpn certificates
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Subject : C=IN, ST=Maharashtra, O=VMware, OU=NSBU, CN=left
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display complete information from all Certificates.
Example
nsx-edge-1> get ipsecvpn certificates verbose
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured Dead Peer Detection profiles.
Example
nsx-edge-1> get ipsecvpn config dpd-profile
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 200 sec
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configured Dead Peer Detection profile.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config dpd-profile 78b17d39-22ad-47bb-a23d-bea7dc13bc44
Enabled : True
DPD Probe Interval : 200 sec
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured IKE profiles.
Example
nsx-edge-1> get ipsecvpn config ike-profile
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 200 sec
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configured IKE profile.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config ike-profile 00000000-0000-0001-0000-000000000002
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 200 sec
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured IPSec local endpoint profiles.
Example
nsx-edge-1> get ipsecvpn config local-endpoint
UUID : 00000000-0000-0001-0000-000000000004
Local Address :
Ipv4 : 10.112.202.147
Local ID : local_edp_1
Local ID Type : IPSEC_IP_ADDR_TYPE
Certificate Authority :
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
UUID : 77d3d1fb-82f9-4805-b7db-848465304002
UUID : 77d3d1fb-82f9-4805-b7db-848465304003
Certificate :
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Certificate Revocation List ID :
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configured IPSec local endpoint profile.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config local endpoint 78b17d39-22ad-47bb-a0da-792f7e89bc47
Local Address :
Ipv4 : 10.112.202.147
Local ID : local_edp_1
Local ID Type : IPSEC_IP_ADDR_TYPE
Certificate Authority :
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
UUID : 77d3d1fb-82f9-4805-b7db-848465304002
UUID : 77d3d1fb-82f9-4805-b7db-848465304003
Certificate :
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Certificate Revocation List ID :
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all CA-Certificates for a specific IPsec Local Endpoint.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config local-endpoint 78b17d39-22ad-47bb-a0da-7922f7e89bc47 ca-certificates
UUID : 77d3d1fb-82f9-4805-b7db-848465304001
Certificate:
UUID : 77d3d1fb-82f9-4805-b7db-848465304002
Certificate:
UUID : 77d3d1fb-82f9-4805-b7db-848465304003
Certificate:
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Certificate for a specific IPsec Local Endpoint.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config local-endpoint 78b17d39-22ad-47bb-a0da-792f7e89bc47 certificate
UUID : 77d3d1fb-82f9-4805-b7db-848465304000
Certificate:
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all CRLs for a specific IPsec Local Endpoint.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config local-endpoint 78b17d39-22ad-47bb-a0da-7922f7e89bc47 crls
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Certificate Revocation List (CRL):
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured IPSec peer endpoint profiles.
Example
nsx-edge-1> get ipsecvpn config peer-endpoint
UUID : 00000000-0000-0001-0000-000000000005
Auth Mode : AUTH_MODE_PSK
DPD Profile :
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 200 sec
IKE Profile :
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 200 sec
IKE Role : INITIATOR
Ipsec Tunnel Profile :
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : True
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Peer Address : 10.112.202.167
Peer ID : peer_edp_1
Peer ID Type : IPSEC_IP_ADDR_TYPE
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configured IPSec peer endpoint profile.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config peer-endpoint 78b17d39-22ad-47bc-a0da-792f7e89bc46
Auth Mode : AUTH_MODE_PSK
DPD Profile :
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 200 sec
IKE Profile :
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 200 sec
IKE Role : INITIATOR
Ipsec Tunnel Profile :
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : True
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Peer Address : 10.112.202.167
Peer ID : peer_edp_1
Peer ID Type : IPSEC_IP_ADDR_TYPE
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec Servicce configuration from NestDB.
Example
nsx-edge-1> get ipsecvpn config service
UUID : acaba146-31f7-4b35-bc19-f3055ea93db0
Enable : True
IKE LOG Level : LOG_LEVEL_INFO
IKE Rule Section ID : 00003500-0000-0000-0000-000000000004
SR Cluster ID : 00002000-0000-0000-0000-000000000004
UUID : 3bfc5972-1cb7-43cf-a646-529473981971
Enable : True
IKE LOG Level : LOG_LEVEL_INFO
IKE Rule Section ID : 00003500-0000-0000-0000-000000000001
SR Cluster ID : 00002000-0000-0000-0000-000000000001
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured IPSec VPN sessions.
Example
nsx-edge-1> get ipsecvpn config session
UUID : 00000000-0000-0000-0000-00000000000a
Enabled : True
IKE Session ID : 2
Local Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000004
Local Address :
Ipv4 : 10.109.24.20
Local ID : 174921748
Local ID Type : IPSEC_IP_ADDR_TYPE
Peer Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000005
Auth Mode : AUTH_MODE_PSK
DPD Profile :
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 600 sec
IKE Profile :
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
IKE Version : 3
DH Group : DH_GROUP_5
SA Expiry Time : 1000 sec
IKE Role : INITIATOR
Ipsec Tunnel Profile :
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : False
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Peer Address : 10.109.24.22
Peer ID : 10.109.24.22
Peer ID Type : IPSEC_IP_ADDR_TYPE
Policy :
UUID : 00000000-0000-0000-0000-00000000000b
Action : VPN_ACTION_PROTECT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
IKE Rulefrom ID : 2
IKE Ruleto ID : 1
Local Subnet : 192.168.2.0/24
Peer Subnet : 172.16.2.0/24
Priority : 10
TCP MSS Direction : TCP_MSS_ADJUST_BOTH
TCP MSS Value : 1350
Type : POLICY_BASED_SESSION
VPN Service Profile :
UUID : 00000000-0000-0001-0000-000000000007
Enable : True
IKE State File Encryption PWD : XXXX
SR Clustur ID : 00000000-0000-0001-0000-000000000006
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a configured IPSec VPN session.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config session 00000000-0000-0000-0000-00000000000a
Enabled : True
IKE Session ID : 2
Local Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000004
Local Address :
Ipv4 : 10.109.24.20
Local ID : 174921748
Local ID Type : IPSEC_IP_ADDR_TYPE
Peer Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000005
Auth Mode : AUTH_MODE_PSK
DPD Profile :
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 600 sec
IKE Profile :
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
IKE Version : 3
DH Group : DH_GROUP_5
SA Expiry Time : 1000 sec
IKE Role : INITIATOR
Ipsec Tunnel Profile :
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : False
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Peer Address : 10.109.24.22
Peer ID : 10.109.24.22
Peer ID Type : IPSEC_IP_ADDR_TYPE
Policy :
UUID : 00000000-0000-0000-0000-00000000000b
Action : VPN_ACTION_PROTECT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
IKE Rulefrom ID : 2
IKE Ruleto ID : 1
Local Subnet : 192.168.2.0/24
Peer Subnet : 172.16.2.0/24
Priority : 10
TCP MSS Direction : TCP_MSS_ADJUST_BOTH
TCP MSS Value : 1350
Type : POLICY_BASED_SESSION
VPN Service Profile :
UUID : 00000000-0000-0001-0000-000000000007
Enable : True
IKE State File Encryption PWD : XXXX
SR Clustur ID : 00000000-0000-0001-0000-000000000006
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a configured IPSec VPN session with specific endpoints.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn config session local-ip 10.109.24.20 remote-ip 10.109.24.20
UUID : 00000000-0000-0000-0000-00000000000a
Enabled : True
IKE Session ID : 2
Local Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000004
Local Address :
Ipv4 : 10.109.24.20
Local ID : 174921748
Local ID Type : IPSEC_IP_ADDR_TYPE
Peer Endpoint Profile :
UUID : 00000000-0000-0000-0000-000000000005
Auth Mode : AUTH_MODE_PSK
DPD Profile :
UUID : 00000000-0000-0001-0000-000000000001
Enabled : True
DPD Probe Interval : 600 sec
IKE Profile :
UUID : 00000000-0000-0001-0000-000000000002
Authentication Algorithm : AUTH_HMAC_SHA1
Encryption Algorithm : ENCR_AES_128_CBC
IKE Version : 3
DH Group : DH_GROUP_5
SA Expiry Time : 1000 sec
IKE Role : INITIATOR
Ipsec Tunnel Profile :
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : False
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Peer Address : 10.109.24.22
Peer ID : 10.109.24.22
Peer ID Type : IPSEC_IP_ADDR_TYPE
Policy :
UUID : 00000000-0000-0000-0000-00000000000b
Action : VPN_ACTION_PROTECT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
IKE Rulefrom ID : 2
IKE Ruleto ID : 1
Local Subnet : 192.168.2.0/24
Peer Subnet : 172.16.2.0/24
Priority : 10
TCP MSS Direction : TCP_MSS_ADJUST_BOTH
TCP MSS Value : 1350
Type : POLICY_BASED_SESSION
VPN Service Profile :
UUID : 00000000-0000-0001-0000-000000000007
Enable : True
IKE State File Encryption PWD : XXXX
SR Clustur ID : 00000000-0000-0001-0000-000000000006
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all configured IPsec tunnel profiles.
Example
nsx-edge-1> get ipsecvpn config tunnel-profile
UUID : 00000000-0000-0001-0000-000000000003
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : True
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configured IPSec tunnel profile.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn config tunnel-profile 78b17d39-22ad-47bb-a0da-792f7e89bc58
AH Transport Protocol Enabled : False
Authentication Algorithm : AUTH_HMAC_SHA1
DF Policy : DF_COPY
Disable Anti Replay : True
Enable ESN : True
Encryption Algorithm : ENCR_AES_128_CBC
SA Expiry Time : 1200 sec
Transport Mode : False
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display complete information from a specific CRL certificate.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn crl d812f9e9-f047-4eb7-876b-3e3b88332c10
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Certificate Revocation List (CRL):
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Issuer Name from all CRL certificates.
Example
nsx-edge-1> get ipsecvpn crls
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Issuer :
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display complete information from all CRL certificates.
Example
nsx-edge-1> get ipsecvpn crls verbose
UUID : d812f9e9-f047-4eb7-876b-3e3b88332c10
Certificate Revocation List (CRL):
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE SAs.
Example
nsx-edge-1> get ipsecvpn ikesa
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 8
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Initiator
Number of Child SA Pairs : 1
Created Timestamp : 2017-12-21 07:34:58
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.109.24.20
Remote : 10.109.24.22
Identity:
Local : 10.109.24.20 (ipv4)
Remote : 10.109.24.22 (ipv4)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
--------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IKE SA.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa 2
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Responder
Number of Child SA Pairs : 1
Created Timestamp : 2017-12-27 20:49:52
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.109.24.20
Remote : 10.109.24.22
Identity:
Local : 10.109.24.20 (ipv4)
Remote : 10.109.24.22 (ipv4)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE security associations in active state.
Example
nsx-edge-1> get ipsecvpn ikesa active
Total Number of Active IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Initiator
Number of Child SA Pairs : 2
Created Timestamp : 2017-09-25 03:02:45
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : a@ipsecvpn.com (email)
Remote : b@ipsecvpn.com (email)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IKE security association in active state.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa active 3
Total Number of Active IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 3
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Initiator
Number of Child SA Pairs : 2
Created Timestamp : 2017-09-25 03:02:45
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : a@ipsecvpn.com (email)
Remote : b@ipsecvpn.com (email)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE security associations in active state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn ikesa active logical-router d88806dc-0a12-41a5-ab18-fce703027b35
Total Number of Active IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 2
Session Name : Tunnel-7acc1289-abd44ebf-84fcdf8a-1e541514
Session Type : Policy Based
IKE SPI Initiator : 0x91fb9d4b6d5572e9
IKE SPI Responder : 0x343ca26af10c7513
Role : Initiator
Number of Child SA Pairs : 1
Created Timestamp : 2019-03-19 10:56:05
IKE SA Uptime : 22852 sec
IKE SA Lifetime : 86400 sec
DPD Probe Interval : 60 sec
IP Address:
Local : 192.168.128.1
Remote : 1.1.5.100
Identity:
Local : 192.168.128.1 (ipv4)
Remote : 1.1.5.100 (ipv4)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IKE security association in active state on given Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa active logical-router 3
Total Number of Active IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 3
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Initiator
Number of Child SA Pairs : 2
Created Timestamp : 2017-09-25 03:02:45
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : a@ipsecvpn.com (email)
Remote : b@ipsecvpn.com (email)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE SAs on given Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn ikesa logical-router
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 8
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Initiator
Number of Child SA Pairs : 1
Created Timestamp : 2017-12-21 07:34:58
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.109.24.20
Remote : 10.109.24.22
Identity:
Local : 10.109.24.20 (ipv4)
Remote : 10.109.24.22 (ipv4)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
--------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IKE SA on given Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa 2
Total Number of IKE SAs: 1
IKE Version : IKEv2
IKE Status : Up
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x33bbea1267703b12
Role : Responder
Number of Child SA Pairs : 1
Created Timestamp : 2017-12-27 20:49:52
IKE SA Uptime : 163 sec
IKE SA Lifetime : 1000 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.109.24.20
Remote : 10.109.24.22
Identity:
Local : 10.109.24.20 (ipv4)
Remote : 10.109.24.22 (ipv4)
Algorithm:
Encryption : aes128-cbc
Authentication : hmac-sha1-96
PRF : hmac-sha1
DH Group : 14
Authentication Method : Pre-shared key
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE security associations in negotiating state.
Example
nsx-edge-1> get ipsecvpn ikesa negotiating
Total Number of Negotiating IKE SAs: 1
IKE Version : IKEv2
IKE Status : Negotiating (SSH_IKEV2_STATE_IKE_INIT_SA)
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x0
Role : Initiator
Number of Child SA Pairs : 2
IKE SA Lifetime : 0 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : Negotiating
Remote : Negotiating
Algorithm:
Encryption : Negotiating
Authentication : Negotiating
PRF : Negotiating
DH Group : Negotiating
Authentication Method : Negotiating
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IKE security association in negotiating state.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa negotiating 2
Total Number of Negotiating IKE SAs: 1
IKE Version : IKEv2
IKE Status : Negotiating (SSH_IKEV2_STATE_IKE_INIT_SA)
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x0
Role : Initiator
Number of Child SA Pairs : 2
IKE SA Lifetime : 0 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : Negotiating
Remote : Negotiating
Algorithm:
Encryption : Negotiating
Authentication : Negotiating
PRF : Negotiating
DH Group : Negotiating
Authentication Method : Negotiating
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IKE security associations in negotiating state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn ikesa negotiating logical-router 2ea7f52f-11db-4bca-9a8a-4775467806b7
Total Number of Negotiating IKE SAs: 1
IKE Version : IKEv2
IKE Status : Negotiating (IKEV2_STATE_IKE_INIT_SA)
IKE Session ID : 3
Session Name : Tunnel-61fbc9f7-f3134f29-82a0d8a3-58118369
Session Type : Policy Based
IKE SPI Initiator : 0x81c8fe04f0e7040b
IKE SPI Responder : 0x0000000000000000
Role : Initiator
Number of Child SA Pairs : 0
IKE SA Lifetime : 0 sec
DPD Probe Interval : 60 sec
IP Address:
Local : 5.5.5.5
Remote : 1.1.5.1
Identity:
Local : Negotiating
Remote : Negotiating
Algorithm:
Encryption : Negotiating
Authentication : Negotiating
PRF : Negotiating
DH Group : Negotiating
Authentication Method : Negotiating
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IKE security association in negotiating state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ikesa negotiating logical-router 2
Total Number of Negotiating IKE SAs: 1
IKE Version : IKEv2
IKE Status : Negotiating (SSH_IKEV2_STATE_IKE_INIT_SA)
IKE Session ID : 2
Session Name : Tunnel-62791cf0-7a541cb-915a6e5d-b6ed32f6
Session Type : Policy Based
IKE SPI Initiator : 0x0c6a7a809f4a6e2f
IKE SPI Responder : 0x0
Role : Initiator
Number of Child SA Pairs : 2
IKE SA Lifetime : 0 sec
DPD Probe Interval : 600 sec
IP Address:
Local : 10.112.202.147
Remote : 10.112.200.243
Identity:
Local : Negotiating
Remote : Negotiating
Algorithm:
Encryption : Negotiating
Authentication : Negotiating
PRF : Negotiating
DH Group : Negotiating
Authentication Method : Negotiating
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec SAs from control plane.
Example
nsx-edge-1> get ipsecvpn ipsecsa
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec SAs from control plane.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn ipsecsa logical-router d88806dc-0a12-41a5-ab18-fce703027b35
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec SA with specific rule id from control plane.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <rule-id> | Rule ID |
Example
nsx-edge-1> get ipsecvpn ipsecsa ruleid 22
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec SA with specific session id from control plane.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ipsecsa logical-router sessionid 2
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec SA with specific rule id from control plane.
| Option | Description |
|---|---|
| <rule-id> | Rule ID |
Example
nsx-edge-1> get ipsecvpn ipsecsa ruleid 22
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec SA with specific session id from control plane.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn ipsecsa sessionid 2
Total Number of IPSec SA Pairs: 1
Session ID : 2
Created Timestamp : 2018-04-10 03:58:33
Local TS : ipv4(192.168.2.0-192.168.2.255)
Remote TS : ipv4(172.16.2.0-172.16.2.255)
SPI In : 0xd03e65b0 SPI Out : 0xcbebe1e9
Rule ID In : 22 Rule ID Out : 2147483670
SA Uptime : 184 sec SA Lifetime : 1200 sec
Local Endpoint : 10.0.0.1 Remote Endpoint: 10.1.0.1
Algorithm: aes128-cbc/hmac-sha1-96/14
NAT-T: False, ESN: False, DF-Policy: Copy
Anti-Replay Window Size: 960, Role: Initiator
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec policy rule for a LogicalRouter.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
UUID : 00003400-0000-0402-8000-040300000000
LOG Router ID : d88806dc-0a12-41a5-ab18-fce703027b35
Rule :
ID : 2147484675
Action : RA_ENCRYPT
Applied TO :
Container : 00001000-0000-0000-0000-000000000001
Component Name : CN_IKE
Direction : RD_IN
From Address :
IP Address :
Ipv4 : 2.2.5.0
Prefix Length : 24
IS Stateful : True
Keypolicy ID : 00003400-0000-0402-0000-040300000000
Lbrule : False
Priority : 100
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00003500-0000-0000-0000-000000000001
TAG : ipsec
TO Address :
IP Address :
Ipv4 : 192.168.100.0
Prefix Length : 24
Type : RT_LAYER3
Uuid : 00003400-0000-0402-8000-040300000000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN policy rules.
Example
nsx-edge-1> get ipsecvpn policy rules
UUID : 00000000-0000-0000-0000-00000000000c
Rule :
ID : 1
Action : RA_ENCRYPT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
Component Name : CN_IKE
Direction : RD_OUT
From Address :
IP Address :
Ipv4 : 10.109.24.20
Prefix Length : 32
IS Stateful : True
Keypolicy ID : 00000000-0000-0000-0000-00000000000b
Lbrule : False
Priority : 10
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00000000-0000-0003-0000-000000000005
TAG : ipsec
TO Address :
IP Address :
Ipv4 : 10.109.24.22
Prefix Length : 32
Type : RT_LAYER3
Uuid : 00000000-0000-0000-0000-00000000000c
UUID : 00000000-0000-0000-0000-00000000000d
Rule :
ID : 1
Action : RA_ENCRYPT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
Component Name : CN_IKE
Direction : RD_IN
From Address :
IP Address :
Ipv4 : 10.109.24.22
Prefix Length : 32
IS Stateful : True
Keypolicy ID : 00000000-0000-0000-0000-00000000000b
Lbrule : False
Priority : 10
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00000000-0000-0003-0000-000000000005
TAG : ipsec
TO Address :
IP Address :
Ipv4 : 10.109.24.20
Prefix Length : 32
Type : RT_LAYER3
Uuid : 00000000-0000-0000-0000-00000000000d
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec policy rule.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn policy rules 00000000-0000-0000-0000-00000000000c
Rule :
ID : 1
Action : RA_ENCRYPT
Applied TO :
Logical Router Port : 00000000-0000-0000-0000-00000000000c
Component Name : CN_IKE
Direction : RD_OUT
From Address :
IP Address :
Ipv4 : 10.109.24.20
Prefix Length : 32
IS Stateful : True
Keypolicy ID : 00000000-0000-0000-0000-00000000000b
Lbrule : False
Priority : 10
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00000000-0000-0003-0000-000000000005
TAG : ipsec
TO Address :
IP Address :
Ipv4 : 10.109.24.22
Prefix Length : 32
Type : RT_LAYER3
Uuid : 00000000-0000-0000-0000-00000000000c
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN policy rules for a LogicalRouter.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn policy rules logical-router
UUID : 00003400-0000-0402-0000-040300000000
LOG Router ID : d88806dc-0a12-41a5-ab18-fce703027b35
Rule :
ID : 1027
Action : RA_ENCRYPT
Applied TO :
Container : 00001000-0000-0000-0000-000000000001
Component Name : CN_IKE
Direction : RD_OUT
From Address :
IP Address :
Ipv4 : 192.168.100.0
Prefix Length : 24
IS Stateful : True
Keypolicy ID : 00003400-0000-0402-0000-040300000000
Lbrule : False
Priority : 100
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00003500-0000-0000-0000-000000000001
TAG : ipsec
TO Address :
IP Address :
Ipv4 : 2.2.5.0
Prefix Length : 24
Type : RT_LAYER3
Uuid : 00003400-0000-0402-0000-040300000000
UUID : 00003400-0000-0402-8000-040300000000
LOG Router ID : d88806dc-0a12-41a5-ab18-fce703027b35
Rule :
ID : 2147484675
Action : RA_ENCRYPT
Applied TO :
Container : 00001000-0000-0000-0000-000000000001
Component Name : CN_IKE
Direction : RD_IN
From Address :
IP Address :
Ipv4 : 2.2.5.0
Prefix Length : 24
IS Stateful : True
Keypolicy ID : 00003400-0000-0402-0000-040300000000
Lbrule : False
Priority : 100
Protocol :
DST Ports :
Range :
SRC Ports :
Range :
Section ID : 00003500-0000-0000-0000-000000000001
TAG : ipsec
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display summary of IPSec VPN policy rules.
Example
nsx-edge-1>get ipsecvpn policy summary
IPSec Security Policy count: 4
RuleId Dir Local Subnet Peer Subnet Action UUID
--------------------------------------------------------------------------------------------------------------
1027 Out 192.168.100.0/24 2.2.5.0/24 Encrypt 00003400-0000-0402-0000-040300000000
2147484675 In 2.2.5.0/24 192.168.100.0/24 Encrypt 00003400-0000-0402-8000-040300000000
1032 Out 192.168.100.1/32 2.2.5.1/32 Bypass 00003400-0000-0407-0000-040800000000
2147484680 In 2.2.5.1/32 192.168.100.1/32 Bypass 00003400-0000-0407-8000-040800000000
--------------------------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display summary of IPSec VPN policy rules.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1>get ipsecvpn policy summary
IPSec Security Policy count: 4
RuleId Dir Local Subnet Peer Subnet Action UUID
--------------------------------------------------------------------------------------------------------------
1027 Out 192.168.100.0/24 2.2.5.0/24 Encrypt 00003400-0000-0402-0000-040300000000
2147484675 In 2.2.5.0/24 192.168.100.0/24 Encrypt 00003400-0000-0402-8000-040300000000
1032 Out 192.168.100.1/32 2.2.5.1/32 Bypass 00003400-0000-0407-0000-040800000000
2147484680 In 2.2.5.1/32 192.168.100.1/32 Bypass 00003400-0000-0407-8000-040800000000
--------------------------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec SAs present in Security Association Database(datapath).
Example
nsx-edge-1> get ipsecvpn sad
Total Number of IPSec SAs: 2
Inbound SAs:
Rule ID : 2147484675
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 1
SPI : 0xf835f82a
Created Timestamp : 2018-03-19 10:24:21
SA Uptime : 496 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 1
Sequence Number (Recv) : 1234
Anti-Replay Window Size : 960
TCP MSS Value : 1350
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 1.1.5.100
Destination : 192.168.128.1
Subnets:
Source : 2.2.5.0/24
Destination : 192.168.100.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Outbound SAs:
Rule ID : 1027
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 1
SPI : 0xc3f194fa
Created Timestamp : 2018-03-19 10:24:21
SA Uptime : 496 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 1
Sequence Number (Sent) : 1234
Anti-Replay Window Size : 960
TCP MSS Value : 1350
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 192.168.128.1
Destination : 1.1.5.100
Subnets:
Source : 192.168.100.0/24
Destination : 2.2.5.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec SA present in Security Association Database(datapath).
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn sad 00003400-0000-0402-0000-040300000000
Total Number of IPSec SAs: 2
Inbound SAs:
Rule ID : 2147484675
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 1
SPI : 0xf835f82a
Created Timestamp : 2018-03-19 10:24:21
SA Uptime : 496 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 1
Sequence Number (Recv) : 1234
Anti-Replay Window Size : 960
TCP MSS Value : 1350
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 1.1.5.100
Destination : 192.168.128.1
Subnets:
Source : 2.2.5.0/24
Destination : 192.168.100.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Outbound SAs:
Rule ID : 1027
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 1
SPI : 0xc3f194fa
Created Timestamp : 2018-03-19 10:24:21
SA Uptime : 496 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 1
Sequence Number (Sent) : 1234
Anti-Replay Window Size : 960
TCP MSS Value : 1350
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 192.168.128.1
Destination : 1.1.5.100
Subnets:
Source : 192.168.100.0/24
Destination : 2.2.5.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec SA present in Security Association Database(datapath).
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn sad logical-router d88806dc-0a12-41a5-ab18-fce703027b35
Total Number of IPSec SAs: 2
Inbound SAs:
Rule ID : 2147484675
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 2
SPI : 0x7bbde976
Created Timestamp : 2019-03-19 16:16:12
SA Uptime : 37 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 0
Sequence Number (Recv) : 0
Anti-Replay Window Size : 960
TCP MSS Value : 0
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 1.1.5.100
Destination : 192.168.128.1
Subnets:
Source : 2.2.5.0/24
Destination : 192.168.100.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Outbound SAs:
Rule ID : 1027
Policy UUID : 00003400-0000-0800-0000-080b00000000
VRF ID : 2
SPI : 0xc9813c88
Created Timestamp : 2019-03-19 16:16:12
SA Uptime : 37 sec
SA Lifetime : 3600 sec
NAT-Traversal : False
ESN : False
DF Policy : clear
SA Hit : 0
Sequence Number (Sent) : 0
Anti-Replay Window Size : 960
TCP MSS Value : 0
Traffic Mode : Tunnel
Protocol : ESP
IP Address:
Source : 192.168.128.1
Destination : 1.1.5.100
Subnets:
Source : 192.168.100.0/24
Destination : 2.2.5.0/24
Algorithm:
Encryption : aes-128-cbc
Authentication : sha1-hmac
----------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec Services Information.
Example
nsx-edge-1> get ipsecvpn service
Service ID: 3bfc5972-1cb7-43cf-a646-529473981971
Service State: Not Active Enabled:No Down Reason: VPN service disabled
SR ID : d88806dc-0a12-41a5-ab18-fce703027b35 SR State : Active
----------------------------------------------------------------------
Service ID: acaba146-31f7-4b35-bc19-f3055ea93db0
Service State: Active Enabled: Yes
SR ID : 2ea7f52f-11db-4bca-9a8a-4775467806b7 SR State : Active
----------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec Service Information.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn service
Service ID: acaba146-31f7-4b35-bc19-f3055ea93db0
Service State: Active Enabled: Yes
SR ID : 2ea7f52f-11db-4bca-9a8a-4775467806b7 SR State : Active
----------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec Service Information in detail.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn service verbose
Service ID: acaba146-31f7-4b35-bc19-f3055ea93db0
Service State: Active Enabled: Yes
SR ID : 2ea7f52f-11db-4bca-9a8a-4775467806b7 SR State : Active
Bypass Policies
Policy UUID: 00003400-0000-0404-0000-040500000000
Local Subnet: 192.168.100.5/32 Peer Subnet: 2.2.5.5/32
------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec Service Information in detail.
Example
nsx-edge-1> get ipsecvpn service verbose
Service ID: acaba146-31f7-4b35-bc19-f3055ea93db0
Service State: Active Enabled: Yes
SR ID : 2ea7f52f-11db-4bca-9a8a-4775467806b7 SR State : Active
Bypass Policies
Policy UUID: 00003400-0000-0404-0000-040500000000
Local Subnet: 192.168.100.5/32 Peer Subnet: 2.2.5.5/32
------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions.
Example
nsx-edge-1>get ipsecvpn session
Total Number of Sessions: 3
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 ToRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA down
------------------------------------------------------------------------------------------
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
IKE Session ID : 4
UUID : aa2bcd92-35e0-4c99-a591-19b74c040cfd
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : Cert
Compliance Suite : PRIME
Local IP : 192.168.128.1 Peer IP : 1.1.5.101
Local ID : 192.168.128.1 Peer ID : C=IN, ST=Maharashtra, L=Pune, O=VMware, OU=NSBU, CN=VMwareSite2
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-048e-0000-048f00000000
ToRule ID : 1167 FromRule ID : 2147484815
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.6.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display specific IPSec VPN session.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1>get ipsecvpn session ffc00327-0d7b-4e4d-8676-3eb12c803ed6
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions in active state.
Example
nsx-edge-1> get ipsecvpn session active
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec VPN session in active state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session active ffc00327-0d7b-4e4d-8676-3eb12c803ed6
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session in active state for specific endpoints.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session active local-ip 192.168.128.1 remote-ip 1.1.5.100
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec VPN session in active state.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session active sessionid 2
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPsec VPN sessions in down state.
Example
nsx-edge-1> get ipsecvpn session down
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : No proposal chosen
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in down state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session down 254d755e-e133-4831-89ab-41ef49c2bdc1
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRuleId : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPsec VPN session in down state for specific endpoints.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session down local-ip 192.168.128.1 remote-ip 1.1.5.102
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 Rule ID FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in down state.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session down sessionid 3
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session for specific endpoints.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1>get ipsecvpn session local-ip 192.168.128.1 remote-ip 1.1.5.101
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1>get ipsecvpn session
Total Number of Sessions: 3
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 ToRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA down
------------------------------------------------------------------------------------------
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
IKE Session ID : 4
UUID : aa2bcd92-35e0-4c99-a591-19b74c040cfd
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : Cert
Compliance Suite : PRIME
Local IP : 192.168.128.1 Peer IP : 1.1.5.101
Local ID : 192.168.128.1 Peer ID : C=IN, ST=Maharashtra, L=Pune, O=VMware, OU=NSBU, CN=VMwareSite2
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-048e-0000-048f00000000
ToRule ID : 1167 FromRule ID : 2147484815
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.6.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display specific IPSec VPN session of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1>get ipsecvpn session logical-router ffc00327-0d7b-4e4d-8676-3eb12c803ed6
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in negotiating state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router negotiating 254d755e-e133-4831-89ab-41ef49c2bdc1
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions in active state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router active
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec VPN session in active state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router active ffc00327-0d7b-4e4d-8676-3eb12c803ed6
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session in active state for specific endpoints of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session logical-router active local-ip 192.168.128.1 remote-ip 1.1.5.100
Total Number of Active Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec VPN session in active state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session logical-router active sessionid 2
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPsec VPN sessions in down state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router down
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : No proposal chosen
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in down state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router down 254d755e-e133-4831-89ab-41ef49c2bdc1
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRuleId : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPsec VPN session in down state for specific endpoints of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session logical-router down local-ip 192.168.128.1 remote-ip 1.1.5.102
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 Rule ID FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in down state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session logical-router down sessionid 3
Total Number of Down Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Down Down Reason : Timed out
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session for specific endpoints on Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1>get ipsecvpn session local-ip 192.168.128.1 remote-ip 1.1.5.101
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPsec VPN sessions in negotiating state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session logical-router negotiating
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPsec VPN session in negotiating state for specific endpoints.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session logical-router negotiating local-ip 192.168.128.1 remote-ip 1.1.5.102
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID :2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1>get ipsecvpn session sessionid 2
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session status for a Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session status
VPN Session Status
Total Configured Sessions : 2
Total UP Sessions : 1
Total Down Sessions : 1
Total Negotiating Sessions : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display summary of all IPSec VPN sessions for a Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1>get ipsecvpn session summary
Version SID Compliance Suite Type Auth Status Local IP Peer IP Down Reason
----------------------------------------------------------------------------------------------------------------------------
IKEv2 4 None Policy PSK Down 192.168.128.1 1.1.5.102 Peer not reachable
IKEv1 6 FOUNDATION Policy Cert Up 192.168.128.1 1.1.5.104
----------------------------------------------------------------------------------------------------------------------------
SID: Session ID *: Last Known Failure
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPsec VPN sessions in negotiating state.
Example
nsx-edge-1> get ipsecvpn session negotiating
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in negotiating state.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn session negotiating 254d755e-e133-4831-89ab-41ef49c2bdc1
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPsec VPN session in negotiating state for specific endpoints of Logical Router.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get ipsecvpn session negotiating local-ip 192.168.128.1 remote-ip 1.1.5.102
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1027 FromRule ID :2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in negotiating state of Logical Router.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session negotiating logical-router sessionid 3
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPsec VPN session in negotiating state.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1> get ipsecvpn session negotiating sessionid 3
Total Number of Negotiating Sessions: 1
IKE Session ID : 3
UUID : 254d755e-e133-4831-89ab-41ef49c2bdc1
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.102
Local ID : 192.168.128.1 Peer ID : 1.1.5.102
Session Status : Negotiating Last Known Failure: Peer not reachable
Policy Rules
Policy UUID : 00003400-0000-0404-0000-040500000000
ToRule ID : 1029 FromRule ID : 2147484677
Local Subnet : 192.170.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Down Down Reason : IKE SA Down
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec VPN sessions.
| Option | Description |
|---|---|
| <session-id> | IKE Session ID |
Example
nsx-edge-1>get ipsecvpn session sessionid 2
Total Number of Sessions: 1
IKE Session ID : 2
UUID : ffc00327-0d7b-4e4d-8676-3eb12c803ed6
SR ID : 34d18f5f-a2bf-4dc8-b9fa-dd0ef492aee8
Type : Policy
Auth Mode : PSK
Compliance Suite : NONE
Local IP : 192.168.128.1 Peer IP : 1.1.5.100
Local ID : 192.168.128.1 Peer ID : 1.1.5.100
Session Status : Up
Policy Rules
Policy UUID : 00003400-0000-0402-0000-040300000000
ToRule ID : 1027 FromRule ID : 2147484675
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Tunnel Status : Up
------------------------------------------------------------------------------------------
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec VPN session status.
Example
nsx-edge-1> get ipsecvpn session status
VPN Session Status
Total Configured Sessions : 2
Total UP Sessions : 1
Total Down Sessions : 1
Total Negotiating Sessions : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display summary of all IPSec VPN sessions.
Example
nsx-edge-1>get ipsecvpn session summary
Version SID Compliance Suite Type Auth Status Local IP Peer IP Down Reason
----------------------------------------------------------------------------------------------------------------------------
IKEv2 4 None Policy PSK Down 192.168.128.1 1.1.5.102 Peer not reachable
IKEv2 3 None Policy PSK Down 192.168.128.1 1.1.5.101 No proposal chosen
IKEv1 2 None Policy PSK Negotiating 192.168.128.1 1.1.5.100 Peer not reachable*
IKEv2 5 SUITE_B_GMAC_256 Policy Cert Up 192.168.128.1 1.1.5.103
IKEv1 6 FOUNDATION Policy Cert Up 192.168.128.1 1.1.5.104
----------------------------------------------------------------------------------------------------------------------------
SID: Session ID *: Last Known Failure
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPSec SA tunnel statistics.
Example
nsx-edge-1> get ipsecvpn tunnel stats
Interface UID : 294
Interface UUID : 00003400-0000-0402-0000-040300000000
Policy UUID : 00003400-0000-0402-0000-040300000000
Policy Rule Information
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Outbound Rule ID : 1027 Inbound Rule ID : 2147484675
Action : RA_ENCRYPT
Stats
Rx Pkts : 5 Tx Pkts : 5
Rx Bytes : 420 Tx Bytes : 420
Rx MSS Adjusted : 0 Tx MSS Adjusted : 0
Rx MSS Ignored : 0 Tx MSS Ignored : 0
Rx Drops : 0 Tx Drops : 0
Rx Drop Crypto Failure : 0 Tx Drop Crypto Failure : 0
Rx Drop State Mismatch : 0 Tx Drop State Mismatch : 0
Rx Drop Malformed : 0 Tx Drop Malformed : 0
Rx Drop Proto Not Supported : 0 Tx Drop Proto Not Supported : 0
Rx Drop Replay : 0 Tx Drop Seq Rollover : 0
Rx Drop Inner Malformed : 0 Tx Drop Fragmentation Needed : 0
Rx Drop Policy Nomatch : 0 Rekey Request Failure : 0
Rx Drop Auth Failure : 0
Interface UID : 295
Interface UUID : 00003400-0000-0404-0000-040500000000
Policy UUID : 00003400-0000-0404-0000-040500000000
Policy Rule Information
Local Subnet : 192.168.200.0/24 Peer Subnet : 2.2.6.0/24
Outbound Rule ID : 1031 Inbound Rule ID : 2147484679
Action : RA_ENCRYPT
Stats
Rx Pkts : 0 Tx Pkts : 0
Rx Bytes : 0 Tx Bytes : 0
Rx MSS Adjusted : 0 Tx MSS Adjusted : 0
Rx MSS Ignored : 0 Tx MSS Ignored : 0
Rx Drops : 0 Tx Drops : 0
Rx Drop Crypto Failure : 0 Tx Drop Crypto Failure : 0
Rx Drop State Mismatch : 0 Tx Drop State Mismatch : 0
Rx Drop Malformed : 0 Tx Drop Malformed : 0
Rx Drop Proto Not Supported : 0 Tx Drop Proto Not Supported : 0
Rx Drop Replay : 0 Tx Drop Seq Rollover : 0
Rx Drop Inner Malformed : 0 Tx Drop Fragmentation Needed : 0
Rx Drop Policy Nomatch : 0 Rekey Request Failure : 0
Rx Drop Auth Failure : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPSec SA tunnel statistics.
| Option | Description |
|---|---|
| <keypolicy-id> | Keypolicy ID for the rule Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn tunnel stats 00003400-0000-0402-0000-040300000000
Interface UID : 294
Interface UUID : 00003400-0000-0402-0000-040300000000
Policy UUID : 00003400-0000-0402-0000-040300000000
Policy Rule Information
Local Subnet : 192.168.100.0/24 Peer Subnet : 2.2.5.0/24
Outbound Rule ID : 1027 Inbound Rule ID : 2147484675
Action : RA_ENCRYPT
Stats
Rx Pkts : 5 Tx Pkts : 5
Rx Bytes : 420 Tx Bytes : 420
Rx MSS Adjusted : 0 Tx MSS Adjusted : 0
Rx MSS Ignored : 0 Tx MSS Ignored : 0
Rx Drops : 0 Tx Drops : 0
Rx Drop Crypto Failure : 0 Tx Drop Crypto Failure : 0
Rx Drop State Mismatch : 0 Tx Drop State Mismatch : 0
Rx Drop Malformed : 0 Tx Drop Malformed : 0
Rx Drop Proto Not Supported : 0 Tx Drop Proto Not Supported : 0
Rx Drop Replay : 0 Tx Drop Seq Rollover : 0
Rx Drop Inner Malformed : 0 Tx Drop Fragmentation Needed : 0
Rx Drop Policy Nomatch : 0 Rekey Request Failure : 0
Rx Drop Auth Failure : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays all IPSec VPN Policy Rules.
Example
nsx-edge-1> get ipsecvpn vti rules 00000000-0000-0000-0000-00000000000c
UUID : 00000000-0000-0000-0000-00000000000c
KEY Policyid : 00000000-0000-0000-0000-00000000000b
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display an IPSec VPN VTI rule.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get ipsecvpn vti rules 00000000-0000-0000-0000-00000000000c
KEY Policyid : 00000000-0000-0000-0000-00000000000b
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about specified L2 bridge port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2bridge-port a70600a9-eda8-499f-96d0-1262dc36f4a1
Bridge Port
UUID : a70600a9-eda8-499f-96d0-1262dc36f4a1
Logical Switch : f322ca3a-a218-5d65-85c1-20ef6adea670
VLAN ID : 10
State : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about specified L2 bridge port and mac flush stats.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2bridge-port a70600a9-eda8-499f-96d0-1262dc36f4a1 flush-stats
Bridge Port
UUID : a70600a9-eda8-499f-96d0-1262dc36f4a1
Last Flush : 2018-03-03 01:40:22.319
Flush Count : 2
Last Rarp : 2018-03-03 01:40:20.319
Rarp count : 3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Mac Sync table on an L2 bridge port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2bridge-port 63eaad17-7792-44e1-9c7d-2c5391dd7f47 mac-sync-table
MAC-SYNC Table
MAC : ae:ae:0b:12:41:17
VNI : 69632
VLAN : 4096
bridge-port-uuid: 63eaad17-7792-44e1-9c7d-2c5391dd7f47
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configuration and states of a specific L2 bridge
| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> get l2bridge-port-config fc50a424-3e55-4e86-bfc8-fa7b69168f20
Bridge UUID : 60c8ee36-20f2-52c4-a844-964250480339
Rank : 0
High Availability State : Active
Failover Mode : Non-Preemptive
Bridge Port UUID : fc50a424-3e55-4e86-bfc8-fa7b69168f20
Bridge Port State : Forwarding
Transport Zone : a0fd6f24-73a0-47fe-a495-53c52b658c34
VLAN ID : 152
Device Info
Device : fp-eth0
State : Up
Peer High Availability State : Standby
Peer Node UUID : afd77f5c-557f-11e9-8d41-005056b6f0c8
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display high-availability history of a specific L2 bridge
| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> get l2bridge-port-config 6e21f326-b6ef-4e7b-bbf9-d986807bab2b high-availability history state
State : Init
Event : Init
Time : 2019-04-15T18:33:09.954336
State : Down
Event : Init
Time : 2019-04-15T18:33:09.954378
State : Standby
Event : Device Up
Time : 2019-04-15T18:33:09.954534
State : Active
Event : Remote State Updated
Time : 2019-04-15T18:34:57.472649
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all L2 bridge ports.
Example
nsx-edge-1> get l2bridge-ports
Bridge Port
UUID : a70600a9-eda8-499f-96d0-1262dc36f4a1
Logical Switch : f322ca3a-a218-5d65-85c1-20ef6adea670
VLAN ID : 10
State : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display Mac Sync table on all L2 bridge ports.
Example
nsx-edge-1> get l2bridge-ports mac-sync-table
MAC-SYNC Table
MAC : ae:ae:0b:12:41:17
VNI : 69632
VLAN : 4096
bridge-port-uuid: 63eaad17-7792-44e1-9c7d-2c5391dd7f47
MAC : ea:aa:48:0c:63:eb
VNI : 69632
VLAN : 4096
bridge-port-uuid: dfe25d75-5e31-4c91-9a68-688b5ca50909
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display configuration and states of all L2 bridges
Example
nsx-edge-1> get l2bridge-ports-config
Bridge UUID : 60c8ee36-20f2-52c4-a844-964250480339
Rank : 0
High Availability State : Active
Failover Mode : Non-Preemptive
Bridge Port UUID : fc50a424-3e55-4e86-bfc8-fa7b69168f20
Bridge Port State : Forwarding
Transport Zone : a0fd6f24-73a0-47fe-a495-53c52b658c34
VLAN ID : 152
Device Info
Device : fp-eth0
State : Up
Peer High Availability State : Standby
Peer Node UUID : afd77f5c-557f-11e9-8d41-005056b6f0c8
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display L2VPN sessions configuration for a given L2VPN service.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsxedge-ob-7490391-1-new> get l2vpn service 1d5bb34a-0480-45e4-1d5b-b34a048046b6 sessions config
DISPLAY_NAME: l2vpn_session1
ENABLED: True
ID: 1d5bb34a-0480-45e2-a261-bd5f98c24d36
L2VPN_SERVICE_ID: 1d5bb34a-0480-45e4-1d5b-b34a048046b6
MTU: 1500
TUNNEL_ENCAPSULATION:
LOCAL_ENDPOINT_IP:
IPV4: 1.1.1.2
PEER_ENDPOINT_IP:
IPV4: 1.1.1.3
PROTOCOL: GRE
VTI:
1d5bb34a-0480-45e3-a261-bd5f98c24d37
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all L2VPN services configuration.
Example
nsxedge-ob-7490391-1-new> get l2vpn services config
ENABLE_FULL_MESH: True
ID: 1d5bb34a-0480-46aa-a261-bd5f98c24b9c
SR_CLUSTER_ID: a261bd5f-98c2-4d37-1d5b-b34a048045e3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display stretched logical switch behind L2VPN session.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 2ds29c11-8920-29q1-1029-2lk20129d910 logical-switch ea8c4460-6d15-49c5-a82e-6812a26b4200
Tunnel-Port : fe34062b-7ad3-5bca-beb8-1adde6c0d46e
Logical-Switch: ea8c4460-6d15-49c5-a82e-6812a26b4200
Switch-Port : 6289cca5-4ee7-40ad-8064-70c74c86122c
Bridge-Port : e249e1b6-9248-5975-b8aa-bbc4b33e2630
VNI : 1
Tunnel ID : 10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display remote macs learnt on L2VPN stretched logical-switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 2ds29c11-8920-29q1-1029-2lk20129d910 logical-switch ea8c4460-6d15-49c5-a82e-6812a26b4200 remote-macs
MACs:
04:00:c0:a8:fa:a2
02:50:56:56:44:52
00:50:56:8e:1b:21
00:50:56:8e:9a:a5
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display stats for stretched logical-switch behind L2VPN session.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 2ds29c11-8920-29q1-1029-2lk20129d910 logical-switch ea8c4460-6d15-49c5-a82e-6812a26b4200 stats
RX-Packets : 4474
RX-Bytes : 302966
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 5527
TX-Bytes : 371568
TX-Drops : 0
No-Memory : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display stretched logical switches behind given L2VPN session.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 2ds29c11-8920-29q1-1029-2lk20129d910 logical-switches
Tunnel-Port : fe34062b-7ad3-5bca-beb8-1adde6c0d46e
Logical-Switch: 6aeaf0a7-110d-4d9d-bd76-b17032b36746
Switch-Port : c9fdf6aa-520a-4b08-8d0a-fa9e8e683ccf
Bridge-Port : f606ca0f-873d-55b9-b303-350aa2a3a5c1
VNI : 60297
Tunnel ID : 1000
Logical-Switch: 9cac13e9-eb71-4ce4-870e-ccc1dc8d6c3f
Switch-Port : 6289cca5-4ee7-40ad-8064-70c74c86122c
Bridge-Port : e249e1b6-9248-5975-b8aa-bbc4b33e2630
VNI : 60296
Tunnel ID : 2000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display stats for L2VPN session
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 1d5bb34a-0480-45e2-a261-bd5f98c24d36 stats
Session : 1d5bb34a-0480-45e2-a261-bd5f98c24d36
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
Local IP : 192.168.10.2
Remote IP : 192.168.10.20
Status : UP
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3325
TX-Bytes : 412300
TX-Drops : 0
No-Memory : 0
No-Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display status of specific L2VPN session.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get l2vpn session 2ds29c11-8920-29q1-1029-2lk20129d910 status
Session : 2ds29c11-8920-29q1-1029-2lk20129d910
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
Status : UP
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all L2VPN sessions information.
Example
nsx-edge-1> get l2vpn sessions
Session : 1d5bb34a-0480-45e2-a261-bd5f98c24d36
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
Status : UP
Session : 2ds29c11-8920-29q1-1029-2lk20129d910
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
Status : UP
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all L2VPN sessions configuration.
Example
nsxedge-ob-7490391-1-new> get l2vpn sessions config
DISPLAY_NAME: l2vpn_session1
ENABLED: True
ID: 1d5bb34a-0480-45e2-a261-bd5f98c24d36
L2VPN_SERVICE_ID: 1d5bb34a-0480-45e4-1d5b-b34a048046b6
MTU: 1500
TUNNEL_ENCAPSULATION:
LOCAL_ENDPOINT_IP:
IPV4: 1.1.1.2
PEER_ENDPOINT_IP:
IPV4: 1.1.1.3
PROTOCOL: GRE
VTI:
1d5bb34a-0480-45e3-a261-bd5f98c24d37
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display L2VPN sessions stats
Example
nsx-edge-1> get l2vpn sessions stats
Session : 1d5bb34a-0480-45e2-a261-bd5f98c24d36
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
Local IP : 192.168.10.2
Remote IP : 192.168.10.20
Status : UP
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3325
TX-Bytes : 412300
TX-Drops : 0
No-Memory : 0
No-Route : 0
Session : 2ds29c11-8920-29q1-1029-2lk20129d910
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
Local IP : 192.168.9.2
Remote IP : 192.168.9.20
Status : UP
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3331
TX-Bytes : 413044
TX-Drops : 0
No-Memory : 0
No-Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get the last barrier processed by NestDb Pigeon for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get last processed barrier 7c72c4ae-8fe8-4449-a4e2-c5e53ab0bb4f
1191
Mode
Basic
Availability
Controller
Display LLDP configuration on all devices.
Example
KVM-TN-02> get lldp config
Device
Name : eth0
Tx : disabled
Rx : enabled
Tx Interval : NA
Device
Name : eth1
Tx : disabled
Rx : enabled
Tx Interval : NA
Device
Name : eth2
Tx : disabled
Rx : enabled
Tx Interval : NA
Device
Name : hyperbus
Tx : disabled
Rx : enabled
Tx Interval : NA
Mode
Basic
Availability
KVM
Display LLDP configuration on all devices.
Example
prme-vmkqa-net3002-dhcp133.eng.vmware.com> get lldp config
Device
Name : vmnic1
Tx : disabled
Rx : enabled
Tx Interval : NA
Mode
Basic
Availability
ESXi
Displays LLDP configuration on all devices.
Example
nsx-edge-1> get lldp config
Device
Name : eth0
Tx : enabled
Rx : enabled
Tx Interval : 30
Device
Name : eth1
Tx : disabled
Rx : enabled
Tx Interval : 30
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display LLDP configuration on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
prme-vmkqa-net3002-dhcp133.eng.vmware.com> get lldp config vmnic1
Device
Name : vmnic1
Tx : disabled
Rx : enabled
Tx Interval : NA
Mode
Basic
Availability
ESXi
Display LLDP configuration on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
KVM-TN-02> get lldp config eth0
Device
Name : eth0
Tx : enabled
Rx : enabled
Tx Interval : 30
Mode
Basic
Availability
KVM
Displays LLDP configuration given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
nsx-edge-1> get lldp config eth0
Device
Name : eth0
Tx : enabled
Rx : enabled
Tx Interval : 30
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays LLDP Neighbor information on all devices.
Example
nsx-edge-1> get lldp neighbors
Device : eth0
Neighbor Count : 1
Neighbors
Neighbor : eth0/0:50:56:b7:7f:47
Life Time : 111
System Name : NSX ESG
System Desc : NSX Edge Services Gateway
System Cap : ['Router']
Enabled Cap : ['Router']
Chassis Id : eth0
Port Id : 0:50:56:b7:7f:47
Port Desc : management iface
Mgmt Address
Address : 10.172.139.51
Addr Family : IPv4
Iface Number : 2
Iface Type : 2
MAC PHY Status
AutoNeg : supported
AutoNeg Status: enabled
PMDAutoNeg : supported
PMDAutoNeg Status: not-enabled
MAU Type : 16
Power via MDI
Port Class : PSE
Power Source : supported
PSE MDI State : enabled
PSE Pair Ctrl : yes
PSE Pair : 1
PSE Class : 2
Link Aggregation
Aggr Capability: yes
Aggr Status : enabled
Aggr Port Id : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display LLDP Neighbor information on all devices.
Example
prme-vmkqa-net3002-dhcp133.eng.vmware.com> get lldp neighbors
============================================================
Device : vmnic1
Neighbor Count : 1
Neighbors
Chassis Id : 00:1a:a1:84:fb:ff
Port Id : Gi1/3
TTL : 93
Port Description : GigabitEthernet1/3
System Name : prme-vmkqa-4948c.eng.vmware.com
System Description : unknown
Enabled Capabilities : Router, TransparentBridge
Management Address : 10.115.160.146
Organizationally Specific TLVs:
Vlan ID : 16
Mode
Basic
Availability
ESXi
Display LLDP Neighbor information on all devices.
Example
KVM-TN-02> get lldp neighbors
============================================================
Device : eth0
Neighbor Count : 0
============================================================
Device : eth1
Neighbor Count : 1
Neighbors
Chassis Id : eth1
Port Id : 00:50:56:ab:6c:6e
Port Description : driver_name: e1000e, driver_version: 3.2.6-k, firmware_version: 1.8-0
System Description : x86_64 #1 SMP Sun Jan 14 10:36:03 EST 2018
Enabled Capabilities : Bridge
Management Address:
Management Address : ::80fe:0:2a7:9ad6:300:0
ifIndex : 3
Organizationally Specific TLVs:
Maximum Frame Size : 161
============================================================
Device : eth2
Neighbor Count : 1
Neighbors
Chassis Id : eth2
Port Id : 00:50:56:ab:f6:3c
Port Description : driver_name: e1000e, driver_version: 3.2.6-k, firmware_version: 1.8-0
System Description : x86_64 #1 SMP Sun Jan 14 10:36:03 EST 2018
Enabled Capabilities : Bridge
Management Address:
Management Address : ::80fe:0:2a7:9ad6:400:0
ifIndex : 4
Organizationally Specific TLVs:
Maximum Frame Size : 151
============================================================
Device : hyperbus
Neighbor Count : 0
Mode
Basic
Availability
KVM
Display LLDP Neighbor information on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
KVM-TN-02> get lldp neighbors eth1
============================================================
Device : eth1
Neighbor Count : 1
Neighbors
Chassis Id : eth1
Port Id : 00:50:56:ab:6c:6e
Port Description : driver_name: e1000e, driver_version: 3.2.6-k, firmware_version: 1.8-0
System Description : x86_64 #1 SMP Sun Jan 14 10:36:03 EST 2018
Enabled Capabilities : Bridge
Management Address:
Management Address : ::80fe:0:2a7:9ad6:300:0
ifIndex : 3
Organizationally Specific TLVs:
Maximum Frame Size : 161
Mode
Basic
Availability
KVM
Display LLDP Neighbor information on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
prme-vmkqa-net3002-dhcp133.eng.vmware.com> get lldp neighbors vmnic1
============================================================
Device : vmnic1
Neighbor Count : 1
Neighbors
Chassis Id : 00:1a:a1:84:fb:ff
Port Id : Gi1/3
TTL : 103
Port Description : GigabitEthernet1/3
System Name : prme-vmkqa-4948c.eng.vmware.com
System Description : unknown
Enabled Capabilities : Router, TransparentBridge
Management Address : 10.115.160.146
Organizationally Specific TLVs:
Vlan ID : 16
Mode
Basic
Availability
ESXi
Displays LLDP Neighbor information on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
nsx-edge-1> get lldp neighbors eth0
Device : eth0
Neighbor Count : 1
Neighbors
Neighbor : eth0/0:50:56:b7:7f:47
Life Time : 111
System Name : NSX ESG
System Desc : NSX Edge Services Gateway
System Cap : ['Router']
Enabled Cap : ['Router']
Chassis Id : eth0
Port Id : 0:50:56:b7:7f:47
Port Desc : management iface
Mgmt Address
Address : 10.172.139.51
Addr Family : IPv4
Iface Number : 2
Iface Type : 2
MAC PHY Status
AutoNeg : supported
AutoNeg Status: enabled
PMDAutoNeg : supported
PMDAutoNeg Status: not-enabled
MAU Type : 16
Power via MDI
Port Class : PSE
Power Source : supported
PSE MDI State : enabled
PSE Pair Ctrl : yes
PSE Pair : 1
PSE Class : 2
Link Aggregation
Aggr Capability: yes
Aggr Status : enabled
Aggr Port Id : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays LLDP Statistics on all devices.
Example
nsx-edge-1> get lldp stats
TX Total : 36
TX Errors : 0
RX Total : 36
RX Errors : 0
RX Discards : 0
RX Deletes : 0
Device : eth0
Tx Total : 36
Tx Errors : 0
Device : eth0
Rx Total : 36
Rx Valid : 36
Rx Errors : 0
Rx Discards : 0
Rx Deletes : 0
Neighbor : eth0/0:50:56:b7:7f:47
Rx Total : 36
Rx Valid : 36
Rx Discards : 0
Rx TLV Errors : 0
Rx TLV Unrecognized: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Displays LLDP Statistics on given device.
| Option | Description |
|---|---|
| <interface-name> | LLDP interface argument |
Example
nsx-edge-1> get lldp stats eth0
TX Total : 36
TX Errors : 0
RX Total : 36
RX Errors : 0
RX Discards : 0
RX Deletes : 0
Device : eth0
Tx Total : 36
Tx Errors : 0
Device : eth0
Rx Total : 36
Rx Valid : 36
Rx Errors : 0
Rx Discards : 0
Rx Deletes : 0
Neighbor : eth0/0:50:56:b7:7f:47
Rx Total : 36
Rx Valid : 36
Rx Discards : 0
Rx TLV Errors : 0
Rx TLV Unrecognized: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3
Load Balancer
Access Log Enabled : False
Applied To :
Attachment Id : 00002000-0000-0000-0000-000000000008
Type : LOG_SERVICE_ROUTER_CLUSTER
Display Name : lbs-on-lr1
Enabled : True
UUID : eba5f460-c660-4f82-8488-62231fb9aea3
Log Level : LB_LOG_LEVEL_INFO
Size : SMALL
Virtual Server Id : 37f1a8c9-ab8b-4ee9-9b41-5da317ac05d3
26168a79-48d6-44a7-86fe-0d5ee7c91e47
7e012072-0594-4063-97f0-82452e9a2813
11bb214f-bd06-4bff-b2a5-6f82e5ec62b6
110ac92c-1647-48a5-8d66-4cac06817716
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the error log file for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a error-log
2017/11/16 11:41:43 [info] 8290#0: Initialized l4lb zone (size: 3674112)
2017/11/16 11:41:43 [info] 8290#0: Initialized lb zone (size: 5550080)
2017/11/16 11:41:43 [debug] 8290#0: bind() 127.0.0.1:80 #16
2017/11/16 11:41:43 [info] 8290#0: lb stats module is disabled, configure lbstats_size to enable it.
2017/11/16 11:41:43 [notice] 8290#0: using the "epoll" event method
2017/11/16 11:41:43 [debug] 8290#0: counter: 00007B5D15B1A080, 1
2017/11/16 11:41:43 [info] 8290#0: lb allocated connection ctx (size: 56)
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the last 10 lines of the error log file for a specific load balancer and all new messages that are written to the log file.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a error-log follow
2017/11/16 22:32:13 [debug] 8326#0: worker cycle
2017/11/16 22:32:13 [debug] 8326#0: epoll timer: 346
2017/11/16 22:32:14 [debug] 8326#0: timer delta: 346
2017/11/16 22:32:14 [debug] 8326#0: event timer del: 0: 1510871534258
2017/11/16 22:32:14 [debug] 8326#0: event timer add: 0: 2500:1510871536758
2017/11/16 22:32:14 [debug] 8326#0: http check begin handler index: 1, owner: -1, ngx_pid: 8326, interval: 2479, check_interval: 5000
2017/11/16 22:32:14 [debug] 8326#0: shmtx lock
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display error log messages containing strings that match the given regular expression pattern for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <regex> | Regular expression |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a error-log reg-filter req.*
2017/11/16 11:41:48 [debug] 8326#0: ha: sent bulk pull request
2017/11/16 11:41:48 [notice] 8326#0: ha: sent full sync request, enter request state
2017/11/16 11:41:55 [debug] 8326#0: *3 http wait request handler
2017/11/16 11:41:55 [debug] 8326#0: *3 http process request line
2017/11/16 11:41:55 [debug] 8326#0: *3 http request line: "GET /show_status/all HTTP/1.1"
2017/11/16 11:41:55 [debug] 8326#0: *3 http process request header line
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the health check table of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 0f6510bb-ff15-4385-9c45-a1ce626fc276 health-check-table
Health-Check-Table
INDEX POOL TYPE NAME STATUS RISE FALL PORT CHECK_TIME CHANGE_TIME FAIL_REASON ERRNO STATUS_CODE
0 backend tcp 127.0.0.1:3971 down 0 193 0 Aug 25 01:13:48 Aug 25 01:23:51 Connect Fail Connection refused n/a
1 backend tcp 127.0.0.1:3972 down 0 190 0 Aug 25 01:13:48 Aug 25 01:23:50 Connect Fail Connection refused n/a
2 backend tcp 127.0.0.1:3970 up 192 0 0 Aug 25 01:13:52 Aug 25 01:23:52 n/a n/a n/a
3 backend1 tcp 127.0.0.1:3976 down 0 195 0 Aug 25 01:13:48 Aug 25 01:23:51 Connect Fail Connection refused n/a
4 backend http 127.0.0.1:1971 down 0 196 0 Aug 25 01:13:48 Aug 25 01:23:51 Connect Fail Connection refused n/a
5 backend http 127.0.0.1:1970 down 0 175 0 Aug 25 01:13:48 Aug 25 01:23:51 Rx HTTP Code 4XX n/a 403
6 backend http 127.0.0.1:1972 down 0 195 0 Aug 25 01:13:48 Aug 25 01:23:52 Connect Fail Connection refused n/a
7 backend http 127.0.0.1:1973 down 0 195 0 Aug 25 01:13:48 Aug 25 01:23:51 Connect Fail Connection refused n/a
8 backend http 127.0.0.1:1974 down 0 192 0 Aug 25 01:13:48 Aug 25 01:23:51 Connect Fail Connection refused n/a
9 backend1 http 127.0.0.1:1975 down 0 193 0 Aug 25 01:13:48 Aug 25 01:23:52 Connect Fail Connection refused n/a
10 backend1 http 127.0.0.1:1976 down 0 192 0 Aug 25 01:13:48 Aug 25 01:23:52 Connect Fail Connection refused n/a
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the HA state of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 0f6510bb-ff15-4385-9c45-a1ce626fc276 HA-State
LB HA is disable
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific load balancer monitor.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <monitor-uuid> | Monitor UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 monitor 72945dda-f4f1-532f-9bd0-a3f52c099d4b
Monitor
Display Name : nsx-default-https-monitor
Fall Count : 3
Https Monitor :
Authenticate Depth : 3
Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Protocol :
TLS_V1_1
TLS_V1_2
Request Method : HTTP_METHOD_GET
Request Version : HTTP_VERSION_1_1
Response Status : HTTP_STATUS_2XX
Server Auth : SERVER_AUTH_IGNORE
UUID : 72945dda-f4f1-532f-9bd0-a3f52c099d4b
Interval : 5
Monitor Port : 443
Rise Count : 3
Timeout : 1970-01-01 00:00:00.015000 (timestamp: 15)
Type : HTTPS
Mode
Basic
Availability
Edge, Public Cloud Gateway
Show the health check table of a load balancer monitor.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <monitor-uuid> | Monitor UUID argument |
Example
nsx-edge> get load-balancer ed785df6-2143-4944-b918-66470886be83 monitor 72945dda-f4f1-532f-9bd0-a3f52c099d4b status
Health-Check-Table
INDEX POOL TYPE NAME STATUS RISE FALL PORT CHECK_TIME CHANGE_TIME FAIL_REASON ERRNO STATUS_CODE
6 de719e2 icmp 192.168.100.160:0 up 10755 0 0 Jun 1 11:28:43 May 28 08:30:00 n/a n/a n/a
7 de719e2 icmp 192.168.100.161:0 up 20820 0 0 Jun 1 11:28:46 May 28 08:30:02 n/a n/a n/a
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the monitors for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 monitors
Monitor
Display Name : nsx-default-http-monitor
Fall Count : 3
Http Monitor :
Request Method : HTTP_METHOD_GET
Request Version : HTTP_VERSION_1_1
Response Status : HTTP_STATUS_2XX
UUID : c2cb7f9e-72d7-55ed-914e-5209b67d02b2
Interval : 5
Monitor Port : 80
Rise Count : 3
Timeout : 1970-01-01 00:00:00.015000 (timestamp: 15)
Type : HTTP
Monitor
Display Name : nsx-default-https-monitor
Fall Count : 3
Https Monitor :
Authenticate Depth : 3
Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Protocol :
TLS_V1_1
TLS_V1_2
Request Method : HTTP_METHOD_GET
Request Version : HTTP_VERSION_1_1
Response Status : HTTP_STATUS_2XX
Server Auth : SERVER_AUTH_IGNORE
UUID : 72945dda-f4f1-532f-9bd0-a3f52c099d4b
Interval : 5
Monitor Port : 443
Rise Count : 3
Timeout : 1970-01-01 00:00:00.015000 (timestamp: 15)
Type : HTTPS
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the persistence tables of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 0f6510bb-ff15-4385-9c45-a1ce626fc276 persistence-tables
Persistence-Tables
TABLE :ag32445y-bec7-4ee5-b03c-fc037b3cbfe2
VIP :bg32445y-bec7-4ee5-bb3j-fc037b3cgfe5
KEY DADDR DPORT LIFE_TIME(s) NUM_SESSIONS
b3aa5...fwefd_b3aa5745-bec7-4ee5-b03c-fc037b3cbfeb3aa5745-bec7-4ee5-b03c-fwefd 192.168.100.30 80 109 0
mbbb5745-bec7-4ee5-b03c-fc037b3cbfe_192.168.100.10 192.168.100.0 80 108 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific load balancer pool.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 pool 29e66f11-d589-4208-a78d-f72e18aa8286
Pool
Algorithm : ROUND_ROBIN
Display Name : tcppool1
UUID : 29e66f11-d589-4208-a78d-f72e18aa8286
Member Group :
Admin State : ENABLED
Container Id : aded6b65-54ce-47b7-8da6-92fa0d96ccf4
Ip Revision Filter : IPV4
Max Ip List Size : 100
Min Active Members : 1
Snat Translation :
Auto Map : True
Port Overload : 1
Tcp Multiplexing Enabled : False
Tcp Multiplexing Number : 6
Member Group
UUID : aded6b65-54ce-47b7-8da6-92fa0d96ccf4
Ip Address :
Ipv4 : 192.168.1.2
Prefix Length : 31
Ipv4 : 192.168.1.4
Prefix Length : 31
Ipv4 : 192.168.1.6
Prefix Length : 32
Ipv4 : 192.168.4.8
Prefix Length : 24
Ipv4 : 192.168.1.8
Prefix Length : 32
Ipv4 : 192.168.1.1
Prefix Length : 32
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about an LB pool.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
Example
nsx-edge-1> get load-balancer 17b8637a-c816-41dd-b793-6d0acfa53569 pool 5b501a56-e56f-4a76-bba4-70f0de2dbc26 snat-pools
SNAT : nat_336860180_4
Min Port : 4096
Max Port : 65535
Port Overload Factor : 32
Random Port : False
Snat IP : 20.20.20.20 Allocated Port: 0
Snat IP : 20.20.20.21 Allocated Port: 1
Snat IP : 20.20.20.22 Allocated Port: 0
Snat IP : 20.20.20.23 Allocated Port: 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the statistics for a specific load balancer and pool.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 pool 953e4da8-a571-4695-b54c-90505d8e59c2 stats
Pool
UUID : 953e4da8-a571-4695-b54c-90505d8e59c2
Display-Name : tcp pool
Type : L4
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, Out) : (0, 0)
Packets :
(In, Out) : (0, 0)
Pool Member
Display-Name : m1
IP : 192.168.1.1
Port : 80
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, Out) : (0, 0)
Packets :
(In, Out) : (0, 0)
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of a specific load balancer and pool.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 pool 2197df80-77d3-44e6-89b3-1db930be374d status
Pool
UUID : 2197df80-77d3-44e6-89b3-1db930be374d
Display-Name : tcppool1
Status : up
Total-Members : 2
Primary Up : 0
Primary Down : 0
Primary Disabled : 0
Primary Graceful Disabled : 0
Backup Up : 0
Backup Down : 0
Backup Graceful Disabled : 0
Backup Disabled : 0
Member
Display-Name : m1
IP : 192.168.2.201
Port : 8888
Status : up
Last-Check-Time : 2017-10-09 07:11:14
Last-State-Change-Time : 2017-10-09 03:54:28
L4-Passive-State : down
L4-Passive-Last-Change-Time : 2018-07-31 04:38:13
Member
Display-Name : m2
IP : 192.168.2.202
Port : 8888
Status : up
Last-Check-Time : 2017-10-09 07:11:11
Last-State-Change-Time : 2017-10-09 03:54:28
L4-Passive-State : down
L4-Passive-Last-Change-Time : 2018-07-31 04:38:13
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the pools of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 pools
Pool
Active Monitor Id :
c2cb7f9e-72d7-55ed-914e-5209b67d02b2
Algorithm : ROUND_ROBIN
Display Name : httppool1
UUID : d39f9ed7-444c-493d-8c99-327a30befe8e
Member :
Admin State : ENABLED
Backup Member : False
Display Name : m1
Ip Address :
Ipv4 : 192.168.1.1
Port : 80
Weight : 1
Admin State : ENABLED
Backup Member : False
Display Name : m2
Ip Address :
Ipv4 : 192.168.1.2
Port : 80
Weight : 1
Min Active Members : 1
Snat Translation :
Auto Map : True
Port Overload : 1
Tcp Multiplexing Enabled : False
Tcp Multiplexing Number : 6
Pool
Algorithm : ROUND_ROBIN
Display Name : tcppool1
UUID : 29e66f11-d589-4208-a78d-f72e18aa8286
Member Group :
Admin State : ENABLED
Container Id : aded6b65-54ce-47b7-8da6-92fa0d96ccf4
Ip Revision Filter : IPV4
Max Ip List Size : 100
Min Active Members : 1
Snat Translation :
Auto Map : True
Port Overload : 1
Tcp Multiplexing Enabled : False
Tcp Multiplexing Number : 6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the statistics for all the pools of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 pools stats
Pool
UUID : 953e4da8-a571-4695-b54c-90505d8e59c2
Display-Name : tcp pool
Type : L4
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, Out) : (0, 0)
Packets :
(In, Out) : (0, 0)
Pool
UUID : 0ba2817e-9ddb-411e-a397-ef2f3b099a46
Display-Name : http pool
Type : L7
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, In-Rate) : (0, 0)
(Out, Out-Rate) : (0, 0)
HTTP Requests :
(Total, Rate) : (0, 0)
Pool
UUID : 0ba2817e-9ddb-411e-a397-ef2f3b099a83
Display-Name : shared pool
Type : L4 and L7
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, In-Rate) : (0, 0)
(Out, Out-Rate) : (0, 0)
HTTP Requests :
(Total, Rate) : (0, 0)
Packets :
(In, Out) : (0, 0)
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of all the pools of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 pools status
Pool
UUID : 2197df80-77d3-44e6-89b3-1db930be374d
Display-Name : tcppool1
Members : 2
Status : up
Primary-UP-No : 0
Backup-UP-No : 0
Pool
UUID : 5cca6ba3-5732-4ea9-8197-c582e211a0aa
Display-Name : httppool1
Members : 2
Status : up
Primary-UP-No : 0
Backup-UP-No : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the sessions of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 session-tables
Session-Tables
TABLE ID PROTO CADDR CPORT VADDR VPORT SADDR SPORT DADDR DPORT
l4lb-0 0000000000000000 udp 10.10.10.10 2000 20.20.20.20 80 30.30.30.30 4096 40.40.40.40 8000
l4lb-0 0000000000000001 tcp 10.10.10.11 2000 20.20.20.21 80 30.30.30.31 4097 40.40.40.41 8000
l4lb-0 0000000000000002 tcp 10.10.10.12 2000 20.20.20.22 80 30.30.30.32 5000 40.40.40.42 8000
l4lb-0 0000000000000004 tcp 10.10.10.14 2000 20.20.20.24 80 30.30.30.34 6000 40.40.40.44 8000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get the load balancer L4 session table with the expiration time.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 4f518a4e-9a40-43d3-98ef-db654e8be7c5 session-tables l4
Session-Tables
TABLE ID PROTO CADDR CPORT VADDR VPORT SADDR SPORT DADDR DPORT STATE EXP
l4lb-0 00000001000159f2 tcp 10.114.218.199 35011 10.114.213.75 80 10.114.218.199 35011 10.37.1.11 80 TW 45
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get the load balancer L7 session table with the expiration time.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer 4f518a4e-9a40-43d3-98ef-db654e8be7c5 session-tables l7
Session-Tables
TABLE ID PROTO CADDR CPORT VADDR VPORT SADDR SPORT DADDR DPORT STATE EXP
l7lb-0 00000001000159f8 http 10.114.218.199 35012 10.114.213.75 80 10.114.218.199 35012 10.37.1.12 80 EST 3600
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get load-balancer snat pools' information.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 snat-pools
SNAT : nat_3232235998_1
Min Port : 4096
Max Port : 65535
Port Overload Factor : 1
Random Port : False
Snat IP : 192.168.1.222 Allocated Port: 0
SNAT : nat_3232235998_3
Min Port : 4096
Max Port : 65535
Port Overload Factor : 1
Random Port : False
Snat IP : 192.168.1.222 Allocated Port: 0
Snat IP : 192.168.1.223 Allocated Port: 0
Snat IP : 192.168.1.224 Allocated Port: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the statistics for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 stats
Load Balancer
UUID : ed785df6-2143-4944-b918-66470886be83
Display-Name : lbs-dgo
Enabled : True
Type CUR_SESS MAX_SESS TOTAL_SESS SESS_RATE
L4 1000 2000 34325 30
L7 100 100 54321 10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 status
Load Balancer
UUID : ed785df6-2143-4944-b918-66470886be83
Display-Name : lbs-dgo
Enabled : True
LB-State : not_ready
LR-HA-State : active
Virtual Servers : 2
Up Virtual Servers: 0
Pools : 2
Up Pools : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific load balancer virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 virtual-server 11bb214f-bd06-4bff-b2a5-6f82e5ec62b6
Virtual Server
Application Profile Id : 4b6d4d28-208e-4a0d-a9aa-a712934d5bef
Display Name : udpvip1
Enabled : True
UUID : 11bb214f-bd06-4bff-b2a5-6f82e5ec62b6
Ip Address :
Ipv4 : 124.124.124.124
Ip Protocol : UDP
Pool Id : 56722b45-c276-43fb-81d0-4b15760fdbce
Port : 9999
Application Profile
Application Type : FAST_UDP
Display Name : fastUdpProfile1
Fast Udp Profile :
Flow Mirroring Enabled : False
Idle Timeout : 1970-01-01 00:00:00.300000 (timestamp: 300)
UUID : 4b6d4d28-208e-4a0d-a9aa-a712934d5bef
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the access log file for a specific load balancer and virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a virtual-server 953e4da8-a571-4695-b54c-90505d8e59c2 access-log
1.1.5.10 - - [16/Nov/2017:11:47:49 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:47:49 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:15 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:16 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:17 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:54:50 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:16:42:15 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the last 10 lines of the access log file for a specific virtual server of load balancer and all new messages that are written to the log file.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a virtual-server 953e4da8-a571-4695-b54c-90505d8e59c2 access-log follow
1.1.5.10 - - [16/Nov/2017:11:47:49 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:47:49 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:15 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:16 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:17 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:54:50 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:16:42:15 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display access log messages containing strings that match the given regular expression pattern for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
| <regex> | Regular expression |
Example
nsx-edge-1> get load-balancer 4d3eafaa-5a16-422a-80d9-f799cb4bd40a virtual-server 953e4da8-a571-4695-b54c-90505d8e59c2 access-log reg-filter 16/Nov.*11:48
1.1.5.10 - - [16/Nov/2017:11:48:15 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:16 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
1.1.5.10 - - [16/Nov/2017:11:48:17 +0000] "GET / HTTP/1.1" 200 22 "-" "-"
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the load balancer rules for a specific load balancer and virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 virtual-server 110ac92c-1647-48a5-8d66-4cac06817716 lbrules
LbRule
Action :
Action Type : HTTP_REQUEST_URI_REWRITE
Http Request Uri Rewrite :
Uri : /product_detail.html
Display Name : RewriteRequestUrl
UUID : 4202cb56-c8b3-4d7a-9f61-686d55ed7d80
Match Condition :
Http Request Url Config :
Request Url : /product.html
Match Type : HTTP_REQUEST_URL
Match Strategy : MATCH_STRATEGY_ANY
Phase : HTTP_REQUEST_REWRITE
LbRule
Action :
Action Type : SELECT_POOL
Select Pool Config :
Pool Id : e7a438a1-69e9-4347-9f21-0f28d7aa44d9
Display Name : LoginRouteRule
UUID : 58ba5a69-6a5a-4b6b-8899-d0fa8159fbcd
Match Condition :
Http Request Url Config :
Request Url : /login.html
Match Type : HTTP_REQUEST_URL
Match Strategy : MATCH_STRATEGY_ALL
Phase : HTTP_FORWARDING
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the statistics for a specific load balancer and virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-server 953e4da8-a571-4695-b54c-90505d8e59c2 stats
Virtual Server
UUID : 953e4da8-a571-4695-b54c-90505d8e59c2
Display-Name : tcpvip1
VIP : TCP 123.123.123.123:80
Type : L4
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, Out) : (0, 0)
Packets :
(In, Out) : (0, 0)
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of a specific load balancer virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-server 0ba2817e-9ddb-411e-a397-ef2f3b099a46 status
Virtual Server
UUID : 0ba2817e-9ddb-411e-a397-ef2f3b099a46
Display-Name: http-vip-1
IP : 123.123.123.123
Port : 80
Status : up
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the virtual servers of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer eba5f460-c660-4f82-8488-62231fb9aea3 virtual-servers
Virtual Server
Application Profile Id : 9c4d7f35-13f9-46fc-8d57-d60f0a12544d
Display Name : http-vip-1
Enabled : True
UUID : 37f1a8c9-ab8b-4ee9-9b41-5da317ac05d3
Ip Address :
Ipv4 : 123.123.123.123
Ip Protocol : TCP
Persistence Profile Id : e57ef9b9-fe06-4269-9c2c-9fc2609e3941
Pool Id : d39f9ed7-444c-493d-8c99-327a30befe8e
Port : 80
Virtual Server
Application Profile Id : f5586889-a812-4e64-b735-610851a6fad6
Display Name : tcpvip1
Enabled : True
UUID : 26168a79-48d6-44a7-86fe-0d5ee7c91e47
Ip Address :
Ipv4 : 123.123.123.123
Ip Protocol : TCP
Persistence Profile Id : 17d24b73-c090-495a-b60f-ed772b613bdf
Pool Id : 29e66f11-d589-4208-a78d-f72e18aa8286
Port : 8888
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the statistics for all virtual servers of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-servers stats
Virtual Server
UUID : 953e4da8-a571-4695-b54c-90505d8e59c2
Display-Name : tcpvip1
VIP : TCP 123.123.123.123:80
Type : L4
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, Out) : (0, 0)
Packets :
(In, Out) : (0, 0)
Virtual Server
UUID : 0ba2817e-9ddb-411e-a397-ef2f3b099a46
Display-Name : http-vip-1
VIP : TCP 123.123.123.123:8080
Type : L7
Sessions :
(Cur, Max, Total, Rate) : (0, 0, 0, 0)
Bytes :
(In, In-Rate) : (0, 0)
(Out, Out-Rate) : (0, 0)
HTTP Requests :
(Total, Rate) : (0, 0)
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of all virtual servers of a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
Example
nsx-edge-1> get load-balancer ed785df6-2143-4944-b918-66470886be83 virtual-servers status
Virtual Server
UUID : 953e4da8-a571-4695-b54c-90505d8e59c2
Display-Name: tcpvip1
IP : 123.123.123.123
Port : 8888
Status : up
Virtual Server
UUID : 0ba2817e-9ddb-411e-a397-ef2f3b099a46
Display-Name: http-vip-1
IP : 123.123.123.123
Port : 80
Status : up
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get edge parameters configured by load balancer for performance.
Example
nsx-edge-1> get load-balancer perf-profile config
Load Balancer Performance Config
Profile :large vm http profile
Dataplane
Kni Busy Loop :enabled
Kni Fifo Size :8192
Tx Ring Size :512
Rx Ring Size :512
Cores :0
Intr Mode :disabled
Kni Mbuf Burst Num :2048
Dispatcher
Cores :4,5,6,7
Kni
Cores :1
Rps Cpus :2,3
Engine
Cores :4,5,6,7
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all load balancers.
Example
nsx-edge-1> get load-balancers
Load Balancer
Access Log Enabled : False
Applied To :
Attachment Id : 00002000-0000-0000-0000-000000000008
Type : LOG_SERVICE_ROUTER_CLUSTER
Display Name : lbs-on-lr1
Enabled : True
UUID : eba5f460-c660-4f82-8488-62231fb9aea3
Log Level : LB_LOG_LEVEL_INFO
Size : SMALL
Virtual Server Id : 37f1a8c9-ab8b-4ee9-9b41-5da317ac05d3
26168a79-48d6-44a7-86fe-0d5ee7c91e47
7e012072-0594-4063-97f0-82452e9a2813
11bb214f-bd06-4bff-b2a5-6f82e5ec62b6
110ac92c-1647-48a5-8d66-4cac06817716
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the status of all load balancers.
Example
nsx-edge-1> get load-balancers status
Load Balancer
UUID : ed785df6-2143-4944-b918-66470886be83
Display-Name : lbs-dgo
Enabled : True
LB-State : not_ready
LR-HA-State : active
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the contents of the specified log file.
| Option | Description |
|---|---|
| <filename> | Log file name |
Example
nsx-manager-1> get log-file manager.log
2016-10-24 05:11:50.292 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/connections?columns=name,user
Entity Body : <{Accept=[application/json]}> method: GET
2016-10-24 05:11:50.312 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/connections?columns=name,user
Response Body : [Lcom.vmware.nsx.management.messaging.rabbitmq.Connection;@59e806a2 method : GET
2016-10-24 05:11:50.312 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/users
Entity Body : <{Accept=[application/json]}> method: GET
2016-10-24 05:11:50.354 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/users
Response Body : [Lcom.vmware.nsx.management.messaging.rabbitmq.Account;@5307ed29 method : GET
2016-10-24 05:11:55.298 UTC INFO increment-barrier-timer RealizationStateBarrierServiceImpl - SYSTEM [nsx comp="nsx-manager" subcomp="manager"] Incremented realization state barrier number to 122598
2016-10-24 05:11:55.674 UTC INFO Event Processor for GatewaySender_AsyncEventQueue_txLogEventQueue TxLogAsyncEventListener - - [nsx comp="nsx-manager" subcomp="manager"] Gets 1 events to process.
.
.
.
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the last 10 lines of the specified log file and all new messages that are written to the log file.
| Option | Description |
|---|---|
| <filename> | Log file name |
Example
nsx-manager-1> get log-file manager.log follow
2016-10-24 05:11:50.292 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/connections?columns=name,user
Entity Body : <{Accept=[application/json]}> method: GET
2016-10-24 05:11:50.312 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/connections?columns=name,user
Response Body : [Lcom.vmware.nsx.management.messaging.rabbitmq.Connection;@59e806a2 method : GET
2016-10-24 05:11:50.312 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/users
Entity Body : <{Accept=[application/json]}> method: GET
2016-10-24 05:11:50.354 UTC INFO MaintenanceSyncTimer RestRequestImpl - - [nsx comp="nsx-manager" subcomp="manager"] URL : https://localhost:15671/api/users
Response Body : [Lcom.vmware.nsx.management.messaging.rabbitmq.Account;@5307ed29 method : GET
2016-10-24 05:11:55.298 UTC INFO increment-barrier-timer RealizationStateBarrierServiceImpl - SYSTEM [nsx comp="nsx-manager" subcomp="manager"] Incremented realization state barrier number to 122598
2016-10-24 05:11:55.674 UTC INFO Event Processor for GatewaySender_AsyncEventQueue_txLogEventQueue TxLogAsyncEventListener - - [nsx comp="nsx-manager" subcomp="manager"] Gets 1 events to process.
.
.
.
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display logging server configuration.
Example
nsx> get logging-servers
192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC
192.168.110.60 proto udp level info facility auth,user
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 091a05dc-8080-41a2-a56f-baf6d32fb512
Logical Router
==================================================
UUID : 091a05dc-8080-41a2-a56f-baf6d32fb512
ID : 32769
Interfaces :
100.64.1.1/31 (02:50:56:00:00:03)
172.16.30.1/24 (02:50:56:56:44:52)
172.16.10.1/24 (02:50:56:56:44:52)
172.16.20.1/24 (02:50:56:56:44:52)
Mode
Basic
Availability
KVM, NSX Cloud VM
Display information about the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-router db6760b3-d9e2-44ef-b1c4-f56138665d71
LR-Id LR-Name Hosts[] Service-Controller Router-Type ClusterId UUID
0x5 SR-46740ffe-9bf1-406e-816d-e200a45f0707 192.168.110.111 192.168.110.108 SERVICE_ROUTER_TIER1 00002000-0000-0000-0000-000000000001 db6760b3-d9e2-44ef-b1c4-f56138665d71
192.168.110.112
Mode
Basic
Availability
Controller
Display information about the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
Logical Router
-------------------------------------------------------------------------------------
VDR UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
LIF number : 4
Route number : 7
State : ['Enabled']
Controller IP : 192.168.110.108
Control plane IP : 192.168.210.51
Control plane active : True
Next hop number : 1
Generation number : 0
Edge active : False
Mode
Basic
Availability
ESXi
Display information about the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router 736a80e3-23f6-5a2d-81d6-bbefb2786666
Logical Router
UUID VRF LR-ID Name Type Ports
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL 3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the routing table for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <route> | Logical Router route description Allowed values: route |
Example
nsx-controller-1> get logical-router db6760b3-d9e2-44ef-b1c4-f56138665d71 route
LR-Id Destination Next-Hop LR-Port-Id Blackhole Route-Type Admin-Distance Admin-State-Up Route-UUID
0x5 172.16.110.0/24 169.0.0.1 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false NSX_CONNECTED 0 true 00000018-ac10-6e00-0000-000000000005
0x5 100.64.1.0/31 0.0.0.0 97458be5-bf5e-44f8-a6b0-9fc32be347fc false CONNECTED 0 true 0000001f-6440-0100-0000-000000000005
0x5 0.0.0.0/0 100.64.1.0 97458be5-bf5e-44f8-a6b0-9fc32be347fc false NSX_STATIC 3 true 00000000-0000-0000-0000-000000000005
0x5 172.16.120.0/24 169.0.0.1 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false NSX_CONNECTED 0 true 00000018-ac10-7800-0000-000000000005
0x5 172.16.130.0/24 169.0.0.1 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false NSX_CONNECTED 0 true 00000018-ac10-8200-0000-000000000005
0x5 169.0.0.0/28 0.0.0.0 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false CONNECTED 0 true 0000001c-a900-0000-0000-000000000005
Mode
Basic
Availability
Controller
Display a specific IPv4 route on the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <route> | Logical Router route description Allowed values: route |
| <prefix> | Network Address argument |
Example
nsx-controller-1> get logical-router db6760b3-d9e2-44ef-b1c4-f56138665d71 route 172.16.120.0/24
LR-Id Destination Next-Hop LR-Port-Id Blackhole Route-Type Admin-Distance Admin-State-Up Route-UUID
0x5 172.16.120.0/24 169.0.0.1 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false NSX_CONNECTED 0 true 00000018-ac10-7800-0000-000000000005
Mode
Basic
Availability
Controller
Display parameters defined in global logical router BFD
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge> get logical-router 463c9dd1-986b-4947-895b-1126bd53abc8 bfd-config
Logical Router
UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
vrf : 6
lr-id : 6
name : R1
type : SERVICE_ROUTER_TIER0
BFD global configuration
Enabled : True
Min RX Interval: 1000
Min TX Interval: 1000
Min RX TTL : 255
Multiplier : 3
Port : 4451c48f-8cff-4444-8e10-bff403783dca
BFD session configuration
Source : 192.168.50.1
Peer : 192.168.50.10
Enabled : True
Min RX Interval: 1000
Min TX Interval: 1000
RX TTL : 255
Multiplier : 3
Source : 192.168.50.1
Peer : 192.168.50.20
Enabled : True
Min RX Interval: 3000
Min TX Interval: 3000
RX TTL : 255
Multiplier : 5
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display BFD sessions in a logical router
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge> get logical-router 463c9dd1-986b-4947-895b-1126bd53abc8 bfd-session
BFD Session
Dest_port : 3784
Diag : No Diagnostic
Encap : vlan
Forwarding : last false (current false)
Interface : 4451c48f-8cff-4444-8e10-bff403783dca
Last_cp_diag : No Diagnostic
Last_cp_rmt_diag : No Diagnostic
Last_cp_rmt_state : admin_down
Last_cp_state : admin_down
Last_fwd_state : NONE
Local_address : 192.168.50.1
Local_discr : 2830404107
Min_rx_ttl : 255
Multiplier : 5
Prev_failure_diag : No Diagnostic
Received_remote_diag : No Diagnostic
Received_remote_state : down
Remote_address : 192.168.50.20
Remote_admin_down : false
Remote_diag : No Diagnostic
Remote_discr : 0
Remote_min_rx_interval : 0
Remote_min_tx_interval : 0
Remote_multiplier : 0
Remote_state : down
Rx_cfg_min : 3000
Rx_interval : 3000
Session_type : LR_PORT
State : down
Tx_cfg_min : 3000
Tx_interval : 3000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all IPv4 & IPv6 BGP routes.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
> 2002::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
> 2001::/64 fca9:1c1c:96b2:e000::2 0 100 32768 2000 ?
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all BGP NLRI matching the community.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <bgp-community> | BGP community argument, either NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED or community in AA:NN format |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp community 1:1
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all BGP NLRI matching the large-community.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <bgp-large-community> | BGP large-community argument in AA:BB:CC format |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp large-community 1:1:1
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
> 2003::/24 :: 0 100 32768 2000 ?
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all BGP neighbor information.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp neighbor
BGP neighbor is 50.50.50.10, remote AS 1000, local AS 2000, external link
Hostname: prome-mdt-dhcp412
BGP version 4, remote router ID 50.50.50.10, local router ID 50.50.50.1
BGP state = Established, up for 2d13h28m
Last read 00:00:17, Last write 00:00:19
Hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
AddPath:
IPv4 Unicast: RX advertised IPv4 Unicast and received
Route refresh: advertised and received(old & new)
Address Family IPv4 Unicast: advertised and received
Hostname Capability: advertised (name: nsx-edge-1,domain name: n/a) received (name: prome-mdt-dhcp412,domain name: n/a)
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
Graceful restart informations:
End-of-RIB send: IPv4 Unicast
End-of-RIB received: IPv4 Unicast
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 14 13
Notifications: 2 16
Updates: 10 10
Keepalives: 3832 3827
Route Refresh: 0 0
Capability: 0 0
Total: 3858 3866
Minimum time between advertisement runs is 0 seconds
Update source is 50.50.50.1
For address family: IPv4 Unicast
Update group 49, subgroup 49
Packet Queue length 0
Community attribute sent to this neighbor(all)
0 accepted prefixes
Connections established 6; dropped 5
Last reset 2d13h28m, due to Interface down
Local host: 50.50.50.1, Local port: 179
Foreign host: 50.50.50.10, Foreign port: 39948
Nexthop: 50.50.50.1
Nexthop global: 2005::2828:2801
Nexthop local: fe80::53ff:feb2:c1ad
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Estimated round trip time: 1 ms
Read thread: on Write thread: on
BFD Status: peer 50.50.50.10 status down
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about a specific BGP neighbor.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp neighbor 2005::2828:280a
BGP neighbor is 2005::2828:280a, remote AS 1000, local AS 2000, external link
Administratively shut down
BGP version 4, remote router ID 0.0.0.0, local router ID 50.50.50.1
BGP state = Idle
Last read 2d16h06m, Last write never
Hold time is 180, keepalive interval is 60 seconds
Configured hold time is 4, keepalive interval is 1 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 0 0
Minimum time between advertisement runs is 0 seconds
For address family: IPv6 Unicast
Not part of any update group
Community attribute sent to this neighbor(all)
0 accepted prefixes
Connections established 0; dropped 0
Last reset never
BGP Connect Retry Timer in Seconds: 120
Read thread: off Write thread: off
BFD Status: Not configured
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display routes advertised to a BGP neighbor.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp neighbor 50.50.50.10 advertised-routes
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 111.111.0.0/16 100.64.0.1 0 100 32768 2000 ?
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display routes learnt from a BGP neighbor.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp neighbor 50.50.50.10 routes
BGP table version is 1, local router ID is 50.50.50.1
Status flags: > - best, I - internal
Origin flags: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
> 11.11.0.0/16 100.64.0.2 0 100 32768 2000 ?
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display summarized BGP neighbor information.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be bgp neighbor summary
BFD States: NC - Not configured, AC - Activating,DC - Disconnected
AD - Admin down, DW - Down, IN - Init,UP - Up
BGP summary information for VRF default for address-family: ipv4Unicast
Router ID: 50.50.50.1 Local AS: 2000
Neighbor AS State Up/DownTime BFD InMsgs OutMsgs InPfx OutPfx
50.50.50.10 1000 Estab 2d13h55m DW 3893 3885 0 1
BFD States: NC - Not configured, AC - Activating,DC - Disconnected
AD - Admin down, DW - Down, IN - Init,UP - Up
BGP summary information for VRF default for address-family: ipv6Unicast
Router ID: 50.50.50.1 Local AS: 2000
Neighbor AS State Up/DownTime BFD InMsgs OutMsgs InPfx OutPfx
2005::2828:280a 1000 Idle never NC 0 0 0 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display forwarding for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 3f37a518-0b5a-4833-be11-0f6df5e96421 forward
Logical Router Forwarding Table
==============================================================================================================
Prefix Gateway Interface
100.64.1.0/31 0.0.0.0 7f475e70-6919-42f4-a9ab-7c8381ef93c2
192.168.10.0/24 0.0.0.0 4891b955-a8cf-4e2f-b87f-ea1fc6c3b7a8
192.168.20.0/24 0.0.0.0 a12f6616-31bd-4d75-8972-bc75f3fe4392
0.0.0.0/0 100.64.1.0 7f475e70-6919-42f4-a9ab-7c8381ef93c2
2000:20::/64 :: a12f6616-31bd-4d75-8972-bc75f3fe4392
2000:10::/64 :: 4891b955-a8cf-4e2f-b87f-ea1fc6c3b7a8
fc88:474c:60c:2800::/64 :: 7f475e70-6919-42f4-a9ab-7c8381ef93c2
::/0 fc88:474c:60c:2800::1 7f475e70-6919-42f4-a9ab-7c8381ef93c2
Mode
Basic
Availability
KVM, NSX Cloud VM
Display forwarding for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 forwarding
Logical Routers Forwarding Table
-----------------------------------------------------------------------------------------------------
Flags Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
[H: Host], [R: Reject], [B: Blackhole], [F: Soft Flush], [E: ECMP]
Network Gateway Type Interface UUID
=====================================================================================================
192.168.1.0/24 0.0.0.0 UCI 1c1a47f7-d314-4e74-a198-5568540e4284
192.168.2.0/24 0.0.0.0 UCI 53a15328-e7cb-4c97-b147-e7ee833754db
2000::1/64 :: UCI 1c1a47f7-d314-4e74-a198-5568540e4284
3000::1/64 :: UCI 53a15328-e7cb-4c97-b147-e7ee833754db
Mode
Basic
Availability
ESXi
Display forwarding for the specified logical router filtered on prefix.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <prefix> | Network Address argument |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 forwarding 192.168.1.0/24
Logical Routers Forwarding Table
-----------------------------------------------------------------------------------------------------
Flags Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
[H: Host], [R: Reject], [B: Blackhole], [F: Soft Flush], [E: ECMP]
Network Gateway Type Interface UUID
=====================================================================================================
192.168.1.0/24 0.0.0.0 UCI 1c1a47f7-d314-4e74-a198-5568540e4284
Mode
Basic
Availability
ESXi
Display forwarding for the specified logical router, filtered by prefix.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <prefix> | Network Address argument |
Example
kvm-1> get logical-router 091a05dc-8080-41a2-a56f-baf6d32fb512 forwarding fc88:474c:60c:2800::/64
Logical Router Forwarding Table
==============================================================================================================
Prefix Gateway Interface
fc88:474c:60c:2800::/64 :: 7f475e70-6919-42f4-a9ab-7c8381ef93c2
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the forwarding table for the specified logical router. Optionally specify a prefix to display only the entry that matches that network.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 736a80e3-23f6-5a2d-81d6-bbefb2786666 forwarding
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL
IPv4 Forwarding Table
IP Prefix Gateway IP Type UUID Gateway MAC
142.134.61.0/24 route 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
142.134.61.36/32 route f322c6ca-4298-568b-81c7-a006ba6e6c88
or
nsx-edge-1> get logical-router 736a80e3-23f6-5a2d-81d6-bbefb2786666 forwarding 142.134.61.0/24
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL
IPv4 Forwarding Table
IP Prefix Gateway IP Type UUID Gateway MAC
142.134.61.0/24 route 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPv4 forwarding for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 3f37a518-0b5a-4833-be11-0f6df5e96421 forward
Logical Router Forwarding Table
==============================================================================================================
Prefix Gateway Interface
100.64.1.0/31 0.0.0.0 7f475e70-6919-42f4-a9ab-7c8381ef93c2
192.168.10.0/24 0.0.0.0 4891b955-a8cf-4e2f-b87f-ea1fc6c3b7a8
192.168.20.0/24 0.0.0.0 a12f6616-31bd-4d75-8972-bc75f3fe4392
Mode
Basic
Availability
KVM, NSX Cloud VM
Display forwarding for the specified logical router (ipv4).
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 forwarding
Logical Routers Forwarding Table - IPv4
------------------------------------------------------------------------------------------------------
Flags Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
[H: Host], [R: Reject], [B: Blackhole], [F: Soft Flush], [E: ECMP]
Network Gateway Type Interface UUID
=====================================================================================================
192.168.1.0/24 0.0.0.0 UCI 1c1a47f7-d314-4e74-a198-5568540e4284
192.168.2.0/24 0.0.0.0 UCI 53a15328-e7cb-4c97-b147-e7ee833754db
Mode
Basic
Availability
ESXi
Display forwarding for the specified logical router (ipv6).
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 forwarding
Logical Routers Forwarding Table - IPv6
-------------------------------------------------------------------------------------------------------
Flags Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
[H: Host], [R: Reject], [B: Blackhole], [F: Soft Flush], [E: ECMP]
Network Gateway Type Interface UUID
=====================================================================================================
2000::1/64 :: UCI 1c1a47f7-d314-4e74-a198-5568540e4284
3000::1/64 :: UCI 53a15328-e7cb-4c97-b147-e7ee833754db
Mode
Basic
Availability
ESXi
Display IPv6 forwarding for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 091a05dc-8080-41a2-a56f-baf6d32fb512 forwarding ipv6
Logical Router Forwarding Table
==============================================================================================================
Prefix Gateway Interface
2000:20::/64 :: a12f6616-31bd-4d75-8972-bc75f3fe4392
2000:10::/64 :: 4891b955-a8cf-4e2f-b87f-ea1fc6c3b7a8
fc88:474c:60c:2800::/64 :: 7f475e70-6919-42f4-a9ab-7c8381ef93c2
::/0 fc88:474c:60c:2800::1 7f475e70-6919-42f4-a9ab-7c8381ef93c2
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the high availability state history for the specified logical router. Only service routers have a high availability status. Use the
get logical-routers command to get a list of logical routers and their router types.| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> get logical-router 4e425c9e-09c6-4021-bbc7-fab2895a2c09 high-availability history state
State : Down
Event : Init
Resources :
Time : 2016-02-02 18:41:22.80
State : Active
Event : Node Up
Resources : 0
Time : 2016-02-02 18:41:26.91
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the high availability status for the specified logical router. Only service routers have a high availability status. Use the
get logical-routers command to get a list of logical routers and their router types.| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> get logical-router 4e425c9e-09c6-4021-bbc7-fab2895a2c09 high-availability status
Service Router
UUID : 4e425c9e-09c6-4021-bbc7-fab2895a2c09
state : Active
type : TIER0
mode : A/A
rank : 0
service count : 1
service score : 1
HA ports state
UUID : 733d7ed3-1daa-4c28-bc0a-77e3736fea14
op_state : Up
addresses : 169.0.0.2/28
Peer Routers
Node UUID : 3b34da96-ed06-11e8-9814-020063efb6dc
HA state : Active
Node UUID : 2e7dcee8-ed06-11e8-b593-020063334468
HA state : Active
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about a specific interface on the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <interface-id> | Logical Router interface id Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-router db6760b3-d9e2-44ef-b1c4-f56138665d71 interface 8b06827f-6325-4afd-b56d-6260ebf0a1a0
UUID: 8b06827f-6325-4afd-b56d-6260ebf0a1a0
Interface-Name: bp-sr0-port
Logical-Router-Id: 0x5
Id: 15240
Type: VXSTT
AdminStateUp: true
UrpfMode: PORT_CHECK
Subnets:
169.0.0.2/28
Mac: 02:50:56:00:00:06
Mtu: 0
Multicast-IP: 0.0.0.1
Flags: 0x204
DHCP-Server-IP:
Mode
Basic
Availability
Controller
Display interface information for the specified logical router and port.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 091a05dc-8080-41a2-a56f-baf6d32fb512 interface e1ce6498-b3ca-4000-a0f4-0734415044cf
Logical Router Interfaces
============================================================
Interface UUID : e1ce6498-b3ca-4000-a0f4-0734415044cf
IP/Mask : 100.64.1.1/31
MAC Address : 02:50:56:00:00:03
VNI : 58248
Flag : 1
DHCP relay : 192.168.33.1, 2001::192:168:33:1
RA-mode : SLAAC_DNS_THROUGH_RA(M=0, O=0)
DAD-mode : Loose
============================================================
Mode
Basic
Availability
KVM, NSX Cloud VM
Display information for the specified logical router instance.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 interface c66fc321-df74-4aaa-835e-95dc815fe7ae
Logical Router Interface
---------------------------------------------------------------------------
LIF UUID : c66fc321-df74-4aaa-835e-95dc815fe7ae
Mode : ['Routing']
Overlay VNI : 27530
IP : 172.16.130.1
IP mask : 255.255.255.0
Mac : 02:50:56:56:44:52
Connected DVS : nsxvswitch
Control plane enable : True
Replication Mode : 0.0.0.1
State : ['Enabled']
Flags : 0x2388
DHCP relay : Not enable
Mode
Basic
Availability
ESXi
Display interface instance stats for a logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx1> get logical-router a485769d-dc65-4197-b3c9-9a200033e3ea interface e2f2ee21-871a-4c39-8640-2501b9bb871d stats
Logical Router Interface Stats
---------------------------------------------------------------------------
RX Unicast Packets : 0
RX Unicast Bytes : 0
TX Unicast Packets : 0
TX Unicast Bytes : 0
RX Broadcast Packets : 0
RX Broadcast Bytes : 0
TX Broadcast Packets : 4
TX Broadcast Bytes : 240
RX Multicast Packets : 0
RX Multicast Bytes : 0
RX Packets System Error : 0
TX Ref Errors : 0
Packets Deferred Free : 0
RX Packets Dropped : 0
LIF IPv4 Net Statistics
IP & ARP packets RX : 0
IP & ARP packets TX : 4
...
IPv6 Route not found to Dest : 0
Neighbor not found : 0
Mode
Basic
Availability
ESXi
Display interface statistics for the specified logical router and port.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm> get logical-router 96252d7f-1d01-40e7-8f1e-6e3305f22af5 interface 7edd998a-0dfd-4c36-92eb-1bd1d48976ec stats
Logical Router Interface Stats
---------------------------------------------------------------------------
IPv4 Packets RX : 4791
IPv4 Packets TX : 0
IPv4 RX Packets Drops : 0
IPv4 TX Packets Drops : 0
IPv4 TTL Zero Drops : 0
IPv4 uRPF Drops : 0
IPv6 Packets RX : 56520
IPv6 Packets TX : 56432
IPv6 RX Packets Drops : 56459
IPv6 TX Packets Drops : 0
IPv6 TTL Zero Drops : 0
IPV6 uRPF Drops : 0
RS RX Packets : 4
RA TX Packets : 4170
Mode
Basic
Availability
KVM, NSX Cloud VM
Display interface statistics for the specified logical router and port.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <ip-version> | Internet Protocol Version (IPV4 or IPV6) Allowed values: ipv4, ipv6 |
Example
kvm> get logical-router 96252d7f-1d01-40e7-8f1e-6e3305f22af5 interface 7edd998a-0dfd-4c36-92eb-1bd1d48976ec stats ipv4
Logical Router Interface Stats
---------------------------------------------------------------------------
IPv4 Packets RX : 4791
IPv4 Packets TX : 0
IPv4 RX Packets Drops : 0
IPv4 TX Packets Drops : 0
IPv4 TTL Zero Drops : 0
IPv4 uRPF Drops : 0
kvm> get logical-router 96252d7f-1d01-40e7-8f1e-6e3305f22af5 interface 7edd998a-0dfd-4c36-92eb-1bd1d48976ec stats ipv6
Logical Router Interface Stats
---------------------------------------------------------------------------
IPv6 Packets RX : 56520
IPv6 Packets TX : 56432
IPv6 RX Packets Drops : 56459
IPv6 TX Packets Drops : 0
IPv6 TTL Zero Drops : 0
IPV6 uRPF Drops : 0
RS RX Packets : 4
RA TX Packets : 4170
Mode
Basic
Availability
KVM, NSX Cloud VM
Display interface instance stats for a logical router (ipv4).
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx1> get logical-router a485769d-dc65-4197-b3c9-9a200033e3ea interface e2f2ee21-871a-4c39-8640-2501b9bb871d stats ipv4
Logical Router Interface Stats
---------------------------------------------------------------------------
RX Unicast Packets : 0
RX Unicast Bytes : 0
TX Unicast Packets : 0
TX Unicast Bytes : 0
RX Broadcast Packets : 0
RX Broadcast Bytes : 0
TX Broadcast Packets : 4
TX Broadcast Bytes : 240
RX Multicast Packets : 0
RX Multicast Bytes : 0
RX Packets System Error : 0
TX Ref Errors : 0
Packets Deferred Free : 0
RX Packets Dropped : 0
LIF IPv4 Net Statistics
IP & ARP packets RX : 0
IP & ARP packets TX : 4
...
Route not found to Dest : 0
Neighbor not found : 0
Mode
Basic
Availability
ESXi
Display interface instance stats for a logical router (ipv6).
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx1> get logical-router a485769d-dc65-4197-b3c9-9a200033e3ea interface e2f2ee21-871a-4c39-8640-2501b9bb871d stats ipv6
Logical Router Interface Stats
---------------------------------------------------------------------------
RX Unicast Packets : 0
RX Unicast Bytes : 0
TX Unicast Packets : 0
TX Unicast Bytes : 0
RX Broadcast Packets : 0
RX Broadcast Bytes : 0
TX Broadcast Packets : 4
TX Broadcast Bytes : 240
RX Multicast Packets : 0
RX Multicast Bytes : 0
RX Packets System Error : 0
TX Ref Errors : 0
Packets Deferred Free : 0
RX Packets Dropped : 0
LIF IPv6 Net Statistics
IPv6 packets RX : 0
IPv6 packets TX : 0
...
IPv6 Route not found to Dest : 0
Neighbor not found : 0
Mode
Basic
Availability
ESXi
Display interface information for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 interfaces
Logical Router Interfaces
---------------------------------------------------------------------------
LIF UUID : c66fc321-df74-4aaa-835e-95dc815fe7ae
Mode : ['Routing']
Overlay VNI : 27530
IP : 172.16.130.1
IP mask : 255.255.255.0
Mac : 02:50:56:56:44:52
Connected DVS : nsxvswitch
Control plane enable : True
Replication Mode : 0.0.0.1
State : ['Enabled']
Flags : 0x2288
DHCP relay : Not enable
LIF UUID : be290c92-74ed-437c-bbf1-dd78673b6a5a
Mode : ['Routing']
Overlay VNI : 25480
IP : 172.16.120.1
IP mask : 255.255.255.0
Mac : 02:50:56:56:44:52
Connected DVS : nsxvswitch
Control plane enable : True
Replication Mode : 0.0.0.1
State : ['Enabled']
Flags : 0x2288
DHCP relay : Not enable
LIF UUID : f6ef3b50-64a0-4948-ab9e-9135963d4b8b
Mode : ['Routing-Backplane']
Overlay VNI : 37768
IP : 169.0.0.1
IP mask : 255.255.255.240
Mac : 02:50:56:56:44:52
Connected DVS : nsxvswitch
Control plane enable : True
Replication Mode : 0.0.0.1
State : ['Enabled']
Flags : 0x12308
DHCP relay : Not enable
LIF UUID : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
Mode : ['Routing']
Overlay VNI : 11145
IP : 172.16.110.1
IP mask : 255.255.255.0
Mac : 02:50:56:56:44:52
Connected DVS : nsxvswitch
Control plane enable : True
Replication Mode : 0.0.0.1
State : ['Enabled']
Flags : 0x2388
DHCP relay : Not enable
Mode
Basic
Availability
ESXi
Display all interfaces on the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-router db6760b3-d9e2-44ef-b1c4-f56138665d71 interfaces
Interface Type Id IP[] Urpf-Mode Admin-State-Up UUID
sr-0-loopback-port UNSET 0 127.0.0.1/8 NONE true 00003300-0000-0000-0000-000000000005
bp-sr0-port VXSTT 15240 169.0.0.2/28 PORT_CHECK true 8b06827f-6325-4afd-b56d-6260ebf0a1a0
97458be5-bf5e-44f8-a6b0-9fc32be347fc VXSTT 41864 100.64.1.1/31 PORT_CHECK true 97458be5-bf5e-44f8-a6b0-9fc32be347fc
Mode
Basic
Availability
Controller
Display interface information for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 091a05dc-8080-41a2-a56f-baf6d32fb512 interfaces
Logical Router Interfaces
============================================================
Interface UUID : e1ce6498-b3ca-4000-a0f4-0734415044cf
IP/Mask : 100.64.1.1/31
MAC Address : 02:50:56:00:00:03
VNI : 58248
Flag : 1
DHCP relay : Not enabled
RA-mode : RA_DISABLED
DAD-mode : Loose
============================================================
Interface UUID : d7c184c8-bf63-47c8-bf48-01836d0380e5
IP/Mask : 172.16.30.1/24
MAC Address : 02:50:56:56:44:52
VNI : 31624
Flag : 0
DHCP relay : 192.168.33.1, 2001::192:168:33:1
RA-mode : RA_DISABLED
DAD-mode : Loose
============================================================
Interface UUID : 07607708-9bc7-46fc-8d14-fc016b9297da
IP/Mask : 172.16.10.1/24
MAC Address : 02:50:56:56:44:52
VNI : 54152
Flag : 0
DHCP relay : Not enabled
RA-mode : RA_DISABLED
DAD-mode : Loose
============================================================
Interface UUID : b2d3d312-962e-4a79-864c-09304195b88a
IP/Mask : 172.16.20.1/24
MAC Address : 02:50:56:56:44:52
VNI : 52104
Flag : 0
DHCP relay : 192.168.33.1, 2001::192:168:33:1
RA-mode : RA_DISABLED
DAD-mode : Loose
============================================================
Mode
Basic
Availability
KVM, NSX Cloud VM
Display interface information for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 interfaces
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL
interfaces
interface : 9fd3c667-32db-5921-aaad-7a88c80b5e9f
ifuid : 258
mode : blackhole
interface : 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
ifuid : 261
mode : lif
IP/Mask : 142.134.61.36/24
MAC : 00:0c:29:5a:96:2b
VLAN id : untagged
LS port : 238d7422-e488-5cee-9639-1894b8ab56e2
urpf-mode : NONE
admin : up
op_state : up
MTU : 1600
interface : f322c6ca-4298-568b-81c7-a006ba6e6c88
ifuid : 257
mode : cpu
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the interface statistics for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router e9d3379d-aba7-4459-9262-18bc95eaeec1 interfaces stats
Logical Router
UUID : e9d3379d-aba7-4459-9262-18bc95eaeec1
VRF : 1
LR-ID : 1
name : R2
type : SERVICE_ROUTER_TIER0
Statistics
Interface Type RX PKTS TX PKTS RX BYTES TX BYTES RX Drops TX Drops
b83cb77f-ca34-595c-a3e1-76278f0dcb00 blackhole 0 0 0 0 0 0
4b115e5f-1395-54c3-aaf0-0de5736f99df cpu 8 0 648 0 8 0
6c427841-e151-4479-9184-4196cfcef3b6 lif 5563 11 1902546 462 5563 0
081e2e50-2f0e-42e1-8764-80a127dd3918 lif 0 0 0 0 0 0
00003300-0000-0000-0000-000000000002 loopback 8 0 648 0 8 0
Total 5579 11 1903842 462 5579 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the neighbor table for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 neighbor
Logical Router
UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
VRF : 6
LR-ID : 6
name : R3
type : DISTRIBUTED_ROUTER
neighbor
interface : c66fc321-df74-4aaa-835e-95dc815fe7ae
IP : 172.16.130.13
MAC : 00:50:56:8e:3e:0b
state : perm
interface : f6ef3b50-64a0-4948-ab9e-9135963d4b8b
IP : 169.0.0.2
MAC : 02:50:56:00:00:05
state : reach
timeout : 7
interface : be290c92-74ed-437c-bbf1-dd78673b6a5a
IP : 172.16.120.11
MAC : 00:50:56:8e:15:e5
state : reach
timeout : 24
interface : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
IP : 172.16.110.11
MAC : 00:50:56:8e:91:12
state : perm
Mode
Basic
Availability
Edge, Public Cloud Gateway
Lookup neighbor in (ARP/ND cache) for the specified logical router, using IP or MAC address.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <ip-or-mac-address> | IP or MAC address |
Example
kvm-1> get logical-router 1904e13f-757a-4f44-9f85-cb84678a1a16 neighbor 192.168.1.1
Logical Router Forwarding Table
============================================================
Prefix MAC State Timeout
192.168.1.1/24 02:50:56:56:44:52 Up 10
Mode
Basic
Availability
KVM, NSX Cloud VM
Display neighbor information (ARP/ND cache) for the specified logical router, using IP or MAC.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <ip-or-mac-address> | IP or MAC address |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 neighbor 172.16.130.1
Logical Routers Neighbors
--------------------------------------------------------------------------------------------------------------
Flags Legend: [S: Static], [V: Valid], [P: Proxy], [I: Interface]
[N: Nascent], [L: Local], [D: Deleted], [K: linKlif]
Network Mac Flags State SrcPort Refcnt Lif UUID
=================================================================================================================================
172.16.130.1 02:50:56:56:44:52 VI permanent 0 1 c66fc321-df74-4aaa-835e-95dc815fe7ae
Mode
Basic
Availability
ESXi
Display the neighbor table and statistics for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 neighbor stats
Logical Router
UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
VRF : 6
LR-ID : 6
name : R3
type : DISTRIBUTED_ROUTER
neighbor
interface : c66fc321-df74-4aaa-835e-95dc815fe7ae
IP : 172.16.130.13
MAC : 00:50:56:8e:3e:0b
state : perm
statistics
TX-Packets : 0
TX-Fails : 0
TX-Solicits : 0
TX-Solicit-Fails : 0
RX-Solicits : 0
RX-Unsolicits : 0
interface : f6ef3b50-64a0-4948-ab9e-9135963d4b8b
IP : 169.0.0.2
MAC : 02:50:56:00:00:05
state : reach
timeout : 325
statistics
TX-Packets : 1
TX-Fails : 0
TX-Solicits : 239
TX-Solicit-Fails : 0
RX-Solicits : 241
RX-Unsolicits : 0
interface : be290c92-74ed-437c-bbf1-dd78673b6a5a
IP : 172.16.120.11
MAC : 00:50:56:8e:15:e5
state : reach
timeout : 378
statistics
TX-Packets : 6
TX-Fails : 0
TX-Solicits : 261
TX-Solicit-Fails : 0
RX-Solicits : 233
RX-Unsolicits : 0
interface : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
IP : 172.16.110.11
MAC : 00:50:56:8e:91:12
state : perm
statistics
TX-Packets : 0
TX-Fails : 0
TX-Solicits : 0
TX-Solicit-Fails : 0
RX-Solicits : 0
RX-Unsolicits : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display arp entry information (ARP cache) for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get logical-router d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 neighbors
Logical Routers Neighbors
--------------------------------------------------------------------------------------------------------------
Flags Legend: [S: Static], [V: Valid], [P: Proxy], [I: Interface]
[N: Nascent], [L: Local], [D: Deleted], [K: linKlif]
Network Mac Flags State SrcPort Refcnt Lif UUID
=================================================================================================================================
172.16.130.1 02:50:56:56:44:52 VI permanent 0 1 c66fc321-df74-4aaa-835e-95dc815fe7ae
172.16.120.1 02:50:56:56:44:52 VI permanent 0 1 be290c92-74ed-437c-bbf1-dd78673b6a5a
169.0.0.1 02:50:56:56:44:52 VI permanent 0 1 f6ef3b50-64a0-4948-ab9e-9135963d4b8b
169.0.0.2 02:50:56:00:00:05 V 498 83886128 2 f6ef3b50-64a0-4948-ab9e-9135963d4b8b
172.16.110.1 02:50:56:56:44:52 VI permanent 0 1 3c139373-f8f7-441e-aac4-146d9b5ff3a6
172.16.110.11 00:50:56:8e:91:12 VL 488 83886132 18 3c139373-f8f7-441e-aac4-146d9b5ff3a6
20000000:00000000:00000000:00000001 02:50:56:56:44:52 VI permanent 0 1 1c1a47f7-d314-4e74-a198-5568540e4284
fe8089db:00000000:005056ff:fe564452 02:50:56:56:44:52 VI permanent 0 1 1c1a47f7-d314-4e74-a198-5568540e4284
Mode
Basic
Availability
ESXi
Display neighbor information (ARP cache) for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get logical-router 1904e13f-757a-4f44-9f85-cb84678a1a16 neighbors
Logical Router Forwarding Table
============================================================
Prefix MAC State Timeout
192.168.1.1/24 02:50:56:56:44:52 Up 10
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the routing table for the specified logical router.
You must specify a tier 0 service router in this command.
Use the
get logical-routers command to get a
list of logical routers and their router types.
Optionally specify a prefix or IPv6 address to display only the route used for that network.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be route 2002::/64
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 1
t1c> * 2002::/64 [3/0] via fca9:1c1c:96b2:e000::2, downlink-282, 00:56:03
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the routing table for the specified logical router.
You must specify a tier 0 service router in this command.
Use the
get logical-routers command to get a
list of logical routers and their router types.
Optionally specify a prefix or IPv4 address to display only the route used for that network.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be route 22.3.3.0/24
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 1
t0s> * 22.3.3.0/24 [103/0] via 50.50.50.10, uplink-273, 00:52:33
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPv4 BGP routes for a specified prefix in RIB.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be route bgp 2.1.0.0/16
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
b > * 2.1.4.0/24 [20/0] via 40.40.40.10, uplink-276, 21:12:29
b > * 2.1.5.0/24 [20/0] via 90.90.90.10, uplink-282, 21:12:10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPv4 Connected routes for a specified prefix in RIB.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be route connected 1.0.0.0/8
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
t0c> * 1.1.3.0/24 is directly connected, downlink-294, 21:17:14
t0c> * 1.2.3.0/24 is directly connected, downlink-297, 21:17:04
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display IPv4 Static routes for a specified prefix in RIB.
get logical-router command
also displays Tier 0 NAT, Tier 1 NAT, Tier 1 connected,
Load balancer routes along with Tier 0 & Tier 1 static routes
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <prefix> | Network Address argument |
Example
nsx-edge-1> get logical-router 3a57c438-7ee9-4ba2-92ef-6f758931e1be route static 1.1.0.0/16
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
t1c> * 1.1.2.0/24 [3/0] via 100.64.1.1, downlink-298, 21:10:43
t1c> * 1.1.1.0/25 [3/0] via 100.64.1.1, downlink-298, 21:10:43
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get all routing Config entities on the specified Service Router.
| Option | Description |
|---|---|
| <uuid> | Logical Router identifier Allowed pattern: ^[0-9]+$|^0x[0-9a-fA-F]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Mode
Basic
Availability
Controller
Display statistics for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router 736a80e3-23f6-5a2d-81d6-bbefb2786666 stats
Logical Router
UUID : 736a80e3-23f6-5a2d-81d6-bbefb2786666
VRF : 0
LR-ID : 0
name : R1
type : TUNNEL
Statistics
Dropped No Memory : 0
Dropped No Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display interface information for the specified logical router.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router interface 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
interface : 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
ifuid : 261
VRF : 736a80e3-23f6-5a2d-81d6-bbefb2786666
mode : lif
IP/Mask : 142.134.61.36/24
MAC : 00:0c:29:5a:96:2b
VLAN id : untagged
LS port : 238d7422-e488-5cee-9639-1894b8ab56e2
urpf-mode : NONE
admin : up
op_state : up
MTU : 1600
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display ARP proxy for a logical router port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router interface 1faf61ce-9da1-4aad-a8c6-80abd02c7e33 arp-proxy
interface : 1faf61ce-9da1-4aad-a8c6-80abd02c7e33
ifuid : 274
VRF : be3543f5-7b8c-4888-b9ef-5a5ffbf09686
name : UPLINK_PLR_SR1
mode : lif
MAC : 02:00:29:10:43:07
admin : up
op_state : up
arp_proxy : 40.40.10.60, 40.40.10.50, 40.40.10.55
: 40.40.10.100, 40.40.10.110
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the neighbor table for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router interface 3c139373-f8f7-441e-aac4-146d9b5ff3a6 neighbor
interface : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
IP : 172.16.110.12
MAC : 00:0c:29:4d:09:19
state : perm
interface : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
IP : 172.16.110.11
MAC : 00:50:56:8e:91:12
state : perm
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified logical router interface.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-router interface 6c427841-e151-4479-9184-4196cfcef3b6 stats
interface : 6c427841-e151-4479-9184-4196cfcef3b6
ifuid : 266
VRF : e9d3379d-aba7-4459-9262-18bc95eaeec1
IP/Mask : 172.20.1.60/24
MAC : 00:0c:29:5a:96:2b
VLAN id : 101
LS port : 986ab7c0-acda-465f-8cda-1b9b84cd2518
urpf-mode : STRICT_MODE
admin : up
op_state : up
MTU : 1600
statistics
RX-Packets : 1331
RX-Bytes : 455202
RX-Drops : 1331
Blocked : 0
DST-Unsupported: 1331
Firewall : 0
Malformed : 0
No-Receiver : 0
No-Route : 0
RPF-Check : 0
Protocol-Unsupported: 0
IPv6 : 0
Port-Unsupported: 0
TTL-Exceeded: 0
Kni : 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
TX-Packets : 11
TX-Bytes : 462
TX-Drops : 0
Blocked : 0
Firewall : 0
Frag-Needed : 0
No-ARP : 0
No-Memory : 0
No-Linked-Port: 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
IPsec-Policy-Error: 0
IPsec-Policy-Block: 0
IP Ressemble
Fragments-OK: 0
Fragemnts-Error: 0
Fragments-Timeout: 0
IP Fragment
Fragments-OK: 0
Fragments-Error: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information for all logical router interfaces.
Example
nsx-edge-1> get logical-router interfaces
interface : 9fd3c667-32db-5921-aaad-7a88c80b5e9f
ifuid : 258
VRF : 736a80e3-23f6-5a2d-81d6-bbefb2786666
mode : blackhole
interface : 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
ifuid : 261
VRF : 736a80e3-23f6-5a2d-81d6-bbefb2786666
mode : lif
IP/Mask : 142.134.61.36/24
MAC : 00:0c:29:5a:96:2b
VLAN id : untagged
LS port : 238d7422-e488-5cee-9639-1894b8ab56e2
urpf-mode : NONE
admin : up
op_state : up
MTU : 1600
interface : f322c6ca-4298-568b-81c7-a006ba6e6c88
ifuid : 257
VRF : 736a80e3-23f6-5a2d-81d6-bbefb2786666
mode : cpu
interface : b83cb77f-ca34-595c-a3e1-76278f0dcb00
ifuid : 265
VRF : e9d3379d-aba7-4459-9262-18bc95eaeec1
mode : blackhole
interface : 4b115e5f-1395-54c3-aaf0-0de5736f99df
ifuid : 264
VRF : e9d3379d-aba7-4459-9262-18bc95eaeec1
mode : cpu
interface : 6c427841-e151-4479-9184-4196cfcef3b6
ifuid : 266
VRF : e9d3379d-aba7-4459-9262-18bc95eaeec1
mode : lif
IP/Mask : 172.20.1.60/24
MAC : 00:0c:29:5a:96:2b
VLAN id : 101
LS port : 986ab7c0-acda-465f-8cda-1b9b84cd2518
urpf-mode : STRICT_MODE
admin : up
op_state : up
MTU : 1600
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for all logical router interfaces.
Example
nsx-edge-1> get logical-router interfaces stats
interface : 34ca595f-fa62-5ed4-afcc-a6ef0195d4ed
ifuid : 261
VRF : 736a80e3-23f6-5a2d-81d6-bbefb2786666
IP/Mask : 142.134.61.36/24
MAC : 00:0c:29:5a:96:2b
VLAN id : untagged
LS port : 238d7422-e488-5cee-9639-1894b8ab56e2
urpf-mode : NONE
admin : up
op_state : up
MTU : 1600
statistics
RX-Packets : 768
RX-Bytes : 53788
RX-Drops : 210
Blocked : 0
DST-Unsupported: 21
Firewall : 0
Malformed : 0
No-Receiver : 0
No-Route : 0
RPF-Check : 0
Protocol-Unsupported: 101
IPv6 : 87
Port-Unsupported: 0
TTL-Exceeded: 0
Kni : 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
TX-Packets : 11
TX-Bytes : 462
TX-Drops : 0
Blocked : 0
Firewall : 0
Frag-Needed : 0
No-ARP : 0
No-Memory : 0
No-Linked-Port: 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
IPsec-Policy-Error: 0
IPsec-Policy-Block: 0
IP Ressemble
Fragments-OK: 0
Fragemnts-Error: 0
Fragments-Timeout: 0
IP Fragment
Fragments-OK: 0
Fragments-Error: 0
interface : 6c427841-e151-4479-9184-4196cfcef3b6
ifuid : 266
VRF : e9d3379d-aba7-4459-9262-18bc95eaeec1
IP/Mask : 172.20.1.60/24
MAC : 00:0c:29:5a:96:2b
VLAN id : 101
LS port : 986ab7c0-acda-465f-8cda-1b9b84cd2518
urpf-mode : STRICT_MODE
admin : up
op_state : up
MTU : 1600
statistics
RX-Packets : 1313
RX-Bytes : 449046
RX-Drops : 1313
Blocked : 0
DST-Unsupported: 1313
Firewall : 0
Malformed : 0
No-Receiver : 0
No-Route : 0
RPF-Check : 0
Protocol-Unsupported: 0
IPv6 : 0
Port-Unsupported: 0
TTL-Exceeded: 0
Kni : 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
TX-Packets : 11
TX-Bytes : 462
TX-Drops : 0
Blocked : 0
Firewall : 0
Frag-Needed : 0
No-ARP : 0
No-Memory : 0
No-Linked-Port: 0
IPsec : 0
IPsec-NoSA : 0
IPsec-NoVTI : 0
IPsec-Policy-Error: 0
IPsec-Policy-Block: 0
IP Ressemble
Fragments-OK: 0
Fragemnts-Error: 0
Fragments-Timeout: 0
IP Fragment
Fragments-OK: 0
Fragments-Error: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the neighbor table for all logical router interfaces.
Example
nsx-edge-1> get logical-router neighbor
interface : 8d655fb8-fc5e-5c08-90f5-15de973a9c77
IP : 192.168.250.61
MAC : 00:50:56:62:58:be
state : reach
timeout : 287
interface : 4b3be9e1-1363-4a85-ac13-8f7ad5b1e842
IP : 192.168.130.1
MAC : 68:ef:bd:4e:98:7f
state : reach
timeout : 309
interface : ef76622f-52ea-425f-b7c9-6264bf11b667
IP : 169.0.0.2
MAC : 02:50:56:00:00:02
state : reach
timeout : 425
interface : c66fc321-df74-4aaa-835e-95dc815fe7ae
IP : 172.16.130.13
MAC : 00:50:56:8e:3e:0b
state : perm
interface : f6ef3b50-64a0-4948-ab9e-9135963d4b8b
IP : 169.0.0.2
MAC : 02:50:56:00:00:05
state : reach
timeout : 397
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display specific IPv4 routes from all the logical routers.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-controller-1> get logical-router routes 172.16.120.0/24
LR-Id Destination Next-Hop LR-Port-Id Blackhole Route-Type Admin-Distance Admin-State-Up Route-UUID
0x5 172.16.120.0/24 169.0.0.1 8b06827f-6325-4afd-b56d-6260ebf0a1a0 false NSX_CONNECTED 0 true 00000018-ac10-7800-0000-000000000005
Mode
Basic
Availability
Controller
Display information about all logical routers.
Example
nsx-edge-1> get logical-routers
Logical Router
UUID VRF LR-ID Name Type Ports
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 R1 TUNNEL 3
e9d3379d-aba7-4459-9262-18bc95eaeec1 1 1 R2 SERVICE_ROUTER_TIER0 5
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about logical routers on this hypervisor host.
Example
esx-1> get logical-routers
Logical Routers Summary
------------------------------------------------------------
VDR UUID LIF num Route num
d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8 4 7
Mode
Basic
Availability
ESXi
Display information about all logical routers.
Example
nsx-controller-1> get logical-routers
LR-Id LR-Name Hosts[] Service-Controller Router-Type ClusterId UUID
0x5 SR-46740ffe-9bf1-406e-816d-e200a45f0707 192.168.110.111 192.168.110.108 SERVICE_ROUTER_TIER1 00002000-0000-0000-0000-000000000001 db6760b3-d9e2-44ef-b1c4-f56138665d71
192.168.110.112
0x2 DR-ef64d966-56f0-4f3f-bb02-16d07de74b5c 192.168.110.111 192.168.110.108 DISTRIBUTED_ROUTER N/A ef64d966-56f0-4f3f-bb02-16d07de74b5c
192.168.110.112
0x1 DR-46740ffe-9bf1-406e-816d-e200a45f0707 192.168.110.111 192.168.110.108 DISTRIBUTED_ROUTER N/A 46740ffe-9bf1-406e-816d-e200a45f0707
192.168.210.52
192.168.110.112
192.168.210.51
0x3 SR-ef64d966-56f0-4f3f-bb02-16d07de74b5c 192.168.110.111 192.168.110.108 SERVICE_ROUTER_TIER0 00002000-0000-0000-0000-000000000002 19772688-b220-4a34-94a3-8a094dcdd979
0x4 SR-ef64d966-56f0-4f3f-bb02-16d07de74b5c 192.168.110.112 192.168.110.108 SERVICE_ROUTER_TIER0 00002000-0000-0000-0000-000000000002 2d1667ba-ed4a-49d0-8a1d-cd8a77c324bc
Mode
Basic
Availability
Controller
Display information about logical routers on this hypervisor host.
Example
kvm-1> get logical-routers
Logical Routers Summary
======================================================================
Router UUID ID Port Count
091a05dc-8080-41a2-a56f-baf6d32fb512 32769 4
c8e5b716-fbb2-44e9-8c69-e61db332c418 40961 3
Mode
Basic
Availability
KVM
Display information about logical routers asscociated with the VIF on this public cloud host.
Example
host-1> get logical-routers
Host Logical Routers Summary
======================================================================
Router UUID ID Port Count
091a05dc-8080-41a2-a56f-baf6d32fb512 32769 1
Mode
Basic
Availability
NSX Cloud VM
Display statistics for all logical routers.
Example
nsx-edge-1> get logical-router stats
Logical Router
UUID : 736a80e3-23f6-5a2d-81d6-bbefb2786666
VRF : 0
LR-ID : 0
name : R1
type : TUNNEL
Statistics
Dropped No Memory : 0
Dropped No Route : 0
Logical Router
UUID : e9d3379d-aba7-4459-9262-18bc95eaeec1
VRF : 1
LR-ID : 1
name : R2
type : SERVICE_ROUTER_TIER0
Statistics
Dropped No Memory : 0
Dropped No Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific logical service binding.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get logical-service binding 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
DHCP_ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
LOG_SWITCH_PORT_ID: 60905155-4378-4902-8528-7231a2f6d736
SERVICE_TYPE: DHCP
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all logical service bindings.
Example
nsx-edge-1> get logical-service bindings
DHCP_ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
LOG_SWITCH_PORT_ID: 60905155-4378-4902-8528-7231a2f6d736
SERVICE_TYPE: DHCP
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information for the specified logical service port. Optionally specify an argument to display the statistics.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-service port b836eacf-3d1c-5fc9-ab18-19dc0015a57e
lservice-port: b836eacf-3d1c-5fc9-ab18-19dc0015a57e
ifuid : 262
service-type: dhcp
IP : 192.168.110.50
MAC : 00:50:56:98:7d:d7
attach-port : 60905155-4378-4902-8528-7231a2f6d736
nsx-edge-1> get logical-service port b836eacf-3d1c-5fc9-ab18-19dc0015a57e stats
lservice-port: b836eacf-3d1c-5fc9-ab18-19dc0015a57e
ifuid : 262
service-type: dhcp
Statistics
RX-Packets : 16
RX-Bytes : 1080
RX-Drops : 0
Slowpath : 0
Kni : 0
Malformed : 0
No-DHCP-Server: 0
No-Match : 0
TX-Packets : 10
TX-Bytes : 420
TX-Drops : 0
No-Memory : 0
No-Linked-Port: 0
nsx-edge-1> get logical-service port 80e93dd3-0eab-5f8a-96c5-80846c3711b5 stats
lservice-port: 80e93dd3-0eab-5f8a-96c5-80846c3711b5
ifuid : 276
service-type: mdproxy
status : UP
listen_status: UP
monitor_status: UP
err_msg :
Statistics
requests_from_clients : 5
requests_to_nova_server : 5
responses_to_clients : 5
succeeded_responses_from_nova_server: 4
error_responses_from_nova_server: 1
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Slowpath : 0
Kni : 0
Malformed : 0
No-DHCP-Server: 0
No-Match : 0
TX-Packets : 10
TX-Bytes : 420
TX-Drops : 0
No-Memory : 0
No-Linked-Port: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information for all logical service ports. Optionally specify an argument to display the statistics.
Example
nsx-edge-1> get logical-service ports
lservice-port: b836eacf-3d1c-5fc9-ab18-19dc0015a57e
ifuid : 262
service-type: dhcp
IP : 192.168.110.50
MAC : 00:50:56:98:7d:d7
attach-port : 60905155-4378-4902-8528-7231a2f6d736
nsx-edge-1> get logical-service ports stats
lservice-port: b836eacf-3d1c-5fc9-ab18-19dc0015a57e
ifuid : 262
service-type: dhcp
Statistics
RX-Packets : 16
RX-Bytes : 1080
RX-Drops : 0
Slowpath : 0
Kni : 0
Malformed : 0
No-DHCP-Server: 0
No-Match : 0
TX-Packets : 10
TX-Bytes : 420
TX-Drops : 0
No-Memory : 0
No-Linked-Port: 0
lservice-port: 80e93dd3-0eab-5f8a-96c5-80846c3711b5
ifuid : 276
service-type: mdproxy
status : ERROR
listen_status: UP
monitor_status: ERROR
err_msg : backend nova server connection is broken with reason: Connect to Peer Failure;
Statistics
requests_from_clients : 5
requests_to_nova_server : 5
responses_to_clients : 5
succeeded_responses_from_nova_server: 4
error_responses_from_nova_server: 1
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Slowpath : 0
Kni : 0
Malformed : 0
No-DHCP-Server: 0
No-Match : 0
TX-Packets : 10
TX-Bytes : 420
TX-Drops : 0
No-Memory : 0
No-Linked-Port: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the state of a specific logical service.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get logical-service state 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
NODE_ID: 3284f707-98f9-4e7c-b573-f7898dfa12ba
NODE_RANK: 0
PEER_MGMT_IP:
IPV4: 192.168.110.101
STATE: ACTIVE
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the state of all logical services.
Example
nsx-edge-1> get logical-service states
ID: 8bc04d52-b1f9-4258-8d13-b8fdbf031a0d
NODE_ID: 3284f707-98f9-4e7c-b573-f7898dfa12ba
NODE_RANK: 0
PEER_MGMT_IP:
IPV4: 192.168.110.101
STATE: ACTIVE
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
kvm-1> get logical-switch 0a8cb2ab-d15b-4b46-a6ee-0a1cd29be34d
Logical Switch
=======================================================
UUID : 0a8cb2ab-d15b-4b46-a6ee-0a1cd29be34d
VNI/VLAN : 31624
Is VLAN backed : True
Replication mode: mtep
Controller IP : 192.168.110.51
Link status : Up
VIF count : 1
MAC entry count : 0
TEP entry count : 4
ARP entry count : 0
Mode
Basic
Availability
KVM, NSX Cloud VM
Display information about the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
esx-1> get logical-switch bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff
Logical Switch
-----------------------------------------------------------------
Host Kernel Entry
==================================================
DVS name : nsxvswitch
VNI : 11145
Multicast IP : 0.0.0.1
Multicast proxy enable : True
ARP proxy enable : True
CP connection up : True
Controller IP : 192.168.110.108
MAC entry count : 2
ARP entry count : 0
VIF entry count : 2
MTEP entry count : 0
LCP Entry
=================================================================
Logical switch UUID : bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff
VNI : 11145
Replication mode : unicast mtep
Transport binding : None
Vlan ID : None
Admin state up : True
Mode
Basic
Availability
ESXi
Display the ARP table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
esx-1> get logical-switch bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff arp-table
Logical Switch ARP Table
--------------------------------------------------
Host Kernel Entry
==================================================
IP MAC Flags
LCP Remote Entry
==================================================
IP MAC
LCP Local Entry
==================================================
IP MAC
172.16.110.11 00:50:56:8e:91:12
172.16.110.12 00:0c:29:4d:09:19
Mode
Basic
Availability
ESXi
Display the ARP table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
kvm-1> get logical-switch 29576 arp-table
Logical Switch ARP Table
==================================================
IP MAC
10.144.13.29 00:01:02:03:42:11
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the MAC table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
esx-1> get logical-switch bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff mac-table
Logical Switch MAC Table
---------------------------------------------------------------------------
Host Kernel Entry
===========================================================================
Inner MAC Outer MAC Outer IP Flags
02:50:56:56:44:52 02:50:56:00:00:00 192.168.250.60 0xd
00:50:56:8e:3e:0b 00:50:56:62:58:be 192.168.250.61 0xf
LCP Remote Entry
===========================================================================
Inner MAC Outer MAC Outer IP
LCP Local Entry
===========================================================================
Inner MAC Outer MAC Outer IP
00:50:56:8e:91:12 00:50:56:69:ba:80 192.168.250.62
00:0c:29:4d:09:19 00:50:56:69:ba:80 192.168.250.62
Mode
Basic
Availability
ESXi
Display the MAC table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
kvm-1> get logical-switch 29576 mac-table
Logical Switch MAC Table
============================================================
MAC VTEP Label
00:01:02:00:00:03 124928
00:01:02:00:00:04 124928
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the ND table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
esx-1> get logical-switch bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff nd-table
Logical Switch ND Table
---------------------------------------------------------------------------
Host Kernel Entry
===========================================================================
IP MAC Flags
2001:bd6::c:2957:201:51 00:0c:29:dc:80:b5 0x3
LCP Remote Entry
===========================================================================
IP MAC
2001:bd6::c:2957:201:51 00:0c:29:dc:80:b5
fe80::20c:29ff:fedc:80b5 00:0c:29:dc:80:b5
LCP Local Entry
===========================================================================
IP MAC
2001:bd6::c:2957:192:212 00:0c:29:f8:cb:9f
fe80::20c:29ff:fef8:cb9f 00:0c:29:f8:cb:9f
Mode
Basic
Availability
ESXi
Display ports on the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
kvm-1> get logical-switch 0a8cb2ab-d15b-4b46-a6ee-0a1cd29be34d ports
Logical Switch Ports
============================================================
Port UUID : 59d3da36-d5f8-43d0-bca0-ae98c593861c
Status : up
VIF UUID : 57601300-2e82-48c4-8c27-1e961ac70e81
Snoop Mode : dhcp
============================================================
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the VTEP table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
kvm-1> get logical-switch 0a8cb2ab-d15b-4b46-a6ee-0a1cd29be34d vtep
Logical Switch VTEP Table
==============================
Label VTEP IP
114689 192.168.140.154
2049 192.168.140.153
102401 192.168.150.151
79873 192.168.150.152
Mode
Basic
Availability
KVM, NSX Cloud VM
Display the VTEP table for the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch identifier UUID, VNI or vlan:VLAN-ID |
Example
esx-1> get logical-switch bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff vtep-table
Logical Switch VTEP Table
-----------------------------------------------------------------------------------------------
Host Kernel Entry
===============================================================================================
Label VTEP IP Segment ID Is MTEP VTEP MAC BFD count
114689 192.168.250.60 192.168.250.0 False 02:50:56:00:00:00 1
40961 192.168.250.61 192.168.250.0 False 00:50:56:62:58:be 1
LCP Remote Entry
===============================================================================================
Label VTEP IP Segment ID VTEP MAC DEVICE NAME
114689 192.168.250.60 192.168.250.0 02:50:56:00:00:00 None
40961 192.168.250.61 192.168.250.0 00:50:56:62:58:be None
LCP Local Entry
===============================================================================================
Label VTEP IP Segment ID VTEP MAC DEVICE NAME
36865 192.168.250.62 192.168.250.0 00:50:56:69:ba:80 None
Mode
Basic
Availability
ESXi
Display information about the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the mac address table for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c mac-address-table
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
MAC-Table:
MAC : 00:50:56:8e:9a:a5
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
IFUID : 295
LOCAL : 192.168.250.162
REMOTE : 192.168.250.160
ENCAP : STT
MAC : 02:50:56:56:44:52
Port : bbe56ae2-0bc1-46c0-b334-a241e2a56193
IFUID : 280
MAC : 00:50:56:8e:1b:21
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
IFUID : 296
LOCAL : 192.168.250.162
REMOTE : 192.168.250.161
ENCAP : STT
MAC : 04:00:c0:a8:fa:a2
Port : bbe56ae2-0bc1-46c0-b334-a241e2a56193
IFUID : 280
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the ARP/NDP table for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c neighbor
Logical Switch
UUID : 00000004-0000-0000-0000-000000000000
VNI : 1
ENCAP : GENEVE
Replication : source
Enable Hub : True
Neighbor
IP : 11.1.1.1
MAC : c2:81:09:00:00:11
IP : 11:1:1::1
MAC : c2:81:09:00:00:11
IP : fe80::c081:9ff:fe00:11
MAC : c2:81:09:00:00:11
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display port information for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c ports
LogSwitchPort-ID LogSwitch-ID Child-UUID Child-EntityType TransportNode-ID
335bbfdc-d6d6-4d87-8fb1-b98614fff1d8 857212c6-3d87-4a4a-9700-0c9d23f74f1c c78a1655-228c-493b-88cf-6b77dafe908d VIF 857212c6-3d87-4a4a-9700-0c9d23f74f1c
593d2540-bb7b-4abe-ad78-8727ebd5c1d2 857212c6-3d87-4a4a-9700-0c9d23f74f1c null LOG_SWITCH 857212c6-3d87-4a4a-9700-0c9d23f74f1c
abcd12c6-3d87-4a4a-9700-0c9d23f74f1c
Mode
Basic
Availability
Controller
Display port information for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c ports
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
Ports
Port : bbe56ae2-0bc1-46c0-b334-a241e2a56193
IFUID : 280
Peer : 70b21c84-cf3b-4fc3-a442-a941ba86ef48
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display port statistics for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 973b00a2-3be8-4e01-9824-3c6b7e2bf690 ports stats
Logical Switch
UUID : 973b00a2-3be8-4e01-9824-3c6b7e2bf690
VLAN : 100
device : fp-eth0
IFUID : 0
Ports
Port : 783a05cd-033d-4891-ad11-7c082641e069
RX-Packets : 8690
RX-Bytes : 587073
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 10188
TX-Bytes : 687181
TX-Drops : 0
No-Memory : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the tunnel information for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c tunnel-ports
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
Tunnels
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
IFUID : 295
LOCAL : 192.168.250.162
REMOTE : 192.168.250.160
ENCAP : STT
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
IFUID : 296
LOCAL : 192.168.250.162
REMOTE : 192.168.250.161
ENCAP : STT
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the tunnel endpoint table for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c vtep-table
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
Replication Tunnels
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
IFUID : 295
LOCAL : 192.168.250.162
REMOTE : 192.168.250.160
ENCAP : STT
MTEP : False
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
IFUID : 296
LOCAL : 192.168.250.162
REMOTE : 192.168.250.161
ENCAP : STT
MTEP : False
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified logical switch. Use the
get logical-switches command to get a list of all logical switches. You can use the VNI or UUID to specify the logical switch.| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI UUID
5000 857212c6-3d87-4a4a-9700-0c9d23f74f1c
or
nsx-controller-1> get logical-switch 5000
VNI UUID
5000 857212c6-3d87-4a4a-9700-0c9d23f74f1c
Mode
Basic
Availability
Controller
Display the ARP table for the specified logical switch.
| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c arp-table
VNI IP MAC TransportNodeId
5000 172.16.130.12 00:50:56:8e:1b:21 857212c6-3d87-5d5d-9700-0c9d23f74f1d
Mode
Basic
Availability
Controller
Display the MAC address table for the specified logical switch.
| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c mac-table
VNI MAC VTEP-IP TransportNodeId
5000 00:50:56:8e:1b:21 192.168.250.161 957612c6-4321-4a4a-9700-0c9d23f74f1c
5000 00:50:56:8e:9a:a5 192.168.250.160 857212c6-3d87-5d5d-9700-0c9d23f74f1d
Mode
Basic
Availability
Controller
Display statistics information about the specified logical switch.
| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c stats
LogSwitchFibMsg.vtep.update 4
LogSwitchFibMsg.vtep.remove 4
LogSwitchFibMsg.vtep.size 4
LogSwitchFibMsg.mac.update 4
LogSwitchFibMsg.mac.remove 4
LogSwitchFibMsg.mac.size 4
LogSwitchFibMsg.ip.update 4
LogSwitchFibMsg.ip.remove 4
LogSwitchFibMsg.ip.size 4
Mode
Basic
Availability
Controller
Display transport nodes which joined a given logical switch.
| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c transport-node-table
TransportNodeId
857212c6-3d87-4a4a-9700-0c9d23f74f1c
857212c6-3d87-3d3d-9700-0c9d23f74f1d
857212c6-3d87-5c5c-9700-0c9d23f74f1f
Mode
Basic
Availability
Controller
Display all virtual tunnel end points related to the specified logical switch.
| Option | Description |
|---|---|
| <vni-or-uuid> | VNI or UUID argument Allowed pattern: ^[0-9]+$|^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch 857212c6-3d87-4a4a-9700-0c9d23f74f1c vtep
VNI IP LABEL Segment MAC TransportNodeId
5000 192.168.250.163 0x18801 192.168.250.0 04:00:c0:a8:fa:a3 857212c6-3d87-4a4a-9700-0c9d23f74f1c
5000 192.168.250.162 0xC801 192.168.250.0 04:00:c0:a8:fa:a2 857212c6-3d87-4a4a-9700-0c9d23f74f1d
5000 192.168.250.161 0x3001 192.168.250.0 00:50:56:62:af:a4 857212c6-3d87-4a4a-9700-0c9d23f74f1e
5000 192.168.250.160 0xF001 192.168.250.0 00:50:56:67:4b:95 857212c6-3d87-4a4a-9700-0c9d23f74f1f
Mode
Basic
Availability
Controller
Display port information for the specified logical switch.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch port bbe56ae2-0bc1-46c0-b334-a241e2a56193
Port : bbe56ae2-0bc1-46c0-b334-a241e2a56193
IFUID : 280
Logical Switch: 857212c6-3d87-4a4a-9700-0c9d23f74f1c
Peer : 70b21c84-cf3b-4fc3-a442-a941ba86ef48
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified logical switch port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get logical-switch port 783a05cd-033d-4891-ad11-7c082641e069 stats
Port : 783a05cd-033d-4891-ad11-7c082641e069
RX-Packets : 4474
RX-Bytes : 302966
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 5527
TX-Bytes : 371568
TX-Drops : 0
No-Memory : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display ports for all logical switches.
Example
nsx-edge-1> get logical-switch ports
Port : 18c26214-ab90-45ab-a2e0-78de070f9eb6
IFUID : 279
Peer : 8c4f10d5-9c4e-40a2-b239-e2eae7d39a33
Port : 271d49b0-f052-4c0c-a79f-44636229e471
IFUID : 264
Peer : a62432b5-68e7-4f95-a3f8-1b63ee4b102a
Port : 7bd1dd3d-97eb-5312-9d0d-b26c148a4fac
IFUID : 261
Peer : c2a03cab-3bad-56f3-b5ae-442ad6599bcf
Port : bbe56ae2-0bc1-46c0-b334-a241e2a56193
IFUID : 280
Peer : 70b21c84-cf3b-4fc3-a442-a941ba86ef48
Port : 58845bb9-19fc-4ec2-826f-bcbe871f99b5
IFUID : 282
Peer : e4be0c73-57bc-4b4f-b10c-f3f858ff8ccc
Port : 783a05cd-033d-4891-ad11-7c082641e069
IFUID : 276
Peer : aaec58d9-5dca-49c7-b39e-cdd8cd75901d
Port : 4ca7839f-2308-43f0-a799-f82d3911c134
IFUID : 287
Peer : 3fe772aa-8594-47cf-8a3e-20a26081ba15
Port : fe9c5ba9-3641-497f-ab95-046ffbc9356f
IFUID : 275
Peer : c7bbfc17-fbb9-4a39-a04b-0df93d788b57
Port : 1ff51f67-9ffb-446a-ae08-0a4a74adbf29
IFUID : 274
Peer : d37160fc-6e17-4c5c-8af1-54064c480798
Port : 286d2aad-ad4e-4ad6-b6c6-5256f38e9265
IFUID : 286
Peer : 6da71663-ce1a-4c2a-8557-ecfd85f031f5
Port : 93e656e1-0625-4ec2-b34c-98f2774bc8d3
IFUID : 281
Peer : 6c03a210-75b7-4a0d-8d66-cedf3c3f0750
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display port statistics for all logical switches.
Example
nsx-edge-1> get logical-switch ports stats
Port : 18c26214-ab90-45ab-a2e0-78de070f9eb6
RX-Packets : 11123
RX-Bytes : 1088318
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 11141
TX-Bytes : 1089386
TX-Drops : 0
No-Memory : 0
Port : 271d49b0-f052-4c0c-a79f-44636229e471
RX-Packets : 11141
RX-Bytes : 1089386
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 11123
TX-Bytes : 1088318
TX-Drops : 0
No-Memory : 0
Port : 7bd1dd3d-97eb-5312-9d0d-b26c148a4fac
RX-Packets : 285577
RX-Bytes : 11994234
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 0
TX-Bytes : 0
TX-Drops : 0
No-Memory : 0
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display a specific logical switch's local or remote MAC, ARP, or VTEP information.
| Option | Description |
|---|---|
| <vni> | vni Allowed pattern: ^[0-9]+$ |
Example
ESXi-1> get logical-switch local mac-cache 48008
VM MAC VTEP IP VTEP MAC
00:0c:29:67:4e:5c 192.168.90.55 00:50:56:6d:74:bf
ESXi-1> get logical-switch remote arp-cache 48008
VM IP VM MAC
192.168.86.47 00:50:56:6d:35:2e
ESXi-1> get logical-switch local vtep-cache 48008
VTEP IP Label Segment ID VTEP MAC
192.168.90.55 96257 192.168.0.0 00:50:56:6d:74:bf
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Display information about the specified logical switch port.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get logical-switch-port 593d2540-bb7b-4abe-ad78-8727ebd5c1d2
LogSwitchPort-ID LogSwitch-ID Child-UUID Child-EntityType TransportNode-ID
593d2540-bb7b-4abe-ad78-8727ebd5c1d2 857212c6-3d87-4a4a-9700-0c9d23f74f1c null LOG_SWITCH 857212c6-3d87-4a4a-9700-0c9d23f74f1c
4f7d12c6-3d87-4a4a-9700-0c9d23f74f1c
9f4e12c6-3d87-4a4a-9700-0c9d2385ac6f
Mode
Basic
Availability
Controller
Display the status for logical switch ports on this hypervisor host.
Example
esx-host-1> get logical-switch-port status
Logical Port UUID Status DVSwitch ID Logical Switch
fa1d9fcb-94cc-4a00-b499-8413f4dcef1e up 4adaf34e-6ee4-4153-844b-485a5e30627c
9c6a1a36-b468-404c-8084-bebfb91d5a31 up 65 bf 59 08 cd 4e 42 04-bf b5 93 de 83 ee ba 56 4adaf34e-6ee4-4153-844b-485a5e30627c
Mode
Basic
Availability
ESXi
Display all logical switches associated with the VIF on this host.
Example
host-1> get logical-switches
Host Logical Switches Summary
============================================================
Switch UUID VNI/VLAN Port Count
4e0f3312-d8c5-42b7-95a5-def111d14671 vni:41864 1
Mode
Basic
Availability
NSX Cloud VM
Display all logical switches on this host.
Example
kvm-1> get logical-switches
Logical Switches Summary
============================================================
Switch UUID VNI/VLAN Port Count
16fa7892-df1b-4ffe-af87-3923efc8bdbe vni:64392 0
aacc41f2-7b32-4e0e-8679-6baff5bcbb64 vni:58248 0
da091cea-505c-4528-9b09-3f63efb8000d vni:54152 0
0a8cb2ab-d15b-4b46-a6ee-0a1cd29be34d vni:31624 1
d114f967-73aa-4dfc-8d59-a16de584b380 vni:52104 0
8b652ea8-86fe-4b03-9245-997fd2d7dfee vni:48008 0
Mode
Basic
Availability
KVM
Display information about all logical switches.
Example
nsx-edge-1> get logical-switches
Logical Switch
UUID : ea8c4460-6d15-49c5-a82e-6812a26b4200
VNI : 5001
ENCAP : STT
Replication : mtep
Logical Switch
UUID : 7943ca31-9c8a-402e-adeb-a83f5cf2455d
VNI : 7048
ENCAP : STT
Replication : mtep
Logical Switch
UUID : 1714bc89-a627-48b0-8699-9889db1f60fc
VNI : 11145
ENCAP : STT
Replication : mtep
Logical Switch
UUID : 973b00a2-3be8-4e01-9824-3c6b7e2bf690
VLAN : 100
device : fp-eth0
IFUID : 0
Logical Switch
UUID : 718f154a-c1d4-47b6-b692-11c615f91229
VNI : 11144
ENCAP : STT
Replication : mtep
Logical Switch
UUID : 857212c6-3d87-4a4a-9700-0c9d23f74f1c
VNI : 5000
ENCAP : STT
Replication : mtep
routing-domain: 00000007-0000-0000-0000-000000000000
Logical Switch
UUID : 1667b36f-dcee-5984-b401-fdc7c2f6564c
VLAN : 250
device : fp-eth1
IFUID : 1
Logical Switch
UUID : 01b59e17-d8f4-43ec-8727-7bcd3d0cc85c
VNI : 5002
ENCAP : STT
Replication : mtep
Logical Switch
UUID : 624814a5-2119-443a-ba75-9fb7452e8594
VNI : 69640
ENCAP : GENEVE
Replication : mtep
Enable Hub : True
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all logical switches.
Example
nsx-controller-1> get logical-switches
VNI UUID
15240 c31126b8-be8d-49a5-a7ab-d7c13f6013eb
5000 857212c6-3d87-4a4a-9700-0c9d23f74f1c
7048 7943ca31-9c8a-402e-adeb-a83f5cf2455d
19336 041d0ce3-4a26-415c-af4b-8324fb0a54fd
11144 718f154a-c1d4-47b6-b692-11c615f91229
41864 9985fd0a-c361-4a82-94cb-de004ce82834
Mode
Basic
Availability
Controller
Display all logical switches on this host.
Example
esx-1> get logical-switches
Logical Switches Summary
------------------------------------------------------------
Overlay Kernel Entry
============================================================
VNI DVS name VIF num
11145 nsxvswitch 2
37768 nsxvswitch 1
25480 nsxvswitch 1
27530 nsxvswitch 2
Overlay LCP Entry
============================================================
VNI Logical Switch UUID
25480 da4bd041-d19c-4a63-896e-98f50bf8b140
27530 4649f23c-6c5e-4681-a9d9-e7038074c7d0
37768 3b9fa53b-11d1-4685-9985-26fe9a05ea18
11145 bf543c67-3ffe-44dd-a1d3-57e7cd2e0aff
VLAN Backed Entry
============================================================
Logical Switch UUID VLAN ID
Mode
Basic
Availability
ESXi
Display a summary of all logical switch statistics.
Example
nsx-controller-1> get logical-switches stats
LogSwitchFibMsg.vtep.update 40
LogSwitchFibMsg.vtep.remove 40
LogSwitchFibMsg.vtep.size 40
LogSwitchFibMsg.mac.update 40
LogSwitchFibMsg.mac.remove 40
LogSwitchFibMsg.mac.size 40
LogSwitchFibMsg.ip.update 40
LogSwitchFibMsg.ip.remove 40
LogSwitchFibMsg.ip.size 40
Mode
Basic
Availability
Controller
Get maintenance mode
Example
nsx> get maintenance-mode
Maintenance Mode: enabled
Mode
Basic
Availability
ESXi, KVM
Get maintenance mode status.
Example
nsx-edge-1> get maintenance-mode
Maintenance Mode: disabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Show the current list of configured managers.
Example
nsx-controller1> get managers
- 10.1.1.101 Connected
- 10.1.1.102 Connected
- 10.1.1.103 Connected
Mode
Basic
Availability
Controller, Edge, ESXi, KVM, Public Cloud Gateway
Display a specific metadata proxy server.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> get mdproxy server d5845582-8cb5-4f6a-9d9d-d2641cd2fe55
EDGE_CLUSTER_ID: 5db40b38-05e2-4e00-ac90-74c6ff191911
EDGE_NODE_ID:
3284f707-98f9-4e7c-b573-f7898dfa12ba
ID: d5845582-8cb5-4f6a-9d9d-d2641cd2fe55
SECRET: ****
SERVER_URL: https://nova-server.example.com
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all metadata proxy servers.
Example
nsx-edge-1> get mdproxy servers
EDGE_CLUSTER_ID: 5db40b38-05e2-4e00-ac90-74c6ff191911
EDGE_NODE_ID:
3284f707-98f9-4e7c-b573-f7898dfa12ba
ID: d5845582-8cb5-4f6a-9d9d-d2641cd2fe55
SECRET: ****
SERVER_URL: https://nova-server.example.com
MONITOR_INTERVAL: 300
MONITOR_TIMEOUT: 15
MONITOR_RETRY: 3
SERVER_STATUS: CONNECTED
MONITOR_TOTAL_COUNT: 100
MONITOR_FAIL_COUNT: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the system memory information.
Example
nsx-manager-1> get memory-stats
MemTotal: 16430284 kB
MemFree: 10472728 kB
MemAvailable: 12800580 kB
Buffers: 363356 kB
Cached: 1820988 kB
SwapCached: 0 kB
Active: 4880696 kB
Inactive: 513728 kB
Active(anon): 3212444 kB
Inactive(anon): 368 kB
Active(file): 1668252 kB
Inactive(file): 513360 kB
Unevictable: 2348 kB
Mlocked: 2348 kB
SwapTotal: 3997692 kB
SwapFree: 3997692 kB
Dirty: 244 kB
Writeback: 0 kB
AnonPages: 3212392 kB
Mapped: 52056 kB
Shmem: 780 kB
Slab: 420328 kB
SReclaimable: 399656 kB
SUnreclaim: 20672 kB
KernelStack: 10512 kB
PageTables: 11940 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 12212832 kB
Committed_AS: 10288852 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 185388 kB
VmallocChunk: 34359440748 kB
HardwareCorrupted: 0 kB
AnonHugePages: 2764800 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 16320 kB
DirectMap2M: 16760832 kB
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the specified mirror session.
| Option | Description |
|---|---|
| <mirror-session-id> | Mirror session identifier UUID |
Example
kvm-1> get mirror-session 5a55a0e1-ec3e-40bd-9a49-1117119efe9a
Mirror Session
==========================================================
UUID : 5a55a0e1-ec3e-40bd-9a49-1117119efe9a
Direction : Both
Snap Length : 0
Source : 81286c82-67f4-40ab-84ab-1e705241134b
Destination : 10.10.10.1
EncapVlan :
OrigialVlan :
EncapType : GRE
GreKey : 0
ERspanID :
Filter :
Source IPs : 10.1.1.1
: 2000:1/64
Destination IPs : 20.1.1.1
: 2000:2/64
IP Protocol : TCP
Source Ports : 234
Destination Ports : 2999-4000
Action : Mirror
Mode
Basic
Availability
KVM
Display all mirror sessions on this host.
Example
kvm-1> get mirror-sessions
Mirror Session Summary
============================================================
Mirror UUID Direction Snap Length
5a55a0e1-ec3e-40bd-9a49-1117119efe9a Both 0
Mode
Basic
Availability
KVM
Get all name servers in the DNS configuration.
Example
nsx> get name-servers
192.168.110.10
192.168.110.11
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display a specific namespace config
| Option | Description |
|---|---|
| <string> | Generic string argument Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
Example
nsx-edge-1> get namespace status root
INTERFACE:
ADMIN_STATUS: True
IF_ID: 1
MTU: 65536
NAME: lo
VLAN_ID: 0
NAME: root
ROUTE:
DEVICE: eth0
NEXTHOP: 169957373
PREFIX:
IPV4: 0.0.0.0
PREFIX_LENGTH: 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all namespace configs.
Example
nsx-edge-1> get namespaces status
INTERFACE:
ADMIN_STATUS: True
IF_ID: 1
MTU: 65536
NAME: lo
VLAN_ID: 0
NAME: root
ROUTE:
DEVICE: eth0
NEXTHOP: 169957373
PREFIX:
IPV4: 0.0.0.0
PREFIX_LENGTH: 0
INTERFACE:
ADMIN_STATUS: True
IF_ID: 1
MTU: 65536
NAME: lo
VLAN_ID: 0
NAME: plr_sr
ROUTE:
DEVICE: lo
NEXTHOP: 0
PREFIX:
IPV4: 127.0.0.0
PREFIX_LENGTH: 32
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the neighbor table for the logical router in the VRF context.
Example
nsx-edge-1(vrf)> get context neighbor
Logical Router
UUID : d4c86bd9-cb52-4f38-b6b9-3bf521fa27f8
VRF : 6
LR-ID : 6
name : R3
type : DISTRIBUTED_ROUTER
neighbor
interface : c66fc321-df74-4aaa-835e-95dc815fe7ae
IP : 172.16.130.13
MAC : 00:50:56:8e:3e:0b
state : perm
interface : f6ef3b50-64a0-4948-ab9e-9135963d4b8b
IP : 169.0.0.2
MAC : 02:50:56:00:00:05
state : reach
timeout : 429
interface : be290c92-74ed-437c-bbf1-dd78673b6a5a
IP : 172.16.120.11
MAC : 00:50:56:8e:15:e5
state : reach
timeout : 482
interface : 3c139373-f8f7-441e-aac4-146d9b5ff3a6
IP : 172.16.110.11
MAC : 00:50:56:8e:91:12
state : perm
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the system network statistics.
Example
nsx-manager-1> get network-stats
Ip:
Total packets received: 165414209
Forwarded: 0
Incoming packets discarded: 0
Incoming packets delivered: 165187515
Requests sent out: 165175926
Icmp:
ICMP messages received: 157
ICMP messages failed: 5
ICMP input historgram:
Destination unreachable: 152
ICMP messages sent: 151
ICMP messages failed: 0
ICMP output historgram:
Destination unreachable: 151
IcmpMsg:
InType3: 152
InType8: 5
OutType3: 151
Tcp:
Active connections openings: 277703
Passive connection openings: 274411
Failed connection attempts: 3339
Connection resets attempts: 4921
Connections established: 160
Segments received: 164687995
Segments sent out: 164695227
Segments retransmitted: 28845
Bad segments received: 0
Resets sent: 22503
Udp:
Packets received: 499183
Packets to unknown port received: 151
Packet receive errors: 1
Packets sent: 454814
RcvbufErrors: 0
SndbufErrors: 0
UdpLite:
InDatagrams: 0
NoPorts: 0
InErrors: 0
OutDatagrams: 0
RcvbufErrors: 0
SndbufErrors: 0
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display upgrade status of the node.
Example
nsx-edge-1> get node upgrade status
Running "run_migration_tool" (step 7 of 10)
Running "start_manager" (step 8 of 10)
Running "update_upgrade_status" (step 9 of 10)
Running "finish_upgrade" (step 10 of 10)
Playbook finished successfully
Mode
Basic
Availability
Manager, Policy Manager
Display the UUID for the host.
Example
host-1> get node-uuid
f776222e-c95c-11e5-8e3e-23020aa2163f
Mode
Basic
Availability
ESXi, KVM
Show the UUID for the node.
Example
nsx> get node-uuid
uuid: 692eef9a-026e-4e24-8494-251990b2b4e3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the list of registered nodes.
Example
nsx-manager-1> get nodes
761ce797-9c70-483b-9436-41d3b8cd61f7 ctl nsxcontroller
b7d381b2-c253-11e7-a6e6-02000a0ebd5a edg nsxedge-1
b08873b8-c253-11e7-9bef-02000add0b5e edg nsxedge-2
3fb2bb34-c253-11e7-925b-07f31f93af9b esx esx-1
4b371be6-c253-11e7-a3ab-7f7cf7e9f11b esx esx-2
420b6c9a-7d61-fa6d-76c7-2faceaa8288c mgr nsxmanager
Mode
Basic
Availability
Manager
Display the status of the NTP system. The delay, offset and dispersion values are in seconds.
Example
nsx-manager-1> get ntp-server associations
remote refid st t when poll reach delay offset jitter
==============================================================================
0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000
*ns1-time1.corp. 10.0.0.1 4 u 23 64 3 1.902 0.223 0.221
+ns2-time2.corp. 10.0.0.2 5 u 22 64 3 3.340 -1.312 0.026
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display all NTP servers.
Example
nsx-manager-1> get ntp-servers
0.ubuntu.pool.ntp.org
1.ubuntu.pool.ntp.org
2.ubuntu.pool.ntp.org
3.ubuntu.pool.ntp.org
ntp.ubuntu.com
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the parent of the current interface.
Example
nsx-edge-1(path)> get parent
{
"arp_refresh_timeout": 600,
"number_arp_entries": 0,
"type": "SERVICE_ROUTER_TIER0",
"uuid": "f2a25dd6-4ceb-4bf5-8ad5-3e80d2970d60",
"vrf": 6
}
or
nsx-edge-1(path)> get parent
{
"encap": "STT",
"repl": "mtep",
"uuid": "d5af58f5-0616-46fd-af83-242d82983c65",
"vni": 39816
}
Mode
Path
Availability
Edge, Public Cloud Gateway
Display the path. The arrow indicates which interface is selected. Other commands, such as
get current, will display information about the selected interface.Example
nsx-edge-1(path)> get path
->interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
Mode
Path
Availability
Edge, Public Cloud Gateway
Display the specified physical port.
| Option | Description |
|---|---|
| <physical-port-name> | Datapath String argument |
Example
nsx-edge-1> get physical-port fp-eth1
Physical Port
DRIVER : rte_vmxnet3_pmd
DUPLEX : full
ID : 1
LINK : up
MAC : 00:50:56:a9:a2:e6
MTU : 1600
NAME : fp-eth1
OFFLOAD_CAPABILITIES : TX_VLAN_INSERT TX_UDP_CKSUM TX_TCP_CKSUM TX_TCP_TSO RX_VLAN_STRIP RX_UDP_CKSUM RX_TCP_CKSUM
PCI : 0000:13:00:00
POLLING_STATUS : active
RX_QUEUE : 1
SOCKET : -1
SPEED : 10000
TX_QUEUE : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified physical port.
| Option | Description |
|---|---|
| <physical-port-name> | Datapath String argument |
Example
nsx-edge-1> get physical-port fp-eth1 stats
Physical Port Stats
NAME : fp-eth1
RX_BYTES : 744689
RX_DROP_NO_MATCH : 0
RX_ERRORS : 0
RX_MISSES : 0
RX_NOMBUFS : 0
RX_PACKETS : 8984
TX_BYTES : 7140
TX_DROPS : 0
TX_ERRORS : 0
TX_PACKETS : 170
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display verbose statistics for the specified physical port.
| Option | Description |
|---|---|
| <physical-port-name> | Datapath String argument |
Example
nsx-edge-1> get physical-port fp-eth1 stats verbose
Physical Port Stats
NAME : fp-eth1
RX_BYTES : 749793
RX_DROP_NO_MATCH : 0
RX_ERRORS : 0
RX_MISSES : 0
RX_NOMBUFS : 0
RX_PACKETS : 9037
TX_BYTES : 7140
TX_DROPS : 0
TX_ERRORS : 0
TX_PACKETS : 170
QUEUES :
id rx_bytes rx_errors rx_packets tx_bytes tx_drops tx_packets
0 749793 0 9037 7140 0 170
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0
9 0 0 0 0 0 0
10 0 0 0 0 0 0
11 0 0 0 0 0 0
12 0 0 0 0 0 0
13 0 0 0 0 0 0
14 0 0 0 0 0 0
15 0 0 0 0 0 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display all physical ports.
Example
nsx-edge-1> get physical-ports
Physical Port
DRIVER : rte_vmxnet3_pmd
DUPLEX : full
ID : 0
LINK : up
MAC : 00:50:56:a9:51:09
MTU : 1500
NAME : fp-eth0
OFFLOAD_CAPABILITIES : TX_VLAN_INSERT TX_UDP_CKSUM TX_TCP_CKSUM TX_TCP_TSO RX_VLAN_STRIP RX_UDP_CKSUM RX_TCP_CKSUM
PCI : 0000:0b:00:00
POLLING_STATUS : inactive
RX_QUEUE : 1
SOCKET : -1
SPEED : 10000
TX_QUEUE : 1
Physical Port
DRIVER : rte_vmxnet3_pmd
DUPLEX : full
ID : 1
LINK : up
MAC : 00:50:56:a9:a2:e6
MTU : 1600
NAME : fp-eth1
OFFLOAD_CAPABILITIES : TX_VLAN_INSERT TX_UDP_CKSUM TX_TCP_CKSUM TX_TCP_TSO RX_VLAN_STRIP RX_UDP_CKSUM RX_TCP_CKSUM
PCI : 0000:13:00:00
POLLING_STATUS : active
RX_QUEUE : 1
SOCKET : -1
SPEED : 10000
TX_QUEUE : 1
Physical Port
DRIVER : rte_vmxnet3_pmd
DUPLEX : full
ID : 2
LINK : up
MAC : 00:50:56:a9:5b:33
MTU : 1500
NAME : fp-eth2
OFFLOAD_CAPABILITIES : TX_VLAN_INSERT TX_UDP_CKSUM TX_TCP_CKSUM TX_TCP_TSO RX_VLAN_STRIP RX_UDP_CKSUM RX_TCP_CKSUM
PCI : 0000:1b:00:00
POLLING_STATUS : inactive
RX_QUEUE : 1
SOCKET : -1
SPEED : 10000
TX_QUEUE : 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display port information on the current host.
Example
esx-1> get ports
PortNum Switch Client DVSPort MAC Uplink
==================================================================================================================================
50331649 DvsPortset-0 Management 00:00:00:00:00:00 n/a
50331650 DvsPortset-0 vmnic1 uplink1 00:00:00:00:00:00
50331651 DvsPortset-0 Shadow of vmnic1 00:50:56:58:d0:45 n/a
50331652 DvsPortset-0 vmk10 10 00:50:56:67:49:73 vmnic1
50331653 DvsPortset-0 vmk50 624ce7e0-b7ea-41de-ada6-a9b1a1 00:50:56:67:e8:1c void
f9ee67
50331654 DvsPortset-0 vdr-vdrPort vdrPort 02:50:56:56:44:52 vmnic1
50331655 DvsPortset-0 1-vm_ubuntu_1404_srv_64-local- 51f92d21-95dd-4b47-8569-db3ce6 00:0c:29:d9:7f:f5 vmnic1
935-d6f49164-29ef-4e24-aa24-20 61f2a5
2dac5e635c.eth1
Mode
Basic
Availability
ESXi
Display a snapshot of the system processes.
Example
nsx> get processes
top - 01:12:28 up 3 days, 1:51, 1 user, load average: 0.06, 0.05, 0.07
Tasks: 133 total, 1 running, 132 sleeping, 0 stopped, 0 zombie
%Cpu(s): 4.2 us, 0.9 sy, 0.0 ni, 94.7 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 16430712 total, 2604180 used, 13826532 free, 324432 buffers
KiB Swap: 3997692 total, 0 used, 3997692 free. 460404 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 33216 2564 1460 S 0.0 0.0 2:51.13 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:02.21 ksoftirqd/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root 20 0 0 0 0 S 0.0 0.0 1:23.74 rcu_preempt
8 root 20 0 0 0 0 S 0.0 0.0 0:39.39 rcuop/0
.
.
.
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about processes that are running. The display is updated every few seconds.
Example
nsx-manager-1> get processes monitor
top - 00:24:51 up 15 days, 6 min, 1 user, load average: 0.18, 0.16, 0.15
Tasks: 142 total, 2 running, 140 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.2 us, 1.3 sy, 0.0 ni, 92.3 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 16430284 total, 5863860 used, 10566424 free, 363284 buffers
KiB Swap: 3997692 total, 0 used, 3997692 free. 1732000 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1530 uproton 20 0 8867728 1.862g 23868 S 18.6 11.9 3041:54 java
2245 rabbitmq 20 0 1200504 110528 4568 S 4.6 0.7 484:17.48 beam.smp
1009 elastic+ 20 0 4611496 403996 15712 S 1.0 2.5 178:33.40 java
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about processes that are running. The display is updated every few seconds.
Example
nsx-manager-1> get processes monitor
top - 00:24:51 up 15 days, 6 min, 1 user, load average: 0.18, 0.16, 0.15
Tasks: 142 total, 2 running, 140 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.2 us, 1.3 sy, 0.0 ni, 92.3 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 16430284 total, 5863860 used, 10566424 free, 363284 buffers
KiB Swap: 3997692 total, 0 used, 3997692 free. 1732000 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1530 uproton 20 0 8867728 1.862g 23868 S 18.6 11.9 3041:54 java
2245 rabbitmq 20 0 1200504 110528 4568 S 4.6 0.7 484:17.48 beam.smp
1009 elastic+ 20 0 4611496 403996 15712 S 1.0 2.5 178:33.40 java
.
.
.
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Display the publication for the specified object.
| Option | Description |
|---|---|
| <uuid> | Object identifier Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get publication 00000000-0000-0000-0000-000000000001
<<<Interpreted by Dfw>>>
direction = RD_BOTH
span = 8c466583-4186-4caa-abf5-8a3ff9523722,8642a216-ec51-45af-a4b2-57685d094f7e
log = false
flow = false
priority = 2305843009213693951
action = RA_PASS
type = RT_LAYER2
id = 1
publication = 3
Mode
Basic
Availability
Controller
Dump publications to a file.
| Option | Description |
|---|---|
| <filename> | Filename argument Allowed pattern: ^[^/ *;&|]+$ |
Example
nsx-controller-1> get publication dump pubs000
/var/vmware/nsx/file-store/pubs000
Mode
Basic
Availability
Controller
Display publications for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get publications with transport-node 8c466583-4186-4caa-abf5-8a3ff9523722
id: 8266f308-e9d0-47bb-bd7f-d5b10d7661f5
id: 329e4c03-01cf-434b-829b-9718ae1f4c83
id: 00000000-0000-0000-0000-000000000001
id: 00000000-0000-0000-0000-000000000002
Mode
Basic
Availability
Controller
Get the realization status for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get realization status 7c72c4ae-8fe8-4449-a4e2-c5e53ab0bb4f
{u'VERTICAL_ID_DFW': 1191}
Mode
Basic
Availability
Controller
Display all connected receivers.
Example
nsx-controller-1> get receivers
['e97edc33-0b56-11e7-8af3-85d3287ccc85', '6a93350e-0b57-11e7-a82e-02002a4b8864', 'f763ddf5-0b56-11e7-84aa-81f3962a9a84']
Mode
Basic
Availability
Controller
Display detailed information of an IPv6 route in RIB. Specify a prefix or IPv6 address to display only the route used for that network.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get route 2005::/64
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 1
t0c> * 2005::/64 is directly connected, uplink-273, 00:52:46
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display detailed information of an IPv4 route in RIB. Specify a prefix or IPv4 address to display only the route used for that network.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get route 22.3.3.0/24
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 1
t0s> * 22.3.3.0/24 [103/0] via 50.50.50.10, uplink-273, 00:49:52
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display IPv4 BGP routes for a specified prefix in RIB.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get route bgp 2.1.0.0/16
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
b > * 2.1.4.0/24 [20/0] via 40.40.40.10, uplink-276, 21:12:29
b > * 2.1.5.0/24 [20/0] via 90.90.90.10, uplink-282, 21:12:10
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display IPv4 Connected routes for a specified prefix in RIB.
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get route connected 1.0.0.0/8
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
t0c> * 1.1.3.0/24 is directly connected, downlink-294, 21:17:14
t0c> * 1.2.3.0/24 is directly connected, downlink-297, 21:17:04
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display the specified IPv4 route.
| Option | Description |
|---|---|
| <prefix> | CIDR notation argument |
Example
nsx> get route prefix 192.168.110.0/24
192.168.110.0/24 interface eth0
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display IPv4 Static routes for a specified prefix in RIB.
get route static command also displays
Tier 0 NAT, Tier 1 NAT, Tier 1 connected, Load balancer routes
along with Tier 0 & Tier 1 static routes
| Option | Description |
|---|---|
| <prefix> | Network Address argument |
Example
nsx-edge-1(tier0_sr)> get route static 1.1.0.0/16
Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,
t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route
Total number of routes: 2
t1c> * 1.1.2.0/24 [3/0] via 100.64.1.1, downlink-298, 21:10:43
t1c> * 1.1.1.0/25 [3/0] via 100.64.1.1, downlink-298, 21:10:43
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Display all configured IPv4 routes.
Example
nsx> get routes
0.0.0.0/0 gateway 192.168.110.1 interface eth0
192.168.110.0/24 interface eth0
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the specified routing domain.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge> get routing-domain b16a3ce5-e61d-43b4-b45b-66d29c8d3cf0
Routing Domain
UUID : b16a3ce5-e61d-43b4-b45b-66d29c8d3cf0
Replication Tunnels
Tunnel : 1e44a970-86e0-5a76-9e4f-ecc676b45148
IFUID : 264
Local : 200.200.200.3
Remote : 200.200.200.4
ENCAP : GENEVE
MTEP : False
Tunnel : 7305d7f1-3e84-5df6-9fdb-e29e76148542
IFUID : 273
Local : 200.200.200.3
Remote : 200.200.200.2
ENCAP : GENEVE
MTEP : False
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about the specified routing domain.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
esx-1> get routing-domain e168bb77-80f2-4cd5-8731-86025e095a78
Realized State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Replication Tunnels
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.99
Remote-subnet: /192.168.111.0
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.144
Remote-subnet: /192.168.111.0
Mode
Basic
Availability
ESXi
Display information about the specified routing domain.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
kvm-1> get routing-domain e168bb77-80f2-4cd5-8731-86025e095a78
Desired State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Realized State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Replication Tunnels
Tunnel : "geneve3232264035"
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.99
Remote-subnet: /192.168.111.0
Tunnel : "geneve3232264080"
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.144
Remote-subnet: /192.168.111.0
Mode
Basic
Availability
KVM
Display information about all routing domains.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get routing-domain 857212c6-3d87-4a4a-9700-0c9d23f74f1c vtep
Routing-Domain-ID IP LABEL Segment MAC TransportNodeId
857212c6-3d87-4a4a-9700-0c9d23f74f1c 192.168.250.163 0x18801 192.168.250.0 04:00:c0:a8:fa:a3 857212c6-3d87-4a4a-9700-0c9d23f74f1c
99999999-3d87-4a4a-9700-0c9d23f74f1c 192.168.250.162 0xC801 192.168.250.0 04:00:c0:a8:fa:a2 857212c6-3d87-4a4a-9700-0c9d23f74f1d
Mode
Basic
Availability
Controller
Display information about all routing domains.
Example
esx-1> get routing-domains
Desired State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Realized State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Replication Tunnels
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.99
Remote-subnet: /192.168.111.0
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.144
Remote-subnet: /192.168.111.0
Mode
Basic
Availability
ESXi
Display information about all routing domains.
Example
kvm-1> get routing-domains
Desired State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Realized State:
Routing Domain
UUID : e168bb77-80f2-4cd5-8731-86025e095a78
Replication Tunnels
Tunnel : "geneve3232264035"
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.99
Remote-subnet: /192.168.111.0
Tunnel : "geneve3232264080"
ENCAP : GENEVE
Local : 192.168.111.124
Local-subnet: /192.168.111.0
Remote : 192.168.111.144
Remote-subnet: /192.168.111.0
Mode
Basic
Availability
KVM
Display information about all routing domains.
Example
nsx-edge> get routing-domain
Routing Domain
UUID : b16a3ce5-e61d-43b4-b45b-66d29c8d3cf0
Replication Tunnels
Tunnel : 1e44a970-86e0-5a76-9e4f-ecc676b45148
IFUID : 264
Local : 200.200.200.3
Remote : 200.200.200.4
ENCAP : GENEVE
MTEP : False
Tunnel : 7305d7f1-3e84-5df6-9fdb-e29e76148542
IFUID : 273
Local : 200.200.200.3
Remote : 200.200.200.2
ENCAP : GENEVE
MTEP : False
Routing Domain
UUID : bca731e7-171e-4ca0-82c2-2df4974a44a7
Replication Tunnels
Tunnel : 1e44a970-86e0-5a76-9e4f-ecc676b45148
IFUID : 264
Local : 200.200.200.3
Remote : 200.200.200.4
ENCAP : GENEVE
MTEP : False
Tunnel : 7305d7f1-3e84-5df6-9fdb-e29e76148542
IFUID : 273
Local : 200.200.200.3
Remote : 200.200.200.2
ENCAP : GENEVE
MTEP : False
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all routing domains.
Example
nsx-controller-1> get routing-domains
Desired State:
Routing-Domain
c31126b8-be8d-49a5-a7ab-d7c13f6013eb
857212c6-3d87-4a4a-9700-0c9d23f74f1c
Mode
Basic
Availability
Controller
Get all domain names in the DNS search list.
Example
nsx> get search-domains
eng.example.com
corp.example.com
example.com
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the specified service.
| Option | Description |
|---|---|
| <service-name> | Node service argument |
Example
nsx> get service snmp
Service name: snmp
Service state: running
Start on boot: True
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display global logging configuration.
Example
nsx-controller-1> get service controller logging-config
Name: LogLevel: debug
Name: BarrierSplitter LogLevel: debug
Name: BgpConfigSplitter LogLevel: debug
Name: BgpNeighborSplitter LogLevel: debug
Name: BridgeClusterSplitter LogLevel: debug
Name: CommunityListSplitter LogLevel: debug
Name: ContainerSplitter LogLevel: debug
Name: DependencyGraphSpanUpdaterImpl:DepGraph LogLevel: debug
Name: DependencyGraphSpanUpdaterImpl:SrcGraph LogLevel: debug
Name: DhcpIpPoolSplitter LogLevel: debug
Name: DhcpRelaySplitter LogLevel: debug
Name: DhcpStaticBindingSplitter LogLevel: debug
Name: DigraphSpanComputerImpl LogLevel: debug
Name: DneRuleSectionSplitter LogLevel: debug
Name: DneRuleSplitter LogLevel: debug
Name: FilterSpanSplitter LogLevel: debug
Name: GlobalRoutingSplitter LogLevel: debug
.
.
.
Mode
Basic
Availability
Controller
Display the logging configuration for components that have the specified log level.
| Option | Description |
|---|---|
| <level> | The controller service logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-controller-1> get service controller logging-config logging-level error
Name: BgpConfigSplitter LogLevel: error
Name: DhcpIpPoolSplitter LogLevel: error
Mode
Basic
Availability
Controller
Display the logging configuration for the specified component.
| Option | Description |
|---|---|
| <string> | String argument Allowed pattern: ^.*$ |
Example
nsx-controller-1> get service controller logging-config name BgpConfigSplitter
Name: BgpConfigSplitter LogLevel: debug
Mode
Basic
Availability
Controller
Display the logging configuration for components that match the specified pattern. The pattern can be a regular expression.
| Option | Description |
|---|---|
| <string> | String argument Allowed pattern: ^.*$ |
Example
nsx-controller-1> get service controller logging-config pattern Dhcp
Name: DhcpIpPoolSplitter LogLevel: debug
Name: DhcpRelaySplitter LogLevel: debug
Name: DhcpStaticBindingSplitter LogLevel: debug
Name: LogicalDhcpServerSplitter LogLevel: debug
Name: com.vmware.nsx.canary.span.DhcpIpPoolSpanner LogLevel: debug
Name: com.vmware.nsx.canary.span.DhcpStaticBindingSpanner LogLevel: debug
Name: com.vmware.nsx.canary.span.LogicalDhcpServerSpanner LogLevel: debug
Mode
Basic
Availability
Controller
Display the log level for the controller service.
Example
nsx-controller-1> get service controller logging-level
Logging level: debug
Mode
Basic
Availability
Controller
Display the log level of the dataplane service.
Example
nsx-edge-1> get service dataplane logging-level
Log level: INFO
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the log level of the dhcp service.
Example
nsx-edge-1> get service dhcp logging-level
Log level: INFO
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display DHCP pool monitor configuration
Example
nsx-edge-1> get service dhcp pool-monitor
Monitor Flag : on
Monitor Interval : 60
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get service HyperBus metrics logging level
Mode
Basic
Availability
ESXi, KVM
Get service HyperBus nestdb logging level
Mode
Basic
Availability
ESXi, KVM
Get service HyperBus net logging level
Mode
Basic
Availability
ESXi, KVM
Get service HyperBus rpc logging level
Mode
Basic
Availability
ESXi, KVM
Get service HyperBus logging level
Mode
Basic
Availability
ESXi, KVM
Display IKE per tunnel debugging configuration
Example
nsx-edge-1> get service ike debug-tunnel
Local IP : 10.0.0.1
Remote IP : 10.1.0.1
Debug Level : midok
------------------------------
Local IP : 10.0.0.1
Remote IP : 10.1.0.2
Debug Level : lowok
------------------------------
Local IP : 10.0.0.3
Remote IP : 10.1.0.4
Debug Level : fail
------------------------------
Local IP : 10.0.0.1
Remote IP : 10.1.2.1
Debug Level : lowstart
------------------------------
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the log level of the IKE service.
Example
nsx-edge-1> get service ike logging-level
Log level: INFO
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the log level of the local-controller service.
Example
nsx-edge-1> get service local-controller logging-level
Log level: INFO
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the state of the local controller service.
Example
nsx-edge-1> get service local-controller state
Uptime : 3556847.000 seconds (since 2016-09-12 18:07:03.20)
Full Sync State : Completed at {'num': 1, 'time': '2016-09-20 10:19:24.22'}
Controller Session : Up
IPC Channel State
Datapath Config : Up since 2016-09-12 18:07:06.37
Datapath State : Up since 2016-09-12 18:07:05.49
Routing Service : Up since 2016-09-12 18:07:03.37
BFD Config : None
BFD State : None
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get service nsx-agent logging level.
Mode
Basic
Availability
KVM
Display the whole cache table in cfgagent. Optionally specify arguments to display only the local configuration, remote configuration, local L2, or remote L2 information, and remote L3 information.
Example
ESXi-1> get service nsx-cfgagent cache-table config local
ObjectID ObjectType FullSyncVersion PropertyType PropertyValue
007ec6fd-e307-428a-8ccf-d1d0de2a26e5 VIF_STATE 1 INVALID_PROPERTY
007ec6fd-e307-428a-8ccf-d1d0de2a26e5 VIF_STATE 1 VIF_MAC id: "40d4ee0a-087e-4b38-a959-afeb2d67f23b"
vif_mac {
mac: 345046739262
}
ESXi-1> get service nsx-cfgagent cache-table l2 remote
ObjectID ObjectType FullSyncVersion PropertyType PropertyValueKey PropertyValue
ad209a8e-2f4c-40e1-ba63-5459f3922d9a LOG_SWITCH_FIB 1 L2_VTEP 2050 vtep_ip {
ipv4: 2886785032
}
vtep_label {
label: 2050
}
segment_id {
ipv4: 2886778880
}
vtep_mac {
mac: 345046978033
}
ad209a8e-2f4c-40e1-ba63-5459f3922d9a LOG_SWITCH_FIB 1 L2_VM_MAC 345047285093 mac {
mac: 345047285093
}
vtep_ip {
ipv4: 2886785032
}
vtep_mac {
mac: 345046978033
}
ESXi-1> get service nsx-cfgagent cache-table
......
Mode
Basic
Availability
ESXi
Get service cfgagent metrics logging level
Mode
Basic
Availability
ESXi
Get service cfgagent nestdb logging level
Mode
Basic
Availability
ESXi
Get service cfgagent net logging level
Mode
Basic
Availability
ESXi
Get service cfgagent rpc logging level
Mode
Basic
Availability
ESXi
Get service cfgagent logging level.
Mode
Basic
Availability
ESXi
Get service daemon log level for context-mux.
Example
nsx-1> get service nsx-context-mux logging-level
Current logging level is info
Mode
Basic
Availability
ESXi
Get service OpsAgent logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy central logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy metrics logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy nestdb logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy net logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy rpc logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Get service nsx-proxy logging level.
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Display the entire routing configuration.
Example
nsx-edge-1> get service router config
ROUTING CONFIGURATION:
======================
{
"redist": {
"bgp_enabled": true
},
"redistri_rules": [
{
"rule": [
{
"to_proto": 1,
"seq_id": 0,
"flags": 103,
"name": {
"string": "rule3"
},
"description": {
"string": "Rule3"
}
}
]
}
],
"static_route": [
{
"prefix": {
"ipv4": "1.1.1.0",
"prefix_length": 25
},
"nexthops": [
{
"route_type": 3,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 3
}
]
},
{
"prefix": {
"ipv4": "11.11.1.0",
"prefix_length": 24
},
"nexthops": [
{
"route_type": 4,
"if_index": 1,
"admin_distance": 2
}
]
},
{
"prefix": {
"ipv4": "111.111.0.0",
"prefix_length": 16
},
"nexthops": [
{
"route_type": 3,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 3
}
]
},
{
"prefix": {
"ipv4": "11.11.2.0",
"prefix_length": 24
},
"nexthops": [
{
"route_type": 5,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 3
}
]
},
{
"prefix": {
"ipv4": "100.64.1.0",
"prefix_length": 31
},
"nexthops": [
{
"route_type": 7,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 0
}
]
},
{
"prefix": {
"ipv4": "1.1.3.0",
"prefix_length": 24
},
"nexthops": [
{
"route_type": 6,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 0
}
]
},
{
"prefix": {
"ipv4": "1.1.2.0",
"prefix_length": 24
},
"nexthops": [
{
"route_type": 3,
"ip": {
"ipv4": "169.254.0.1"
},
"if_index": 6,
"admin_distance": 3
}
]
}
],
"bgp_config": {
"enabled": true,
"local_as": 422,
"graceful_restart": false,
"neighbor": [
{
"enable": true,
"remote_as": 420,
"description": {
"string": "BGP_config created through automation"
},
"hold_down_timer": 4,
"address_family": [
{
"route_map_out": {
"route_map_seq": [
{
"action": 1,
"route_map_set": {},
"id": 1,
"match": {
"prefix_list": [
{
"prefix": [
{
"action": 1,
"index": 109,
"network": {
"ipv4": "1.1.1.0",
"prefix_length": 25
},
"seq_id": 1
}
],
"name": "1.1.1.0/25"
}
]
}
},
{
"action": 1,
"route_map_set": {
"metric": 1000
},
"id": 2,
"match": {
"prefix_list": [
{
"prefix": [
{
"index": 106,
"network": {
"ipv4": "1.1.0.0",
"prefix_length": 16
},
"seq_id": 1,
"less_or_equal_bits": 24,
"action": 1,
"greater_or_equal_bits": 16
}
],
"name": "1.1.0.0/16"
}
]
}
}
],
"name": {
"string": "1.1.0.0"
}
},
"enabled": true,
"type": "IPv4_UNICAST"
}
],
"keep_alive_timer": 1,
"src_ip_address": {
"ipv4": "40.40.40.1"
},
"ip_address": {
"ipv4": "40.40.40.10"
},
"enable_bfd": false,
"name": {
"string": "auto-bgp-config-1"
}
},
{
"enable": true,
"remote_as": 420,
"description": {
"string": "BGP_config created through automation"
},
"hold_down_timer": 3,
"address_family": [
{
"enabled": true,
"type": "IPv4_UNICAST",
"route_map_in": {
"route_map_seq": [
{
"action": 1,
"route_map_set": {
"weight": 200
},
"id": 1,
"match": {
"prefix_list": [
{
"prefix": [
{
"index": 103,
"network": {
"ipv4": "2.1.0.0",
"prefix_length": 16
},
"seq_id": 1,
"less_or_equal_bits": 28,
"action": 1,
"greater_or_equal_bits": 16
}
],
"name": "2.1.0.0"
}
]
}
}
],
"name": {
"string": "2.1.0.0"
}
}
}
],
"keep_alive_timer": 1,
"src_ip_address": {
"ipv4": "90.90.90.2"
},
"ip_address": {
"ipv4": "90.90.90.10"
},
"enable_bfd": false,
"name": {
"string": "auto-bgp-config-4"
}
}
],
"ecmp": true
},
"routing_global": {
"router_id": {
"ipv4": "40.40.40.1"
},
"op_state_up": true,
"role": 2,
"forwarding_up_timer": 0
}
}
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the redistribution configuration.
Example
nsx-edge-1> get service router config redist
REDISTRIBUTION CONFIGURATION:
=============================
redist:
{
"bgp_enabled": true
}
redistri_rules:
[
{
"rule": [
{
"to_proto": 1,
"seq_id": 0,
"flags": 103,
"name": {
"string": "rule3"
},
"description": {
"string": "Rule3"
}
}
]
}
]
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the route map configuration.
Example
nsx-edge-1> get service router config route-maps
ROUTE MAP CONFIGURATION:
============================
route_map_out:
{
"name": {
"string": "1.1.0.0"
},
"route_map_seq": [
{
"action": 1,
"id": 1,
"match": {
"prefix_list": [
{
"name": "1.1.1.0/25",
"prefix": [
{
"action": 1,
"index": 109,
"network": {
"ipv4": "1.1.1.0",
"prefix_length": 25
},
"seq_id": 1
}
]
}
]
},
"route_map_set": {}
},
{
"action": 1,
"id": 2,
"match": {
"prefix_list": [
{
"name": "1.1.0.0/16",
"prefix": [
{
"action": 1,
"greater_or_equal_bits": 16,
"index": 106,
"less_or_equal_bits": 24,
"network": {
"ipv4": "1.1.0.0",
"prefix_length": 16
},
"seq_id": 1
}
]
}
]
},
"route_map_set": {
"metric": 1000
}
}
]
}
route_map_in:
{
"name": {
"string": "2.1.0.0"
},
"route_map_seq": [
{
"action": 1,
"id": 1,
"match": {
"prefix_list": [
{
"name": "2.1.0.0",
"prefix": [
{
"action": 1,
"greater_or_equal_bits": 16,
"index": 103,
"less_or_equal_bits": 28,
"network": {
"ipv4": "2.1.0.0",
"prefix_length": 16
},
"seq_id": 1
}
]
}
]
},
"route_map_set": {
"weight": 200
}
}
]
}
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about Service Insertion.
Example
nsxedge(tier0_sr)> get service-insertion
Service Insertion Policy:
Policy UUID : ffeeddcc-bbaa-bbaa-2332-23fe33221100
Transport type : L2_BRIDGE
BFD status : BFD_DOWN
Redirected packet count north-to-south : 0
Redirected packet count south-to-north : 0
Service link1 IP : 10.10.10.1
Service link2 IP : 20.20.20.1
Service link1 nexthop IP : 10.10.10.2
Service link2 nexthop IP : 20.20.20.2
Failure policy : ON_FAILURE_DROP
Service Insertion Policy:
Policy UUID : 7fbe102d-268c-4b33-bdf5-8f1e608e9864
Transport type : L3_ROUTED
Redirected packet count : 1600
Nexthop IP : 40.40.40.10
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about Service Insertion.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsxedge(tier0_sr)> get service-insertion ffeeddcc-bbaa-bbaa-2332-23fe33221100
Service Insertion Policy:
Policy UUID : ffeeddcc-bbaa-bbaa-2332-23fe33221100
BFD status : BFD_DOWN
Redirected packet count north-to-south : 0
Redirected packet count south-to-north : 0
Service link1 IP : 10.10.10.1
Service link2 IP : 20.20.20.1
Service link1 nexthop IP : 10.10.10.2
Service link2 nexthop IP : 20.20.20.2
Failure policy : ON_FAILURE_DROP
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all services.
Example
nsx-manager-1> get services
Service name: http
Service state: running
Session timeout: 1800
Connection timeout: 30000
Redirect host: (not configured)
Client API concurrency limit: 40
Client API rate limit: 100
Global API concurrency limit: 199
Service name: manager
Service state: running
Logging level: info
Service name: mgmt-plane-bus
Service state: running
Service name: node-mgmt
Service state: running
Service name: nsx-message-bus
Service state: running
Service name: ntp
Service state: running
Service name: install-upgrade
Service state: stopped
Enabled on: 10.10.10.10
Service name: snmp
Service state: running
Start on boot: True
Service name: ssh
Service state: running
Start on boot: True
Service name: syslog
Service state: running
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SNMP V2 configured status
Example
nsx> get snmp v2-configured
True
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SNMP V3 configured status
Example
nsx> get snmp v3-configured
True
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SNMP V3 Engine ID.
Example
nsx> get snmp v3-engine-id
80001adc80992933638c48f75900000001
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SNMP V3 Protocols auth_protocol and priv_protocol.
Example
nsx> get snmp v3-protocols
auth_protocol: SHA1
priv_protocol: AES128
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SNMP V3 User IDs.
Example
nsx> get snmp v3-users
user_id: user1
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display active network connections.
Example
nsx-manager-1> get sockets
Proto Remote Port Local Port In Out
tcp --listen-- 127.0.0.1 7440 0 0
tcp --listen-- 127.0.0.1 9200 0 0
tcp --listen-- 127.0.0.1 7441 0 0
tcp --listen-- --any-- 4369 0 0
tcp --listen-- 192.168.110.42 65012 0 0
tcp --listen-- 127.0.0.1 9300 0 0
tcp --listen-- 127.0.0.1 53 0 0
tcp --listen-- --any-- 22 0 0
tcp --listen-- --any-- 15671 0 0
tcp --listen-- --any-- 7000 0 0
tcp --listen-- --any-- 443 0 0
tcp --listen-- 127.0.0.1 2812 0 0
tcp --listen-- 192.168.110.42 7070 0 0
tcp --listen-- 192.168.110.42 7071 0 0
tcp --listen-- 127.0.0.1 32000 0 0
tcp --listen-- --any-- 8001 0 0
tcp --listen-- 127.0.0.1 32001 0 0
.
.
.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display active network connections.
Example
nsx-manager-1> get sockets
Proto Remote Port Local Port In Out
tcp --listen-- 127.0.0.1 7440 0 0
tcp --listen-- 127.0.0.1 9200 0 0
tcp --listen-- 127.0.0.1 7441 0 0
tcp --listen-- --any-- 4369 0 0
tcp --listen-- 192.168.110.42 65012 0 0
tcp --listen-- 127.0.0.1 9300 0 0
tcp --listen-- 127.0.0.1 53 0 0
tcp --listen-- --any-- 22 0 0
tcp --listen-- --any-- 15671 0 0
tcp --listen-- --any-- 7000 0 0
tcp --listen-- --any-- 443 0 0
tcp --listen-- 127.0.0.1 2812 0 0
tcp --listen-- 192.168.110.42 7070 0 0
tcp --listen-- 192.168.110.42 7071 0 0
tcp --listen-- 127.0.0.1 32000 0 0
tcp --listen-- --any-- 8001 0 0
tcp --listen-- 127.0.0.1 32001 0 0
.
.
.
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Display spoof guard config for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get spoof-guard config nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
Spoof Guard Config
------------------------------------------------------------------------------------------------------------------------
Switch Spoof Guard : Disabled
Port Spoof Guard : Disabled
Mode
Basic
Availability
ESXi
Displays Spoof Guard config for a logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get spoof-guard config 77f13067-df92-4a64-81f9-c72f14c21a82
Spoof Guard Config
---------------------------------------------------------------------------
Switch Spoof Guard : Disabled
Port Spoof Guard : Enabled
Mode
Basic
Availability
KVM
Display spoof guard stats for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get spoof-guard stats nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
Spoof Guard Stats
------------------------------------------------------------------------------------------------------------------------
Spoof Guard Ipv4 Drop Count : 0
Spoof Guard Ipv6 Drop Count : 0
Spoof Guard ARP Drop Count : 0
Spoof Guard ND Drop Count : 0
Spoof Guard NonIp Drop Count : 0
Mode
Basic
Availability
ESXi
Displays Spoof Guard stats for a logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get spoof-guard stats 77f13067-df92-4a64-81f9-c72f14c21a82
Spoof Guard Stats
---------------------------------------------------------------------------
Spoof Guard Ipv4 Drop Count : 1
Spoof Guard Ipv6 Drop Count : 3
Spoof Guard ARP Drop Count : 12
Spoof Guard ND Drop Count : 2
Spoof Guard NonIp Drop Count : 7
Mode
Basic
Availability
KVM
Display spoof guard whitelist for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get spoof-guard whitelist nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
Spoof Guard Whitelist
------------------------------------------------------------------------------------------------------------------------
IP MAC VLAN
Mode
Basic
Availability
ESXi
Displays Spoof Guard whitelist for a logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get spoof-guard whitelist 77f13067-df92-4a64-81f9-c72f14c21a82
Spoof Guard Whitelist
---------------------------------------------------------------------------
IP MAC VLAN
192.168.166.45 00:23:20:60:2c:7f 0
fe80::223:20ff:fe60:2c7f 00:23:20:60:2c:7f 0
Mode
Basic
Availability
KVM
Display the statistics for all interfaces in the path.
Example
nsx-edge-1(path)> get stats
UUID RX PKTS TX PKTS RX BYTES TX BYTES RX Drops TX Drops
de650f56-276d-46ef-959e-960752acfe19 23796 14321 1576814 957858 3 0
140ca8de-61e0-4bba-b429-6a3791b0846a 38 127 2807 9150 15 0
9eff9e4e-9157-4107-a0dd-c79350dce6f7 127 38 9150 2807 0 0
53bab4b1-f0df-451b-af80-0a9d5e580186 38 127 2807 9150 0 0
2a7bf881-1f89-4833-833e-47673b79901a 127 38 9150 2807 8 0
bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a 29 14 1890 980 0 0
->5b2068d0-8c28-4427-8be4-48f422f92309 14 29 980 1890 0 0
eb3bd495-9ce3-40b4-a955-c2ddc4893cfa 29 14 1890 980 0 0
1fec3ffa-213d-4d2b-ae1b-e12857434846 14 29 980 1890 0 0
13592f56-be3c-4d3d-88de-7d5825dd51bb 17 22 1422 1316 0 0
c588fc5d-dd62-45b2-bc16-3dae466c16c7 22 17 1316 1422 0 0
2120ef07-05e3-477f-8d96-e2be390784db 3 23 126 1394 0 0
3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278 23 3 1394 126 2 0
dd10beb2-3673-43a5-b180-ecc46e830ee0 0 7 0 686 0 0
fdc429ef-d778-421b-bf84-e1063a7bf5ab 7 0 686 0 0 0
Mode
Path
Availability
Edge, Public Cloud Gateway
Display statistics for the logical router in the VRF context.
Example
nsx-edge-1(vrf)> get stats
Logical Router
UUID : 736a80e3-23f6-5a2d-81d6-bbefb2786666
VRF : 0
LR-ID : 0
name : R1
type : TUNNEL
Statistics
Dropped No Memory : 0
Dropped No Route : 0
Mode
VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display the contents of the tech support bundle. Specify the
file argument to save the bundle to a file with the specified file name in the file store. This support bundle does not contain core or audit log files. To include those files, specify the all argument. Core files contain system information and all information stored in memory at the time of the dump (this may include confidential, sensitive or personal information such as passwords and encryption keys, if they are being processed in memory at that time). If you choose to send the support bundle to VMware, it will be processed in accordance with VMware’s standard processes and policies, to provide you with support, fix problems and improve the product and services.
| Option | Description |
|---|---|
| <filename> | Name of file to generate, for example support-bundle.tgz Allowed pattern: ^[^/ *;&|]+$ |
Example
nsx-manager-1> get support-bundle
--------------------------------------------------------------------------------
/usr/sbin/arp -n
--------------------------------------------------------------------------------
Address HWtype HWaddress Flags Mask Iface
192.168.110.201 ether 00:50:56:a9:8a:8c C eth0
192.168.110.101 ether 00:50:56:a9:45:29 C eth0
192.168.110.1 ether 68:ef:bd:4e:98:7f C eth0
192.168.110.10 ether 00:50:56:a6:e0:14 C eth0
--------------------------------------------------------------------------------
/bin/df -lT -x securityfs
--------------------------------------------------------------------------------
Filesystem Type 1K-blocks Used Available Use% Mounted on
udev devtmpfs 8206240 4 8206236 1% /dev
tmpfs tmpfs 1643032 772 1642260 1% /run
/dev/sda2 ext4 19554584 2229116 16309100 13% /
none tmpfs 4 0 4 0% /sys/fs/cgroup
none tmpfs 5120 0 5120 0% /run/lock
none tmpfs 8215140 4 8215136 1% /run/shm
none tmpfs 102400 0 102400 0% /run/user
/dev/mapper/nsx-repository ext4 19551512 308428 18226868 2% /repository
.
.
.
nsx-manager-1> get support-bundle file support-bundle.tgz
support-bundle.tgz created, use the following command to transfer the file:
copy file support-bundle.tgz url
After transferring support-bundle.tgz, extract it using: tar xzf support-bundle.tgz
nsx-manager-1> get support-bundle file support-bundle-all.tgz all
support-bundle-all.tgz created, use the following command to transfer the file:
copy file support-bundle-all.tgz url
After transferring support-bundle-all.tgz, extract it using: tar xzf support-bundle-all.tgz
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Saves support bundle to the specified filename in the filestore.
| Option | Description |
|---|---|
| <filename> | Name of file to generate, for example support-bundle.tgz Allowed pattern: ^[^/ *;&|]+$ |
Example
host-1> get support-bundle file
Name of file to generate, for example support-bundle.tgz
host-1> get support-bundle file support-bundle.tgz
support-bundle.tgz is created in /var/vmware/nsx/file-store
Mode
Basic
Availability
NSX Cloud VM
Display IPFIX configuration about the specified logical switch.
| Option | Description |
|---|---|
| <logical-switch-id> | Logical switch UUID |
Example
kvm-1> get switch-ipfix logical-switch 9e5adc03-df5a-490d-be52-d62629c6527d setting
Switch IPFIX setting
============================================================
obsDomainID : 0
activeTimeout : 60
maxFlow : 65535
sampleProbability : 100
vNICFlowOnly : False
collectors : 10.117.7.163 4739
10.117.7.162 4739
Mode
Basic
Availability
KVM, NSX Cloud VM
Display information about the specified IPFIX configuration.
| Option | Description |
|---|---|
| <logical-switch-port-id> | Logical switch port UUID |
Example
kvm-1> get switch-ipfix logical-switch-port 6cb56e83-9ccf-4991-94e7-26471b4ca93e setting
Switch IPFIX setting
============================================================
obsDomainID : 0
activeTimeout : 60
maxFlow : 65535
sampleProbability : 100
vNICFlowOnly : False
collectors : 10.117.7.163 4739
10.117.7.162 4739
Mode
Basic
Availability
KVM, NSX Cloud VM
Display Switch Security config for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get switch-security config nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
Switch Security Config
---------------------------------------------------------------------------
BPDU Filter : Disabled
DHCPv4 client block : Disabled
DHCPv4 server block : Enabled
DHCPv6 client block : Disabled
DHCPv6 server block : Enabled
Non-IP traffic block : Disabled
RA Guard : Disabled
Rate Limit Config : Enabled
Mode
Basic
Availability
ESXi
Displays Switch Security config for a logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get switch-security config 77f13067-df92-4a64-81f9-c72f14c21a82
Switch Security Config
---------------------------------------------------------------------------
BPDU Filter : Enabled
DHCPv4 Client Block : Disabled
DHCPv4 Server Block : Enabled
DHCPv6 Client Block : Disabled
DHCPv6 Server Block : Enabled
Non-IP Traffic Block : Disabled
RA Guard : Enabled
Mode
Basic
Availability
KVM
Display Switch Security stats for a host switch and dvport.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <dvport-id> | DVPort identifier Allowed pattern: ^([A-Za-z0-9_:-]+)$ |
Example
esx-1> get switch-security stats nsxvswitch b65dcac9-6611-41ce-b96c-69255120b473
Switch Security Stats
---------------------------------------------------------------------------
Rate Limit Bcast Tx Drop Count : 0
Rate Limit Bcast Rx Drop Count : 0
Rate Limit Mcast Tx Drop Count : 0
Rate Limit Mcast Rx Drop Count : 0
DHCPv4 Server Block Drop Count : 0
DHCPv6 Server Block Drop Count : 0
DHCPv4 Client Block Drop Count : 0
DHCPv6 Client Block Drop Count : 0
BPDU Filter Drop Count : 0
RA Guard Drop Count : 0
Mode
Basic
Availability
ESXi
Displays Switch Security stats for a logical port.
| Option | Description |
|---|---|
| <logical-port> | Log port ID argument |
Example
kvm-1> get switch-security stats 77f13067-df92-4a64-81f9-c72f14c21a82
Switch Security Stats
---------------------------------------------------------------------------
DHCPv4 Server Block Drop Count : 13
DHCPv6 Server Block Drop Count : 0
DHCPv4 Client Block Drop Count : 3
DHCPv6 Client Block Drop Count : 0
BPDU Filter Drop Count : 0
RA Guard Drop Count : 4
Mode
Basic
Availability
KVM
Display the topology of the system.
Example
nsx-edge-1> get topology
Machine (3949MB)
Socket L#0 + Core L#0 + PU L#0 (P#0)
Socket L#1 + Core L#1 + PU L#1 (P#1)
HostBridge L#0
PCI 8086:7111
PCI 15ad:0405
GPU L#0 "card0"
GPU L#1 "controlD64"
PCI 1000:0030
Block L#2 "sda"
PCIBridge
PCI 15ad:07b0
Net L#3 "eth0"
PCIBridge
PCI 15ad:07b0
PCIBridge
PCI 15ad:07b0
PCIBridge
PCI 15ad:07b0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display agent status information for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node 141211f6-8354-11e8-9574-23265cbb97ba agent-status
TransportNode-ID Agent-Type Status Timestamp
141211f6-8354-11e8-9574-23265cbb97ba NSX_NESTDB UP 08:43:32 07/11/2018
Mode
Basic
Availability
Controller
Display the ARP table for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 arp-table
VNI IP MAC TransportNode-ID
17288 172.16.110.11 00:50:56:8e:91:12 bfd72df1-ed5f-405f-a9d1-585e550bc677
Mode
Basic
Availability
Controller
Display the MAC address table for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 mac-table
VNI MAC VTEP-IP TransportNode-ID
17288 00:50:56:8e:91:12 192.168.210.100 bfd72df1-ed5f-405f-a9d1-585e550bc677
Mode
Basic
Availability
Controller
Display routing domains joined by the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 routing-domain
Routing-Domain-ID
133fa69c-756e-4d7e-8ac2-1317b9e02e31
133fa69c-756e-4d7e-8ac2-1317b9e02e32
Mode
Basic
Availability
Controller
Display the routing vtep table for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 routing-vtep
Routing-Domain-ID IP LABEL Segment MAC TransportNode-ID
133fa69c-756e-4d7e-8ac2-1317b9e02e31 92.168.210.100 0x15801 192.168.210.0 00:50:56:67:af:f4 bfd72df1-ed5f-405f-a9d1-585e550bc677
133fa69c-756e-4d7e-8ac2-1317b9e02e32 192.168.210.100 0x15801 192.168.210.0 00:50:56:67:af:f4 bfd72df1-ed5f-405f-a9d1-585e550bc677
Mode
Basic
Availability
Controller
Display status information for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 status
TransportNode-ID Controller SSL-Enabled Connection-State Supported-Versions
bfd72df1-ed5f-405f-a9d1-585e550bc677 127.0.0.1 true OPENED 1.1.0.0.0.0
Mode
Basic
Availability
Controller
Display status information for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node 86e2fd2a-8581-11e8-83f3-02004114d65f threat-status
TransportNode-ID Entity-Type Threat-Type State Timestamp
86e2fd2a-8581-11e8-83f3-02004114d65f THREAT_ENTITY_INTERFACE THREAT_NO_VIF_ATTACHMENT TN_STATE_ERROR 09:04:46 07/12/2018
Mode
Basic
Availability
Controller
Display VIF information for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 vifs
VIF LogSwitchPort-ID TransportNode-ID TransportNode-IP
133fa69c-756e-4d7e-8ac2-1317b9e02e31 9a71e870-f386-47c6-ae7f-f5e0895dba8b bfd72df1-ed5f-405f-a9d1-585e550bc677 192.168.210.51
Mode
Basic
Availability
Controller
Display all tunnel end points for the specified transport node.
| Option | Description |
|---|---|
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-controller-1> get transport-node bfd72df1-ed5f-405f-a9d1-585e550bc677 vtep
VNI IP LABEL Segment MAC TransportNode-ID
39816 192.168.210.100 0x15801 192.168.210.0 00:50:56:67:af:f4 bfd72df1-ed5f-405f-a9d1-585e550bc677
17288 192.168.210.100 0x15801 192.168.210.0 00:50:56:67:af:f4 bfd72df1-ed5f-405f-a9d1-585e550bc677
Mode
Basic
Availability
Controller
Display status information for all transport nodes.
Example
nsx-controller-1> get transport-nodes status
TransportNode-ID Controller SSL-Enabled Connection-State Supported-Versions
bfd72df1-ed5f-405f-a9d1-585e550bc677 127.0.0.1 true OPENED 1.1.0.0.0.0
e12ce1d1-b3d9-4602-ba81-91e1fa6a60e4 127.0.0.1 true OPENED 1.1.0.0.0.0
Mode
Basic
Availability
Controller
Display information about the specified tunnel port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get tunnel-port d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
IFUID : 295
LOCAL : 192.168.250.162
REMOTE : 192.168.250.160
ENCAP : STT
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for the specified tunnel port.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
Example
nsx-edge-1> get tunnel-port 6598ab27-95c6-50ef-85b3-89b7811ab672 stats
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3498
TX-Bytes : 433752
TX-Drops : 0
No-Memory : 0
No-Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display information about all tunnel ports.
Example
nsx-edge-1> get tunnel-ports
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
IFUID : 295
LOCAL : 192.168.250.162
REMOTE : 192.168.250.160
ENCAP : STT
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
IFUID : 296
LOCAL : 192.168.250.162
REMOTE : 192.168.250.161
ENCAP : STT
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display statistics for all tunnel ports.
Example
nsx-edge-1> get tunnel-ports stats
Tunnel : d87cd7e0-eb91-5dd5-bae4-ceb0a2760bfa
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3325
TX-Bytes : 412300
TX-Drops : 0
No-Memory : 0
No-Route : 0
Tunnel : 6598ab27-95c6-50ef-85b3-89b7811ab672
RX-Packets : 0
RX-Bytes : 0
RX-Drops : 0
Malformed : 0
No-Match : 0
L2-Loop : 0
TX-Packets : 3331
TX-Bytes : 413044
TX-Drops : 0
No-Memory : 0
No-Route : 0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display the contents of the specified playbook for the specified upgrade bundle.
| Option | Description |
|---|---|
| <bundle-name> | Name of NSX upgrade bundle in the file store |
| <playbook-file> | Name of Playbook file to use |
Example
nsx-edge-1> get upgrade-bundle VMware-NSX-edge-2.0.0.0.0.5298714 playbook VMware-NSX-edge-2.0.0.0.0.5298714-playbook
steps:
- name: 11-preinstall-enter_maintenance_mode
- name: install_os
- name: reboot
- name: 41-postboot-exit_maintenance_mode
- name: finish_upgrade
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display all playbooks in the file store.
Example
nsx-edge-1> get upgrade-bundle playbooks
playbook
VMware-NSX-edge-2.0.0.0.0.5298714-playbook
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the system uptime information.
Example
nsx-manager-1> get uptime
16:34:39 up 15 days, 16:16, 1 user, load average: 0.55, 0.25, 0.26
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get number of days the user's password is valid after a password change.
| Option | Description |
|---|---|
| <username> | Username of user |
Example
nsx> get user audit password-expiration
Password expires 90 days after last change
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Get SSH keys from authorized_keys file for specified user.
| Option | Description |
|---|---|
| <username> | Username of user |
Example
nsx> get user admin ssh-keys
label: user1@domain1
type: ssh-rsa
value:
AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZePxtjtZOENFpOjufycaYso2nTlzNwnAQEQRfbqsUxKVtOtGxgApIkUvjRIjNBdJE6iOzvBXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESuXC9wkSeFZCEyMJ+RgJxMkBXNZmyycbwsSqAeGJpMEUDlwzu2GD0obBz0HXqg9J1Xallop5AVDKfeszZcc=
label: user2@domain2
type: ssh-rsa
value:
AAAAB3NzaC1yc2EAAAABIwAAAIEA0KJDLOiiXj9XdMxiCT9KvaKfuxFQi+CIiklaN5hHsNgYOu7TijqyONEu5fONLoAo/cshLa+KuargyTrtizwcP4TPcTXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESlnDDg3Gq5xSsB9Okqm3V5t8GpFaJbV68BxQ4BK6HJ21A3CinV4LdV3hR/OBUbDG2EcI+ZKRDjlpJuu4YU=
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display the version of the NSX appliance.
Example
nsx> get version
VMware NSX Software, Version 1.0.0.0.0.3255655
Technical Support: http://www.vmware.com/support.html
Copyright © 2014-2018 VMware, Inc. All rights reserved. This
product is protected by copyright and intellectual property
laws in the United States and other countries as well as by
international treaties. VMware products are covered by one
or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc.
in the United States and other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective
companies.
Mode
Basic
Availability
ESXi, KVM, NSX Cloud VM
Display the version of the NSX appliance.
Example
nsx> get version
VMware NSX Software, Version 1.0.0.0.0.3255655
Technical Support: http://www.vmware.com/support.html
Copyright © 2014-2018 VMware, Inc. All rights reserved. This
product is protected by copyright and intellectual property
laws in the United States and other countries as well as by
international treaties. VMware products are covered by one
or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc.
in the United States and other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective
companies.
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display information about the sepcified VIF. You can find VIF IDs with the
get transport-node <uuid> vif command or the get logical-switch <uuid> ports command (see Child-UUID where Child-EntityType is VIF).| Option | Description |
|---|---|
| <vif> | VIF ID |
Example
nsx-controller-1> get vif c78a1655-228c-493b-88cf-6b77dafe908d
VIF LogSwitchPort-ID TransportNode-ID TransportNode-IP
c78a1655-228c-493b-88cf-6b77dafe908d 335bbfdc-d6d6-4d87-8fb1-b98614fff1d8 de9dca49-fc90-43ae-aa65-3b0148da4eee 192.168.210.51
Mode
Basic
Availability
Controller
Dump the host's network mode and tagged interface.
Example
host-1> get vm-network-mode
VM-Network-Mode : Overlay
Interface : eth1
Mode
Basic
Availability
NSX Cloud VM
Get VMC migration mode status.
Example
nsx-edge-1> get vmc migration-mode
VMC Migration Mode: true
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display selected path info
| Option | Description |
|---|---|
| <service-chain-id> | Service Chain Id |
Example
> get vsip-si selected-service-path
----------------------------------------------------------------------
CCP Path ID :00000000-0aa6-0a85-0000-000000000001
Path ID :1
Chain ID :1
Is Selected :1
Is Updated :0
DelEntry :0
Forward Path
UniPath ID :1
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Forward Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Reverse Path
UniPath ID :2
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Reverse Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Mode
Basic
Availability
ESXi
Display service paths info
| Option | Description |
|---|---|
| <service-chain-id> | Service Chain Id |
Example
> get vsip-si service-paths 1
Service path count: 1
----------------------------------------------------------------------
CCP Path ID :00000000-0aa6-0a85-0000-000000000001
Path ID :1
Chain ID :1
Is Selected :1
Is Updated :0
DelEntry :0
Forward Path
UniPath ID :1
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Forward Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Reverse Path
UniPath ID :2
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Reverse Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Mode
Basic
Availability
ESXi
Display active service paths info
| Option | Description |
|---|---|
| <service-chain-id> | Service Chain Id |
Example
> get vsip-si service-paths 1 active
Service path count: 1
----------------------------------------------------------------------
CCP Path ID :00000000-0aa6-0a85-0000-000000000001
Path ID :1
Chain ID :1
Is Selected :1
Is Updated :0
DelEntry :0
Forward Path
UniPath ID :1
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Forward Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Reverse Path
UniPath ID :2
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Reverse Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Mode
Basic
Availability
ESXi
Display service paths info
| Option | Description |
|---|---|
| <service-chain-id> | Service Chain Id |
Example
> get vsip-si service-paths 1 all
Service path count: 1
----------------------------------------------------------------------
CCP Path ID :00000000-0aa6-0a85-0000-000000000001
Path ID :1
Chain ID :1
Is Selected :1
Is Updated :0
DelEntry :0
Forward Path
UniPath ID :1
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Forward Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Reverse Path
UniPath ID :2
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Reverse Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Mode
Basic
Availability
ESXi
Display maintanence service paths info
| Option | Description |
|---|---|
| <service-chain-id> | Service Chain Id |
Example
> get vsip-si service-paths 1 maintenance-mode
Service path count: 1
----------------------------------------------------------------------
CCP Path ID :00000000-0aa6-0a85-0000-000000000001
Path ID :1
Chain ID :1
Is Selected :0
Is Updated :0
DelEntry :0
Forward Path
UniPath ID :1
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :0
Forward Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Reverse Path
UniPath ID :2
Length :1
Host Cross Count :0
Host Local Count :0
Is Active :1
In Maintenance Mode :1
Reverse Hop List
Mac Address :00:50:56:b8:d8:d9
Vif ID :c18723c6-a264-480a-b865-f8cd59e303e6
Is Liveness Support :0
Can Decrement SI :0
Is Active From CCP :1
Is Active From DP :1
SVM Action :redirect
SVM Mode :native
Mode
Basic
Availability
ESXi
Display all vSwitch runtime options on this host.
Example
esx-1> get vswitch runtime
IGMPQueries: 2
IGMPQueryInterval: 125
IGMPRouterIP: 0.0.0.0
IGMPV3MaxSrcIPNum: 10
IGMPVersion: 3
MLDRouterIP: FE80::FFFF:FFFF:FFFF:FFFF
MLDV2MaxSrcIPNum: 10
MLDVersion: 2
MaxRARPsPerInterval: 128
RARPAdvertisementDuration: 60
TeamPolicyUpDelay: 100
Mode
Basic
Availability
ESXi
Display information about all tunnel endpoints.
Example
nsx-edge-1> get vteps
Remote VTEP IP : 192.168.250.161
Remote VTEP Label : 12289
Local VTEP IP : 192.168.250.162
Local VTEP Label : 51201
Remote VTEP IP : 192.168.250.160
Remote VTEP Label : 61441
Mode
Basic
Availability
Edge, Public Cloud Gateway
Display help information. See the example below.
Example
nsx-manager-1> help
NSX CLI help is available via a variety of different ways:
1. From the command prompt, enter: help
This full help message is shown.
2. Tab completion
Tab completion is always available to either complete a valid
command word or complete a valid argument. If completion cannot
be performed, a message is shown to indicate the reason.
For example: ge<tab>
3. Pressing ?
At any time, pressing ? shows possible options for the command
entered. If no options are available, a helpful message is
shown to indicate the reason.
For example: get ?
4. From the command prompt, enter: list
View all supported commands and command parameters.
Mode
Availability
Controller, Edge, ESXi, KVM, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Install NSX Edge service container image.
| Option | Description |
|---|---|
| <image-name> | Edge service container image name |
| <image-version> | Edge service container image version |
Example
nsx-edge> install image nsx-edge-mdproxy version ob-22302541
Image installed successfully
Mode
Basic
Availability
Edge, Public Cloud Gateway
Join this node to a management cluster. You must provide the API username and password of a node that is already in the cluster. On that node, you can run the
get cluster config command to get the cluster ID, and run the get certificate api thumbprint command to get the thumbprint. If you do not provide a password on the command line, you will be prompted to enter one.| Option | Description |
|---|---|
| <ip-address[:port]> | IP address of an NSX Manager and optional port |
| <cluster-id> | Cluster ID of existing cluster to join Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <username> | Manager API username |
| <password> | Manager API password |
| <thumbprint> | Manager API thumbprint |
Example
nsx-manager-1> join 10.162.59.72:443 cluster-id 076dcdbd-0db9-41a7-931d-3b102a128d6e username admin password VMwarensbu_1 thumbprint 4e282b0811b40d93ed85cb24cf261c3296d6d3dbdb6fb2d596d848ba4a292c5a
Join operation successful. Services are being restarted. Cluster may take some time to stabilize.
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Join this node to the management plane.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <thumbprint> | Manager API thumbprint |
| <token> | Manager API token Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| <uuid> | UUID argument Allowed pattern: ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
Example
nsx-edge> join management-plane 192.168.110.105 node-uuid 692eef9a-026e-4e24-8494-251990b2b4e3 thumbprint 7f1374c339b592da504b352857a0bdc4e77b9b998a9971f9335633210f667c97 token fd872487-07db-43c6-9067-acb2b9fe1fe4
Node successfully registered as Fabric Node: 692eef9a-026e-4e24-8494-251990b2b4e3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Join this hypervisor host with the management plane. You can
specify any NSX Manager in the management cluster in this command.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the
get certificate api thumbprint command on the
specified NSX Manager.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
host-1> join management-plane 192.168.110.105 username admin thumbprint 898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
Password for API user:
Node successfully joined
Mode
Basic
Availability
ESXi, KVM
Join this node to the management plane.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
nsx-edge> join management-plane 192.168.110.105 username admin thumbprint 7f1374c339b592da504b352857a0bdc4e77b9b998a9971f9335633210f667c97
Password for API user:
Node successfully registered as Fabric Node: 692eef9a-026e-4e24-8494-251990b2b4e3
Mode
Basic
Availability
Edge, Public Cloud Gateway
Join this keymanager with the management plane. You can specify any NSX Manager in the management cluster in this command.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager.
Specify the network interface name used for hypervisors to request keys.
| Option | Description |
|---|---|
| <ip-address[:port]> | IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
| <interface-name> | Network interface argument |
Example
nsx-keymanager-1> join management-plane 192.168.110.105 username admin thumbprint fef089bbfbd2e10da6ee08c7ff4a95da1368587abfd2c6db59c8db540bc43e58 interface-name eth0
Password for API user:
KeyManager node successfully registered and service restarted
Mode
Basic
Availability
Key Manager
This command lists all available commands.
Mode
Availability
Controller, Edge, ESXi, KVM, NSX Cloud VM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display nslookup information.
| Option | Description |
|---|---|
| <hostname> | System hostname argument |
Example
nsx-manager-1> nslookup nsx-edge-1
Server: ns1.corp.local
Address: 192.168.110.10
Name: nsx-edge-1
Address: 192.168.110.101
Mode
Basic
Availability
Edge, Public Cloud Gateway
Get DNS lookup information.
Note that when run on an NSX Manager, the responding server is reported as 127.0.0.1 instead of the configured name server.
| Option | Description |
|---|---|
| <hostname> | System hostname argument |
Example
nslookup from an NSX Manager:
nsx-manager-1> nslookup nsx-manager-2
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: nsx-manager-2.corp.local
Address: 192.168.110.202
nslookup from an NSX Controller:
nsx-controller-1> nslookup nsx-manager-2
Server: 192.168.110.10
Address: 192.168.110.10#53
Name: nsx-manager-2.corp.local
Address: 192.168.110.202
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Display Nslookup DNS Forwarder result.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1(tier0_sr)> nslookup dns-forwarder host1.vmc.example.com server-ip 3.3.5.10 source-ip 99.99.99.2
ERR_MSG:
RESULT:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @3.3.5.10 -b 99.99.99.2 host1.vmc.example.com +timeout=5 +tries=3 +nosearch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6128
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host1.vmc.example.com. IN A
;; ANSWER SECTION:
host1.vmc.example.com. 524344 IN A 199.199.2.10
host1.vmc.example.com. 524344 IN A 199.199.2.11
;; AUTHORITY SECTION:
vmc.example.com. 524344 IN NS vmns21.vmc.example.com.
;; ADDITIONAL SECTION:
vmns21.vmc.example.com. 524344 IN A 3.3.5.20
;; Query time: 5 msec
;; SERVER: 3.3.5.10#53(3.3.5.10)
;; WHEN: Thu Jan 03 06:45:10 UTC 2019
;; MSG SIZE rcvd: 119
STATE: ACTIVE
UUID: a5a8ad3f-ec30-44d6-8fe3-00cfc50f3e7e
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Display Nslookup DNS Forwarder result.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
| <hostname-or-ip-address> | A hostname or IP address |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> nslookup dns-forwarder a5a8ad3f-ec30-44d6-8fe3-00cfc50f3e7e host1.vmc.example.com server-ip 3.3.5.10 source-ip 99.99.99.21
ERR_MSG:
RESULT:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @3.3.5.10 -b 99.99.99.2 host1.vmc.example.com +timeout=5 +tries=3 +nosearch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56620
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host1.vmc.example.com. IN A
;; ANSWER SECTION:
host1.vmc.example.com. 524568 IN A 199.199.2.10
host1.vmc.example.com. 524568 IN A 199.199.2.11
;; AUTHORITY SECTION:
vmc.example.com. 524568 IN NS vmns21.vmc.example.com.
;; ADDITIONAL SECTION:
vmns21.vmc.example.com. 524568 IN A 3.3.5.20
;; Query time: 2 msec
;; SERVER: 3.3.5.10#53(3.3.5.10)
;; WHEN: Thu Jan 03 06:41:27 UTC 2019
;; MSG SIZE rcvd: 119
STATE: ACTIVE
UUID: a5a8ad3f-ec30-44d6-8fe3-00cfc50f3e7e
Mode
Basic
Availability
Edge, Public Cloud Gateway
Run a command on the specified cluster/fabric node.
| Option | Description |
|---|---|
| <registered-node-uuid> | First UUID of any registered node |
Example
nsx-manager-1> on 761ce797-9c70-483b-9436-41d3b8cd61f7 exec get logical-switches
-------------------------------------------------------------------------------------
761ce797-9c70-483b-9436-41d3b8cd61f7 ctl ychin-nsxcontroller-ob-7056821-1-TB1105DGO
-------------------------------------------------------------------------------------
VNI UUID Name
60304 9c9d40be-b4c2-4aed-b109-c89fdb36fcb1 transit-bp-33f9e0d3-82ca-4617-8283-c6872f5e1efe
60297 ea10e5a5-1b61-48a6-90ef-f252a5248461 3-switch-24
60299 980f22ef-d49b-4759-8e8b-6404e3bf26bb 22-switch-28
60306 be31a40f-4e63-420a-b490-7360a09697e2 transit-rl-5e76249b-8e67-4545-9c52-edca4ba8577e
60305 3abbb822-e631-46e3-9d25-7b6bba8b0023 transit-bp-5e76249b-8e67-4545-9c52-edca4ba8577e
60302 85fcfb8b-55f6-4ad5-8362-d69ae421f1cb 21-switch-28
60298 dbb3903e-d24f-46d7-b2af-9fa33f7becce 2-switch-24
60296 bffe57f3-6a71-485c-ab29-64af96e1f713 1-switch-24
Mode
Basic
Availability
Manager
Enter path context mode. This mode allows you to get information about each interface that is in the path between the specified logical router port and the specified IP address.
You can get a list of logical router interfaces with the get logical-router interfaces command.
Once you are in the path context, use the path commands to navigate and get information, for example, get path, get current, up and down.
| Option | Description |
|---|---|
| <uuid> | Datapath UUID argument |
| <ip-address> | Network IP address argument |
Example
nsx-edge-1> path de650f56-276d-46ef-959e-960752acfe19 172.16.10.11
nsx-edge-1(path)>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Ping an IP address. Use Control-C to stop the ping command.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
Example
nsx-edge-1> ping 192.168.110.1
PING 192.168.110.1 (192.168.110.1): 56 data bytes
64 bytes from 192.168.110.1: icmp_seq=0 ttl=64 time=0.610 ms
64 bytes from 192.168.110.1: icmp_seq=1 ttl=64 time=0.645 ms
64 bytes from 192.168.110.1: icmp_seq=2 ttl=64 time=0.889 ms
^C
--- 192.168.110.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.610/0.715/0.889/0.124 ms
Mode
Basic
Availability
Edge, Public Cloud Gateway
Ping a host or IP address. Use Control-C to stop the command. Optionally use the
repeat argument to specify how many packets to transmit.| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> ping 10.192.43.71
PING 10.192.43.71 (10.192.43.71) 56(84) bytes of data.
64 bytes from 10.192.43.71: icmp_seq=1 ttl=58 time=1.66 ms
64 bytes from 10.192.43.71: icmp_seq=2 ttl=58 time=0.961 ms
64 bytes from 10.192.43.71: icmp_seq=3 ttl=58 time=0.962 ms
64 bytes from 10.192.43.71: icmp_seq=4 ttl=58 time=0.883 ms
64 bytes from 10.192.43.71: icmp_seq=5 ttl=58 time=1.15 ms
^C
--- 10.192.43.71 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.883/1.125/1.665/0.285 ms
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Ping an IP address. Use Control-C to stop the ping command.
The
repeat argument specifies how many ping
packets to transmit.
The size argument specifies the size of the ping
packet. The dfbit argument specifies whether to
set the "don't fragment" bit in the ping packet. If enabled, the
packet will not be fragmented.
The source argument specifies which IP
address to ping from. This may be required in some circumstances
for ping to work as expected. For example, if there is overlap
in IP addresses used in the tier 0 and tier 1 router transit
subnets, pings from the tier 0 VRF will not reach virtual
machines on networks routed by the tier 1 router.
If you use the source argument to specify a unique
IP used by that VRF (in this case, the
tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Example
nsx-edge-1(tier0_sr)> ping 172.16.110.11 source 192.168.130.3 repeat 3
PING 172.16.110.11 (172.16.110.11) from 192.168.130.3: 56 data bytes
64 bytes from 172.16.110.11: icmp_seq=0 ttl=62 time=4.300 ms
64 bytes from 172.16.110.11: icmp_seq=1 ttl=62 time=1.879 ms
64 bytes from 172.16.110.11: icmp_seq=2 ttl=62 time=1.406 ms
--- 172.16.110.11 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.406/2.528/4.300/1.268 ms
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Ping an IP address. Use Control-C to stop the ping command.
The
repeat argument specifies how many ping
packets to transmit. The vrf argument
specifies which VRF to send the pings from. You can get a list of
available VRFs with the get logical-routers command.
The size argument specifies the size of the ping
packet. The dfbit argument specifies whether to
set the "don't fragment" bit in the ping packet. If enabled, the
packet will not be fragmented.
The source argument specifies which IP
address to ping from. This may be required in some circumstances
for ping to work as expected. For example, if there is overlap
in IP addresses used in the tier 0 and tier 1 router transit
subnets, pings from the tier 0 VRF will not reach virtual
machines on networks routed by the tier 1 router.
If you use the source argument to specify a unique
IP used by that VRF (in this case, the
tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Example
nsx-edge-1> ping 172.16.110.11 vrf 3 source 192.168.130.3 repeat 3
PING 172.16.110.11 (172.16.110.11) from 192.168.130.3: 56 data bytes
64 bytes from 172.16.110.11: icmp_seq=0 ttl=62 time=6.203 ms
64 bytes from 172.16.110.11: icmp_seq=1 ttl=62 time=3.908 ms
64 bytes from 172.16.110.11: icmp_seq=2 ttl=62 time=4.633 ms
--- 172.16.110.11 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.908/4.915/6.203/0.958 ms
Mode
Basic
Availability
Edge, Public Cloud Gateway
Ping an IPv6 address. Use Control-C to stop the ping command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
Example
nsxedge-ob-9722447-1-ipv6test> ping6 2005::2828:280a size 100 vrfid 1 repeat 10
PING6(148=40+8+100 bytes) :: --> 2005::2828:280a
108 bytes from 2005::2828:280a, icmp_seq=0 hlim=64 time=1.878 ms
108 bytes from 2005::2828:280a, icmp_seq=1 hlim=64 time=2.626 ms
108 bytes from 2005::2828:280a, icmp_seq=2 hlim=64 time=2.072 ms
108 bytes from 2005::2828:280a, icmp_seq=3 hlim=64 time=1.861 ms
108 bytes from 2005::2828:280a, icmp_seq=4 hlim=64 time=1.657 ms
108 bytes from 2005::2828:280a, icmp_seq=5 hlim=64 time=2.059 ms
108 bytes from 2005::2828:280a, icmp_seq=6 hlim=64 time=1.769 ms
108 bytes from 2005::2828:280a, icmp_seq=7 hlim=64 time=2.305 ms
108 bytes from 2005::2828:280a, icmp_seq=8 hlim=64 time=1.948 ms
108 bytes from 2005::2828:280a, icmp_seq=9 hlim=64 time=1.789 ms
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The repeat argument specifies how many ping packets to transmit.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Ping an IPv6 address. Use Control-C to stop the ping command.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The repeat argument specifies how many ping packets to transmit.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Ping an IPv6 address. Use Control-C to stop the ping command.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
The size argument specifies the size of the ping packet.
The repeat argument specifies how many ping packets to transmit.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Ping an IPv6 address. Use Control-C to stop the ping command.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The repeat argument specifies how many ping packets to transmit.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The size argument specifies the size of the ping packet.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The egress argument specifies the egress interface to send the IPv6 ping packets. This is usually required when you ping to a link local IPv6 address.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host. Ping an IPv6 address. Use Control-C to stop the ping command.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Issue a ping command for IPv6 host.
The repeat argument specifies how many ping packets to transmit.
The vrf argument specifies which VRF to send the pings from. You can get a list of available VRFs with the get logical-routers command.
The size argument specifies the size of the ping packet.
The source argument specifies which IP address to ping from. This may be required in some circumstances for ping to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, pings from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the pings will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <uuid> | Datapath UUID argument |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Pushes host certificate to management plane.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
Example
host-1> push host-certificate 192.168.110.105 username admin thumbprint 898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
Password for API user:
Host certificate was pushed to management plane successfully
Mode
Basic
Availability
ESXi, KVM
Reboot the system. If you specify the
force argument, the system will reboot immediately without prompting for confirmation.Example
nsx> reboot
Are you sure you want to reboot (yes/no): yes
Broadcast message from root@nsx
(unknown) at 1:21 ...
The system is going down for reboot NOW!
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Reset the corelist-related boot time option to factory default.
Example
nsx-edge-1> reset dataplane corelist
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Generating grub configuration file ...
Found linux image: /vmlinuz-3.14.17-nn4-server
Found initrd image: //initrd.img-3.14.17-nn4-server
File descriptor 4 (/tmp/ffix5oWn5 (deleted)) leaked on lvs invocation. Parent PID 30810: /bin/sh
done
INFO: Updated grub. Please reboot to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Reset custom list of supported devices on the system.
Example
edge> reset dataplane device list
edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Reset the hugepage-related boot time option to factory default.
Example
nsx-edge-1> reset dataplane hugepage
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Generating grub configuration file ...
Found linux image: /vmlinuz-3.14.17-nn4-server
Found initrd image: //initrd.img-3.14.17-nn4-server
File descriptor 4 (/tmp/ffinvYglp (deleted)) leaked on lvs invocation. Parent PID 32203: /bin/sh
done
INFO: Updated grub. Please reboot to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the DNS Forwarder cache
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> reset dns-forwarder 9b032ded-a109-42ee-b49b-ae05e7b9edf6 cache
Mode
Basic
Availability
Edge, Public Cloud Gateway
Reset the DNS Forwarder Stats Entries.
| Option | Description |
|---|---|
| <uuid> | Generic UUID string argument Allowed pattern: ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ |
Example
nsx-edge-1> reset dns-forwarder 9b032ded-a109-42ee-b49b-ae05e7b9edf6 stats
STATS:
CACHED_ENTRIES: 3
CONDITIONAL_FORWARDER_STATISTICS:
DOMAIN_NAMES:
vmc.example.com
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.10
DOMAIN_NAMES:
2.199.199.in-addr.arpa
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.20
CONFIGURED_CACHE_SIZE: 300
DEFAULT_FORWARDER_STATISTICS:
DOMAIN_NAMES:
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 1.1.5.10
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 1.1.5.20
QUERIES_ANSWERED_LOCALLY: 0
QUERIES_FORWARDED: 0
RECEIVED_QUERIES_NUMBER: 0
TIME_STAMP: 2018-07-24 10:05:19.895000 (timestamp: 1532426719895)
USED_CACHE_SIZE: 0
UUID: 9b032ded-a109-42ee-b49b-ae05e7b9edf6
Mode
Basic
Availability
Edge, Public Cloud Gateway
Clear the DNS Forwarder Cache Per SR.
Example
nsx-edge-1(tier0_sr)> reset dns-forwarder cache
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Reset the DNS Forwarder Stats Entries Per SR.
Example
nsx-edge-1(tier0_sr)> reset dns-forwarder stats
STATS:
CACHED_ENTRIES: 3
CONDITIONAL_FORWARDER_STATISTICS:
DOMAIN_NAMES:
vmc.example.com
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.10
DOMAIN_NAMES:
2.199.199.in-addr.arpa
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 3.3.5.20
CONFIGURED_CACHE_SIZE: 300
DEFAULT_FORWARDER_STATISTICS:
DOMAIN_NAMES:
UPSTREAM_STATISTICS:
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 1.1.5.10
QUERIES_FAILED: 0
QUERIES_SUCCEEDED: 0
UPSTREAM_SERVER: 1.1.5.20
QUERIES_ANSWERED_LOCALLY: 0
QUERIES_FORWARDED: 0
RECEIVED_QUERIES_NUMBER: 0
TIME_STAMP: 2018-07-24 10:05:19.895000 (timestamp: 1532426719895)
USED_CACHE_SIZE: 0
UUID: 630ccdc4-4b8e-4d2e-9242-b27b689e0feb
Mode
Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Recover management plane account on the host. You can specify any NSX Manager in the management cluster in this command.
Use the API username and password for the specified NSX Manager. If you do not provide a password on the command line, you will be prompted to enter one.
Get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | Hostname or IP address of an NSX Manager and optional port |
| <username> | Manager API username |
| <thumbprint> | Manager API thumbprint |
| <password> | Manager API password |
Example
host-1> reset management-plane 192.168.110.105 username admin thumbprint 898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
Password for API user:
Node successfully joined
Mode
Basic
Availability
ESXi, KVM
Restart the specified service.
| Option | Description |
|---|---|
| <service-name> | Node restartable service argument |
Example
nsx> restart service snmp
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Restore a backup of NSX KeyManager node data.
If you do not provide a passphrase on the command line, you will be prompted to enter one. If you cannot remember the passphrase used to create the backup, you will not be able to restore the backup.
Important: This restore request is one part of the restore process. You must complete all backup and restore tasks in the correct order. See the NSX-T Administration Guide for information and instructions about performing backups and restores.
| Option | Description |
|---|---|
| <filename> | Existing file argument |
| <passphrase> | Backup passphrase |
Example
nsx-keymanager-1> restore node file backup-node-timestamp.tar.gz
Passphrase:
nsx-keymanagermanager-1>
Mode
Basic
Availability
Key Manager
Resume an upgrade after running the command
start upgrade-bundle <bundle-name> playbook <playbook-file> and the system was rebooted.| Option | Description |
|---|---|
| <bundle-name> | Name of NSX upgrade bundle in the file store |
Example
nsx-edge-1> resume upgrade-bundle VMware-NSX-edge-2.0.0.0.0.5298714 playbook
Resuming paused playbook /var/vmware/nsx/file-store/VMware-NSX-edge-2.0.0.0.0.5298714-playbook.yml
Validating playbook /var/vmware/nsx/file-store/VMware-NSX-edge-2.0.0.0.0.5298714-playbook.yml
Running "41-postboot-exit_maintenance_mode" (step 4 of 5)
Running "finish_upgrade" (step 5 of 5)
Playbook finished successfully
{
"info": "",
"body": null,
"state": 1,
"state_text": "CMD_SUCCESS"
}
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Sets the amount of time, in seconds, that an account will remain locked
out of the API after exceeding the maximum number of failed
authentication attempts.
| Option | Description |
|---|---|
| <lockout-period> | Lockout period in seconds |
Example
nsx> set auth-policy api lockout-period 900
nsx>
Mode
Basic
Availability
Manager, Policy Manager
In order to trigger an account lockout, all authentication
failures must occur in this time window. If the reset
period exprires, the failed login count is reset to zero.
| Option | Description |
|---|---|
| <lockout-reset-period> | Lockout reset period in seconds |
Example
nsx> set auth-policy api lockout-reset-period 300
nsx>
Mode
Basic
Availability
Manager, Policy Manager
Set the number of failed API authentication attempts that are
allowed before the account is locked. If set to 0, account
lockout is disabled.
| Option | Description |
|---|---|
| <auth-failures> | Number of authentication failures to trigger lockout |
Example
nsx> set auth-policy api max-auth-failures 5
nsx>
Mode
Basic
Availability
Manager, Policy Manager
Sets the amount of time, in seconds, that an account will remain locked
out of the CLI after exceeding the maximum number of failed
authentication attempts. While the lockout period is in effect, additional
authentication attempts restart the lockout period, even if a valid
password is specified.
| Option | Description |
|---|---|
| <lockout-period> | Lockout period in seconds |
Example
nsx> set auth-policy cli lockout-period 900
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the number of failed CLI authentication attempts that are
allowed before the account is locked. If set to 0, account
lockout is disabled.
| Option | Description |
|---|---|
| <auth-failures> | Number of authentication failures to trigger lockout |
Example
nsx> set auth-policy cli max-auth-failures 5
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the minimum number of characters that passwords must have. The
smallest value that can be set is 8.
| Option | Description |
|---|---|
| <password-length> | Password length argument |
Example
nsx> set auth-policy minimum-password-length 12
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the vidm service's enabled property.
Example
nsx-manager-1> set auth-policy vidm enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the vidm's properties.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
| <thumbprint> | The thumbprint of the vidm host |
| <vidm-client-id> | vIDM client id parameter Allowed pattern: .* |
| <vidm-client-secret> | vIDM client secret parameter Allowed pattern: .* |
Example
nsx-manager-1> set auth-policy vidm hostname jt-vidm.eng.vmware.com thumbprint
898b75618e3e56615d53f987a720ff22b6381f4b85bec1eb973214ff7361f8b8
client-id myClient client-secret mySecret node-hostname
jt-nsx.eng.vmware.com
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the external load balancer enabled property.
Example
nsx-manager-1> set auth-policy vidm lb-extern enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the security banner or message of the day.
Example
nsx> set banner
Enter TEXT message. End with 'Ctrl-D'
Authorized access only
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Start a packet capture. You must have already configured the packet capture with the
set capture session <session-number> interface <port-uuid-name> direction <direction> command in basic mode, or with the set capture session <session-number> direction <direction> command in path mode. Use the get capture sessions command in basic mode to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
nsx-edge-1(path)> set capture session 1
01:39:58.374489 20:00:00:00:00:f1 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::2200:ff:fe00:f1 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
<base64>MzMAAAAWIAAAAADxht1gAAAAACQAAf6AAAAAAAAAIgAA//4AAPH/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAE4nAAAAAQQAAAD/AgAAAAAAAAAAAAH/AADx<base64>
01:39:58.374506 20:00:00:00:00:f1 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::2200:ff:fe00:f1 > ff02::2: ICMP6, router solicitation, length 16
<base64>MzMAAAACIAAAAADxht1gAAAAABA6//6AAAAAAAAAIgAA//4AAPH/AgAAAAAAAAAAAAAAAAAChQA5TAAAAAABASAAAAAA8Q==<base64>
.
.
.
Mode
Basic, Path
Availability
Edge, Public Cloud Gateway
Start a packet capture. You must have already configured the packet capture with the
set capture session <session-number> interface <port-uuid-name> direction <direction> command in basic mode, or with the set capture session <session-number> direction <direction> command in path mode. Use the get capture sessions command in basic mode to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
Example
kvm-1(path)> set capture session 1
01:39:58.374489 20:00:00:00:00:f1 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90: fe80::2200:ff:fe00:f1 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
<base64>MzMAAAAWIAAAAADxht1gAAAAACQAAf6AAAAAAAAAIgAA//4AAPH/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAE4nAAAAAQQAAAD/AgAAAAAAAAAAAAH/AADx<base64>
01:39:58.374506 20:00:00:00:00:f1 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::2200:ff:fe00:f1 > ff02::2: ICMP6, router solicitation, length 16
<base64>MzMAAAACIAAAAADxht1gAAAAABA6//6AAAAAAAAAIgAA//4AAPH/AgAAAAAAAAAAAAAAAAAChQA5TAAAAAABASAAAAAA8Q==<base64>
.
.
.
Mode
Basic, Path
Availability
KVM
Start a packet capture. You must have already configured the
packet capture with the
set capture session
<session-number> interface <port-uuid-name>
direction <direction> command.
If you don't specify a file, the output displays on the terminal.
Type Control-C to end the packet capture.
You can filter the capture using tcpdump expressions. The expression must be the last argument of the command.
Use the get capture sessions command
to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <filename> | Capture file name Allowed pattern: ^[^/ *;&|]+$ |
| <packet-count> | Packet count value greater than or equal to 1 |
| <expression> | Packet capture expression |
Example
nsx-edge-1> set capture session 1 count 1 expression host 192.168.130.254 and port 22
02:59:09.825531 00:50:56:8e:29:c7 > 02:50:56:00:00:01, ethertype 802.1Q (0x8100), length 78: vlan 130, p 0, ethertype IPv4, 192.168.130.254.36792 > 192.168.130.3.22: Flags [S], seq 2401912755, win 29200, options [mss 1460,sackOK,TS val 60617296 ecr 0,nop,wscale 6], length 0
nsx-edge-1>
or
nsx-edge-1> set capture session 1 file capturefile count 5 expression port 22
Capture 5 packets to file initiated,
enter Ctrl-C to terminate before all packets captured
5 packets captured
5 packets received by filter
0 packets dropped by kernel
110 packets dropped by interface
Mode
Basic
Availability
Edge, Public Cloud Gateway
Start a packet capture. You must have already configured the
packet capture with the
set capture session
<session-number> interface <port-uuid-name>
direction <direction> command.
If you don't specify a file, the output displays on the terminal.
Type Control-C to end the packet capture.
You can filter the capture using tcpdump expressions. The expression must be the last argument of the command.
Use the get capture sessions command
to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <filename> | Capture file name Allowed pattern: ^[^/ *;&|]+$ |
| <packet-count> | Packet count value greater than or equal to 1 |
| <expression> | Packet capture expression |
Example
kvm-1> set capture session 1 count 1 expression host 192.168.130.254 and port 22
02:59:09.825531 00:50:56:8e:29:c7 > 02:50:56:00:00:01, ethertype 802.1Q (0x8100), length 78: vlan 130, p 0, ethertype IPv4, 192.168.130.254.36792 > 192.168.130.3.22: Flags [S], seq 2401912755, win 29200, options [mss 1460,sackOK,TS val 60617296 ecr 0,nop,wscale 6], length 0
kvm-1>
or
kvm-1> set capture session 1 file capturefile count 5 expression port 22
Capture 5 packets to file initiated,
enter Ctrl-C to terminate before all packets captured
5 packets captured
5 packets received by filter
0 packets dropped by kernel
110 packets dropped by interface
Mode
Basic
Availability
KVM
Configure a packet capture using the current
interface in the path. You can change the current interface and
run this command again to configure multiple interfaces on the
same packet capture session.
Start the packet capture with the set capture session
<session-number> command in either basic or path
mode, or with the set capture session
<session-number> [file <filename> [count
<packet-count> [expression <expression>
command in basic mode.
Use the get capture sesssions command in basic mode
to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-edge-1(path)> set capture session 1 direction both
nsx-edge-1(path)>
Mode
Path
Availability
Edge, Public Cloud Gateway
Configure a packet capture using the specified interface. You can
run this command multiple times to configure multiple interfaces
on the same packet capture session.
To run the packet capture using this configuration, use the
set capture session <session-number>
[file <filename>] [count <packet-count>]
[expression <expression>] command.
If you need to capture packets from only one interface, you
can configure and run the packet capture with a single command:
start capture interface <interface-name>
[file <filename>] [count <packet-count>]
[expression <expression>].
Use the get capture sessions command
to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <interface-name> | Network interface argument |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
kvm-1> set capture session 1 interface b592a7c8-4e21-493e-b0fc-0b1d152c949c direction dual
kvm-1> get capture session 1
Packet Capture Session
ID : 1
PORTS : ['b592a7c8-4e21-493e-b0fc-0b1d152c949c']
Mode
Basic
Availability
KVM
Configure a packet capture using the specified interface. You can
run this command multiple times to configure multiple interfaces
on the same packet capture session.
To run the packet capture using this configuration, use the
set capture session <session-number>
[file <filename>] [count <packet-count>]
[expression <expression>] command.
If you need to capture packets from only one interface, you
can configure and run the packet capture with a single command:
start capture interface <interface-name>
[direction <direction>] [file <filename>]
[count <packet-count>] [expression <expression>].
Use the get capture sessions command
to see all configured capture sessions.
| Option | Description |
|---|---|
| <session-number> | Session ID argument in numbers Allowed values: 1, 2, 3 |
| <port-uuid-name> | Datapath String argument |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-edge-1> set capture session 1 interface fp-eth0 direction dual
nsx-edge-1> set capture session 1 interface fp-eth1 direction dual
nsx-edge-1> get capture session 1
Packet Capture Session
ID : 1
PORTS : ['fp-eth0', 'fp-eth1']
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set inactivity timeout in seconds. To disable the timeout, specify 0.
| Option | Description |
|---|---|
| <timeout> | Number of seconds before timeout or 0 to disable timeout |
Example
nsx> set cli-timeout 0
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the custom list of physical NICs.
| Option | Description |
|---|---|
| <pci-address-arg> | PCI address |
Example
edge> set dataplane device list 0000:1b:00.0,0000:13:00.0
Updating custom NIC list...
0000:13:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
INFO: Grub backup already exists. Skipping.
INFO: Grub config is good.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable flow cache.
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set dataplane flow-cache enabled
Please restart dataplane service for the change to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the flow cache size for each core
| Option | Description |
|---|---|
| <flow-cache-size> | Flow cache size of a core |
Example
nsx-edge-1> set dataplane flow-cache-size 524288
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
INFO: Updated flow cache size. Please reboot to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable interrupt mode.
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set dataplane interrupt-mode enabled
Please restart datapathd service for change to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Change the jumbo mbuf pool size
| Option | Description |
|---|---|
| <jumbo-mbuf-pool-size> | Size of jumbo mbuf pool |
Example
nsx-edge-1> set dataplane jumbo-mbuf-pool-size 1024
Updated jumbo mbuf pool size. Please restart service dataplane to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable pmtu cache usage in l3vpn.
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set dataplane l3vpn-pmtu enabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Change the per-core packet queue limit
| Option | Description |
|---|---|
| <number> | Max number of packets queued by each core |
Example
nsx-edge-1> set dataplane packet-queue-limit 1024
Please restart datapathd service for change to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the rx ring size for physical ports.
| Option | Description |
|---|---|
| <ring-size> | Ring size of a physical port |
Example
nsx-edge-1> set dataplane ring-size rx 1024
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Please restart datapathd service for change to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the tx ring size for physical ports.
| Option | Description |
|---|---|
| <ring-size> | Ring size of a physical port |
Example
nsx-edge-1> set dataplane ring-size tx 1024
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Please restart datapathd service for change to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Turn on BGP debugging.
Example
nsx-edge-1(tier0_sr)> set debug bgp
nsx-edge-1(tier0_sr)>
Mode
Tier0_sr
Availability
Edge, Public Cloud Gateway
Change mode of enhanced datapath lcore assignment.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <ens-lc-mode> | ENS lcore assignment mode name Allowed values: vNIC-count, cpu-usage |
Example
esx-1> set ens lcore-assignment-mode nsxvswitch cpu-usage
esx-1>
Mode
Basic
Availability
ESXi
Set the acceptance of the end user license agreement.
Example
nsx-manager-1> set eula accepted
nsx-manager-1>
Mode
Basic
Availability
Manager
Set the peer configuration for active/standby
configuration. This configuration happens automatically
when firewall rules are added to an active/standby
logical router via the NSX Manager web interface or API.
This command should be used for advanced configuration or troubleshooting only.
If you manually configure the active/standby peer on an edge node, you must also configure its peer.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
| <ip-address> | Network IP address argument |
| <uuid> | UUID argument |
Example
nsx-edge> set firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e local-ip 192.168.250.62 sync-peer e159f0db-d8e4-4973-9cbb-8cc30def2c3e sync-peer-ip 192.168.250.63
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the firewall synchronization mode for active/standby
configuration. This configuration happens automatically
when firewall rules are added to an active/standby
logical router via the NSX Manager web interface or API.
This command should be used for advanced configuration or troubleshooting only.
If you manually configure the active/standby sync, you must correctly configure both edge nodes in the active/standby configuration. One node must be configured as primary and one as secondary. One node must be configured as active, and one as passive.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
| <sync-rank> | One of {primary|secondary} Allowed values: primary, secondary |
| <sync-mode> | One of {active|passive} Allowed values: active, passive |
Example
nsx-edge> set firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e sync-rank primary sync-mode active
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set gw-controller log level
| Option | Description |
|---|---|
| <level> | The gw-controller service logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-public-cloud-gateway> set gw-controller logging-level
ID: fatal
Mode
Basic
Availability
Public Cloud Gateway
Enable/Disable VM log forwarding for all VMs
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-public-cloud-gateway> set gw-controller vm-log-forwarding enabled
ID: i-0cf00e04160ef35fc
Output:
* Exiting ovs-l3d (16331)
* Starting ovs-l3d
ID: i-027873e6b2d042258
Output:
* Exiting ovs-l3d (16348)
* Starting ovs-l3d
Mode
Basic
Availability
Public Cloud Gateway
Enable/Disable VM log forwarding for one VM
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
| <vm-id> | VM ID |
Example
nsx-public-cloud-gateway> set gw-controller vm-log-forwarding enabled i-0cf00e04160ef35fc
ID: i-0cf00e04160ef35fc
Output:
* Exiting ovs-l3d (16331)
* Starting ovs-l3d
Mode
Basic
Availability
Public Cloud Gateway
This command enables mandatory access control on the node. Usage for the command is
set hardening-policy mandatory-access-control enabledExample
nsx-edge-1> set hardening-policy mandatory-access-control enabled
Mandatory Access Control is enabled, but requires a reboot.
Mode
Basic
Availability
Controller, Edge, Manager, Policy Manager, Public Cloud Gateway
Set the mcast filter mode for the specified host switch.
| Option | Description |
|---|---|
| <host-switch-name> | Host switch name Allowed pattern: ^([A-Za-z0-9_:.-]+)$ |
| <mcast-filter-mode> | Mode of mcast filter Allowed values: legacy, snooping |
Example
esx-1> set host-switch nsxvswitch mcast-filter snooping
esx-1>
Mode
Basic
Availability
ESXi
Set the system hostname. Changing the hostname changes the command line prompt.
| Option | Description |
|---|---|
| <hostname> | System hostname argument |
Example
nsx> set hostname nsx-3
nsx-3>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the hugepage reserve size for the data plane using system default.
Example
nsx-edge-1> set hugepage-reserve auto
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Generating grub configuration file ...
Found linux image: /vmlinuz-3.14.17-nn4-server
Found initrd image: //initrd.img-3.14.17-nn4-server
File descriptor 4 (/tmp/ffisOHe0b (deleted)) leaked on lvs invocation. Parent PID 5321: /bin/sh
done
INFO: Updated grub. Please reboot to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the hugepage reserve size for the data plane.
| Option | Description |
|---|---|
| <hugepage-size> | Hugepage size in MB or GB Allowed pattern: ^[0-9]+([M|G]B)?$ |
Example
nsx-edge-1> set hugepage-reserve size 1003MB
0000:0b:00.0 already bound to driver vfio-pci, skipping
0000:1b:00.0 already bound to driver vfio-pci, skipping
0000:13:00.0 already bound to driver vfio-pci, skipping
INFO: Config was written to: /config/vmware/edge/config.json
Generating grub configuration file ...
Found linux image: /vmlinuz-3.14.17-nn4-server
Found initrd image: //initrd.img-3.14.17-nn4-server
File descriptor 4 (/tmp/ffilsggoY (deleted)) leaked on lvs invocation. Parent PID 3853: /bin/sh
done
INFO: Updated grub. Please reboot to take effect.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the
plane property of the interface and optionally configure the IP address. By default, the plane property is not configured, the dataplane component takes control of the interface for the data path and the interface is not visible to the Linux kernel. If plane is set to mgmt, it is reported as such to the management plane (MP) via MPA, and the corresponding interface is not consumed by the dataplane for dataplane operations and is available for configuration from the CLI. If it is set to debug, the dataplane does not consume the interface for dataplane operations and the interface is available for configuration from the CLI. Optionally, you can configure the interface with a DHCP or static IP address. If you configure a static IP address, make sure an appropriate network route is also configured. You can use the optional gateway argument, or set a route using the set route command.
For NSX Manager or a controller, you cannot configure the plane property. You also cannot configure a DHCP or static IP address because both NSX Manager and a controller have a static IP address that is set at installation and cannot be changed.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
| <prefix> | CIDR notation argument |
| <gateway-ip> | Gateway IP address argument |
| <plane> | Interface plane argument Allowed values: mgmt, debug |
Example
nsx-edge> set interface eth0 plane mgmt
nsx-edge>
or
nsx-edge> set interface eth0 dhcp plane mgmt
nsx-edge>
or
nsx-edge> set interface eth0 ip 192.168.110.111/24 gateway 192.168.110.1 plane mgmt
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Configure the specified interface to use DHCP. You cannot configure DHCP for NSX Manager or a controller because both must have a static IP address.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
Example
nsx-edge> set interface eth0 dhcp
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Configure the specified interface to use DHCP.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
| <plane> | Interface plane argument Allowed values: mgmt, debug |
| <mode> | Bond mode (e.g. active-backup) Allowed values: active-backup |
| <members> | Bond member devices (e.g. eth0,eth1) |
| <primary> | Bond primary device (in active-backup mode, e.g. eth0) |
Example
nsx-edge> set interface bond0 dhcp plane mgmt mode active-backup members eth0,eth1 primary eth0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Configure a static IP address and netmask. Make sure an appropriate network route is also configured. You can use the optional
gateway argument, or set a route using the set route command. You cannot configure a static IP address for NSX Manager or a controller because their static IP address is set at installation and cannot be changed.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
| <prefix> | CIDR notation argument |
| <gateway-ip> | Gateway IP address argument |
Example
nsx-edge> set interface eth0 ip 192.168.110.110/24 gateway 192.168.110.1
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Create bond interface and set the
plane property of the interface and config the IP address. If plane is set to mgmt, it is reported as such to the management plane (MP) via MPA, and the slave devices are not consumed by dataplane for dataplane operations. You can configure the bond interface with a DHCP or static IP address. If you configure a static IP address, make sure an appropriate network route is also configured.
| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
| <prefix> | CIDR notation argument |
| <gateway-ip> | Gateway IP address argument |
| <plane> | Interface plane argument Allowed values: mgmt, debug |
| <mode> | Bond mode (e.g. active-backup) Allowed values: active-backup |
| <members> | Bond member devices (e.g. eth0,eth1) |
| <primary> | Bond primary device (in active-backup mode, e.g. eth0) |
Example
nsx-edge> set interface bond0 ip 192.168.110.111/24 gateway 192.168.110.1 plane mgmt mode active-backup members eth0,eth1 primary eth0
Mode
Basic
Availability
Edge, Public Cloud Gateway
Create a VLAN network interface from the specified parent interface and VLAN id. The new vlan network interface name will be of format
interface. and the interface's plane property will be set to mgmt. Any existing configuration on the parent interface will be deleted. Users must use the newly created VLAN network interface for configuration.| Option | Description |
|---|---|
| <interface-name> | Configurable network interface argument |
| <vlan> | VLAN id <1-4094> Allowed pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-3][0-9]{3}|40[0-9][0-4])$ |
Example
nsx-edge> set interface eth0 vlan 100 plane mgmt
nsx-edge> Interface eth0.100 created. Use 'set interface eth0.100' to configure.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Create an in-band VLAN network interface from the physical interface identified by the mac. If the physical interface is not already owned by the edge dataplane, the dataplane service will be restarted in order to claim the physical interface. The new inband vlan network interface name will be of format
ethX.vlan and the interface's plane property will be set to mgmt. Users must use the newly created in-band VLAN network interface for configuration.| Option | Description |
|---|---|
| <mac-address> | Configurable mac address argument |
| <vlan> | VLAN id <1-4094> Allowed pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-3][0-9]{3}|40[0-9][0-4])$ |
Example
nsx-edge> set interface mac 00:0c:29:5d:a6:39 vlan 100 in-band plane mgmt
nsx-edge> Interface eth0.100 created in-band. Use 'set interface eth0.100' to configure.
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the specified l2bridge port HA state Active
| Option | Description |
|---|---|
| <uuid> | UUID argument |
Example
nsx-edge-1> set l2bridge-port 76c85110-b041-4e9f-a3e3-b54179a88ceb state active
Successfully brought L2Bridge 76c85110-b041-4e9f-a3e3-b54179a88ceb to active state
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable rule log for a specific load balancer.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set load-balancer ed785df6-2143-4944-b918-66470886be83 rule-log enabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable rule log for a specific pool.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <pool-uuid> | Pool UUID argument |
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set load-balancer ed785df6-2143-4944-b918-66470886be83 rule-log pool ed785df6-2143-4944-b918-66470886be82 enabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable rule log for a specific virtual server.
| Option | Description |
|---|---|
| <lb-uuid> | LoadBalancer UUID argument |
| <vs-uuid> | Virtual server UUID argument |
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set load-balancer ed785df6-2143-4944-b918-66470886be83 rule-log virtual-server ed785df6-2143-4944-b918-66470886be81 enabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Apply edge parameters to accelerate load balancer performance.
| Option | Description |
|---|---|
| <perf-profile-type> | Performance profile type argument Allowed values: http, https, l4 |
Example
nsx-edge-1> set load-balancer perf-profile http
Mode
Basic
Availability
Edge, Public Cloud Gateway
Configure a logging server. The logging system uses the facility
codes defined in RFC 5424. Facility local7 is used for audit messages,
and local6 is used for non-audit messages.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | A hostname or IP address with optional port delimited by a colon |
| <proto> | Logging server protocol Allowed values: tcp, udp, tls, li, li-tls |
| <level> | Level of log entries to export Allowed values: emerg, alert, crit, err, warning, notice, info, debug |
| <facility> | Comma delimited list of facilities of log entries to export |
| <messageid> | Comma delimited list of MSGIDs of log entries to export |
| <filename> | Existing file argument |
| <structured-data> | Structured data of log entries to export Allowed pattern: ^(comp|subcomp|s2comp|security|audit|reqId|ereqId|entId|errorCode|eventId|euser|level|username|threadId|splitId|splitIndex)=.+$ |
Example
nsx> set logging-server 192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC structured-data audit=true
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Configure a logging server. The logging system uses the facility
codes defined in RFC 5424. Facility local7 is used for audit messages,
and local6 is used for non-audit messages.
| Option | Description |
|---|---|
| <hostname-or-ip-address[:port]> | A hostname or IP address with optional port delimited by a colon |
| <proto> | Logging server protocol Allowed values: tcp, udp, tls, li, li-tls |
| <level> | Level of log entries to export Allowed values: emerg, alert, crit, err, warning, notice, info, debug |
| <facility> | Comma delimited list of facilities of log entries to export |
| <messageid> | Comma delimited list of MSGIDs of log entries to export |
| <filename> | Existing file argument |
| <structured-data> | Structured data of log entries to export Allowed pattern: ^(comp|subcomp|s2comp|security|audit|reqId|ereqId|entId|errorCode|eventId|euser|level|username|threadId|splitId|splitIndex)=.+$ |
Example
nsx> set logging-server 192.168.110.60 proto udp level info facility syslog messageid SYSTEM,FABRIC structured-data audit=true
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Enable or disable maintenance mode. Maintenance mode can be used during upgrade and debugging. When an Edge is in maintenance mode only management traffic will be passed; data traffic will be dropped.
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set maintenance-mode enabled
Maintenance Mode: enabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable maintenance mode. Maintenance mode can be used during upgrade and debugging. When an TN is in maintenance mode only management traffic will be passed; data traffic will be dropped.
| Option | Description |
|---|---|
| <nsxproxy-maintenance-mode> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx> set maintenance-mode enabled
Maintenance Mode: enabled
Mode
Basic
Availability
ESXi, KVM
Add a name server to the DNS configuration.
| Option | Description |
|---|---|
| <ip-address> | Name server IP address argument |
Example
nsx> set name-servers 192.168.110.10
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Configure a new NTP server.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
Example
nsx-manager-1> set ntp-server 172.31.32.2
nsx-manager-1>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the specified physical port admin state up or down.
| Option | Description |
|---|---|
| <physical-port-name> | Datapath String argument |
| <physical-port-state> | One of {up|down} Allowed values: up, down |
Example
nsx-edge-1> set physical-port fp-eth2 state down
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set current node's IP address as repository IP.
This command will restart the install-upgrade service.
Example
nsx-manager-1> set repository-ip
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Add a network route. You can also just set a gateway by specifying a
prefix value of 0.0.0.0/0.| Option | Description |
|---|---|
| <prefix> | CIDR notation argument |
| <gateway-ip> | Gateway IP address argument |
| <interface-name> | Configurable network interface argument |
Example
nsx> set route prefix 10.10.10.0/24 gateway 192.168.110.1
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Add a domain name to the DNS search list.
| Option | Description |
|---|---|
| <domain> | Search domain argument |
Example
nsx> set search-domains example.com
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the log level for the controller service.
| Option | Description |
|---|---|
| <level> | The controller service logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-controller-1> set service controller logging-level info
nsx-controller-1>
Mode
Basic
Availability
Controller
Set the log level for the specified component.
| Option | Description |
|---|---|
| <string> | String argument Allowed pattern: ^.*$ |
| <level> | The controller service logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-controller-1> set service controller logging-level name BgpConfigSplitter error
Name: BgpConfigSplitter LogLevel: error
Mode
Basic
Availability
Controller
Set the log level for components that match the specified pattern. The pattern can be a regular expression.
| Option | Description |
|---|---|
| <string> | String argument Allowed pattern: ^.*$ |
| <level> | The controller service logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-controller-1> set service controller logging-level pattern Dhcp error
Name: DhcpIpPoolSplitter LogLevel: error
Name: DhcpRelaySplitter LogLevel: error
Name: DhcpStaticBindingSplitter LogLevel: error
Name: LogicalDhcpServerSplitter LogLevel: error
Name: com.vmware.nsx.canary.span.DhcpIpPoolSpanner LogLevel: error
Name: com.vmware.nsx.canary.span.DhcpStaticBindingSpanner LogLevel: error
Name: com.vmware.nsx.canary.span.LogicalDhcpServerSpanner LogLevel: error
Mode
Basic
Availability
Controller
Set the log level of the Dataplane service.
| Option | Description |
|---|---|
| <level> | Edge service logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-edge-1> set service dataplane logging-level warn
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the log level of the DHCP service.
| Option | Description |
|---|---|
| <level> | Edge service logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-edge-1> set service dhcp logging-level warn
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable DHCP pool monitor and set monitor interval in seconds
| Option | Description |
|---|---|
| <mode> | DHCP Pool Monitor Enable/Disable Flag Allowed values: on, off |
| <number> | DHCP Pool Monitor Interval |
Example
nsx-edge-1> set service dhcp pool-monitor on monitor-interval 60
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the HTTP API per-client concurrency limit value.
| Option | Description |
|---|---|
| <http-client-api-concurrency-limit> | HTTP API per-client concurrency limit |
Example
nsx-manager-1> set service http client-api-concurrency-limit 40
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the HTTP API per-client rate limit value.
| Option | Description |
|---|---|
| <http-client-api-rate-limit> | HTTP API per-client rate limit in calls per second |
Example
nsx-manager-1> set service http client-api-rate-limit 100
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the HTTP service connection timeout value.
| Option | Description |
|---|---|
| <http-conn-timeout> | HTTP connection timeout in seconds |
Example
nsx-manager-1> set service http connection-timeout 60
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the HTTP API global concurrency limit value.
| Option | Description |
|---|---|
| <http-global-api-concurrency-limit> | HTTP API global concurrency limit |
Example
nsx-manager-1> set service http global-api-concurrency-limit 100
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the HTTP service redirect host.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
Example
nsx-manager-1> set service http redirect-host 10.0.0.1
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the HTTP service session timeout value.
| Option | Description |
|---|---|
| <http-session-timeout> | HTTP session timeout in seconds |
Example
nsx-manager-1> set service http session-timeout 60
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set service hyperbus metrics logging level
| Option | Description |
|---|---|
| <level> | HyerpBus logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi, KVM
Set service hyperbus nestdb logging level
| Option | Description |
|---|---|
| <level> | HyerpBus logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi, KVM
Set service hyperbus net logging level
| Option | Description |
|---|---|
| <level> | HyerpBus logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi, KVM
Set service hyperbus rpc logging level
| Option | Description |
|---|---|
| <level> | HyerpBus logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi, KVM
Set service hyperbus logging level
| Option | Description |
|---|---|
| <level> | HyerpBus logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi, KVM
Enable or disable ike per tunnel debug mode
| Option | Description |
|---|---|
| <ipv4-addr> | IPv4 Address |
| <debug-level-arg> | IKE Debug level Allowed values: off, fail, highok, highstart, uncommon, midok, midstart, lowok, lowstart |
Example
nsx-edge-1> set service ike debug-tunnel local-ip 10.0.0.1 remote-ip 10.1.0.1 debug-level midok
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Enable or disable ike per tunnel debug mode
| Option | Description |
|---|---|
| <ipv4-addr> | IPv4 Address |
| <debug-level-arg> | IKE Debug level Allowed values: off, fail, highok, highstart, uncommon, midok, midstart, lowok, lowstart |
Example
nsxedge> set service ike debug-tunnel local-ip 192.168.128.1 remote-ip 1.1.5.100 debug-level midok follow
29-May-2019 20:53:28 ssh_stack IKEv2 packet S(192.168.128.1:500 -> 1.1.5.100:500): len= 80, mID=165, HDR
29-May-2019 20:53:28 ssh_stack responder INFO completed
29-May-2019 20:53:58 ssh_stack [670ba4b198/349435e0b00] R: IKE SA REFCNT: 1
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the log level of the IKE service.
| Option | Description |
|---|---|
| <level> | Edge service logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-edge-1> set service ike logging-level warn
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the install-upgrade service's enabled property.
Example
nsx-manager-1> set service install-upgrade enabled
nsx-manager-1>
Mode
Basic
Availability
Manager, Policy Manager
Set the log level of the keymanager service.
| Option | Description |
|---|---|
| <level> | Keymanager logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-keymanager-1> set service keymanager logging-level warn
Logging level: warn
Mode
Basic
Availability
Key Manager
Set the log level of the Local Controller service.
| Option | Description |
|---|---|
| <level> | Edge service logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-edge-1> set service local-controller logging-level warn
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the log level of the manager service.
| Option | Description |
|---|---|
| <level> | Manager logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-manager-1> set service manager logging-level warn
Logging level: warn
Mode
Basic
Availability
Manager
Dynamically set service daemon log level.
| Option | Description |
|---|---|
| <level> | NSX Agent service logging level argument Allowed values: fatal, error, warn, info, debug, trace, off |
Example
nsx-1> set service nsx-agent logging-level warn
Logging level updated
Mode
Basic
Availability
KVM
Set service cfgagent metrics logging level
| Option | Description |
|---|---|
| <level> | Cfgagent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi
Set service cfgagent nestdb logging level
| Option | Description |
|---|---|
| <level> | Cfgagent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi
Set service cfgagent net logging level
| Option | Description |
|---|---|
| <level> | Cfgagent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi
Set service cfgagent rpc logging level
| Option | Description |
|---|---|
| <level> | Cfgagent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi
Set service cfgagent logging level.
| Option | Description |
|---|---|
| <level> | Cfgagent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
ESXi
Dynamically set service daemon log level.
| Option | Description |
|---|---|
| <level> | Context mux logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-1> set service nsx-context-mux logging-level warn
Logging level updated
Mode
Basic
Availability
ESXi
Dynamically set service daemon log level.
| Option | Description |
|---|---|
| <level> | Exporter service logging level argument Allowed values: fatal, error, warn, info, debug, trace |
Example
nsx-1> set service nsx-exporter logging-level warn
Logging level updated
Mode
Basic
Availability
Controller, Edge, ESXi, KVM, Manager, Public Cloud Gateway
Set service OpsAgent logging level.
| Option | Description |
|---|---|
| <level> | OpsAgent logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Dynamically set service daemon log level.
| Option | Description |
|---|---|
| <level> | Platform client service logging level argument Allowed values: fatal, error, warn, info, debug, trace |
Example
nsx-1> set service nsx-platform-client logging-level warn
Logging level updated
Mode
Basic
Availability
Controller, Edge, ESXi, KVM, Manager, Public Cloud Gateway
Set service nsx-proxy central logging level
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Set service nsx-proxy metrics logging level.
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Set service nsx-proxy nestdb logging level.
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Set service nsx-proxy net logging level.
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Set service nsx-proxy rpc logging level.
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Set service nsx-proxy logging level.
| Option | Description |
|---|---|
| <level> | NsxProxy logging level Allowed values: off, fatal, error, warn, info, debug, trace |
Mode
Basic
Availability
Edge, ESXi, KVM, Public Cloud Gateway
Configure the NTP service to start on boot.
Example
nsx> set service ntp start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the log level of the policy service.
| Option | Description |
|---|---|
| <level> | Policy logging level argument Allowed values: off, fatal, error, warn, info, debug, trace |
Example
nsx-policy-1> set service policy logging-level warn
Logging level: warn
Mode
Basic
Availability
Policy Manager
Set the log level of the FRR service.
| Option | Description |
|---|---|
| <level> | Edge Routing service logging level argument Allowed values: off, emergencies, critical, error, alerts, warnings, notification, informational, debug |
Example
nsx-edge-1> set service router logging-level warn
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set the log level of the routing platform and config services.
| Option | Description |
|---|---|
| <level> | Edge Routing Platform service logging level argument Allowed values: off, fatal, error, warn, info, debug |
Example
nsx-edge-1> set service routing-platform logging-level dbg
nsx-edge-1>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Configure the snmp service to start on boot.
Example
nsx> set service snmp start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Configure the SSH service to start on boot.
Example
nsx> set service ssh start-on-boot
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the SNMP service v1/v2c community string. This must be set before MIBs can be queried. Choose a string that is difficult to guess.
| Option | Description |
|---|---|
| <community-string> | SNMP community string Allowed pattern: ^[\S]{1,64}$ |
Example
nsx> set snmp community Q_cHeHUBe7Ud2+sayuReq2t3
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set SNMP V3 Engine ID.
| Option | Description |
|---|---|
| <v3-engine-id> | SNMP V3 engine id Allowed pattern: ^[0-9a-fA-F]{10,64}$ |
Example
nsx> set snmp v3-engine-id 80001adc80992933638c48f75900000002
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set SNMP V3 Protocols auth_protocol and priv_protocol.
| Option | Description |
|---|---|
| <v3-auth-protocol> | SNMP V3 Auth Protocol Allowed pattern: SHA1 |
| <v3-priv-protocol> | SNMP V3 Priv Protocol Allowed pattern: AES128 |
Example
nsx> set snmp v3-protocols auth-protocol SHA1 priv-protocol AES128
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set SNMP V3 users,auth-password,priv-password in cipher text.
| Option | Description |
|---|---|
| <user-id> | SNMP V3 user-id Allowed pattern: ^[\S]{1,32}$ |
Example
nsx> set snmp v3-users user1
New auth password:
Confirm new auth password:
New priv password:
Confirm new priv password:
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set SNMP V3 users auth-password,priv-password in plain text.
| Option | Description |
|---|---|
| <user-id> | SNMP V3 user-id Allowed pattern: ^[\S]{1,32}$ |
| <auth-password> | SNMP V3 User Auth Password |
| <priv-password> | SNMP V3 User Priv Password |
Example
nsx> set snmp v3-users user1 auth-password 12345678 priv-password 87654321
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the system timezone.
| Option | Description |
|---|---|
| <timezone> | Timezone (e.g. UTC, America/New_York, Asia/Tokyo, Europe/Zurich) |
Example
nsx> set timezone America/Los_Angeles
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set the password for the specified user. If you do not specify
the password on the command line, you will be prompted for it.
For details on setting passwords during installation, see
the NSX-T Installation Guide.
| Option | Description |
|---|---|
| <username> | Username of user |
| <password> | Password of user |
| <old-password> | Current password of user |
Example
nsx> set user admin password NewPass789! old-password Testing123$
nsx>
or
nsx> set user admin password NewerPass789!
Current password:
nsx>
or
nsx> set user admin
Current password:
New password:
Confirm new password:
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set number of days the user's password is valid after a password change.
| Option | Description |
|---|---|
| <username> | Username of user |
| <password-expiration> | Number of days password valid after change (1 - 9999) |
Example
nsx> set user audit password-expiration 120
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Add SSH service key to authorized_keys file for specified user. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.
| Option | Description |
|---|---|
| <username> | Username of user |
| <key-label> | Unique label for SSH key |
| <key-type> | SSH key type Allowed values: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, ssh-ed25519, ssh-rsa |
| <key-value> | SSH key value |
| <password> | Password of user |
Example
nsx> set user admin ssh-keys label user1@domain1 type ssh-rsa key AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZePxtjtZOENFpOjufycaYso2nTlzNwnAQEQRfbqsUxKVtOtGxgApIkUvjRIjNBdJE6iOzvBXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESuXC9wkSeFZCEyMJ+RgJxMkBXNZmyycbwsSqAeGJpMEUDlwzu2GD0obBz0HXqg9J1Xallop5AVDKfeszZcc= password Pa$$w0rd
nsx>
or
nsx> set user admin ssh-keys label user1@domain1 type ssh-rsa key AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZePxtjtZOENFpOjufycaYso2nTlzNwnAQEQRfbqsUxKVtOtGxgApIkUvjRIjNBdJE6iOzvBXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESuXC9wkSeFZCEyMJ+RgJxMkBXNZmyycbwsSqAeGJpMEUDlwzu2GD0obBz0HXqg9J1Xallop5AVDKfeszZcc=
Password (required only for users root and admin):
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Set new user name for the specified non-root user.
| Option | Description |
|---|---|
| <username> | Username of user |
| <new-username> | Username of user |
Example
nsx> set user audit username audit-user1
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Enable or disable VMC migration mode. Migration mode is used during upgrade. When an Edge is in VMC migration mode, VMC config will not be written to nestdb.
| Option | Description |
|---|---|
| <enabled> | One of {enabled|disabled} Allowed values: enabled, disabled |
Example
nsx-edge-1> set vmc migration-mode disabled
Mode
Basic
Availability
Edge, Public Cloud Gateway
Set a runtime option for the specified vSwitch.
| Option | Description |
|---|---|
| <option-name> | Runtime option name Allowed values: IGMPQueries, IGMPQueryInterval, IGMPRouterIP, IGMPV3MaxSrcIPNum, IGMPVersion, MLDRouterIP, MLDV2MaxSrcIPNum, MLDVersion, MaxRARPsPerInterval, RARPAdvertisementDuration, TeamPolicyUpDelay |
| <option-value> | Runtime option value Allowed pattern: ^(([0-9]+)|(((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9]).){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9]))|(([A-Za-z0-9]{0,4}:){5}[A-Za-z0-9]{0,4}))$ |
Example
esx-1> set vswitch runtime IGMPQueries 1
esx-1>
Mode
Basic
Availability
ESXi
Shut down the system. If you specify the
force argument, the system will shut down immediately without prompting for confirmation.Example
nsx> shutdown
Are you sure you want to shutdown (yes/no): yes
Broadcast message from root@nsx
(unknown) at 1:26 ...
The system is going down for halt NOW!
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Display a packet capture on a given dvfilter. To get a list of dvfilter names, enter
start capture dvfilter followed by a space and the Tab key.| Option | Description |
|---|---|
| <esx-dvfilter-name> | dvfilter name argument |
Example
esx-1> start capture dvfilter nic-1000053347-eth0-vmware-sfw.2
The name of the dvfilter is nic-1000053347-eth0-vmware-sfw.2
No server port specifed, select 31661 as the port
Output the packet info to console.
Local CID 2
Listen on port 31661
Accept...Vsock connection from port 1030 cid 2
22:09:38.563545[1] Captured at PreDVFilter point, TSO not enabled, Checksum not offloaded and not verified, length 60.
Segment[0] ---- 2048 bytes:
0x0000: ffff ffff ffff 0200 2b8a 60e6 0806 0001
0x0010: 0800 0604 0001 0200 2b8a 60e6 0ac0 5ec2
0x0020: 0000 0000 0000 0ac0 57eb 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000
22:09:38.569533[2] Captured at PreDVFilter point, TSO not enabled, Checksum not offloaded and not verified, length 60.
Segment[0] ---- 2048 bytes:
0x0000: ffff ffff ffff 0200 2d8b a5c2 0806 0001
0x0010: 0800 0604 0001 0200 2d8b a5c2 0ac0 49f8
0x0020: 0000 0000 0000 0ac0 5561 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000
.
.
.
Mode
Basic
Availability
ESXi
Start a packet capture on the specified interface in the given direction.
If you do not specify a file, the output is displayed on the terminal.
Type Control-C to end the packet capture. You can filter the capture using
tcpdump expressions. The expression must be the last argument of the command.
The expression is a keyword followed by a value. You can specify multiple
keyword-value pairs.
The list of keywords and acceptable values are:
| Keyword | Value |
| ethtype | Ethernet type in HEX format. 0x<ETHTYPE> |
| mac | Source or destination MAC address |
| srcmac | Source MAC address |
| dstmac | Destination MAC address |
| ipproto | IP protocol in HEX format. 0x<PROTO> |
| ip | Source or destination IPv4 address |
| srcip | Source IPv4 address |
| dstip | Destination IPv4 address |
| port | Source or destination TCP port |
| srcport | Source TCP port |
| dstport | Destination TCP port |
| vni | VNI of the flow |
| vlan | VLAN ID |
| Option | Description |
|---|---|
| <interface-name> | Network interface argument |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <filename> | Capture file name Allowed pattern: ^[^/ *;&|]+$ |
| <packet-count> | Packet count value greater than or equal to 1 |
| <expression> | Packet capture expression |
Example
nsx> start capture interface eth0 direction output file capture.pcap count 5 expression ip 10.160.198.196 port 22
Capture 5 packets to file initiated,
enter Ctrl-C to terminate before all packets captured
5 packets captured
11 packets received by filter
0 packets dropped by kernel
Mode
Basic
Availability
Controller, Edge, ESXi, KVM, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Start packet capture in standalone mode with given fcport.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <fcport-id> | Packet capture fcport id parameter Allowed pattern: ^[0-9]+$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 fcport 100 direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given fcport.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <fcport-id> | Packet capture fcport id parameter Allowed pattern: ^[0-9]+$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 fcport 100 direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in steam mode with given fcport.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <fcport-id> | Packet capture fcport id parameter Allowed pattern: ^[0-9]+$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 fcport 100 direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in steam mode with given fcport.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <fcport-id> | Packet capture fcport id parameter Allowed pattern: ^[0-9]+$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 fcport 100 direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given filter.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <filter-name> | Packet capture filter name parameter |
| <stage-type> | Packet capture filter stage parameter Allowed values: pre, post |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 filter nic-1000052870-eth1-vmware-sfw.2 stage pre
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given filter.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <filter-name> | Packet capture filter name parameter |
| <stage-type> | Packet capture filter stage parameter Allowed values: pre, post |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 filter nic-1000052870-eth1-vmware-sfw.2 stage pre parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given filter.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <filter-name> | Packet capture filter name parameter |
| <stage-type> | Packet capture filter stage parameter Allowed values: pre, post |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 filter nic-1000052870-eth1-vmware-sfw.2 stage pre stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given filter.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <filter-name> | Packet capture filter name parameter |
| <stage-type> | Packet capture filter stage parameter Allowed values: pre, post |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 filter nic-1000052870-eth1-vmware-sfw.2 stage pre stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given interface.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <cap-interface-id> | Interface id Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 interface fed75492-d335-11e7-ac91-c3fa7e7f6b23 direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given interface.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <cap-interface-id> | Interface id Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 interface fed75492-d335-11e7-ac91-c3fa7e7f6b23 direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given interface.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <cap-interface-id> | Interface id Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 interface fed75492-d335-11e7-ac91-c3fa7e7f6b23 direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given interface.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <cap-interface-id> | Interface id Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 interface fed75492-d335-11e7-ac91-c3fa7e7f6b23 direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vdrport-id> | Vdrport id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vdrport vdr-vdrPort direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vdrport-id> | Vdrport id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vdrport vdr-vdrPort direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vdrport-id> | Vdrport id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vdrport vdr-vdrPort direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vdrport-id> | Vdrport id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vdrport vdr-vdrPort direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given vif.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vif> | VIF ID |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vif facb8cd1-2bf4-49c3-bb30-ed826986499b direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given vif.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vif> | VIF ID |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vif facb8cd1-2bf4-49c3-bb30-ed826986499b direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given vif.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vif> | VIF ID |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vif facb8cd1-2bf4-49c3-bb30-ed826986499b direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in stream mode with given vif.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vif> | VIF ID |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vif facb8cd1-2bf4-49c3-bb30-ed826986499b direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode on ESXi node with given vmknic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmknic-id> | Vmknic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmknic vmk0 direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmknic-id> | Vmknic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmknic vmk0 direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vmknic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmknic-id> | Vmknic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmknic vmk0 direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vmknic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmknic-id> | Vmknic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmknic vmk0 direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode on ESXi node with given vmnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmnic-id> | Vmnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmnic vmnic0 direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmnic-id> | Vmnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmnic vmnic0 direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vmnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmnic-id> | Vmnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmnic vmnic0 direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vmnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vmnic-id> | Vmnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vmnic vmnic0 direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture in standalone mode on ESXi node with given vnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vnic-id> | Vnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vnic e21e1397-c5c1-4b37-b7f0-1741d1809e61 direction input
nsx-manager-1>
Mode
Basic
Availability
Manager
start capture node <cap-node-id> vnic <vnic-id> direction <capture-direction> parameters <arguments>
Start packet capture in standalone mode with given parameters.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vnic-id> | Vnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vnic e21e1397-c5c1-4b37-b7f0-1741d1809e61 direction input parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vnic-id> | Vnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vnic e21e1397-c5c1-4b37-b7f0-1741d1809e61 direction input stream-to 127.0.0.1 port 9999
nsx-manager-1>
Mode
Basic
Availability
Manager
Start packet capture on ESXi node with given vnic.
| Option | Description |
|---|---|
| <cap-node-id> | Capture node id parameter Allowed pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ |
| <vnic-id> | Vnic id parameter |
| <capture-direction> | Packet capture direction parameter Allowed values: input, output, dual |
| <receiver_address> | Packet capture address parameter |
| <port-id> | Packet capture port parameter Allowed pattern: ^[0-9]+$ |
| <arguments> | Packet capture option parameter |
Example
nsx-manager-1> start capture node fed75492-d335-11e7-ac91-c3fa7e7f6b23 vnic e21e1397-c5c1-4b37-b7f0-1741d1809e61 direction input stream-to 127.0.0.1 port 9999 parameters srcport 1556
nsx-manager-1>
Mode
Basic
Availability
Manager
Display a packet capture on all available interfaces.
Example
esx-1> start capture trace
22:51:17.831714[61] Captured at PktFree point, TSO not enabled, Checksum not offloaded and not verified, length 60.
PATH:
+- [22:51:17.831582] | UplinkRcvKernel
+- [22:51:17.831584] | PortInput
+- [22:51:17.831585] | IOChain
+- [22:51:17.831587] | EtherswitchDispath
+- [22:51:17.831591] | EtherswitchOutput
+- [22:51:17.831591] | PortOutput
+- [22:51:17.831594] | IOChain
+- [22:51:17.831595] | IOChain
+- [22:51:17.831597] | EtherswitchOutput
+- [22:51:17.831597] | PortOutput
+- [22:51:17.831599] | IOChain
+- [22:51:17.831600] | EtherswitchOutput
Segment[0] ---- 2048 bytes:
0x0000: ffff ffff ffff 0200 2d26 a8ff 0806 0001
0x0010: 0800 0604 0001 0200 2d26 a8ff 0ac0 5c53
0x0020: 0000 0000 0000 0ac0 5157 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000
.
.
.
Mode
Basic
Availability
ESXi
Start firewall synchronization for the logical router interface. Synchronization happens automatically, but you can optionally start a bulk sync to more quickly synchronize a new or restarted standby router. The sync must be started from the primary router.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge> start firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e bulk-sync
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Execute full or partial re-sync of search service datastore.
| Option | Description |
|---|---|
| <search-scope> | Search scope argument Allowed values: manager, policy, csm |
Example
nsx> start search resync manager
nsx>
Mode
Basic
Availability
Manager, Policy Manager
Start the specified service.
| Option | Description |
|---|---|
| <service-name> | Node startable and stoppable service argument |
Example
nsx> start service snmp
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Start an upgrade with the specified upgrade bundle and according to the specified playbook.
| Option | Description |
|---|---|
| <bundle-name> | Name of NSX upgrade bundle in the file store |
| <playbook-file> | Name of Playbook file to use |
Example
nsx-edge-1> start upgrade-bundle VMware-NSX-edge-2.0.0.0.0.5298714 playbook VMware-NSX-edge-2.0.0.0.0.5298714-playbook
Validating playbook /var/vmware/nsx/file-store/VMware-NSX-edge-2.0.0.0.0.5298714-playbook.yml
Running "11-preinstall-enter_maintenance_mode" (step 1 of 5)
Running "install_os" (step 2 of 5)
System will now reboot (step 3 of 5)
After the system reboots, use "resume" to start the next step, "41-postboot-exit_maintenance_mode".
{
"info": "",
"body": null,
"state": 1,
"state_text": "CMD_SUCCESS"
}
nsx-edge-1>
Broadcast message from admin@nsx-edge-1
(unknown) at 1:33 ...
The system is going down for reboot NOW!
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Stop packet capture by session id.
| Option | Description |
|---|---|
| <session-id-arg> | Packet capture session id parameter |
Mode
Basic
Availability
Manager
Stop firewall bulk synchronization for the logical router interface.
| Option | Description |
|---|---|
| <uuid> | Firewall logical interface UUID argument |
Example
nsx-edge> stop firewall e159f0db-d8e4-4973-9cbb-8cc30def2c3e bulk-sync
nsx-edge>
Mode
Basic
Availability
Edge, Public Cloud Gateway
Stop the specified service.
| Option | Description |
|---|---|
| <service-name> | Node startable and stoppable service argument |
Example
nsx> stop service snmp
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Move to the top of the path. The arrow moves to show which interface is current.
Example
nsx-edge-1(path)> top
->interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
Mode
Path
Availability
Edge, Public Cloud Gateway
Trace the specified packet.
| Option | Description |
|---|---|
| <port-uuid-name> | Datapath String argument |
| <base64-string> | Datapath Base64 Encoded String argument |
Example
nsx-edge-1> traceflow fp-eth1 AQAMzMzNaO+9TphYADKqqgMAAAwBCwAAAAAAgG5o771OmEAAAAAAgG5o771OmECAGQAAFAACAA8AAAAAAAIAbg==
Packet Trace Results
EVENT : physical_received
PACKET_BASE64 : AQAMzMzNaO+9TphYADKqqgMAAAwBCwAAAAAAgG5o771OmEAAAAAAgG5o771OmECAGQAAFAACAA8AAAAAAAIAbg==
PACKET_HEADER : 68:ef:bd:4e:98:58 > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1d, Config, Flags [none], bridge-id 806e.68:ef:bd:4e:98:40.8019, length 42
PARENT_UUID : 3284f707-98f9-4e7c-b573-f7898dfa12ba
TIMESTAMP : 2018-06-14 21:40:54.830903
TRACE_UUID : 09c4513c-9c8e-11e6-b333-005056a94529
TYPE : physical_node
EVENT : logical_forwarded
PACKET_BASE64 : AQAMzMzNaO+9TphYADKqqgMAAAwBCwAAAAAAgG5o771OmEAAAAAAgG5o771OmECAGQAAFAACAA8AAAAAAAIAbg==
PACKET_HEADER : 68:ef:bd:4e:98:58 > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1d, Config, Flags [none], bridge-id 806e.68:ef:bd:4e:98:40.8019, length 42
PARENT_UUID : 6e8ad2e8-15eb-553a-ae2e-e3a6bcd890cc
TIMESTAMP : 2018-06-14 21:40:54.883850
TRACE_UUID : 09c4513c-9c8e-11e6-b333-005056a94529
TYPE : logical_switch_port
UUID : 6fea361f-cf04-5391-bac1-281119bce14d
EVENT : logical_received
PACKET_BASE64 : AQAMzMzNaO+9TphYADKqqgMAAAwBCwAAAAAAgG5o771OmEAAAAAAgG5o771OmECAGQAAFAACAA8AAAAAAAIAbg==
PACKET_HEADER : 68:ef:bd:4e:98:58 > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1d, Config, Flags [none], bridge-id 806e.68:ef:bd:4e:98:40.8019, length 42
PARENT_UUID : 736a80e3-23f6-5a2d-81d6-bbefb2786666
TIMESTAMP : 2018-06-14 21:40:54.936503
TRACE_UUID : 09c4513c-9c8e-11e6-b333-005056a94529
TYPE : logical_router_port
UUID : c96c41bc-f689-5e28-9b04-d614a746fa1a
EVENT : logical_dropped
PACKET_BASE64 : AQAMzMzNaO+9TphYADKqqgMAAAwBCwAAAAAAgG5o771OmEAAAAAAgG5o771OmECAGQAAFAACAA8AAAAAAAIAbg==
PACKET_HEADER : 68:ef:bd:4e:98:58 > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1d, Config, Flags [none], bridge-id 806e.68:ef:bd:4e:98:40.8019, length 42
PARENT_UUID : 736a80e3-23f6-5a2d-81d6-bbefb2786666
TIMESTAMP : 2018-06-14 21:40:54.989125
TRACE_UUID : 09c4513c-9c8e-11e6-b333-005056a94529
TYPE : logical_router_port
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv4 address or host.
| Option | Description |
|---|---|
| <hostname-or-ip-address> | A hostname or IP address |
Example
nsx-manager-1> traceroute 10.192.43.71
traceroute to 10.192.43.71 (10.192.43.71), 30 hops max, 60 byte packets
1 10.160.127.251 (10.160.127.251) 0.824 ms 2.589 ms 1.529 ms
2 10.250.228.1 (10.250.228.1) 2.570 ms 10.250.228.9 (10.250.228.9) 1.992 ms 1.116 ms
3 10.250.22.25 (10.250.22.25) 1.647 ms 10.250.22.85 (10.250.22.85) 2.487 ms 10.250.22.25 (10.250.22.25) 1.529 ms
4 10.250.22.186 (10.250.22.186) 2.464 ms 1.903 ms 2.425 ms
5 10.250.23.26 (10.250.23.26) 1.553 ms 1.676 ms 2.504 ms
6 10.250.232.34 (10.250.232.34) 2.355 ms 10.250.232.42 (10.250.232.42) 1.229 ms 10.250.232.38 (10.250.232.38) 1.379 ms
7 10.192.43.71 (10.192.43.71) 1.398 ms 1.689 ms 1.619 ms
Mode
Basic
Availability
Controller, Key Manager, Manager, Policy Manager
Trace the route to the specified IPv4 address or host.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
Example
nsx-manager-1> traceroute 10.192.43.71
traceroute to 10.192.43.71 (10.192.43.71), 30 hops max, 60 byte packets
1 10.160.127.251 (10.160.127.251) 0.824 ms 2.589 ms 1.529 ms
2 10.250.228.1 (10.250.228.1) 2.570 ms 10.250.228.9 (10.250.228.9) 1.992 ms 1.116 ms
3 10.250.22.25 (10.250.22.25) 1.647 ms 10.250.22.85 (10.250.22.85) 2.487 ms 10.250.22.25 (10.250.22.25) 1.529 ms
4 10.250.22.186 (10.250.22.186) 2.464 ms 1.903 ms 2.425 ms
5 10.250.23.26 (10.250.23.26) 1.553 ms 1.676 ms 2.504 ms
6 10.250.232.34 (10.250.232.34) 2.355 ms 10.250.232.42 (10.250.232.42) 1.229 ms 10.250.232.38 (10.250.232.38) 1.379 ms
7 10.192.43.71 (10.192.43.71) 1.398 ms 1.689 ms 1.619 ms
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IP address.
The maxttl specifies the maximum time-to-live, or
maximum number of routers the traceroute packet will traverse.
The source argument specifies which source IP
address to use for traceroute. This may be required in some
circumstances for traceroute to work as expected. For example,
if there is overlap in IP addresses used in the tier 0 and
tier 1 router transit subnets, traceroute packets from the
tier 0 VRF will not reach virtual machines on networks routed
by the tier 1 router. If you use the source argument
to specify a unique IP used by that VRF (in this case, the tier 0
uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Example
nsx-edge-1(tier0_sr)> traceroute 172.16.110.11 source 192.168.130.3
edge-tracert to 172.16.110.11 (172.16.110.11) from VRF 3, 64 hops max, 52 byte packets
1 100.64.1.1 (100.64.1.1) 0.656 ms 0.354 ms 0.353 ms
2 172.16.110.11 (172.16.110.11) 28.142 ms 4.427 ms 2.765 ms
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IP address.
The
maxttl specifies the maximum time-to-live, or
maximum number of routers the traceroute packet will traverse.
The vrfid argument
specifies which VRF to send the traceroute packets from. You can
get a list of available VRFs with the
get logical-routers command.
The source argument specifies which source IP
address to use for traceroute. This may be required in some
circumstances for traceroute to work as expected. For example,
if there is overlap in IP addresses used in the tier 0 and
tier 1 router transit subnets, traceroute packets from the
tier 0 VRF will not reach virtual machines on networks routed
by the tier 1 router. If you use the source argument
to specify a unique IP used by that VRF (in this case, the tier 0
uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IP address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Example
nsx-edge-1> traceroute 172.16.110.11 source 192.168.130.3 vrfid 3
edge-tracert to 172.16.110.11 (172.16.110.11) from VRF 3, 64 hops max, 52 byte packets
1 100.64.1.1 (100.64.1.1) 0.560 ms 0.261 ms 0.366 ms
2 172.16.110.11 (172.16.110.11) 3.544 ms 5.696 ms 3.928 ms
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to target IPv6 address.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
Example
nsxedge-ob-9722447-1-ipv6test> traceroute6 2005::2828:280a vrfid 1 maxttl 10
traceroute6 to 2005::2828:280a (2005::2828:280a), 10 hops max, 12 byte packets
1 * * *
2 * * *
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address. The
maxttl specifies the maximum time-to-live, or maximum number of routers the traceroute packet will traverse.| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address.
The source argument specifies which source IP address to use for traceroute. This may be required in some circumstances for traceroute to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, traceroute packets from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address.
The maxttl specifies the maximum time-to-live, or maximum number of routers the traceroute packet will traverse.
The source argument specifies which source IP address to use for traceroute. This may be required in some circumstances for traceroute to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, traceroute packets from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic, VRF, Tier0_sr, Tier1_sr
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address.
The vrfid argument specifies which VRF to send the traceroute packets from. You can get a list of available VRFs with the get logical-routers command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address. The
maxttl specifies the maximum time-to-live, or maximum number of routers the traceroute packet will traverse. The vrfid argument specifies which VRF to send the traceroute packets from. You can get a list of available VRFs with the get logical-routers command.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address.
The vrfid argument specifies which VRF to send the traceroute packets from. You can get a list of available VRFs with the get logical-routers command.
The source argument specifies which source IP address to use for traceroute. This may be required in some circumstances for traceroute to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, traceroute packets from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Trace the route to the specified IPv6 address.
The maxttl specifies the maximum time-to-live, or maximum number of routers the traceroute packet will traverse.
The vrfid argument specifies which VRF to send the traceroute packets from. You can get a list of available VRFs with the get logical-routers command.
The source argument specifies which source IP address to use for traceroute. This may be required in some circumstances for traceroute to work as expected. For example, if there is overlap in IP addresses used in the tier 0 and tier 1 router transit subnets, traceroute packets from the tier 0 VRF will not reach virtual machines on networks routed by the tier 1 router. If you use the source argument to specify a unique IP used by that VRF (in this case, the tier 0 uplink IP) the traceroute packets will reach the virtual machines.
| Option | Description |
|---|---|
| <ip-address> | Network IPv6 address argument |
| <vrf-id> | VRF ID argument Allowed pattern: ^[0-9]+$ |
| <number> | Number argument Allowed pattern: ^[0-9]+$ |
Mode
Basic
Availability
Edge, Public Cloud Gateway
Move up the path. The arrow moves to show which interface is current.
Example
nsx-edge-1(path)> get path
interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
->port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
nsx-edge-1(path)> up
interface : de650f56-276d-46ef-959e-960752acfe19
interface : 140ca8de-61e0-4bba-b429-6a3791b0846a
port : 9eff9e4e-9157-4107-a0dd-c79350dce6f7
port : 53bab4b1-f0df-451b-af80-0a9d5e580186
interface : 2a7bf881-1f89-4833-833e-47673b79901a
->interface : bbf5b23c-3f0a-4afe-b3b3-b19814d4dd2a
port : 5b2068d0-8c28-4427-8be4-48f422f92309
port : eb3bd495-9ce3-40b4-a955-c2ddc4893cfa
interface : 1fec3ffa-213d-4d2b-ae1b-e12857434846
interface : 13592f56-be3c-4d3d-88de-7d5825dd51bb
port : c588fc5d-dd62-45b2-bc16-3dae466c16c7
port : 2120ef07-05e3-477f-8d96-e2be390784db
interface : 3bbbd5e9-2ffe-4fb7-9edb-edc7bba67278
interface : dd10beb2-3673-43a5-b180-ecc46e830ee0
port : fdc429ef-d778-421b-bf84-e1063a7bf5ab
Mode
Path
Availability
Edge, Public Cloud Gateway
Verify NSX Edge service container image file.
| Option | Description |
|---|---|
| <image-filename> | Edge service container image filename |
Example
nsx-edge> verify image VMware-nsx-edge-mdproxy-2.5.0.0.0.22302541.pub
Image verified successfully
Mode
Basic
Availability
Edge, Public Cloud Gateway
Verify iptables rules for all logging servers and update if needed
Example
nsx> verify logging-servers
nsx>
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
Verify and extract the specified upgrade bundle to the default location.
| Option | Description |
|---|---|
| <bundle-name> | Name of NSX upgrade bundle in the file store |
Example
nsx-edge-1> verify upgrade-bundle VMware-NSX-edge-2.0.0.0.0.5298714
Checking upgrade bundle /var/vmware/nsx/file-store/VMware-NSX-edge-2.0.0.0.0.5298714.nub contents
Verifying bundle VMware-NSX-edge-2.0.0.0.0.5298714.bundle with signature VMware-NSX-edge-2.0.0.0.0.5298714.bundle.sig
Moving bundle to /image/VMware-NSX-edge-2.0.0.0.0.5298714.bundle
Extracting bundle payload
Successfully verified upgrade bundle
Bundle manifest:
appliance_type: 'nsx-edge'
version: '2.0.0.0.0.5298714'
os_image_path: 'files/nsx-root.fsa'
Current upgrade info:
{
"info": "",
"body": {
"meta": {
"from_version": "1.1.0.0.0.5214485",
"old_config_dev": "/dev/mapper/nsx-config",
"to_version": "2.0.0.0.0.5298714",
"new_config_dev": "/dev/mapper/nsx-config__bak",
"old_os_dev": "/dev/sda2",
"bundle_path": "/image/VMware-NSX-edge-2.0.0.0.0.5298714",
"new_os_dev": "/dev/sda3"
},
"history": []
},
"state": 1,
"state_text": "CMD_SUCCESS"
}
Mode
Basic
Availability
Controller, Edge, Key Manager, Manager, Policy Manager, Public Cloud Gateway
This command enters VRF context mode. You can find VRF IDs with the
get logical-routers command.| Option | Description |
|---|---|
| <uuid-vrfid> | Datapath UUID or VRF ID argument |
Example
nsx-edge-1> vrf 3
nsx-edge-1(tier0_sr)>
or
nsx-edge-1> vrf 19772688-b220-4a34-94a3-8a094dcdd979
nsx-edge-1(tier0_sr)>
Mode
Basic
Availability
Edge, Public Cloud Gateway