Difference between revisions of "ESXi - 6.7 network"
Jump to navigation
Jump to search
(→ip) |
|||
(44 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.<br> | Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.<br> | ||
Line 5: | Line 4: | ||
* '''ping''' | * '''ping''' | ||
: Send ICMP echo requests to network hosts. | : Send ICMP echo requests to network hosts. | ||
:* <code>esxcli network diag ping ''' | :* <code>esxcli network diag ping '''OPTIONS'''</code> | ||
''' | '''OPTIONS''' | ||
-c|--count=<long> Specify the number of packets to send. | -c|--count=<long> Specify the number of packets to send. | ||
-D|--debug VMKPing debug mode. | -D|--debug VMKPing debug mode. | ||
Line 89: | Line 88: | ||
: Get the firewall status. | : Get the firewall status. | ||
:* <code>esxcli network firewall get</code> | :* <code>esxcli network firewall get</code> | ||
: '''set''' | |||
: Set firewall enabled status and default action. | :: Set firewall enabled status and default action. | ||
:* <code>esxcli network firewall set '''PARAM'''</code> | ::* <code>esxcli network firewall set '''PARAM'''</code> | ||
'''PARAM''' | '''PARAM''' | ||
--enabled | --enabled OR --default-action | ||
:* '''refresh''' | |||
* '''refresh''' | :: Load ruleset configuration for firewall. | ||
: Load ruleset configuration for firewall. | ::* <code>esxcli network firewall refresh</code> | ||
:* <code>esxcli network firewall refresh</code> | :: '''load''' | ||
::: Load firewall module and rulesets configuration. | |||
: Load firewall module and rulesets configuration. | :::* <code>esxcli network firewall load</code> | ||
:* <code>esxcli network firewall load</code> | ::: '''unload''' | ||
:::: Allow unload firewall module. | |||
: Allow unload firewall module. | ::::* <code>esxcli network firewall unload</code> | ||
:* <code>esxcli network firewall unload</code> | |||
=== ruleset === | === ruleset === | ||
* '''list''' | :::* '''list''' | ||
: List the rulesets in firewall. | :::: List the rulesets in firewall. | ||
:* <code>esxcli network firewall ruleset list</code> | ::::* <code>esxcli network firewall ruleset list</code> | ||
:::: '''set''' | |||
: Set firewall ruleset status (allowedAll flag and enabled status). | ::::: Set firewall ruleset status (allowedAll flag and enabled status). | ||
:* <code>esxcli network firewall ruleset set '''LABEL''' ''' | :::::* <code>esxcli network firewall ruleset set '''LABEL''' '''OPTIONS'''</code> | ||
'''LABEL''' | '''LABEL''' | ||
-r | -r{{!}}--ruleset-id=<str> The label of the ruleset. (required) | ||
''' | '''OPTIONS''' | ||
-a | -a{{!}}--allowed-all=<bool> Set to true to allowed all ip, set to false to use allowed ip list. | ||
-e | -e{{!}}--enabled=<bool> Set to true to enable ruleset, set to false to disable it. | ||
==== allowedip ==== | ==== allowedip ==== | ||
* '''list''' | ::::* '''list''' | ||
: list allowed ip addresses for rulesets. | ::::: list allowed ip addresses for rulesets. | ||
:* <code>esxcli network firewall ruleset allowedip list</code> | :::::* <code>esxcli network firewall ruleset allowedip list</code> | ||
::::: '''add''' | |||
: Add allowed ip address/range to the ruleset ruleset. | :::::: Add allowed ip address/range to the ruleset ruleset. | ||
:* <code>esxcli network firewall ruleset allowedip add '''LABEL''' '''RANGE'''</code> | ::::::* <code>esxcli network firewall ruleset allowedip add '''LABEL''' '''RANGE'''</code> | ||
:::::* '''remove''' | |||
* '''remove''' | :::::: Remove allowed ip address/range from the ruleset. | ||
: Remove allowed ip address/range from the ruleset. | ::::::* <code>esxcli network firewall ruleset allowedip remove '''LABEL''' '''RANGE'''</code> | ||
:* <code>esxcli network firewall ruleset allowedip remove '''LABEL''' '''RANGE'''</code> | |||
'''LABEL''' | '''LABEL''' | ||
-r | -r{{!}}--ruleset-id=<str> The label of the ruleset. (required) | ||
'''RANGE''' | '''RANGE''' | ||
-i | -i{{!}}--ip-address=<str> Allowed ip address/range for the ruleset. (required) | ||
==== client ==== | ==== client ==== | ||
* '''get''' | :::::* '''get''' | ||
: Show the number of clients using a firewall ruleset. | :::::: Show the number of clients using a firewall ruleset. | ||
:* <code>esxcli network firewall ruleset client get '''LABEL'''</code> | ::::::* <code>esxcli network firewall ruleset client get '''LABEL'''</code> | ||
:::::: '''add''' | |||
: Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset. | ::::::: Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset. | ||
:* <code>esxcli network firewall ruleset client add '''LABEL'''</code> | :::::::* <code>esxcli network firewall ruleset client add '''LABEL'''</code> | ||
::::::: '''remove''' | |||
: Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled. | :::::::: Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled. | ||
:* <code>esxcli network firewall ruleset client remove '''LABEL'''</code> | ::::::::* <code>esxcli network firewall ruleset client remove '''LABEL'''</code> | ||
'''LABEL''' | '''LABEL''' | ||
-r | -r{{!}}--ruleset-id=<str> The label of the ruleset. (required) | ||
==== rule ==== | ==== rule ==== | ||
* '''list''' | :::::::* '''list''' | ||
: List the rules of each ruleset in firewall. | :::::::: List the rules of each ruleset in firewall. | ||
:* <code>esxcli network firewall ruleset rule list</code> | ::::::::* <code>esxcli network firewall ruleset rule list</code> | ||
== ip == | == ip == | ||
Line 163: | Line 159: | ||
=== connection === | === connection === | ||
* '''list''' | |||
: List active TCP/IP connections | |||
:* <code>esxcli network ip connection list</code> | |||
=== dns === | === dns === | ||
==== search ==== | |||
* '''list''' | |||
: List the search domains currently configured on the ESXi host in the order in which they will be used when searching. | |||
:* <code>esxcli network ip dns search list</code> | |||
* '''add''' | |||
: Add a search domain to the list of domains to be searched when trying to resolve an host name on the ESXi host. | |||
:* <code>esxcli network ip dns search add '''DOMAIN''' '''NETSTACK'''</code> | |||
* '''remove''' | |||
: Remove a search domain from the list of domains to be searched when trying to resolve an host name on the ESXi host. | |||
:* <code>esxcli network ip dns search remove '''DOMAIN''' '''NETSTACK'''</code> | |||
==== server ==== | |||
* '''list''' | |||
: Print a list of the DNS server currently configured on the system in the order in which they will be used. | |||
:* <code>esxcli network ip dns server list</code> | |||
* '''add''' | |||
: Add a new DNS server to the end of the list of DNS servers to use for this ESXi host. | |||
:* <code>esxcli network ip dns server add '''DOMAIN''' '''SERVER'''</code> | |||
* '''remove''' | |||
: Remove a DNS server from the list of DNS servers to use for this ESXi host. | |||
:* <code>esxcli network ip dns server remove '''PARAM'''</code> | |||
'''DOMAIN''' | |||
-d|--domain=<str> The string name of a domain to remove from the list of search domains. | |||
(required) | |||
'''NETSTACK''' | |||
-N|--netstack=<str> The network stack instance; if unspecified, use the default netstack | |||
instance | |||
'''SERVER''' | |||
-s|--server=<str> The IP address (v4 or v6) of the DNS server to add to the DNS server list. | |||
(required) | |||
'''PARAM''' | |||
--all, --server | |||
=== interface === | === interface === | ||
* '''list''' | |||
: This command will list the VMkernel network interfaces currently known to the system. | |||
:* <code>esxcli network ip interface list</code> | |||
* '''set''' | |||
: This command sets the enabled status and MTU size of a given IP interface | |||
:* <code>esxcli network ip interface set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enabled=<bool> Set to true to enable the interface, set to false to disable it. | |||
-i|--interface-name=<str> | |||
The name of the interface to apply the configurations. (required) | |||
-m|--mtu=<long> The MTU size of the IP interface. | |||
* '''add''' | |||
: Add a new VMkernel network interface. | |||
:* <code>esxcli network ip interface add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-P|--dvport-id=<str> DVPort ID of the connection point. This requires | |||
--dvs-name to be given in the same command | |||
-s|--dvs-name=<str> DVSwitch name of the connection point. This requires | |||
--dvport-id to be given in the same command | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to create. | |||
This name must be in the form vmkX, where X is a | |||
number 0-255 | |||
-M|--mac-address=<str> | |||
Set the MAC address for the newly created VMkernel | |||
network interface. | |||
-m|--mtu=<long> Set the MTU setting for a given VMkernel network | |||
interface on creation | |||
-N|--netstack=<str> The network stack instance; if unspecified, use the | |||
default netstack instance | |||
-p|--portgroup-name=<str> | |||
The name of the vswitch port group to add this | |||
VMkernel network interface to. | |||
* '''remove''' | |||
: Remove a VMkernel network interface from the ESXi host. A VMKernel network interface can be uniquely specified by --interface-name or --portgroup-name or --dvs-name/--dvport-id. i.e. Providing its name or its connection point are two ways to uniquely specify a VMKernel network interface. | |||
:* <code>esxcli network ip interface remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-P|--dvport-id=<str> DVPort ID of the connection point. This requires | |||
--dvs-name to be given in the same command | |||
-s|--dvs-name=<str> DVSwitch name of the connection point. This requires | |||
--dvport-id to be given in the same command | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to remove. | |||
This name must be in the form vmkX, where X is a | |||
number 0-255 | |||
-N|--netstack=<str> The network stack instance; if unspecified, use the | |||
default netstack instance | |||
-p|--portgroup-name=<str> | |||
The name of the vswitch port group to delete this | |||
VMkernel network interface from. | |||
==== ipv4 ==== | |||
* '''get''' | |||
: List the IPv4 addresses assigned to VMkernel network interfaces. | |||
:* <code>esxcli network ip interface ipv4 get</code> | |||
* '''set''' | |||
: Configure IPv4 setting for a given VMkernel network interface. | |||
:* <code>esxcli network ip interface ipv4 set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-g|--gateway=<str> The default gateway for this interface. The value must be a valid IPv4 | |||
address. Gateway would be reset if not provided | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to set IPv4 settings for. This | |||
name must be an interface listed in the interface list command. (required) | |||
-I|--ipv4=<str> The static IPv4 address for this interface. | |||
-N|--netmask=<str> The static IPv4 netmask for this interface. | |||
-P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings | |||
published via DHCPv4 for this interface. | |||
-t|--type=<str> IPv4 Address type : | |||
dhcp: Use DHCP to aquire IPv4 setting for this interface. | |||
none: Remove IPv4 settings form this interface. | |||
static: Set Static IPv4 information for this interface. Requires --ipv4 | |||
and --netmask options. | |||
===== address ===== | |||
* '''list''' | |||
: List the IPv4 addresses assigned to VMkernel network interfaces. | |||
:* <code>esxcli network ip interface ipv4 address list</code> | |||
==== ipv6 ==== | |||
* '''get''' | |||
: Get IPv6 settings for VMkernel network interfaces. This does not include the IPv6 addresses which can be found in the "address list" command. | |||
:* <code>esxcli network ip interface ipv6 get</code> | |||
* '''set''' | |||
: Configure IPv6 settings for a given VMkernel network interface. | |||
:* <code>esxcli network ip interface ipv6 set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-d|--enable-dhcpv6=<bool> | |||
Setting this value to true will enable DHCPv6 on this interface and attempt | |||
to aquire an IPv6 address from the network | |||
-e|--enable-ipv6=<bool> | |||
Setting this value to true enables IPv6 on thisinterface while setting it | |||
to false disables IPv6 on this interface. | |||
-r|--enable-router-adv=<bool> | |||
Setting this value to true will enable IPv6 Router Advertised IPv6 | |||
addresses to be added to this interface from any routers broadcasting on | |||
the local network. | |||
-g|--gateway=<str> A default gateway for this interface. The value must be a valid IPv6 | |||
address. | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to set IPv6 settings for. This | |||
name must be an interface listed in the interface list command. (required) | |||
-P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings | |||
published via DHCPv6 for this interface. | |||
===== address ===== | |||
* '''list''' | |||
: This command will list all of the IPv6 addresses currently assigned to the system | |||
:* <code>esxcli network ip interface ipv6 address list</code> | |||
* '''add''' | |||
: Add a static IPv6 address to a given VMkernel network interface. | |||
:* <code>esxcli network ip interface ipv6 address add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to add a static IPv6 address to. | |||
This name must be an interface listed in the interface list command. | |||
(required) | |||
-I|--ipv6=<str> The IPv6 address to add to the given VMkernel network interface. This must | |||
be in X:X:X::/X format (required) | |||
* '''remove''' | |||
: Remove an IPv6 address from a given VMkernel network interface. | |||
:* <code>esxcli network ip interface ipv6 address remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to remove an IPv6 address from. | |||
This name must be an interface listed in the interface list command. | |||
(required) | |||
-I|--ipv6=<str> The IPv6 address to remove from the given VMkernel network interface. This | |||
must be in X:X:X::/X format (required) | |||
==== tag ==== | |||
* '''get''' | |||
: Gets the tags set on the given VMkernel network interface. | |||
:* <code>esxcli network ip interface tag get '''INTERFACE'''</code> | |||
* '''add''' | |||
: Adds a tag on a given VMkernel network interface. Supported tags are: Management, VMotion, faultToleranceLogging, vSphereReplication, vSphereReplicationNFC, vSphereProvisioning, VSAN, VSANWitness | |||
:* <code>esxcli network ip interface tag add '''INTERFACE''''''TAGNAME'''</code> | |||
* '''remove''' | |||
: Removes a tag on a given VMkernel network interface. | |||
:* <code>esxcli network ip interface tag remove '''INTERFACE''''''TAGNAME'''</code> | |||
'''INTERFACE''' | |||
-i|--interface-name=<str> | |||
Name of the VMkernel network interface (vmknic) whose tags are to be | |||
read/set/removed (required) | |||
This name must be an interface listed in the interface list command. | |||
(required) | |||
'''TAGNAME''' | |||
-t|--tagname=<str> Tag name to assign to the interface (required) | |||
=== ipsec === | === ipsec === | ||
==== sa ==== | |||
* '''list''' | |||
: List configured Security Associations | |||
:* <code>esxcli network ip ipsec sa list</code> | |||
* '''add''' | |||
: Add a Security Association. | |||
:* <code>esxcli network ip ipsec sa add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--encryption-algorithm=<str> | |||
Encryption algorithm for the Security Association. Should be one in set | |||
[null, 3des-cbc, aes128-cbc]. (required) | |||
-k|--encryption-key=<str> | |||
Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm | |||
used. Required when a encryption algorithm has been specified. | |||
-i|--integrity-algorithm=<str> | |||
Integrity algorithm for the Security Association. Should be one in set | |||
[hmac-sha1, hmac-sha2-256]. (required) | |||
-K|--integrity-key=<str> | |||
Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm | |||
used. (required) | |||
-d|--sa-destination=<str> | |||
Ipv6 address of Security Association destination. Can be specified as 'any' | |||
or a correct IPv6 address. (required) | |||
-m|--sa-mode=<str> Security Association mode. Should be one in set [transport, tunnel]. | |||
-n|--sa-name=<str> Name for the Security Association to be added. (required) | |||
-s|--sa-source=<str> Ipv6 address of Security Association source. Can be specified as 'any' or a | |||
correct IPv6 address. (required) | |||
-p|--sa-spi=<str> SPI value for the Security Association(hex). (required) | |||
* '''remove''' | |||
: Operation to remove Security Association(s) | |||
:* <code>esxcli network ip ipsec sa remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-a|--remove-all Set to remove all Security Associations. | |||
-d|--sa-destination=<str> | |||
Ipv6 address of Security Association destination. This | |||
option needs to be specified when removing an auto SA. | |||
-n|--sa-name=<str> Name for the Security Association to be removed. | |||
Specify 'auto' to remove an auto SA. | |||
-s|--sa-source=<str> Ipv6 address of Security Association source. This | |||
option needs to be specified when removing an auto SA. | |||
-p|--sa-spi=<str> SPI value for the Security Association (hex). This | |||
option needs to be specified when removing an auto SA | |||
==== sp ==== | |||
* '''list''' | |||
: List configured Security Policys | |||
:* <code>esxcli network ip ipsec sp list</code> | |||
* '''add''' | |||
: Add a Security Policy. | |||
:* <code>esxcli network ip ipsec sp add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-A|--action=<str> Action for Security Policy. Should be one in set [none, discard, ipsec]. | |||
-P|--destination-port=<long> | |||
Destination Port for Security Policy. '0' stands for 'any' (required) | |||
-w|--flow-direction=<str> | |||
Flow direction for Security Policy. Should be one in set [in, out]. | |||
-a|--sa-name=<str> Name for the Security Association. Not being Specified lets vmkernel | |||
automatically choose an Security Association. If no applicable Security | |||
Association exists, then vmkernel may request one using IKE. | |||
-p|--source-port=<long> | |||
Source Port for Security Policy. '0' stands for 'any' (required) | |||
-d|--sp-destination=<str> | |||
Ipv6 address and prefix length of Security Policy destination. Can be | |||
specified as 'any' or a correct Ipv6 network address. (required) | |||
-m|--sp-mode=<str> Security Policy mode. Should be one in set [transport, tunnel]. | |||
-n|--sp-name=<str> Name for the Security Policy to be added. (required) | |||
-s|--sp-source=<str> Ipv6 address and prefix length of Security Policy source. Can be specified | |||
as 'any' or a correct IPv6 network address. (required) | |||
-u|--upper-layer-protocol=<str> | |||
Upper layer protocol for Security Policy, Should be one in set [any, tcp, | |||
udp, icmp6]. | |||
* '''remove''' | |||
: Operation to remove Security Policy | |||
:* <code>esxcli network ip ipsec sp remove '''PARAM'''</code> | |||
'''PARAM''' | |||
--remove-all OR --sa-name | |||
=== neighbor === | === neighbor === | ||
* '''list''' | |||
: List ARP table entries | |||
:* <code>esxcli network ip neighbor list</code> | |||
* '''remove''' | |||
: Remove ARP table entries | |||
:* <code>esxcli network ip neighbor remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-i|--interface-name=<str> | |||
The name of the VMkernel network interface to remove the neighbor entry | |||
from. If not specified, neighbor will be removed from all interfaces | |||
-a|--neighbor-addr=<str> | |||
The IPv4/IPv6 address of the neighbor. (required) | |||
-N|--netstack=<str> The network stack instance; if unspecified, use the default netstack | |||
instance | |||
-v|--version=<str> IP version : [4, 6] (required) | |||
=== netstack === | === netstack === | ||
* '''list''' | |||
: This command will list the VMkernel Netstack instances currently known to the system. | |||
:* <code>esxcli network ip netstack list</code> | |||
* '''get''' | |||
: Get runtime/configuration settings for a given Netstack Instance. | |||
:* <code>esxcli network ip netstack get '''NETSTACK'''</code> | |||
* '''add''' | |||
: Add a new Netstack Instance. | |||
:* <code>esxcli network ip netstack add '''NETSTACK''' '''DISABLE'''</code> | |||
* '''remove''' | |||
: Remove a new Netstack Instance. | |||
:* <code>esxcli network ip netstack remove '''NETSTACK'''</code> | |||
* '''set''' | |||
: Configure settings for a given Netstack Instance. | |||
:* <code>esxcli network ip netstack set '''NETSTACK''' '''OPTIONS'''</code> | |||
'''NETSTACK''' | |||
-N|--netstack=<str> The network stack instance (required) | |||
'''DISABLE''' | |||
-d|--disabled Create the netstack instance only in config i.e. in disabled state. Does | |||
not create in kernel. | |||
'''OPTIONS''' | |||
-c|--ccalgo=<str> The TCP Congestion Contol Algorithm for this netstack instance (not applied | |||
to existing connections).: | |||
cubic: Set cubic as the algorithm | |||
newreno: Set newreno as the algorithm | |||
-e|--enable=<bool> Enable the netstack instance (create in kernel) | |||
-i|--ipv6enabled=<bool> | |||
To enable IPv6 for this netstack instance (aplied only during netstack | |||
creation). | |||
-m|--maxconn=<long> The maximum number of connections for this netstack instance (applied only | |||
during netstack creation). | |||
-n|--name=<str> The name for this netstack instance. | |||
=== route === | === route === | ||
==== ipv4 ==== | |||
* '''list''' | |||
: List configured IPv4 routes | |||
:* <code>esxcli network ip route ipv4 list</code> | |||
* '''add''' | |||
: Add IPv4 route to the VMkernel. | |||
:* <code>esxcli network ip route ipv4 add '''GATEWAY''' '''[NETSTACK]''' '''NETWORK'''</code> | |||
* '''remove''' | |||
: Remove IPv4 route | |||
:* <code>esxcli network ip route ipv4 remove '''GATEWAY''' '''[NETSTACK]''' '''NETWORK'''</code> | |||
==== ipv6 ==== | |||
* '''list''' | |||
: List configured IPv6 routes | |||
:* <code>esxcli network ip route ipv6 list</code> | |||
* '''add''' | |||
: Add IPv6 route to the VMkernel. | |||
:* <code>esxcli network ip route ipv6 add '''GATEWAY''' '''[NETSTACK]''' '''NETWORK'''</code> | |||
* '''remove''' | |||
: Remove IPv6 route from the VMkernel | |||
:* <code>esxcli network ip route ipv6 remove '''GATEWAY''' '''[NETSTACK]''' '''NETWORK'''</code> | |||
'''GATEWAY''' | |||
-g|--gateway=<str> The Ipv6 address of the gateway through which a route to be removed | |||
(required) | |||
'''NETSTACK''' | |||
-N|--netstack=<str> The network stack instance; if unspecified, use the default netstack | |||
instance | |||
'''NETWORK''' | |||
-n|--network=<str> The Ipv6 address and prefix length of the network to remove the route from. | |||
Specify 'default' to indicate the default network. (required) | |||
== multicast == | == multicast == | ||
==== group ==== | |||
* '''list''' | |||
: List all the multicast group members. | |||
:* <code>esxcli network multicast group list</code> | |||
== nic == | == nic == | ||
* '''list''' | |||
: This command will list the Physical NICs currently installed and loaded on the system. | |||
:* <code>esxcli network nic list</code> | |||
* '''get''' | |||
: Get the generic configuration of a network device | |||
:* <code>esxcli network nic get '''NIC_NAME'''</code> | |||
* '''set''' | |||
: Set the general options for the specified ethernet device. | |||
:* <code>esxcli network nic set '''NIC_NAME''' '''OPTIONS'''</code> | |||
* '''down''' | |||
: Bring down the specified network device. | |||
:* <code>esxcli network nic down '''NIC_NAME'''</code> | |||
* '''up''' | |||
: Bring up the specified network device. | |||
:* <code>esxcli network nic up '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> The name of the NIC to configured. This must be one of the cards listed in | |||
the nic list command. (required) | |||
'''OPTIONS''' | |||
-a|--auto Set the speed and duplexity settings to autonegotiate. | |||
-D|--duplex=<str> The duplex to set this NIC to. Acceptable values are : [full, half] | |||
-l|--message-level=<long> | |||
Sets the driver message level. Meaning differ per driver. | |||
-P|--phy-address=<long> | |||
Set the PHY address of the device | |||
-p|--port=<str> Selects device port. Available device ports are | |||
aui: Select AUI (Attachment Unit Interface) as the device port | |||
bnc: Select BNC (Bayonet Neill-Concelman) as the device port | |||
da: Select DA (Direct Attach copper) as the device port | |||
fibre: Select fibre as the device port | |||
mii: Select MII (Media Independent Interface) as the device port | |||
tp: Select TP (Twisted Pair) as the device port | |||
-S|--speed=<long> The speed to set this NIC to, in Mbps. Acceptable values are : [10, 100, | |||
1000, 2500, 5000, 10000, 20000, 25000, 40000, 50000, 56000, 100000] | |||
-t|--transceiver-type=<str> | |||
Selects transeiver type. Currently only internal and external can be | |||
specified, in the future future types might be added. Available transeiver | |||
types are | |||
external: Set the transceiver type to external | |||
internal: Set the transceiver type to internal | |||
-V|--virtual-address=<str> | |||
Set the virtual address of the device | |||
-w|--wake-on-lan=<str> | |||
Sets Wake-on-LAN options. Not all devices support this. The argument to | |||
this option is a string of characters specifying which options to enable. | |||
p Wake on phy activity | |||
u Wake on unicast messages | |||
m Wake on multicast messages | |||
b Wake on broadcast messages | |||
a Wake on ARP | |||
g Wake on MagicPacket(tm) | |||
s Enable SecureOn(tm) password for MagicPacket(tm) | |||
=== coalesce === | |||
* '''get''' | |||
: Get coalesce parameters | |||
:* <code>esxcli network nic coalesce get</code> | |||
* '''set''' | |||
: Set coalesce parameters on a nic | |||
:* <code>esxcli network nic coalesce set '''NIC_NAME''' '''[OPTIONS]'''</code> | |||
'''NIC_NAME''' | |||
-n|--vmnic=<str> Name of vmnic to set coalesce parameters. (required) | |||
'''OPTIONS''' | |||
-a|--adaptive-rx=<bool> | |||
enable or disable adaptive RX algorithm in driver. | |||
-A|--adaptive-tx=<bool> | |||
enable or disable adaptive TX algorithm in driver. | |||
-R|--rx-max-frames=<long> | |||
Maximum number of RX frames driver to process before interrupting. | |||
-r|--rx-usecs=<long> Number of microseconds driver to wait for RX before interrupting. | |||
-i|--sample-interval=<long> | |||
Packet rate sampling internal in seconds for the adaptive coalescing | |||
algorithm in driver. | |||
-T|--tx-max-frames=<long> | |||
Maximum number of completed TX frames driver to process before | |||
interrupting. | |||
-t|--tx-usecs=<long> Number of microseconds driver to wait for completed TX before interrupting. | |||
==== high ==== | |||
* '''get''' | |||
: Get information about the behavior of a NIC when it sends or receives packets at high packet rate. | |||
:* <code>esxcli network nic coalesce high get '''NIC_NAME'''</code> | |||
* '''set''' | |||
: Set parameters to control the behavior of a NIC when it sends or receives packets at high packet rate. | |||
:* <code>esxcli network nic coalesce high set '''NIC_NAME''' '''[OPTIONS]'''</code> | |||
==== low ==== | |||
* '''get''' | |||
: Get information about the behavior of a NIC when it sends or receives packets at low packet rate. | |||
:* <code>esxcli network nic coalesce low get '''NIC_NAME'''</code> | |||
* '''set''' | |||
: Set parameters to control the behavior of a NIC when it sends or receives packets at low packet rate. | |||
:* <code>esxcli network nic coalesce low set '''NIC_NAME''' '''[OPTIONS]'''</code> | |||
'''NIC_NAME''' | |||
-n|--vmnic=<str> The name of the pnic for which information should be retrieved. (required) | |||
'''OPTIONS''' | |||
-p|--pkt-rate=<long> The high packet rate measured in number of packets per second. When packet | |||
rate is above this parameter, the RX/TX coalescing parameters configured by | |||
this command are used. | |||
-R|--rx-max-frames=<long> | |||
The maximum number of RX packets to delay an RX interrupt after they arrive | |||
under high packet rate conditions. | |||
-r|--rx-usecs=<long> The number of microseconds to delay an RX interrupt after a packet arrives | |||
under high packet rate conditions. | |||
-T|--tx-max-frames=<long> | |||
The maximum number of TX packets to delay an TX interrupt after they are | |||
sent under high packet rate conditions. | |||
-t|--tx-usecs=<long> The number of microseconds to delay a TX interrupt after a packet is sent | |||
under high packet rate conditions. | |||
-n|--vmnic=<str> Name of the vmnic for which parameters should be set. (required) | |||
=== cso === | |||
* '''get''' | |||
: Get checksum offload settings | |||
:* <code>esxcli network nic cso get</code> | |||
* '''set''' | |||
: Set checksum offload settings on a nic | |||
:* <code>esxcli network nic cso set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enable=<long> RX/TX checksum offload (required) | |||
-n|--vmnic=<str> Name of vmnic to set offload settings. (required) | |||
=== eeprom === | |||
* '''dump''' | |||
: Dump device EEPROM | |||
:* <code>esxcli network nic eeprom dump '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-l|--length=<long> Bytes of EEPROM to dump | |||
-o|--offset=<long> Offset of EEPROM starting to dump | |||
-n|--vmnic=<str> The name of pnic to dump EEPROM (required) | |||
* '''change''' | |||
: Change EEPROM on a nic | |||
:* <code>esxcli network nic eeprom change '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-f|--file=<str> File name of new EEPROM content | |||
-m|--magic=<long> Magic key of EEPROM (required) | |||
-o|--offset=<long> Offset of EEPROM to change | |||
-v|--value=<long> New EEPROM value in double word | |||
-n|--vmnic=<str> Name of vmnic to change EEPROM. (required) | |||
=== negotiate === | |||
* '''restart''' | |||
: Restart N-Way negotiation on a nic | |||
:* <code>esxcli network nic negotiate restart '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--vmnic=<str> Name of vmnic to restart negotiation (required) | |||
=== pauseParams === | |||
* '''list''' | |||
: List pause parameters of all NICs | |||
:* <code>esxcli network nic pauseParams list</code> | |||
* '''set''' | |||
: Set pause parameters for a NIC | |||
:* <code>esxcli network nic pauseParams set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-a|--auto=<bool> Enable/disable auto negotiation. | |||
-n|--nic-name=<str> Name of NIC whose pause parameters should be set. (required) | |||
-r|--rx=<bool> Enable/disable pause RX flow control. | |||
-t|--tx=<bool> Enable/disable pause TX flow control. | |||
=== queue === | |||
==== count ==== | |||
* '''get''' | |||
: Get netqueue count on a nic | |||
:* <code>esxcli network nic queue count get</code> | |||
* '''set''' | |||
: Set number of netqueues on a nic | |||
:* <code>esxcli network nic queue count set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-q|--num=<long> Number of queues to set. (required) | |||
-r|--rx=<bool> Rx netqueue to set count. | |||
-t|--tx=<bool> Tx netqueue to set count. | |||
-n|--vmnic=<str> Name of vmnic to set netqueue count. (required) | |||
==== filterclass ==== | |||
* '''list''' | |||
: List the netqueue supported filterclass of all physical NICs currently installed and loaded on the system. | |||
:* <code>esxcli network nic queue filterclass list</code> | |||
==== loadbalancer ==== | |||
* '''list''' | |||
: List the netqueue load balancer settings of all physical NICs currently installed and loaded on the system. Setting legend as follows, | |||
:: S: Setting supported by device | |||
:: U: Setting unsupported by device | |||
:: N: Setting not applicable to device | |||
:: A: Setting allowed at load balancing | |||
:: D: Setting disallowed at load balancing | |||
:* <code>esxcli network nic queue loadbalancer list</code> | |||
* '''set''' | |||
: Enable/disable netqueue load balancer setting on a NIC. | |||
:* <code>esxcli network nic queue loadbalancer set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
--dynpoollb=<bool> Configure Dynamic queue pool at netqueue load balancer. | |||
--geneveoamlb=<bool> Configure Geneve OAM at netqueue load balancer. | |||
--lrolb=<bool> Configure Large Receive Offload at netqueue load balancer. | |||
--maclearnlb=<bool> Configure Mac learn load balancing at netqueue load balancer. | |||
--rsslb=<bool> Configure Receive Side Scaling at netqueue load balancer. | |||
--rxdynlb=<bool> Configure RX dynamic load balancing at netqueue load balancer. | |||
--rxqlatency=<bool> Configure Rx queue latency at netqueue load balancer. | |||
--rxqnofeat=<bool> Configure Rx queue no feature at netqueue load balancer. | |||
--rxqpair=<bool> Configure Rx queue pair at netqueue load balancer. | |||
--rxqpreempt=<bool> Configure pre-emptible queue at netqueue load balancer. | |||
-n|--vmnic=<str> Name of vmnic to update netqueue load balancer setting. (required) | |||
===== plugin ===== | |||
* '''list''' | |||
: Details of netqueue balancer plugins on all physical NICs currently installed and loaded on the system | |||
:* <code>esxcli network nic queue loadbalancer plugin list</code> | |||
* '''set''' | |||
: Enable/disable netqueue load balancer setting on a NIC. | |||
:* <code>esxcli network nic queue loadbalancer plugin set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enable=<bool> Netqueue balancer plugin state (required) | |||
-m|--module=<str> Name of netqueue balancer module (required) | |||
-p|--plugin=<str> Name of netqueue balancer plugin (required) | |||
-n|--vmnic=<str> Name of vmnic to change netqueue balancer plugin state (required) | |||
===== state ===== | |||
* '''list''' | |||
: Netqueue balancer state of all physical NICs currently installed and loaded on the system | |||
:* <code>esxcli network nic queue loadbalancer state list</code> | |||
* '''set''' | |||
: Enable/disable netqueue balancer on a NIC | |||
:* <code>esxcli network nic queue loadbalancer state set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enable=<bool> Netqueue balancer state (required) | |||
-n|--vmnic=<str> Name of vmnic to change netqueue balancer state (required) | |||
=== register === | |||
* '''dump''' | |||
: Dump device registers | |||
:* <code>esxcli network nic register dump '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--vmnic=<str> The name of pnic to dump registers (required) | |||
=== ring === | |||
==== current ==== | |||
* '''get''' | |||
: Get current RX/TX ring buffer parameters of a NIC | |||
:* <code>esxcli network nic ring current get '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> The name of the NIC whose current RX/TX ring buffer parameters should be | |||
retrieved. (required) | |||
* '''set''' | |||
: Set current RX/TX ring buffer parameters of a NIC | |||
:* <code>esxcli network nic ring current set '''NIC_NAME''' '''OPTIONS'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> The name of the NIC whose current RX/TX ring buffer parameters should be | |||
set. (required) | |||
'''OPTIONS''' | |||
-r|--rx=<long> Number of ring entries for the RX ring. | |||
-j|--rx-jumbo=<long> Number of ring entries for the RX jumbo ring. | |||
-m|--rx-mini=<long> Number of ring entries for the RX mini ring. | |||
-t|--tx=<long> Number of ring entries for the TX ring. | |||
==== preset ==== | |||
* '''get''' | |||
: Get preset RX/TX ring buffer parameters of a NIC | |||
:* <code>esxcli network nic ring preset get '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> The name of the NIC whose preset RX/TX ring buffer parameters should be | |||
retrieved. (required) | |||
=== selftest === | |||
* '''run''' | |||
: Run self test | |||
:* <code>esxcli network nic selftest run '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-o|--online=<long> Performing limited set of tests do not inetrrupt normal adapter operation, | |||
default is offline | |||
-n|--vmnic=<str> The name of pnic to dump EEPROM (required) | |||
=== sg === | |||
* '''get''' | |||
: Get scatter-gather settings | |||
:* <code>esxcli network nic sg get</code> | |||
* '''set''' | |||
: Set scatter-gatter settings on a nic | |||
:* <code>esxcli network nic sg set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enable=<long> Enable/disable scatter-gather (required) | |||
-n|--vmnic=<str> Name of vmnic to configure scatter-gather settings. (required) | |||
=== software === | |||
* '''list''' | |||
: List software simulation settings of physical NICs currently installed and loaded on the system. | |||
:* <code>esxcli network nic software list</code> | |||
* '''set''' | |||
: Enable and disable software simulation settings on a NIC. | |||
:* <code>esxcli network nic software set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
--geneveoffload=<bool> | |||
Configure Geneve encapsulation offload software simulation. | |||
--highdma=<bool> Configure high DMA software simulation. | |||
--ipv4cso=<bool> Configure IPv4 checksum offload software simulation. | |||
--ipv4tso=<bool> Configure IPv4 TCP segmentation offload software simulation. | |||
--ipv6cso=<bool> Configure IPv6 checksum offload software simulation. | |||
--ipv6csoext=<bool> Configure IPv6 extend header checksum offload software simulation. | |||
--ipv6tso=<bool> Configure IPv6 TCP segmentation offload software simulation. | |||
--ipv6tsoext=<bool> Configure IPv6 extend header TCP segmentation offload software simulation. | |||
--obo=<bool> Configure offset based encapsulation offload software simulation. | |||
--sg=<bool> Configure scatter gather software simulation. | |||
--sgsp=<bool> Configure scatter gather span multiple pages software simulation. | |||
--tagging=<bool> Configure TX VLAN tagging software simulation. | |||
--untagging=<bool> Configure RX VLAN untagging software simulation. | |||
-n|--vmnic=<str> Name of the vmnic whose software similation settings should be updated. | |||
(required) | |||
--vxlanencap=<bool> Configure VXLAN encapsulation offload software simulation. | |||
=== stats === | |||
* '''get''' | |||
: Get NIC statistics for a given interface. | |||
:* <code>esxcli network nic stats get '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> Name of the NIC to get statistics from. (required) | |||
=== tso === | |||
* '''get''' | |||
: Get TCP segmentation offload settings | |||
:* <code>esxcli network nic tso get</code> | |||
* '''set''' | |||
: Set TCP segmentation offload settings on a nic | |||
:* <code>esxcli network nic tso set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enable=<long> TCP segmentation offload (required) | |||
-n|--vmnic=<str> Name of vmnic to set TSO settings. (required) | |||
=== vlan === | |||
==== stats ==== | |||
* '''get''' | |||
: List VLAN statistics for active VLAN's on the NIC. | |||
:* <code>esxcli network nic vlan stats get '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> Name of the NIC to get statistics from. (required) | |||
* '''set''' | |||
: Enable/disable VLAN statistics collection on the NIC. | |||
:* <code>esxcli network nic vlan stats set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-e|--enabled=<bool> Whether to enable or disable VLAN statistics (required) | |||
-n|--nic-name=<str> Name of the NIC to get statistics from. (required) | |||
== port == | == port == | ||
=== filter === | |||
==== stats ==== | |||
* '''get''' | |||
: Filter statistics for a given port. | |||
:* <code>esxcli network port filter stats get '''PORT_ID'''</code> | |||
'''PORT_ID''' | |||
-p|--portid=<long> Port ID for the port to get filter statistics. (required) | |||
=== stats === | |||
* '''get''' | |||
: Packet statistics for a given port. | |||
:* <code>esxcli network port stats get '''PORT_ID'''</code> | |||
'''PORT_ID''' | |||
-p|--portid=<long> Port ID for the port to get statistics. (required) | |||
== sriovnic == | == sriovnic == | ||
* '''list''' | |||
: This command will list the SRIOV Enabled NICs (PFs) currently installed and loaded on the system. | |||
:* <code>esxcli network sriovnic list</code> | |||
=== vf === | |||
* '''list''' | |||
: Get the generic configuration of VFs for SRIOV NIC. | |||
:* <code>esxcli network sriovnic vf list '''NIC_NAME'''</code> | |||
'''NIC_NAME''' | |||
-n|--nic-name=<str> The name of the SRIOV NIC to configured. This must be one of the cards | |||
listed in the sriovNic list command. (required) | |||
* '''stats''' | |||
: Get statistics for given VF of a SRIOV NIC. | |||
:* <code>esxcli network sriovnic vf stats '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-n|--nic-name=<str> The name of the SRIOV NIC. This must be one of the cards listed in the | |||
sriovNic list command. (required) | |||
-v|--vf-id=<long> The VF ID of the virtual function whose stats are to be collected. This | |||
must be one of the VF IDs listed in the sriovnic vf list command. | |||
(required) | |||
== vm == | == vm == | ||
* '''list''' | |||
: List networking information for the VM's that have active ports. | |||
:* <code>esxcli network vm list</code> | |||
=== port === | |||
* '''list''' | |||
: List of active ports for a given VM. | |||
:* <code>esxcli network vm port list '''VM_WORLD_ID'''</code> | |||
'''VM_WORLD_ID''' | |||
-w|--world-id=<long> World ID of the VM for listing ports. (required) | |||
== vswitch == | == vswitch == | ||
=== dvs === | |||
==== vmware ==== | |||
* '''list''' | |||
: List the VMware vSphere Distributed Switch currently configured on the ESXi host. | |||
:* <code>esxcli network vswitch dvs vmware list</code> | |||
===== lacp ===== | |||
====== config ====== | |||
* '''get''' | |||
: Get LACP configuration on DVS | |||
:* <code>esxcli network vswitch dvs vmware lacp config get</code> | |||
====== stats ====== | |||
* '''get''' | |||
: Get LACP stats on DVS uplinks | |||
:* <code>esxcli network vswitch dvs vmware lacp stats get</code> | |||
====== status ====== | |||
* '''get''' | |||
: Get LACP status on DVS | |||
:* <code>esxcli network vswitch dvs vmware lacp status get</code> | |||
====== timeout ====== | |||
* '''set''' | |||
: Set long/short timeout for vmnics in one LACP LAG | |||
:* <code>esxcli network vswitch dvs vmware lacp timeout set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-l|--lag-id=<long> The ID of LAG to be configured. (required) | |||
-n|--nic-name=<str> The nic name. If it is set, then only this vmnic in the lag will be | |||
configured. | |||
-t|--timeout=<bool> Set long or short timeout: 1 for short timeout and 0 for long timeout. | |||
(required) | |||
-s|--vds=<str> The name of VDS. (required) | |||
=== standard === | |||
* '''list''' | |||
: List the virtual switches current on the ESXi host. | |||
:* <code>esxcli network vswitch standard list</code> | |||
* '''add''' | |||
: Add a new virtual switch to the ESXi networking system. | |||
:* <code>esxcli network vswitch standard add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-P|--ports=<long> The number of ports to to give this newly created virtual switch. Maximum | |||
ports per virtual switch is 4096. If no value is given the default | |||
value(128) is used. The number of ports is limited by the number of already | |||
allocated ports on the host. The system wide port count cannot be greater | |||
than 4608. | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to create. (required) | |||
* '''remove''' | |||
: Remove a virtual switch from the ESXi networking system. | |||
:* <code>esxcli network vswitch standard remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to remove. (required) | |||
* '''set''' | |||
: This command sets the MTU size and CDP status of a given virtual switch. | |||
:* <code>esxcli network vswitch standard set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-c|--cdp-status=<str> The CDP status of the given virtual switch. It can be 'down', 'listen', | |||
'advertise' or 'both' | |||
-m|--mtu=<long> The MTU size of the given virtual switch. | |||
-v|--vswitch-name=<str> | |||
The name of virtual switch to apply the configurations. (required) | |||
==== policy ==== | |||
===== failover ===== | |||
* '''get''' | |||
: Get the failover policy settings governing the given virtual switch | |||
:* <code>esxcli network vswitch standard policy failover get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when fetching the switch failover | |||
policy. (required) | |||
* '''set''' | |||
: Configure the Failover policy for a virtual switch. | |||
:* <code>esxcli network vswitch standard policy failover set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-a|--active-uplinks=<str> | |||
Configure the list of active adapters and their failover order. This list | |||
must be a comma seperated list of values with the uplink name and no | |||
spaces. Example: --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1 | |||
-b|--failback=<bool> Configure whether a NIC will be used immediately when it comes back in | |||
service after a failover | |||
-f|--failure-detection=<str> | |||
Set the method of determining how a network outage is detected. | |||
beacon: Detect failures based on active beaconing to the vswitch | |||
link: Detect failures based on the NIC link state | |||
-l|--load-balancing=<str> | |||
Set the load balancing policy for this policy. This can be one of the | |||
following options: | |||
explicit: Always use the highest order uplink from the list of active | |||
adapters which pass failover criteria. | |||
iphash: Route based on hashing the src and destination IP addresses | |||
mac: Route based on the MAC address of the packet source. | |||
portid: Route based on the originating virtual port ID. | |||
-n|--notify-switches=<bool> | |||
Indicate whether to send a notification to physical switches on failover | |||
-s|--standby-uplinks=<str> | |||
Configure the list of standby adapters and their failover order. This list | |||
must be a comma seperated list of values with the uplink name and no | |||
spaces. Example: --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11 | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when configuring the switch failover | |||
policy. (required) | |||
===== security ===== | |||
* '''get''' | |||
: Get the Security Policy governing the given virtual switch. | |||
:* <code>esxcli network vswitch standard policy security get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when fetching the network security | |||
policy. (required) | |||
* '''set''' | |||
: Set the security policy for a given virtual switch | |||
:* <code>esxcli network vswitch standard policy security set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-f|--allow-forged-transmits=<bool> | |||
Allow ports on the virtual switch to send packets with forged source | |||
information. | |||
-m|--allow-mac-change=<bool> | |||
Allow ports on the virtual switch to change their MAC address. | |||
-p|--allow-promiscuous=<bool> | |||
Allow ports on the virtual switch to enter promiscuous mode. | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when setting the switch security | |||
policy. (required) | |||
===== shaping ===== | |||
* '''get''' | |||
: Get the shaping policy settings for the given virtual switch | |||
:* <code>esxcli network vswitch standard policy shaping get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when fetching the switch shaping | |||
policy. (required) | |||
* '''set''' | |||
: Set the shaping policy settings for the given virtual switch | |||
:* <code>esxcli network vswitch standard policy shaping set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-b|--avg-bandwidth=<long> | |||
The averge bandwidth allowed for this shaping policy. This value is in Kbps | |||
(1 Kbps = 1000 bits/s) | |||
-t|--burst-size=<long> | |||
The largest burst size allowed for this shaping policy. This value is in | |||
Kib (1 Kib = 1024 bits) | |||
-e|--enabled=<bool> Indicate whether to enable traffic shaping on this policy. If this is true | |||
then the --avg-bandwidth, --peak-bandwidth and --burst-size options are | |||
required. | |||
-k|--peak-bandwidth=<long> | |||
The peak bandwidth allowed for this shaping policy. This value is in Kbps | |||
(1 Kbps = 1000 bits/s) | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to use when setting the switch shaping | |||
policy. (required) | |||
==== portgroup ==== | |||
* '''list''' | |||
: List all of the port groups currently on the system. | |||
:* <code>esxcli network vswitch standard portgroup list</code> | |||
* '''add''' | |||
: Allows the addition of a standard port group to a virtual switch. | |||
:* <code>esxcli network vswitch standard portgroup add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
The name of the port group to add (required) | |||
-v|--vswitch-name=<str> | |||
The virtual switch to add the port group to. (required) | |||
* '''remove''' | |||
: Remove a port group from the given virtual switch | |||
:* <code>esxcli network vswitch standard portgroup remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
(required) | |||
-v|--vswitch-name=<str> | |||
(required) | |||
* '''set''' | |||
: Set the vlan id for the given port group | |||
:* <code>esxcli network vswitch standard portgroup set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
The name of the port group to set vlan id for. (required) | |||
-v|--vlan-id=<long> The vlan id for this port group. This value is in the range (0 - 4095) | |||
===== policy ===== | |||
====== failover ====== | |||
* '''get''' | |||
: Get the network failover policy settings governing the given port group | |||
:* <code>esxcli network vswitch standard portgroup policy failover get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
The name of the port group to use when fetching the port group failover | |||
policy. (required) | |||
* '''set''' | |||
: Configure the Failover policy for a port group. These setting may potentially override virtual switch settings. | |||
:* <code>esxcli network vswitch standard portgroup policy failover set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-a|--active-uplinks=<str> | |||
Configure the list of active adapters and their failover order. This list | |||
must be a comma seperated list of values with the uplink name and no | |||
spaces. Example: --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1 | |||
-b|--failback=<bool> Configure whether a NIC will be used immediately when it comes back in | |||
service after a failover | |||
-f|--failure-detection=<str> | |||
Set the method of determining how a network outage is detected. | |||
beacon: Detect failures based on active beaconing to the vswitch | |||
link: Detect failures based on the NIC link state | |||
-l|--load-balancing=<str> | |||
Set the load balancing policy for this policy. This can be one of the | |||
following options: | |||
explicit: Always use the highest order uplink from the list of active | |||
adapters which pass failover criteria. | |||
iphash: Route based on hashing the src and destination IP addresses | |||
mac: Route based on the MAC address of the packet source. | |||
portid: Route based on the originating virtual port ID. | |||
-n|--notify-switches=<bool> | |||
Indicate whether to send a notification to physical switches on failover | |||
-p|--portgroup-name=<str> | |||
The name of the port group to set failover policy for. (required) | |||
-s|--standby-uplinks=<str> | |||
Configure the list of standby adapters and their failover order. This list | |||
must be a comma seperated list of values with the uplink name and no | |||
spaces. Example: --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11 | |||
-u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings | |||
instead of overriding the settings for the port group. Using this in | |||
conjunction with other settings will first reset all of the fields to use | |||
the virtual switch setting and then apply the other options after the | |||
reset. | |||
====== security ====== | |||
* '''get''' | |||
: Get the Security Policy governing the given port group. | |||
:* <code>esxcli network vswitch standard portgroup policy security get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
The name of the port group to use when fetching the network security | |||
policy. (required) | |||
* '''set''' | |||
: Set the security policy for a given port group | |||
:* <code>esxcli network vswitch standard portgroup policy security set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-f|--allow-forged-transmits=<bool> | |||
Allow ports on the virtual switch to send packets with forged source | |||
information. | |||
-m|--allow-mac-change=<bool> | |||
Allow ports on the virtual switch to change their MAC address. | |||
-o|--allow-promiscuous=<bool> | |||
Allow ports on the virtual switch to enter promiscuous mode. | |||
-p|--portgroup-name=<str> | |||
The name of the port group to set security policy for. (required) | |||
-u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings | |||
instead of overriding the settings for the port group. Using this in | |||
conjunction with other settings will first reset all of the fields to use | |||
the virtual switch setting and then apply the other options after the | |||
reset. | |||
====== shaping ====== | |||
* '''get''' | |||
: Get the network shaping policy settings governing the given port group | |||
:* <code>esxcli network vswitch standard portgroup policy shaping get '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-p|--portgroup-name=<str> | |||
The name of the port group to use when fetching the port group shaping | |||
policy. (required) | |||
* '''set''' | |||
: Set the shaping policy settings for the given port group | |||
:* <code>esxcli network vswitch standard portgroup policy shaping set '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-b|--avg-bandwidth=<long> | |||
The averge bandwidth allowed for this shaping policy. This value is in Kbps | |||
(1 Kbps = 1000 bits/s) | |||
-t|--burst-size=<long> | |||
The largest burst size allowed for this shaping policy. This value is in | |||
Kib (1 Kib = 1024 bits) | |||
-e|--enabled=<bool> Indicate whether to enable traffic shaping on this policy. If this is true | |||
then the --avg-bandwidth, --peak-bandwidth and --burst-size options are | |||
required. | |||
-k|--peak-bandwidth=<long> | |||
The peak bandwidth allowed for this shaping policy. This value is in Kbps | |||
(1 Kbps = 1000 bits/s) | |||
-p|--portgroup-name=<str> | |||
The name of the port group to set shaping policy for. (required) | |||
-u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings | |||
instead of overriding the settings for the port group. Using this in | |||
conjunction with other settings will first reset all of the fields to use | |||
the virtual switch setting and then apply the other options after the | |||
reset. | |||
==== uplink ==== | |||
* '''add''' | |||
: Add an uplink to the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to enable use of this uplink on this virtual switch | |||
:* <code>esxcli network vswitch standard uplink add '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-u|--uplink-name=<str> | |||
The name of the uplink to add to the virtual switch. (required) | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to add an uplink to. (required) | |||
* '''remove''' | |||
: Remove an uplink from the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to disable use of this uplink on this virtual switch | |||
:* <code>esxcli network vswitch standard uplink remove '''OPTIONS'''</code> | |||
'''OPTIONS''' | |||
-u|--uplink-name=<str> | |||
The name of the uplink to remove from the virtual switch. (required) | |||
-v|--vswitch-name=<str> | |||
The name of the virtual switch to remove an uplink from. (required) |
Latest revision as of 20:06, 10 February 2022
Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.
diag
- ping
- Send ICMP echo requests to network hosts.
esxcli network diag ping OPTIONS
OPTIONS -c|--count=<long> Specify the number of packets to send. -D|--debug VMKPing debug mode. -d|--df Set DF bit on IPv4 packets. -H|--host=<str> Specify the host to send packets to. This parameter is required when not executing ping in debug mode (-D) -I|--interface=<str> Specify the outgoing interface. -i|--interval=<str> Set the interval for sending packets in seconds. --ipv4 Ping with ICMPv4 echo requests. --ipv6 Ping with ICMPv6 echo requests. --netstack=<str> Specify the TCP/IP netstack which the interface resides on -N|--nexthop=<str> Override the system's default route selection, in dotted quad notation. (IPv4 only. Requires interface option) -s|--size=<long> Set the payload size of the packets to send. -t|--ttl=<long> Set IPv4 Time To Live or IPv6 Hop Limit -W|--wait=<str> Set the timeout to wait if no responses are received in seconds.
ens
lcore
- list
- List ENS contexts.
esxcli network ens lcore list
- add
- Create ENS context.
esxcli network ens lcore add ID
ID -l|--lcore-id=<long> ENS context id to be created. (required)
- remove
- Destroy ENS context.
esxcli network ens lcore remove ID
ID -l|--lcore-id=<long> ENS context id to be destroyed. (required)
affinity
- get
- Get the affinity for given ENS context.
esxcli network ens lcore affinity get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- set
- Set affinity for given ENS context.
esxcli network ens lcore affinity set ID NODE
ID -l|--lcore-id=<long> ENS context id. (required) NODE -a|--affinity=<long> Numa node affinity. (required)
switch
- get
- Get the switch associated with given ENS context.
esxcli network ens lcore switch get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- add
- Associate given ENS context with given switch.
esxcli network ens lcore switch add ID SWITCH
ID -l|--lcore-id=<long> ENS context id. (required) SWITCH -s|--switch=<str> Switch name. (required)
- remove
- Disassociate given ENS context from virtual switch.
esxcli network ens lcore switch remove ID
ID -l|--lcore-id=<long> ENS context id. (required)
maxLcores
- get
- Get the maximum number of ENS contexts (lcores).
esxcli network ens maxLcores get
- set
- Set the maximum number of ENS contexts.
esxcli network ens maxLcores set MAXCORES
MAXCORES -n|--maxlcores=<long> Number of maximum ENS contexts to be assigned. (required)
firewall
- get
- Get the firewall status.
esxcli network firewall get
- set
- Set firewall enabled status and default action.
esxcli network firewall set PARAM
- Set firewall enabled status and default action.
PARAM --enabled OR --default-action
- refresh
- Load ruleset configuration for firewall.
esxcli network firewall refresh
- load
- Load firewall module and rulesets configuration.
esxcli network firewall load
- unload
- Allow unload firewall module.
esxcli network firewall unload
- Allow unload firewall module.
- Load firewall module and rulesets configuration.
ruleset
- list
- List the rulesets in firewall.
esxcli network firewall ruleset list
- set
- Set firewall ruleset status (allowedAll flag and enabled status).
esxcli network firewall ruleset set LABEL OPTIONS
- Set firewall ruleset status (allowedAll flag and enabled status).
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) OPTIONS -a|--allowed-all=<bool> Set to true to allowed all ip, set to false to use allowed ip list. -e|--enabled=<bool> Set to true to enable ruleset, set to false to disable it.
allowedip
- list
- list allowed ip addresses for rulesets.
esxcli network firewall ruleset allowedip list
- add
- Add allowed ip address/range to the ruleset ruleset.
esxcli network firewall ruleset allowedip add LABEL RANGE
- remove
- Remove allowed ip address/range from the ruleset.
esxcli network firewall ruleset allowedip remove LABEL RANGE
- Add allowed ip address/range to the ruleset ruleset.
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) RANGE -i|--ip-address=<str> Allowed ip address/range for the ruleset. (required)
client
- get
- Show the number of clients using a firewall ruleset.
esxcli network firewall ruleset client get LABEL
- add
- Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
esxcli network firewall ruleset client add LABEL
- remove
- Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
esxcli network firewall ruleset client remove LABEL
- Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
- Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required)
rule
- list
- List the rules of each ruleset in firewall.
esxcli network firewall ruleset rule list
ip
- get
- Get global IP settings
esxcli network ip get
- set
- Update global IP settings
esxcli network ip set
Configure the VMkernel Adapter Gateway by Using esxcli Commands
connection
- list
- List active TCP/IP connections
esxcli network ip connection list
dns
search
- list
- List the search domains currently configured on the ESXi host in the order in which they will be used when searching.
esxcli network ip dns search list
- add
- Add a search domain to the list of domains to be searched when trying to resolve an host name on the ESXi host.
esxcli network ip dns search add DOMAIN NETSTACK
- remove
- Remove a search domain from the list of domains to be searched when trying to resolve an host name on the ESXi host.
esxcli network ip dns search remove DOMAIN NETSTACK
server
- list
- Print a list of the DNS server currently configured on the system in the order in which they will be used.
esxcli network ip dns server list
- add
- Add a new DNS server to the end of the list of DNS servers to use for this ESXi host.
esxcli network ip dns server add DOMAIN SERVER
- remove
- Remove a DNS server from the list of DNS servers to use for this ESXi host.
esxcli network ip dns server remove PARAM
DOMAIN -d|--domain=<str> The string name of a domain to remove from the list of search domains. (required) NETSTACK -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance SERVER -s|--server=<str> The IP address (v4 or v6) of the DNS server to add to the DNS server list. (required) PARAM --all, --server
interface
- list
- This command will list the VMkernel network interfaces currently known to the system.
esxcli network ip interface list
- set
- This command sets the enabled status and MTU size of a given IP interface
esxcli network ip interface set OPTIONS
OPTIONS -e|--enabled=<bool> Set to true to enable the interface, set to false to disable it. -i|--interface-name=<str> The name of the interface to apply the configurations. (required) -m|--mtu=<long> The MTU size of the IP interface.
- add
- Add a new VMkernel network interface.
esxcli network ip interface add OPTIONS
OPTIONS -P|--dvport-id=<str> DVPort ID of the connection point. This requires --dvs-name to be given in the same command -s|--dvs-name=<str> DVSwitch name of the connection point. This requires --dvport-id to be given in the same command -i|--interface-name=<str> The name of the VMkernel network interface to create. This name must be in the form vmkX, where X is a number 0-255 -M|--mac-address=<str> Set the MAC address for the newly created VMkernel network interface. -m|--mtu=<long> Set the MTU setting for a given VMkernel network interface on creation -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance -p|--portgroup-name=<str> The name of the vswitch port group to add this VMkernel network interface to.
- remove
- Remove a VMkernel network interface from the ESXi host. A VMKernel network interface can be uniquely specified by --interface-name or --portgroup-name or --dvs-name/--dvport-id. i.e. Providing its name or its connection point are two ways to uniquely specify a VMKernel network interface.
esxcli network ip interface remove OPTIONS
OPTIONS -P|--dvport-id=<str> DVPort ID of the connection point. This requires --dvs-name to be given in the same command -s|--dvs-name=<str> DVSwitch name of the connection point. This requires --dvport-id to be given in the same command -i|--interface-name=<str> The name of the VMkernel network interface to remove. This name must be in the form vmkX, where X is a number 0-255 -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance -p|--portgroup-name=<str> The name of the vswitch port group to delete this VMkernel network interface from.
ipv4
- get
- List the IPv4 addresses assigned to VMkernel network interfaces.
esxcli network ip interface ipv4 get
- set
- Configure IPv4 setting for a given VMkernel network interface.
esxcli network ip interface ipv4 set OPTIONS
OPTIONS -g|--gateway=<str> The default gateway for this interface. The value must be a valid IPv4 address. Gateway would be reset if not provided -i|--interface-name=<str> The name of the VMkernel network interface to set IPv4 settings for. This name must be an interface listed in the interface list command. (required) -I|--ipv4=<str> The static IPv4 address for this interface. -N|--netmask=<str> The static IPv4 netmask for this interface. -P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings published via DHCPv4 for this interface. -t|--type=<str> IPv4 Address type : dhcp: Use DHCP to aquire IPv4 setting for this interface. none: Remove IPv4 settings form this interface. static: Set Static IPv4 information for this interface. Requires --ipv4 and --netmask options.
address
- list
- List the IPv4 addresses assigned to VMkernel network interfaces.
esxcli network ip interface ipv4 address list
ipv6
- get
- Get IPv6 settings for VMkernel network interfaces. This does not include the IPv6 addresses which can be found in the "address list" command.
esxcli network ip interface ipv6 get
- set
- Configure IPv6 settings for a given VMkernel network interface.
esxcli network ip interface ipv6 set OPTIONS
OPTIONS -d|--enable-dhcpv6=<bool> Setting this value to true will enable DHCPv6 on this interface and attempt to aquire an IPv6 address from the network -e|--enable-ipv6=<bool> Setting this value to true enables IPv6 on thisinterface while setting it to false disables IPv6 on this interface. -r|--enable-router-adv=<bool> Setting this value to true will enable IPv6 Router Advertised IPv6 addresses to be added to this interface from any routers broadcasting on the local network. -g|--gateway=<str> A default gateway for this interface. The value must be a valid IPv6 address. -i|--interface-name=<str> The name of the VMkernel network interface to set IPv6 settings for. This name must be an interface listed in the interface list command. (required) -P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings published via DHCPv6 for this interface.
address
- list
- This command will list all of the IPv6 addresses currently assigned to the system
esxcli network ip interface ipv6 address list
- add
- Add a static IPv6 address to a given VMkernel network interface.
esxcli network ip interface ipv6 address add OPTIONS
OPTIONS -i|--interface-name=<str> The name of the VMkernel network interface to add a static IPv6 address to. This name must be an interface listed in the interface list command. (required) -I|--ipv6=<str> The IPv6 address to add to the given VMkernel network interface. This must be in X:X:X::/X format (required)
- remove
- Remove an IPv6 address from a given VMkernel network interface.
esxcli network ip interface ipv6 address remove OPTIONS
OPTIONS -i|--interface-name=<str> The name of the VMkernel network interface to remove an IPv6 address from. This name must be an interface listed in the interface list command. (required) -I|--ipv6=<str> The IPv6 address to remove from the given VMkernel network interface. This must be in X:X:X::/X format (required)
tag
- get
- Gets the tags set on the given VMkernel network interface.
esxcli network ip interface tag get INTERFACE
- add
- Adds a tag on a given VMkernel network interface. Supported tags are: Management, VMotion, faultToleranceLogging, vSphereReplication, vSphereReplicationNFC, vSphereProvisioning, VSAN, VSANWitness
esxcli network ip interface tag add INTERFACE'TAGNAME'
- remove
- Removes a tag on a given VMkernel network interface.
esxcli network ip interface tag remove INTERFACE'TAGNAME'
INTERFACE -i|--interface-name=<str> Name of the VMkernel network interface (vmknic) whose tags are to be read/set/removed (required) This name must be an interface listed in the interface list command. (required) TAGNAME -t|--tagname=<str> Tag name to assign to the interface (required)
ipsec
sa
- list
- List configured Security Associations
esxcli network ip ipsec sa list
- add
- Add a Security Association.
esxcli network ip ipsec sa add OPTIONS
OPTIONS -e|--encryption-algorithm=<str> Encryption algorithm for the Security Association. Should be one in set [null, 3des-cbc, aes128-cbc]. (required) -k|--encryption-key=<str> Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm used. Required when a encryption algorithm has been specified. -i|--integrity-algorithm=<str> Integrity algorithm for the Security Association. Should be one in set [hmac-sha1, hmac-sha2-256]. (required) -K|--integrity-key=<str> Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm used. (required) -d|--sa-destination=<str> Ipv6 address of Security Association destination. Can be specified as 'any' or a correct IPv6 address. (required) -m|--sa-mode=<str> Security Association mode. Should be one in set [transport, tunnel]. -n|--sa-name=<str> Name for the Security Association to be added. (required) -s|--sa-source=<str> Ipv6 address of Security Association source. Can be specified as 'any' or a correct IPv6 address. (required) -p|--sa-spi=<str> SPI value for the Security Association(hex). (required)
- remove
- Operation to remove Security Association(s)
esxcli network ip ipsec sa remove OPTIONS
OPTIONS -a|--remove-all Set to remove all Security Associations. -d|--sa-destination=<str> Ipv6 address of Security Association destination. This option needs to be specified when removing an auto SA. -n|--sa-name=<str> Name for the Security Association to be removed. Specify 'auto' to remove an auto SA. -s|--sa-source=<str> Ipv6 address of Security Association source. This option needs to be specified when removing an auto SA. -p|--sa-spi=<str> SPI value for the Security Association (hex). This option needs to be specified when removing an auto SA
sp
- list
- List configured Security Policys
esxcli network ip ipsec sp list
- add
- Add a Security Policy.
esxcli network ip ipsec sp add OPTIONS
OPTIONS -A|--action=<str> Action for Security Policy. Should be one in set [none, discard, ipsec]. -P|--destination-port=<long> Destination Port for Security Policy. '0' stands for 'any' (required) -w|--flow-direction=<str> Flow direction for Security Policy. Should be one in set [in, out]. -a|--sa-name=<str> Name for the Security Association. Not being Specified lets vmkernel automatically choose an Security Association. If no applicable Security Association exists, then vmkernel may request one using IKE. -p|--source-port=<long> Source Port for Security Policy. '0' stands for 'any' (required) -d|--sp-destination=<str> Ipv6 address and prefix length of Security Policy destination. Can be specified as 'any' or a correct Ipv6 network address. (required) -m|--sp-mode=<str> Security Policy mode. Should be one in set [transport, tunnel]. -n|--sp-name=<str> Name for the Security Policy to be added. (required) -s|--sp-source=<str> Ipv6 address and prefix length of Security Policy source. Can be specified as 'any' or a correct IPv6 network address. (required) -u|--upper-layer-protocol=<str> Upper layer protocol for Security Policy, Should be one in set [any, tcp, udp, icmp6].
- remove
- Operation to remove Security Policy
esxcli network ip ipsec sp remove PARAM
PARAM --remove-all OR --sa-name
neighbor
- list
- List ARP table entries
esxcli network ip neighbor list
- remove
- Remove ARP table entries
esxcli network ip neighbor remove OPTIONS
OPTIONS -i|--interface-name=<str> The name of the VMkernel network interface to remove the neighbor entry from. If not specified, neighbor will be removed from all interfaces -a|--neighbor-addr=<str> The IPv4/IPv6 address of the neighbor. (required) -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance -v|--version=<str> IP version : [4, 6] (required)
netstack
- list
- This command will list the VMkernel Netstack instances currently known to the system.
esxcli network ip netstack list
- get
- Get runtime/configuration settings for a given Netstack Instance.
esxcli network ip netstack get NETSTACK
- add
- Add a new Netstack Instance.
esxcli network ip netstack add NETSTACK DISABLE
- remove
- Remove a new Netstack Instance.
esxcli network ip netstack remove NETSTACK
- set
- Configure settings for a given Netstack Instance.
esxcli network ip netstack set NETSTACK OPTIONS
NETSTACK -N|--netstack=<str> The network stack instance (required) DISABLE -d|--disabled Create the netstack instance only in config i.e. in disabled state. Does not create in kernel. OPTIONS -c|--ccalgo=<str> The TCP Congestion Contol Algorithm for this netstack instance (not applied to existing connections).: cubic: Set cubic as the algorithm newreno: Set newreno as the algorithm -e|--enable=<bool> Enable the netstack instance (create in kernel) -i|--ipv6enabled=<bool> To enable IPv6 for this netstack instance (aplied only during netstack creation). -m|--maxconn=<long> The maximum number of connections for this netstack instance (applied only during netstack creation). -n|--name=<str> The name for this netstack instance.
route
ipv4
- list
- List configured IPv4 routes
esxcli network ip route ipv4 list
- add
- Add IPv4 route to the VMkernel.
esxcli network ip route ipv4 add GATEWAY [NETSTACK] NETWORK
- remove
- Remove IPv4 route
esxcli network ip route ipv4 remove GATEWAY [NETSTACK] NETWORK
ipv6
- list
- List configured IPv6 routes
esxcli network ip route ipv6 list
- add
- Add IPv6 route to the VMkernel.
esxcli network ip route ipv6 add GATEWAY [NETSTACK] NETWORK
- remove
- Remove IPv6 route from the VMkernel
esxcli network ip route ipv6 remove GATEWAY [NETSTACK] NETWORK
GATEWAY -g|--gateway=<str> The Ipv6 address of the gateway through which a route to be removed (required) NETSTACK -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance NETWORK -n|--network=<str> The Ipv6 address and prefix length of the network to remove the route from. Specify 'default' to indicate the default network. (required)
multicast
group
- list
- List all the multicast group members.
esxcli network multicast group list
nic
- list
- This command will list the Physical NICs currently installed and loaded on the system.
esxcli network nic list
- get
- Get the generic configuration of a network device
esxcli network nic get NIC_NAME
- set
- Set the general options for the specified ethernet device.
esxcli network nic set NIC_NAME OPTIONS
- down
- Bring down the specified network device.
esxcli network nic down NIC_NAME
- up
- Bring up the specified network device.
esxcli network nic up NIC_NAME
NIC_NAME -n|--nic-name=<str> The name of the NIC to configured. This must be one of the cards listed in the nic list command. (required) OPTIONS -a|--auto Set the speed and duplexity settings to autonegotiate. -D|--duplex=<str> The duplex to set this NIC to. Acceptable values are : [full, half] -l|--message-level=<long> Sets the driver message level. Meaning differ per driver. -P|--phy-address=<long> Set the PHY address of the device -p|--port=<str> Selects device port. Available device ports are aui: Select AUI (Attachment Unit Interface) as the device port bnc: Select BNC (Bayonet Neill-Concelman) as the device port da: Select DA (Direct Attach copper) as the device port fibre: Select fibre as the device port mii: Select MII (Media Independent Interface) as the device port tp: Select TP (Twisted Pair) as the device port -S|--speed=<long> The speed to set this NIC to, in Mbps. Acceptable values are : [10, 100, 1000, 2500, 5000, 10000, 20000, 25000, 40000, 50000, 56000, 100000] -t|--transceiver-type=<str> Selects transeiver type. Currently only internal and external can be specified, in the future future types might be added. Available transeiver types are external: Set the transceiver type to external internal: Set the transceiver type to internal -V|--virtual-address=<str> Set the virtual address of the device -w|--wake-on-lan=<str> Sets Wake-on-LAN options. Not all devices support this. The argument to this option is a string of characters specifying which options to enable. p Wake on phy activity u Wake on unicast messages m Wake on multicast messages b Wake on broadcast messages a Wake on ARP g Wake on MagicPacket(tm) s Enable SecureOn(tm) password for MagicPacket(tm)
coalesce
- get
- Get coalesce parameters
esxcli network nic coalesce get
- set
- Set coalesce parameters on a nic
esxcli network nic coalesce set NIC_NAME [OPTIONS]
NIC_NAME -n|--vmnic=<str> Name of vmnic to set coalesce parameters. (required) OPTIONS -a|--adaptive-rx=<bool> enable or disable adaptive RX algorithm in driver. -A|--adaptive-tx=<bool> enable or disable adaptive TX algorithm in driver. -R|--rx-max-frames=<long> Maximum number of RX frames driver to process before interrupting. -r|--rx-usecs=<long> Number of microseconds driver to wait for RX before interrupting. -i|--sample-interval=<long> Packet rate sampling internal in seconds for the adaptive coalescing algorithm in driver. -T|--tx-max-frames=<long> Maximum number of completed TX frames driver to process before interrupting. -t|--tx-usecs=<long> Number of microseconds driver to wait for completed TX before interrupting.
high
- get
- Get information about the behavior of a NIC when it sends or receives packets at high packet rate.
esxcli network nic coalesce high get NIC_NAME
- set
- Set parameters to control the behavior of a NIC when it sends or receives packets at high packet rate.
esxcli network nic coalesce high set NIC_NAME [OPTIONS]
low
- get
- Get information about the behavior of a NIC when it sends or receives packets at low packet rate.
esxcli network nic coalesce low get NIC_NAME
- set
- Set parameters to control the behavior of a NIC when it sends or receives packets at low packet rate.
esxcli network nic coalesce low set NIC_NAME [OPTIONS]
NIC_NAME -n|--vmnic=<str> The name of the pnic for which information should be retrieved. (required) OPTIONS -p|--pkt-rate=<long> The high packet rate measured in number of packets per second. When packet rate is above this parameter, the RX/TX coalescing parameters configured by this command are used. -R|--rx-max-frames=<long> The maximum number of RX packets to delay an RX interrupt after they arrive under high packet rate conditions. -r|--rx-usecs=<long> The number of microseconds to delay an RX interrupt after a packet arrives under high packet rate conditions. -T|--tx-max-frames=<long> The maximum number of TX packets to delay an TX interrupt after they are sent under high packet rate conditions. -t|--tx-usecs=<long> The number of microseconds to delay a TX interrupt after a packet is sent under high packet rate conditions. -n|--vmnic=<str> Name of the vmnic for which parameters should be set. (required)
cso
- get
- Get checksum offload settings
esxcli network nic cso get
- set
- Set checksum offload settings on a nic
esxcli network nic cso set OPTIONS
OPTIONS -e|--enable=<long> RX/TX checksum offload (required) -n|--vmnic=<str> Name of vmnic to set offload settings. (required)
eeprom
- dump
- Dump device EEPROM
esxcli network nic eeprom dump OPTIONS
OPTIONS -l|--length=<long> Bytes of EEPROM to dump -o|--offset=<long> Offset of EEPROM starting to dump -n|--vmnic=<str> The name of pnic to dump EEPROM (required)
- change
- Change EEPROM on a nic
esxcli network nic eeprom change OPTIONS
OPTIONS -f|--file=<str> File name of new EEPROM content -m|--magic=<long> Magic key of EEPROM (required) -o|--offset=<long> Offset of EEPROM to change -v|--value=<long> New EEPROM value in double word -n|--vmnic=<str> Name of vmnic to change EEPROM. (required)
negotiate
- restart
- Restart N-Way negotiation on a nic
esxcli network nic negotiate restart NIC_NAME
NIC_NAME -n|--vmnic=<str> Name of vmnic to restart negotiation (required)
pauseParams
- list
- List pause parameters of all NICs
esxcli network nic pauseParams list
- set
- Set pause parameters for a NIC
esxcli network nic pauseParams set OPTIONS
OPTIONS -a|--auto=<bool> Enable/disable auto negotiation. -n|--nic-name=<str> Name of NIC whose pause parameters should be set. (required) -r|--rx=<bool> Enable/disable pause RX flow control. -t|--tx=<bool> Enable/disable pause TX flow control.
queue
count
- get
- Get netqueue count on a nic
esxcli network nic queue count get
- set
- Set number of netqueues on a nic
esxcli network nic queue count set OPTIONS
OPTIONS -q|--num=<long> Number of queues to set. (required) -r|--rx=<bool> Rx netqueue to set count. -t|--tx=<bool> Tx netqueue to set count. -n|--vmnic=<str> Name of vmnic to set netqueue count. (required)
filterclass
- list
- List the netqueue supported filterclass of all physical NICs currently installed and loaded on the system.
esxcli network nic queue filterclass list
loadbalancer
- list
- List the netqueue load balancer settings of all physical NICs currently installed and loaded on the system. Setting legend as follows,
- S: Setting supported by device
- U: Setting unsupported by device
- N: Setting not applicable to device
- A: Setting allowed at load balancing
- D: Setting disallowed at load balancing
esxcli network nic queue loadbalancer list
- set
- Enable/disable netqueue load balancer setting on a NIC.
esxcli network nic queue loadbalancer set OPTIONS
OPTIONS --dynpoollb=<bool> Configure Dynamic queue pool at netqueue load balancer. --geneveoamlb=<bool> Configure Geneve OAM at netqueue load balancer. --lrolb=<bool> Configure Large Receive Offload at netqueue load balancer. --maclearnlb=<bool> Configure Mac learn load balancing at netqueue load balancer. --rsslb=<bool> Configure Receive Side Scaling at netqueue load balancer. --rxdynlb=<bool> Configure RX dynamic load balancing at netqueue load balancer. --rxqlatency=<bool> Configure Rx queue latency at netqueue load balancer. --rxqnofeat=<bool> Configure Rx queue no feature at netqueue load balancer. --rxqpair=<bool> Configure Rx queue pair at netqueue load balancer. --rxqpreempt=<bool> Configure pre-emptible queue at netqueue load balancer. -n|--vmnic=<str> Name of vmnic to update netqueue load balancer setting. (required)
plugin
- list
- Details of netqueue balancer plugins on all physical NICs currently installed and loaded on the system
esxcli network nic queue loadbalancer plugin list
- set
- Enable/disable netqueue load balancer setting on a NIC.
esxcli network nic queue loadbalancer plugin set OPTIONS
OPTIONS -e|--enable=<bool> Netqueue balancer plugin state (required) -m|--module=<str> Name of netqueue balancer module (required) -p|--plugin=<str> Name of netqueue balancer plugin (required) -n|--vmnic=<str> Name of vmnic to change netqueue balancer plugin state (required)
state
- list
- Netqueue balancer state of all physical NICs currently installed and loaded on the system
esxcli network nic queue loadbalancer state list
- set
- Enable/disable netqueue balancer on a NIC
esxcli network nic queue loadbalancer state set OPTIONS
OPTIONS -e|--enable=<bool> Netqueue balancer state (required) -n|--vmnic=<str> Name of vmnic to change netqueue balancer state (required)
register
- dump
- Dump device registers
esxcli network nic register dump NIC_NAME
NIC_NAME -n|--vmnic=<str> The name of pnic to dump registers (required)
ring
current
- get
- Get current RX/TX ring buffer parameters of a NIC
esxcli network nic ring current get NIC_NAME
NIC_NAME -n|--nic-name=<str> The name of the NIC whose current RX/TX ring buffer parameters should be retrieved. (required)
- set
- Set current RX/TX ring buffer parameters of a NIC
esxcli network nic ring current set NIC_NAME OPTIONS
NIC_NAME -n|--nic-name=<str> The name of the NIC whose current RX/TX ring buffer parameters should be set. (required) OPTIONS -r|--rx=<long> Number of ring entries for the RX ring. -j|--rx-jumbo=<long> Number of ring entries for the RX jumbo ring. -m|--rx-mini=<long> Number of ring entries for the RX mini ring. -t|--tx=<long> Number of ring entries for the TX ring.
preset
- get
- Get preset RX/TX ring buffer parameters of a NIC
esxcli network nic ring preset get NIC_NAME
NIC_NAME -n|--nic-name=<str> The name of the NIC whose preset RX/TX ring buffer parameters should be retrieved. (required)
selftest
- run
- Run self test
esxcli network nic selftest run OPTIONS
OPTIONS -o|--online=<long> Performing limited set of tests do not inetrrupt normal adapter operation, default is offline -n|--vmnic=<str> The name of pnic to dump EEPROM (required)
sg
- get
- Get scatter-gather settings
esxcli network nic sg get
- set
- Set scatter-gatter settings on a nic
esxcli network nic sg set OPTIONS
OPTIONS -e|--enable=<long> Enable/disable scatter-gather (required) -n|--vmnic=<str> Name of vmnic to configure scatter-gather settings. (required)
software
- list
- List software simulation settings of physical NICs currently installed and loaded on the system.
esxcli network nic software list
- set
- Enable and disable software simulation settings on a NIC.
esxcli network nic software set OPTIONS
OPTIONS --geneveoffload=<bool> Configure Geneve encapsulation offload software simulation. --highdma=<bool> Configure high DMA software simulation. --ipv4cso=<bool> Configure IPv4 checksum offload software simulation. --ipv4tso=<bool> Configure IPv4 TCP segmentation offload software simulation. --ipv6cso=<bool> Configure IPv6 checksum offload software simulation. --ipv6csoext=<bool> Configure IPv6 extend header checksum offload software simulation. --ipv6tso=<bool> Configure IPv6 TCP segmentation offload software simulation. --ipv6tsoext=<bool> Configure IPv6 extend header TCP segmentation offload software simulation. --obo=<bool> Configure offset based encapsulation offload software simulation. --sg=<bool> Configure scatter gather software simulation. --sgsp=<bool> Configure scatter gather span multiple pages software simulation. --tagging=<bool> Configure TX VLAN tagging software simulation. --untagging=<bool> Configure RX VLAN untagging software simulation. -n|--vmnic=<str> Name of the vmnic whose software similation settings should be updated. (required) --vxlanencap=<bool> Configure VXLAN encapsulation offload software simulation.
stats
- get
- Get NIC statistics for a given interface.
esxcli network nic stats get NIC_NAME
NIC_NAME -n|--nic-name=<str> Name of the NIC to get statistics from. (required)
tso
- get
- Get TCP segmentation offload settings
esxcli network nic tso get
- set
- Set TCP segmentation offload settings on a nic
esxcli network nic tso set OPTIONS
OPTIONS -e|--enable=<long> TCP segmentation offload (required) -n|--vmnic=<str> Name of vmnic to set TSO settings. (required)
vlan
stats
- get
- List VLAN statistics for active VLAN's on the NIC.
esxcli network nic vlan stats get NIC_NAME
NIC_NAME -n|--nic-name=<str> Name of the NIC to get statistics from. (required)
- set
- Enable/disable VLAN statistics collection on the NIC.
esxcli network nic vlan stats set OPTIONS
OPTIONS -e|--enabled=<bool> Whether to enable or disable VLAN statistics (required) -n|--nic-name=<str> Name of the NIC to get statistics from. (required)
port
filter
stats
- get
- Filter statistics for a given port.
esxcli network port filter stats get PORT_ID
PORT_ID -p|--portid=<long> Port ID for the port to get filter statistics. (required)
stats
- get
- Packet statistics for a given port.
esxcli network port stats get PORT_ID
PORT_ID -p|--portid=<long> Port ID for the port to get statistics. (required)
sriovnic
- list
- This command will list the SRIOV Enabled NICs (PFs) currently installed and loaded on the system.
esxcli network sriovnic list
vf
- list
- Get the generic configuration of VFs for SRIOV NIC.
esxcli network sriovnic vf list NIC_NAME
NIC_NAME -n|--nic-name=<str> The name of the SRIOV NIC to configured. This must be one of the cards listed in the sriovNic list command. (required)
- stats
- Get statistics for given VF of a SRIOV NIC.
esxcli network sriovnic vf stats OPTIONS
OPTIONS -n|--nic-name=<str> The name of the SRIOV NIC. This must be one of the cards listed in the sriovNic list command. (required) -v|--vf-id=<long> The VF ID of the virtual function whose stats are to be collected. This must be one of the VF IDs listed in the sriovnic vf list command. (required)
vm
- list
- List networking information for the VM's that have active ports.
esxcli network vm list
port
- list
- List of active ports for a given VM.
esxcli network vm port list VM_WORLD_ID
VM_WORLD_ID -w|--world-id=<long> World ID of the VM for listing ports. (required)
vswitch
dvs
vmware
- list
- List the VMware vSphere Distributed Switch currently configured on the ESXi host.
esxcli network vswitch dvs vmware list
lacp
config
- get
- Get LACP configuration on DVS
esxcli network vswitch dvs vmware lacp config get
stats
- get
- Get LACP stats on DVS uplinks
esxcli network vswitch dvs vmware lacp stats get
status
- get
- Get LACP status on DVS
esxcli network vswitch dvs vmware lacp status get
timeout
- set
- Set long/short timeout for vmnics in one LACP LAG
esxcli network vswitch dvs vmware lacp timeout set OPTIONS
OPTIONS -l|--lag-id=<long> The ID of LAG to be configured. (required) -n|--nic-name=<str> The nic name. If it is set, then only this vmnic in the lag will be configured. -t|--timeout=<bool> Set long or short timeout: 1 for short timeout and 0 for long timeout. (required) -s|--vds=<str> The name of VDS. (required)
standard
- list
- List the virtual switches current on the ESXi host.
esxcli network vswitch standard list
- add
- Add a new virtual switch to the ESXi networking system.
esxcli network vswitch standard add OPTIONS
OPTIONS -P|--ports=<long> The number of ports to to give this newly created virtual switch. Maximum ports per virtual switch is 4096. If no value is given the default value(128) is used. The number of ports is limited by the number of already allocated ports on the host. The system wide port count cannot be greater than 4608. -v|--vswitch-name=<str> The name of the virtual switch to create. (required)
- remove
- Remove a virtual switch from the ESXi networking system.
esxcli network vswitch standard remove OPTIONS
OPTIONS -v|--vswitch-name=<str> The name of the virtual switch to remove. (required)
- set
- This command sets the MTU size and CDP status of a given virtual switch.
esxcli network vswitch standard set OPTIONS
OPTIONS -c|--cdp-status=<str> The CDP status of the given virtual switch. It can be 'down', 'listen', 'advertise' or 'both' -m|--mtu=<long> The MTU size of the given virtual switch. -v|--vswitch-name=<str> The name of virtual switch to apply the configurations. (required)
policy
failover
- get
- Get the failover policy settings governing the given virtual switch
esxcli network vswitch standard policy failover get OPTIONS
OPTIONS -v|--vswitch-name=<str> The name of the virtual switch to use when fetching the switch failover policy. (required)
- set
- Configure the Failover policy for a virtual switch.
esxcli network vswitch standard policy failover set OPTIONS
OPTIONS -a|--active-uplinks=<str> Configure the list of active adapters and their failover order. This list must be a comma seperated list of values with the uplink name and no spaces. Example: --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1 -b|--failback=<bool> Configure whether a NIC will be used immediately when it comes back in service after a failover -f|--failure-detection=<str> Set the method of determining how a network outage is detected. beacon: Detect failures based on active beaconing to the vswitch link: Detect failures based on the NIC link state -l|--load-balancing=<str> Set the load balancing policy for this policy. This can be one of the following options: explicit: Always use the highest order uplink from the list of active adapters which pass failover criteria. iphash: Route based on hashing the src and destination IP addresses mac: Route based on the MAC address of the packet source. portid: Route based on the originating virtual port ID. -n|--notify-switches=<bool> Indicate whether to send a notification to physical switches on failover -s|--standby-uplinks=<str> Configure the list of standby adapters and their failover order. This list must be a comma seperated list of values with the uplink name and no spaces. Example: --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11 -v|--vswitch-name=<str> The name of the virtual switch to use when configuring the switch failover policy. (required)
security
- get
- Get the Security Policy governing the given virtual switch.
esxcli network vswitch standard policy security get OPTIONS
OPTIONS -v|--vswitch-name=<str> The name of the virtual switch to use when fetching the network security policy. (required)
- set
- Set the security policy for a given virtual switch
esxcli network vswitch standard policy security set OPTIONS
OPTIONS -f|--allow-forged-transmits=<bool> Allow ports on the virtual switch to send packets with forged source information. -m|--allow-mac-change=<bool> Allow ports on the virtual switch to change their MAC address. -p|--allow-promiscuous=<bool> Allow ports on the virtual switch to enter promiscuous mode. -v|--vswitch-name=<str> The name of the virtual switch to use when setting the switch security policy. (required)
shaping
- get
- Get the shaping policy settings for the given virtual switch
esxcli network vswitch standard policy shaping get OPTIONS
OPTIONS -v|--vswitch-name=<str> The name of the virtual switch to use when fetching the switch shaping policy. (required)
- set
- Set the shaping policy settings for the given virtual switch
esxcli network vswitch standard policy shaping set OPTIONS
OPTIONS -b|--avg-bandwidth=<long> The averge bandwidth allowed for this shaping policy. This value is in Kbps (1 Kbps = 1000 bits/s) -t|--burst-size=<long> The largest burst size allowed for this shaping policy. This value is in Kib (1 Kib = 1024 bits) -e|--enabled=<bool> Indicate whether to enable traffic shaping on this policy. If this is true then the --avg-bandwidth, --peak-bandwidth and --burst-size options are required. -k|--peak-bandwidth=<long> The peak bandwidth allowed for this shaping policy. This value is in Kbps (1 Kbps = 1000 bits/s) -v|--vswitch-name=<str> The name of the virtual switch to use when setting the switch shaping policy. (required)
portgroup
- list
- List all of the port groups currently on the system.
esxcli network vswitch standard portgroup list
- add
- Allows the addition of a standard port group to a virtual switch.
esxcli network vswitch standard portgroup add OPTIONS
OPTIONS -p|--portgroup-name=<str> The name of the port group to add (required) -v|--vswitch-name=<str> The virtual switch to add the port group to. (required)
- remove
- Remove a port group from the given virtual switch
esxcli network vswitch standard portgroup remove OPTIONS
OPTIONS -p|--portgroup-name=<str> (required) -v|--vswitch-name=<str> (required)
- set
- Set the vlan id for the given port group
esxcli network vswitch standard portgroup set OPTIONS
OPTIONS -p|--portgroup-name=<str> The name of the port group to set vlan id for. (required) -v|--vlan-id=<long> The vlan id for this port group. This value is in the range (0 - 4095)
policy
failover
- get
- Get the network failover policy settings governing the given port group
esxcli network vswitch standard portgroup policy failover get OPTIONS
OPTIONS -p|--portgroup-name=<str> The name of the port group to use when fetching the port group failover policy. (required)
- set
- Configure the Failover policy for a port group. These setting may potentially override virtual switch settings.
esxcli network vswitch standard portgroup policy failover set OPTIONS
OPTIONS -a|--active-uplinks=<str> Configure the list of active adapters and their failover order. This list must be a comma seperated list of values with the uplink name and no spaces. Example: --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1 -b|--failback=<bool> Configure whether a NIC will be used immediately when it comes back in service after a failover -f|--failure-detection=<str> Set the method of determining how a network outage is detected. beacon: Detect failures based on active beaconing to the vswitch link: Detect failures based on the NIC link state -l|--load-balancing=<str> Set the load balancing policy for this policy. This can be one of the following options: explicit: Always use the highest order uplink from the list of active adapters which pass failover criteria. iphash: Route based on hashing the src and destination IP addresses mac: Route based on the MAC address of the packet source. portid: Route based on the originating virtual port ID. -n|--notify-switches=<bool> Indicate whether to send a notification to physical switches on failover -p|--portgroup-name=<str> The name of the port group to set failover policy for. (required) -s|--standby-uplinks=<str> Configure the list of standby adapters and their failover order. This list must be a comma seperated list of values with the uplink name and no spaces. Example: --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11 -u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings instead of overriding the settings for the port group. Using this in conjunction with other settings will first reset all of the fields to use the virtual switch setting and then apply the other options after the reset.
security
- get
- Get the Security Policy governing the given port group.
esxcli network vswitch standard portgroup policy security get OPTIONS
OPTIONS -p|--portgroup-name=<str> The name of the port group to use when fetching the network security policy. (required)
- set
- Set the security policy for a given port group
esxcli network vswitch standard portgroup policy security set OPTIONS
OPTIONS -f|--allow-forged-transmits=<bool> Allow ports on the virtual switch to send packets with forged source information. -m|--allow-mac-change=<bool> Allow ports on the virtual switch to change their MAC address. -o|--allow-promiscuous=<bool> Allow ports on the virtual switch to enter promiscuous mode. -p|--portgroup-name=<str> The name of the port group to set security policy for. (required) -u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings instead of overriding the settings for the port group. Using this in conjunction with other settings will first reset all of the fields to use the virtual switch setting and then apply the other options after the reset.
shaping
- get
- Get the network shaping policy settings governing the given port group
esxcli network vswitch standard portgroup policy shaping get OPTIONS
OPTIONS -p|--portgroup-name=<str> The name of the port group to use when fetching the port group shaping policy. (required)
- set
- Set the shaping policy settings for the given port group
esxcli network vswitch standard portgroup policy shaping set OPTIONS
OPTIONS -b|--avg-bandwidth=<long> The averge bandwidth allowed for this shaping policy. This value is in Kbps (1 Kbps = 1000 bits/s) -t|--burst-size=<long> The largest burst size allowed for this shaping policy. This value is in Kib (1 Kib = 1024 bits) -e|--enabled=<bool> Indicate whether to enable traffic shaping on this policy. If this is true then the --avg-bandwidth, --peak-bandwidth and --burst-size options are required. -k|--peak-bandwidth=<long> The peak bandwidth allowed for this shaping policy. This value is in Kbps (1 Kbps = 1000 bits/s) -p|--portgroup-name=<str> The name of the port group to set shaping policy for. (required) -u|--use-vswitch Reset all values for this policy to use parent virtual switch's settings instead of overriding the settings for the port group. Using this in conjunction with other settings will first reset all of the fields to use the virtual switch setting and then apply the other options after the reset.
uplink
- add
- Add an uplink to the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to enable use of this uplink on this virtual switch
esxcli network vswitch standard uplink add OPTIONS
OPTIONS -u|--uplink-name=<str> The name of the uplink to add to the virtual switch. (required) -v|--vswitch-name=<str> The name of the virtual switch to add an uplink to. (required)
- remove
- Remove an uplink from the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to disable use of this uplink on this virtual switch
esxcli network vswitch standard uplink remove OPTIONS
OPTIONS -u|--uplink-name=<str> The name of the uplink to remove from the virtual switch. (required) -v|--vswitch-name=<str> The name of the virtual switch to remove an uplink from. (required)