Difference between revisions of "ESXi - 6.7 network"
Jump to navigation
Jump to search
(→client) |
|||
| Line 137: | Line 137: | ||
* '''get''' | * '''get''' | ||
: Show the number of clients using a firewall ruleset. | : Show the number of clients using a firewall ruleset. | ||
:* <code>esxcli network firewall ruleset client get</code> | :* <code>esxcli network firewall ruleset client get '''LABEL'''</code> | ||
* '''add''' | * '''add''' | ||
: Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset. | : Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset. | ||
:* <code>esxcli network firewall ruleset client add</code> | :* <code>esxcli network firewall ruleset client add '''LABEL'''</code> | ||
* '''remove''' | * '''remove''' | ||
: Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled. | : Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled. | ||
:* <code>esxcli network firewall ruleset client remove</code> | :* <code>esxcli network firewall ruleset client remove '''LABEL'''</code> | ||
'''LABEL''' | |||
-r|--ruleset-id=<str> The label of the ruleset. (required) | |||
==== rule ==== | ==== rule ==== | ||
Revision as of 20:11, 9 February 2022
network
Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.
diag
- ping
- Send ICMP echo requests to network hosts.
esxcli network diag ping CMD_OPTIONS
CMD_OPTIONS
-c|--count=<long> Specify the number of packets to send.
-D|--debug VMKPing debug mode.
-d|--df Set DF bit on IPv4 packets.
-H|--host=<str> Specify the host to send packets to. This parameter is required when not
executing ping in debug mode (-D)
-I|--interface=<str> Specify the outgoing interface.
-i|--interval=<str> Set the interval for sending packets in seconds.
--ipv4 Ping with ICMPv4 echo requests.
--ipv6 Ping with ICMPv6 echo requests.
--netstack=<str> Specify the TCP/IP netstack which the interface resides on
-N|--nexthop=<str> Override the system's default route selection, in dotted quad notation.
(IPv4 only. Requires interface option)
-s|--size=<long> Set the payload size of the packets to send.
-t|--ttl=<long> Set IPv4 Time To Live or IPv6 Hop Limit
-W|--wait=<str> Set the timeout to wait if no responses are received in seconds.
ens
lcore
- list
- List ENS contexts.
esxcli network ens lcore list
- add
- Create ENS context.
esxcli network ens lcore add ID
ID -l|--lcore-id=<long> ENS context id to be created. (required)
- remove
- Destroy ENS context.
esxcli network ens lcore remove ID
ID -l|--lcore-id=<long> ENS context id to be destroyed. (required)
affinity
- get
- Get the affinity for given ENS context.
esxcli network ens lcore affinity get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- set
- Set affinity for given ENS context.
esxcli network ens lcore affinity set ID NODE
ID -l|--lcore-id=<long> ENS context id. (required) NODE -a|--affinity=<long> Numa node affinity. (required)
switch
- get
- Get the switch associated with given ENS context.
esxcli network ens lcore switch get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- add
- Associate given ENS context with given switch.
esxcli network ens lcore switch add ID SWITCH
ID -l|--lcore-id=<long> ENS context id. (required) SWITCH -s|--switch=<str> Switch name. (required)
- remove
- Disassociate given ENS context from virtual switch.
esxcli network ens lcore switch remove ID
ID -l|--lcore-id=<long> ENS context id. (required)
maxLcores
- get
- Get the maximum number of ENS contexts (lcores).
esxcli network ens maxLcores get
- set
- Set the maximum number of ENS contexts.
esxcli network ens maxLcores set MAXCORES
MAXCORES -n|--maxlcores=<long> Number of maximum ENS contexts to be assigned. (required)
firewall
- get
- Get the firewall status.
esxcli network firewall get
- set
- Set firewall enabled status and default action.
esxcli network firewall set PARAM
PARAM
--enabled or --default-action
- refresh
- Load ruleset configuration for firewall.
esxcli network firewall refresh
- load
- Load firewall module and rulesets configuration.
esxcli network firewall load
- unload
- Allow unload firewall module.
esxcli network firewall unload
ruleset
- list
- List the rulesets in firewall.
esxcli network firewall ruleset list
- set
- Set firewall ruleset status (allowedAll flag and enabled status).
esxcli network firewall ruleset set LABEL CMD_OPTIONS
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) CMD_OPTIONS -a|--allowed-all=<bool> Set to true to allowed all ip, set to false to use allowed ip list. -e|--enabled=<bool> Set to true to enable ruleset, set to false to disable it.
allowedip
- list
- list allowed ip addresses for rulesets.
esxcli network firewall ruleset allowedip list
- add
- Add allowed ip address/range to the ruleset ruleset.
esxcli network firewall ruleset allowedip add LABEL RANGE
- remove
- Remove allowed ip address/range from the ruleset.
esxcli network firewall ruleset allowedip remove LABEL RANGE
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) RANGE -i|--ip-address=<str> Allowed ip address/range for the ruleset. (required)
client
- get
- Show the number of clients using a firewall ruleset.
esxcli network firewall ruleset client get LABEL
- add
- Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
esxcli network firewall ruleset client add LABEL
- remove
- Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
esxcli network firewall ruleset client remove LABEL
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required)
rule
- list
- List the rules of each ruleset in firewall.
esxcli network firewall ruleset rule list