ESXi - 6.7 network

From Da Nerd Mage Wiki
Revision as of 16:23, 10 February 2022 by Tinker (talk | contribs)
Jump to navigation Jump to search

network

Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.

diag

  • ping
Send ICMP echo requests to network hosts.
  • esxcli network diag ping OPTIONS
OPTIONS
 -c|--count=<long>     Specify the number of packets to send.
 -D|--debug            VMKPing debug mode.
 -d|--df               Set DF bit on IPv4 packets.
 -H|--host=<str>       Specify the host to send packets to. This parameter is required when not
                       executing ping in debug mode (-D)
 -I|--interface=<str>  Specify the outgoing interface.
 -i|--interval=<str>   Set the interval for sending packets in seconds.
 --ipv4                Ping with ICMPv4 echo requests.
 --ipv6                Ping with ICMPv6 echo requests.
 --netstack=<str>      Specify the TCP/IP netstack which the interface resides on
 -N|--nexthop=<str>    Override the system's default route selection, in dotted quad notation.
                       (IPv4 only. Requires interface option)
 -s|--size=<long>      Set the payload size of the packets to send.
 -t|--ttl=<long>       Set IPv4 Time To Live or IPv6 Hop Limit
 -W|--wait=<str>       Set the timeout to wait if no responses are received in seconds.

ens

lcore

  • list
List ENS contexts.
  • esxcli network ens lcore list
  • add
Create ENS context.
  • esxcli network ens lcore add ID
ID
 -l|--lcore-id=<long>  ENS context id to be created. (required)
  • remove
Destroy ENS context.
  • esxcli network ens lcore remove ID
ID
 -l|--lcore-id=<long>  ENS context id to be destroyed. (required)

affinity

  • get
Get the affinity for given ENS context.
  • esxcli network ens lcore affinity get ID
ID
 -l|--lcore-id=<long>  ENS context id. (required)
  • set
Set affinity for given ENS context.
  • esxcli network ens lcore affinity set ID NODE
ID
 -l|--lcore-id=<long>  ENS context id. (required)
NODE
 -a|--affinity=<long>  Numa node affinity. (required)

switch

  • get
Get the switch associated with given ENS context.
  • esxcli network ens lcore switch get ID
ID
 -l|--lcore-id=<long>  ENS context id. (required)
  • add
Associate given ENS context with given switch.
  • esxcli network ens lcore switch add ID SWITCH
ID
 -l|--lcore-id=<long>  ENS context id. (required)
SWITCH
 -s|--switch=<str>     Switch name. (required)
  • remove
Disassociate given ENS context from virtual switch.
  • esxcli network ens lcore switch remove ID
ID
 -l|--lcore-id=<long>  ENS context id. (required)

maxLcores

  • get
Get the maximum number of ENS contexts (lcores).
  • esxcli network ens maxLcores get
  • set
Set the maximum number of ENS contexts.
  • esxcli network ens maxLcores set MAXCORES
MAXCORES
 -n|--maxlcores=<long> Number of maximum ENS contexts to be assigned. (required)

firewall

  • get
Get the firewall status.
  • esxcli network firewall get
set
Set firewall enabled status and default action.
  • esxcli network firewall set PARAM
PARAM
    --enabled OR --default-action
  • refresh
Load ruleset configuration for firewall.
  • esxcli network firewall refresh
load
Load firewall module and rulesets configuration.
  • esxcli network firewall load
unload
Allow unload firewall module.
  • esxcli network firewall unload

ruleset

  • list
List the rulesets in firewall.
  • esxcli network firewall ruleset list
set
Set firewall ruleset status (allowedAll flag and enabled status).
  • esxcli network firewall ruleset set LABEL OPTIONS
LABEL
 -r|--ruleset-id=<str>     The label of the ruleset. (required)
OPTIONS
 -a|--allowed-all=<bool>   Set to true to allowed all ip, set to false to use allowed ip list.
 -e|--enabled=<bool>       Set to true to enable ruleset, set to false to disable it.

allowedip

  • list
list allowed ip addresses for rulesets.
  • esxcli network firewall ruleset allowedip list
add
Add allowed ip address/range to the ruleset ruleset.
  • esxcli network firewall ruleset allowedip add LABEL RANGE
  • remove
Remove allowed ip address/range from the ruleset.
  • esxcli network firewall ruleset allowedip remove LABEL RANGE
LABEL
 -r|--ruleset-id=<str> The label of the ruleset. (required)
RANGE
-i|--ip-address=<str> Allowed ip address/range for the ruleset. (required)

client

  • get
Show the number of clients using a firewall ruleset.
  • esxcli network firewall ruleset client get LABEL
add
Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
  • esxcli network firewall ruleset client add LABEL
remove
Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
  • esxcli network firewall ruleset client remove LABEL
LABEL
 -r|--ruleset-id=<str> The label of the ruleset. (required)

rule

  • list
List the rules of each ruleset in firewall.
  • esxcli network firewall ruleset rule list

ip

  • get
Get global IP settings
  • esxcli network ip get
  • set
Update global IP settings
  • esxcli network ip set
Configure the VMkernel Adapter Gateway by Using esxcli Commands

connection

  • list
List active TCP/IP connections
  • esxcli network ip connection list

dns

search

  • list
List the search domains currently configured on the ESXi host in the order in which they will be used when searching.
  • esxcli network ip dns search list
  • add
Add a search domain to the list of domains to be searched when trying to resolve an host name on the ESXi host.
  • esxcli network ip dns search add DOMAIN NETSTACK
  • remove
Remove a search domain from the list of domains to be searched when trying to resolve an host name on the ESXi host.
  • esxcli network ip dns search remove DOMAIN NETSTACK

server

  • list
Print a list of the DNS server currently configured on the system in the order in which they will be used.
  • esxcli network ip dns server list
  • add
Add a new DNS server to the end of the list of DNS servers to use for this ESXi host.
  • esxcli network ip dns server add DOMAIN SERVER
  • remove
Remove a DNS server from the list of DNS servers to use for this ESXi host.
  • esxcli network ip dns server remove PARAM
DOMAIN
 -d|--domain=<str>     The string name of a domain to remove from the list of search domains.
                       (required)
NETSTACK
 -N|--netstack=<str>   The network stack instance; if unspecified, use the default netstack
                       instance
SERVER
 -s|--server=<str>     The IP address (v4 or v6) of the DNS server to add to the DNS server list.
                       (required)
PARAM
--all, --server

interface

  • list
This command will list the VMkernel network interfaces currently known to the system.
  • esxcli network ip interface list
  • set
This command sets the enabled status and MTU size of a given IP interface
  • esxcli network ip interface set OPTIONS
OPTIONS
 -e|--enabled=<bool>   Set to true to enable the interface, set to false to disable it.
 -i|--interface-name=<str>
                       The name of the interface to apply the configurations. (required)
 -m|--mtu=<long>       The MTU size of the IP interface.
  • add
Add a new VMkernel network interface.
  • esxcli network ip interface add OPTIONS
OPTIONS
 -P|--dvport-id=<str>  DVPort ID of the connection point. This requires
                       --dvs-name to be given in the same command
 -s|--dvs-name=<str>   DVSwitch name of the connection point. This requires
                       --dvport-id to be given in the same command
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to create.
                       This name must be in the form vmkX, where X is a
                       number 0-255
 -M|--mac-address=<str>
                       Set the MAC address for the newly created VMkernel
                       network interface.
 -m|--mtu=<long>       Set the MTU setting for a given VMkernel network
                       interface on creation
 -N|--netstack=<str>   The network stack instance; if unspecified, use the
                       default netstack instance
 -p|--portgroup-name=<str>
                       The name of the vswitch port group to add this
                       VMkernel network interface to.
  • remove
Remove a VMkernel network interface from the ESXi host. A VMKernel network interface can be uniquely specified by --interface-name or --portgroup-name or --dvs-name/--dvport-id. i.e. Providing its name or its connection point are two ways to uniquely specify a VMKernel network interface.
  • esxcli network ip interface remove OPTIONS
OPTIONS
 -P|--dvport-id=<str>  DVPort ID of the connection point. This requires
                       --dvs-name to be given in the same command
 -s|--dvs-name=<str>   DVSwitch name of the connection point. This requires
                       --dvport-id to be given in the same command
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to remove.
                       This name must be in the form vmkX, where X is a
                       number 0-255
 -N|--netstack=<str>   The network stack instance; if unspecified, use the
                       default netstack instance
 -p|--portgroup-name=<str>
                       The name of the vswitch port group to delete this
                       VMkernel network interface from.

ipv4

  • get
List the IPv4 addresses assigned to VMkernel network interfaces.
  • esxcli network ip interface ipv4 get
  • set
Configure IPv4 setting for a given VMkernel network interface.
  • esxcli network ip interface ipv4 set OPTIONS
OPTIONS
 -g|--gateway=<str>    The default gateway for this interface. The value must be a valid IPv4
                       address. Gateway would be reset if not provided
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to set IPv4 settings for. This
                       name must be an interface listed in the interface list command. (required)
 -I|--ipv4=<str>       The static IPv4 address for this interface.
 -N|--netmask=<str>    The static IPv4 netmask for this interface.
 -P|--peer-dns=<bool>  A boolean value to indicate if the system should use the DNS settings
                       published via DHCPv4 for this interface.
 -t|--type=<str>       IPv4 Address type :
                           dhcp: Use DHCP to aquire IPv4 setting for this interface.
                           none: Remove IPv4 settings form this interface.
                           static: Set Static IPv4 information for this interface. Requires --ipv4
                       and --netmask options.
address
  • list
List the IPv4 addresses assigned to VMkernel network interfaces.
  • esxcli network ip interface ipv4 address list

ipv6

  • get
Get IPv6 settings for VMkernel network interfaces. This does not include the IPv6 addresses which can be found in the "address list" command.
  • esxcli network ip interface ipv6 get
  • set
Configure IPv6 settings for a given VMkernel network interface.
  • esxcli network ip interface ipv6 set OPTIONS
OPTIONS
 -d|--enable-dhcpv6=<bool>
                       Setting this value to true will enable DHCPv6 on this interface and attempt
                       to aquire an IPv6 address from the network
 -e|--enable-ipv6=<bool>
                       Setting this value to true enables IPv6 on thisinterface while setting it
                       to false disables IPv6 on this interface.
 -r|--enable-router-adv=<bool>
                       Setting this value to true will enable IPv6 Router Advertised IPv6
                       addresses to be added to this interface from any routers broadcasting on
                       the local network.
 -g|--gateway=<str>    A default gateway for this interface. The value must be a valid IPv6
                       address.
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to set IPv6 settings for. This
                       name must be an interface listed in the interface list command. (required)
 -P|--peer-dns=<bool>  A boolean value to indicate if the system should use the DNS settings
                       published via DHCPv6 for this interface.
address
  • list
This command will list all of the IPv6 addresses currently assigned to the system
  • esxcli network ip interface ipv6 address list
  • add
Add a static IPv6 address to a given VMkernel network interface.
  • esxcli network ip interface ipv6 address add OPTIONS
OPTIONS
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to add a static IPv6 address to.
                       This name must be an interface listed in the interface list command.
                       (required)
 -I|--ipv6=<str>       The IPv6 address to add to the given VMkernel network interface. This must
                       be in X:X:X::/X format (required)
  • remove
Remove an IPv6 address from a given VMkernel network interface.
  • esxcli network ip interface ipv6 address remove OPTIONS
OPTIONS
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to remove an IPv6 address from.
                       This name must be an interface listed in the interface list command.
                       (required)
 -I|--ipv6=<str>       The IPv6 address to remove from the given VMkernel network interface. This
                       must be in X:X:X::/X format (required)

tag

  • get
Gets the tags set on the given VMkernel network interface.
  • esxcli network ip interface tag get INTERFACE
  • add
Adds a tag on a given VMkernel network interface. Supported tags are: Management, VMotion, faultToleranceLogging, vSphereReplication, vSphereReplicationNFC, vSphereProvisioning, VSAN, VSANWitness
  • esxcli network ip interface tag add INTERFACE'TAGNAME'
  • remove
Removes a tag on a given VMkernel network interface.
  • esxcli network ip interface tag remove INTERFACE'TAGNAME'
INTERFACE
  -i|--interface-name=<str>
                       Name of the VMkernel network interface (vmknic) whose tags are to be
                       read/set/removed (required)
                       This name must be an interface listed in the interface list command.
                       (required)
TAGNAME
 -t|--tagname=<str>    Tag name to assign to the interface (required)

ipsec

sa

  • list
List configured Security Associations
  • esxcli network ip ipsec sa list
  • add
Add a Security Association.
  • esxcli network ip ipsec sa add OPTIONS
OPTIONS
 -e|--encryption-algorithm=<str>
                       Encryption algorithm for the Security Association. Should be one in set
                       [null, 3des-cbc, aes128-cbc]. (required)
 -k|--encryption-key=<str>
                       Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm
                       used. Required when a encryption algorithm has been specified.
 -i|--integrity-algorithm=<str>
                       Integrity algorithm for the Security Association. Should be one in set
                       [hmac-sha1, hmac-sha2-256]. (required)
 -K|--integrity-key=<str>
                       Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm
                       used. (required)
 -d|--sa-destination=<str>
                       Ipv6 address of Security Association destination. Can be specified as 'any'
                       or a correct IPv6 address. (required)
 -m|--sa-mode=<str>    Security Association mode. Should be one in set  [transport, tunnel].
 -n|--sa-name=<str>    Name for the Security Association to be added. (required)
 -s|--sa-source=<str>  Ipv6 address of Security Association source. Can be specified as 'any' or a
                       correct IPv6 address. (required)
 -p|--sa-spi=<str>     SPI value for the Security Association(hex). (required)
  • remove
Operation to remove Security Association(s)
  • esxcli network ip ipsec sa remove OPTIONS
OPTIONS
 -a|--remove-all       Set to remove all Security Associations.
 -d|--sa-destination=<str>
                       Ipv6 address of Security Association destination. This
                       option needs to be specified when removing an auto SA.
 -n|--sa-name=<str>    Name for the Security Association to be removed.
                       Specify 'auto' to remove an auto SA.
 -s|--sa-source=<str>  Ipv6 address of Security Association source. This
                       option needs to be specified when removing an auto SA.
 -p|--sa-spi=<str>     SPI value for the Security Association (hex). This
                       option needs to be specified when removing an auto SA

sp

  • list
List configured Security Policys
  • esxcli network ip ipsec sp list
  • add
Add a Security Policy.
  • esxcli network ip ipsec sp add OPTIONS
OPTIONS
 -A|--action=<str>     Action for Security Policy. Should be one in set  [none, discard, ipsec].
 -P|--destination-port=<long>
                       Destination Port for Security Policy. '0' stands for 'any' (required)
 -w|--flow-direction=<str>
                       Flow direction for Security Policy. Should be one in set  [in, out].
 -a|--sa-name=<str>    Name for the Security Association. Not being Specified lets vmkernel
                       automatically choose an Security Association. If no applicable Security
                       Association exists, then vmkernel may request one using IKE.
 -p|--source-port=<long>
                       Source Port for Security Policy. '0' stands for 'any' (required)
 -d|--sp-destination=<str>
                       Ipv6 address and prefix length of Security Policy destination. Can be
                       specified as 'any' or a correct Ipv6 network address. (required)
 -m|--sp-mode=<str>    Security Policy mode. Should be one in set  [transport, tunnel].
 -n|--sp-name=<str>    Name for the Security Policy to be added. (required)
 -s|--sp-source=<str>  Ipv6 address and prefix length of Security Policy source. Can be specified
                       as 'any' or a correct IPv6 network address. (required)
 -u|--upper-layer-protocol=<str>
                       Upper layer protocol for Security Policy, Should be one in set  [any, tcp,
                       udp, icmp6].
  • remove
Operation to remove Security Policy
  • esxcli network ip ipsec sp remove PARAM
PARAM
--remove-all OR --sa-name

neighbor

  • list
List ARP table entries
  • esxcli network ip neighbor list
  • remove
Remove ARP table entries
  • esxcli network ip neighbor remove OPTIONS
OPTIONS
 -i|--interface-name=<str>
                       The name of the VMkernel network interface to remove the neighbor entry
                       from. If not specified, neighbor will be removed from all interfaces
 -a|--neighbor-addr=<str>
                       The IPv4/IPv6 address of the neighbor. (required)
 -N|--netstack=<str>   The network stack instance; if unspecified, use the default netstack
                       instance
 -v|--version=<str>    IP version :  [4, 6] (required)

netstack

  • list
This command will list the VMkernel Netstack instances currently known to the system.
  • esxcli network ip netstack list
  • get
Get runtime/configuration settings for a given Netstack Instance.
  • esxcli network ip netstack get NETSTACK
  • add
Add a new Netstack Instance.
  • esxcli network ip netstack add NETSTACK DISABLE
  • remove
Remove a new Netstack Instance.
  • esxcli network ip netstack remove NETSTACK
  • set
Configure settings for a given Netstack Instance.
  • esxcli network ip netstack set NETSTACK OPTIONS
NETSTACK
 -N|--netstack=<str>   The network stack instance (required)
DISABLE
 -d|--disabled         Create the netstack instance only in config i.e. in disabled state. Does
                       not create in kernel.
OPTIONS
 -c|--ccalgo=<str>     The TCP Congestion Contol Algorithm for this netstack instance (not applied
                       to existing connections).:
                           cubic: Set cubic as the algorithm
                           newreno: Set newreno as the algorithm
 -e|--enable=<bool>    Enable the netstack instance (create in kernel)
 -i|--ipv6enabled=<bool>
                       To enable IPv6 for this netstack instance (aplied only during netstack
                       creation).
 -m|--maxconn=<long>   The maximum number of connections for this netstack instance (applied only
                       during netstack creation).
 -n|--name=<str>       The name for this netstack instance.

route

ipv4

  • list
List configured IPv4 routes
  • esxcli network ip route ipv4 list
  • add
Add IPv4 route to the VMkernel.
  • esxcli network ip route ipv4 add GATEWAY [NETSTACK] NETWORK
  • remove
Remove IPv4 route
  • esxcli network ip route ipv4 remove GATEWAY [NETSTACK] NETWORK

ipv6

  • list
List configured IPv6 routes
  • esxcli network ip route ipv6 list
  • add
Add IPv6 route to the VMkernel.
  • esxcli network ip route ipv6 add GATEWAY [NETSTACK] NETWORK
  • remove
Remove IPv6 route from the VMkernel
  • esxcli network ip route ipv6 remove GATEWAY [NETSTACK] NETWORK
GATEWAY
 -g|--gateway=<str>    The Ipv6 address of the gateway through which a route to be removed
                       (required)
NETSTACK
 -N|--netstack=<str>   The network stack instance; if unspecified, use the default netstack
                       instance
NETWORK
 -n|--network=<str>    The Ipv6 address and prefix length of the network to remove the route from.
                       Specify 'default' to indicate the default network. (required)

multicast

group

  • list
List all the multicast group members.
  • esxcli network multicast group list

nic

  • list
This command will list the Physical NICs currently installed and loaded on the system.
  • esxcli network nic list
  • get
Get the generic configuration of a network device
  • esxcli network nic get NIC_NAME
  • set
Set the general options for the specified ethernet device.
  • esxcli network nic set NIC_NAME OPTIONS
  • down
Bring down the specified network device.
  • esxcli network nic down NIC_NAME
  • up
Bring up the specified network device.
  • esxcli network nic up NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   The name of the NIC to configured. This must be one of the cards listed in
                       the nic list command. (required)
OPTIONS
 -a|--auto             Set the speed and duplexity settings to autonegotiate.
 -D|--duplex=<str>     The duplex to set this NIC to. Acceptable values are : [full, half]
 -l|--message-level=<long>
                       Sets the driver message level. Meaning differ per driver.
 -P|--phy-address=<long>
                       Set the PHY address of the device
 -p|--port=<str>       Selects device port. Available device ports are
                           aui: Select AUI (Attachment Unit Interface) as the device port
                           bnc: Select BNC (Bayonet Neill-Concelman) as the device port
                           da: Select DA (Direct Attach copper) as the device port
                           fibre: Select fibre as the device port
                           mii: Select MII (Media Independent Interface) as the device port
                           tp: Select TP (Twisted Pair) as the device port
 -S|--speed=<long>     The speed to set this NIC to, in Mbps. Acceptable values are : [10, 100,
                       1000, 2500, 5000, 10000, 20000, 25000, 40000, 50000, 56000, 100000]
 -t|--transceiver-type=<str>
                       Selects transeiver type. Currently only internal and external can be
                       specified, in the future future types might be added. Available transeiver
                       types are
                           external: Set the transceiver type to external
                           internal: Set the transceiver type to internal
 -V|--virtual-address=<str>
                       Set the virtual address of the device
 -w|--wake-on-lan=<str>
                       Sets Wake-on-LAN options. Not all devices support this. The argument to
                       this option is a string of characters specifying which options to enable.
                       p Wake on phy activity
                       u Wake on unicast messages
                       m Wake on multicast messages
                       b Wake on broadcast messages
                       a Wake on ARP
                       g Wake on MagicPacket(tm)
                       s Enable SecureOn(tm) password for MagicPacket(tm)

coalesce

  • get
Get coalesce parameters
  • esxcli network nic coalesce get
  • set
Set coalesce parameters on a nic
  • esxcli network nic coalesce set NIC_NAME [OPTIONS]
NIC_NAME
 -n|--vmnic=<str>      Name of vmnic to set coalesce parameters. (required)
OPTIONS
 -a|--adaptive-rx=<bool>
                       enable or disable adaptive RX algorithm in driver.
 -A|--adaptive-tx=<bool>
                       enable or disable adaptive TX algorithm in driver.
 -R|--rx-max-frames=<long>
                       Maximum number of RX frames driver to process before interrupting.
 -r|--rx-usecs=<long>  Number of microseconds driver to wait for RX before interrupting.
 -i|--sample-interval=<long>
                       Packet rate sampling internal in seconds for the adaptive coalescing
                       algorithm in driver.
 -T|--tx-max-frames=<long>
                       Maximum number of completed TX frames driver to process before
                       interrupting.
 -t|--tx-usecs=<long>  Number of microseconds driver to wait for completed TX before interrupting.

high

  • get
Get information about the behavior of a NIC when it sends or receives packets at high packet rate.
  • esxcli network nic coalesce high get NIC_NAME
  • set
Set parameters to control the behavior of a NIC when it sends or receives packets at high packet rate.
  • esxcli network nic coalesce high set NIC_NAME [OPTIONS]

low

  • get
Get information about the behavior of a NIC when it sends or receives packets at low packet rate.
  • esxcli network nic coalesce low get NIC_NAME
  • set
Set parameters to control the behavior of a NIC when it sends or receives packets at low packet rate.
  • esxcli network nic coalesce low set NIC_NAME [OPTIONS]
NIC_NAME
 -n|--vmnic=<str>      The name of the pnic for which information should be retrieved. (required)
OPTIONS
 -p|--pkt-rate=<long>  The high packet rate measured in number of packets per second. When packet
                       rate is above this parameter, the RX/TX coalescing parameters configured by
                       this command are used.
 -R|--rx-max-frames=<long>
                       The maximum number of RX packets to delay an RX interrupt after they arrive
                       under high packet rate conditions.
 -r|--rx-usecs=<long>  The number of microseconds to delay an RX interrupt after a packet arrives
                       under high packet rate conditions.
 -T|--tx-max-frames=<long>
                       The maximum number of TX packets to delay an TX interrupt after they are
                       sent under high packet rate conditions.
 -t|--tx-usecs=<long>  The number of microseconds to delay a TX interrupt after a packet is sent
                       under high packet rate conditions.
 -n|--vmnic=<str>      Name of the vmnic for which parameters should be set. (required)

cso

  • get
Get checksum offload settings
  • esxcli network nic cso get
  • set
Set checksum offload settings on a nic
  • esxcli network nic cso set OPTIONS
OPTIONS
 -e|--enable=<long>    RX/TX checksum offload (required)
 -n|--vmnic=<str>      Name of vmnic to set offload settings. (required)

eeprom

  • dump
Dump device EEPROM
  • esxcli network nic eeprom dump OPTIONS
OPTIONS
 -l|--length=<long>    Bytes of EEPROM to dump
 -o|--offset=<long>    Offset of EEPROM starting to dump
 -n|--vmnic=<str>      The name of pnic to dump EEPROM (required)
  • change
Change EEPROM on a nic
  • esxcli network nic eeprom change OPTIONS
OPTIONS
 -f|--file=<str>       File name of new EEPROM content
 -m|--magic=<long>     Magic key of EEPROM (required)
 -o|--offset=<long>    Offset of EEPROM to change
 -v|--value=<long>     New EEPROM value in double word
 -n|--vmnic=<str>      Name of vmnic to change EEPROM. (required)

negotiate

  • restart
Restart N-Way negotiation on a nic
  • esxcli network nic negotiate restart NIC_NAME
NIC_NAME
 -n|--vmnic=<str>      Name of vmnic to restart negotiation (required)

pauseParams

  • list
List pause parameters of all NICs
  • esxcli network nic pauseParams list
  • set
Set pause parameters for a NIC
  • esxcli network nic pauseParams set OPTIONS
OPTIONS
 -a|--auto=<bool>      Enable/disable auto negotiation.
 -n|--nic-name=<str>   Name of NIC whose pause parameters should be set. (required)
 -r|--rx=<bool>        Enable/disable pause RX flow control.
 -t|--tx=<bool>        Enable/disable pause TX flow control.

queue

count

  • get
Get netqueue count on a nic
  • esxcli network nic queue count get
  • set
Set number of netqueues on a nic
  • esxcli network nic queue count set OPTIONS
OPTIONS
 -q|--num=<long>       Number of queues to set. (required)
 -r|--rx=<bool>        Rx netqueue to set count.
 -t|--tx=<bool>        Tx netqueue to set count.
 -n|--vmnic=<str>      Name of vmnic to set netqueue count. (required)

filterclass

  • list
List the netqueue supported filterclass of all physical NICs currently installed and loaded on the system.
  • esxcli network nic queue filterclass list

loadbalancer

  • list
List the netqueue load balancer settings of all physical NICs currently installed and loaded on the system. Setting legend as follows,
S: Setting supported by device
U: Setting unsupported by device
N: Setting not applicable to device
A: Setting allowed at load balancing
D: Setting disallowed at load balancing
  • esxcli network nic queue loadbalancer list
  • set
Enable/disable netqueue load balancer setting on a NIC.
  • esxcli network nic queue loadbalancer set OPTIONS
OPTIONS
 --dynpoollb=<bool>    Configure Dynamic queue pool at netqueue load balancer.
 --geneveoamlb=<bool>  Configure Geneve OAM at netqueue load balancer.
 --lrolb=<bool>        Configure Large Receive Offload at netqueue load balancer.
 --maclearnlb=<bool>   Configure Mac learn load balancing at netqueue load balancer.
 --rsslb=<bool>        Configure Receive Side Scaling at netqueue load balancer.
 --rxdynlb=<bool>      Configure RX dynamic load balancing at netqueue load balancer.
 --rxqlatency=<bool>   Configure Rx queue latency at netqueue load balancer.
 --rxqnofeat=<bool>    Configure Rx queue no feature at netqueue load balancer.
 --rxqpair=<bool>      Configure Rx queue pair at netqueue load balancer.
 --rxqpreempt=<bool>   Configure pre-emptible queue at netqueue load balancer.
 -n|--vmnic=<str>      Name of vmnic to update netqueue load balancer setting. (required)
plugin
  • list
Details of netqueue balancer plugins on all physical NICs currently installed and loaded on the system
  • esxcli network nic queue loadbalancer plugin list
  • set
Enable/disable netqueue load balancer setting on a NIC.
  • esxcli network nic queue loadbalancer plugin set OPTIONS
OPTIONS
 -e|--enable=<bool>    Netqueue balancer plugin state (required)
 -m|--module=<str>     Name of netqueue balancer module (required)
 -p|--plugin=<str>     Name of netqueue balancer plugin (required)
 -n|--vmnic=<str>      Name of vmnic to change netqueue balancer plugin state (required)
state
  • list
Netqueue balancer state of all physical NICs currently installed and loaded on the system
  • esxcli network nic queue loadbalancer state list
  • set
Enable/disable netqueue balancer on a NIC
  • esxcli network nic queue loadbalancer state set OPTIONS
OPTIONS
 -e|--enable=<bool>    Netqueue balancer state (required)
 -n|--vmnic=<str>      Name of vmnic to change netqueue balancer state (required)

register

  • dump
Dump device registers
  • esxcli network nic register dump NIC_NAME
NIC_NAME
 -n|--vmnic=<str>      The name of pnic to dump registers (required)

ring

current

  • get
Get current RX/TX ring buffer parameters of a NIC
  • esxcli network nic ring current get NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   The name of the NIC whose current RX/TX ring buffer parameters should be
                       retrieved. (required)
  • set
Set current RX/TX ring buffer parameters of a NIC
  • esxcli network nic ring current set NIC_NAME OPTIONS
NIC_NAME
 -n|--nic-name=<str>   The name of the NIC whose current RX/TX ring buffer parameters should be
                       set. (required)
OPTIONS
 -r|--rx=<long>        Number of ring entries for the RX ring.
 -j|--rx-jumbo=<long>  Number of ring entries for the RX jumbo ring.
 -m|--rx-mini=<long>   Number of ring entries for the RX mini ring.
 -t|--tx=<long>        Number of ring entries for the TX ring.

preset

  • get
Get preset RX/TX ring buffer parameters of a NIC
  • esxcli network nic ring preset get NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   The name of the NIC whose preset RX/TX ring buffer parameters should be
                       retrieved. (required)

selftest

  • run
Run self test
  • esxcli network nic selftest run OPTIONS
OPTIONS
 -o|--online=<long>    Performing limited set of tests do not inetrrupt normal adapter operation,
                       default is offline
 -n|--vmnic=<str>      The name of pnic to dump EEPROM (required)

sg

  • get
Get scatter-gather settings
  • esxcli network nic sg get
  • set
Set scatter-gatter settings on a nic
  • esxcli network nic sg set OPTIONS
OPTIONS
 -e|--enable=<long>    Enable/disable scatter-gather (required)
 -n|--vmnic=<str>      Name of vmnic to configure scatter-gather settings. (required)

software

  • list
List software simulation settings of physical NICs currently installed and loaded on the system.
  • esxcli network nic software list
  • set
Enable and disable software simulation settings on a NIC.
  • esxcli network nic software set OPTIONS
OPTIONS
 --geneveoffload=<bool>
                       Configure Geneve encapsulation offload software simulation.
 --highdma=<bool>      Configure high DMA software simulation.
 --ipv4cso=<bool>      Configure IPv4 checksum offload software simulation.
 --ipv4tso=<bool>      Configure IPv4 TCP segmentation offload software simulation.
 --ipv6cso=<bool>      Configure IPv6 checksum offload software simulation.
 --ipv6csoext=<bool>   Configure IPv6 extend header checksum offload software simulation.
 --ipv6tso=<bool>      Configure IPv6 TCP segmentation offload software simulation.
 --ipv6tsoext=<bool>   Configure IPv6 extend header TCP segmentation offload software simulation.
 --obo=<bool>          Configure offset based encapsulation offload software simulation.
 --sg=<bool>           Configure scatter gather software simulation.
 --sgsp=<bool>         Configure scatter gather span multiple pages software simulation.
 --tagging=<bool>      Configure TX VLAN tagging software simulation.
 --untagging=<bool>    Configure RX VLAN untagging software simulation.
 -n|--vmnic=<str>      Name of the vmnic whose software similation settings should be updated.
                       (required)
 --vxlanencap=<bool>   Configure VXLAN encapsulation offload software simulation.

stats

  • get
Get NIC statistics for a given interface.
  • esxcli network nic stats get NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   Name of the NIC to get statistics from. (required)

tso

  • get
Get TCP segmentation offload settings
  • esxcli network nic tso get
  • set
Set TCP segmentation offload settings on a nic
  • esxcli network nic tso set OPTIONS
OPTIONS
 -e|--enable=<long>    TCP segmentation offload (required)
 -n|--vmnic=<str>      Name of vmnic to set TSO settings. (required)

vlan

stats

  • get
List VLAN statistics for active VLAN's on the NIC.
  • esxcli network nic vlan stats get NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   Name of the NIC to get statistics from. (required)
  • set
Enable/disable VLAN statistics collection on the NIC.
  • esxcli network nic vlan stats set OPTIONS
OPTIONS
 -e|--enabled=<bool>   Whether to enable or disable VLAN statistics (required)
 -n|--nic-name=<str>   Name of the NIC to get statistics from. (required)

port

filter

stats

  • get
Filter statistics for a given port.
  • esxcli network port filter stats get PORT_ID
PORT_ID
 -p|--portid=<long>    Port ID for the port to get filter statistics. (required)

stats

  • get
Packet statistics for a given port.
  • esxcli network port stats get PORT_ID
PORT_ID
 -p|--portid=<long>    Port ID for the port to get statistics. (required)

sriovnic

  • list
This command will list the SRIOV Enabled NICs (PFs) currently installed and loaded on the system.
  • esxcli network sriovnic list

vf

  • list
Get the generic configuration of VFs for SRIOV NIC.
  • esxcli network sriovnic vf list NIC_NAME
NIC_NAME
 -n|--nic-name=<str>   The name of the SRIOV NIC to configured. This must be one of the cards
                       listed in the sriovNic list command. (required)
  • stats
Get statistics for given VF of a SRIOV NIC.
  • esxcli network sriovnic vf stats OPTIONS
OPTIONS
 -n|--nic-name=<str>   The name of the SRIOV NIC. This must be one of the cards listed in the
                       sriovNic list command. (required)
 -v|--vf-id=<long>     The VF ID of the virtual function whose stats are to be collected. This
                       must be one of the VF IDs listed in the sriovnic vf list command.
                       (required)

vm

  • list
List networking information for the VM's that have active ports.
  • esxcli network vm list

port

  • list
List of active ports for a given VM.
  • esxcli network vm port list VM_WORLD_ID
VM_WORLD_ID
 -w|--world-id=<long>  World ID of the VM for listing ports. (required)

vswitch

dvs

vmware

  • list
List the VMware vSphere Distributed Switch currently configured on the ESXi host.
  • esxcli network vswitch dvs vmware list
lacp
config
  • get
Get LACP configuration on DVS
  • esxcli network vswitch dvs vmware lacp config get
stats
  • get
Get LACP stats on DVS uplinks
  • esxcli network vswitch dvs vmware lacp stats get
status
  • get
Get LACP status on DVS
  • esxcli network vswitch dvs vmware lacp status get
timeout
  • set
Set long/short timeout for vmnics in one LACP LAG
  • esxcli network vswitch dvs vmware lacp timeout set OPTIONS
OPTIONS
 -l|--lag-id=<long>    The ID of LAG to be configured. (required)
 -n|--nic-name=<str>   The nic name. If it is set, then only this vmnic in the lag will be
                       configured.
 -t|--timeout=<bool>   Set long or short timeout: 1 for short timeout and 0 for long timeout.
                       (required)
 -s|--vds=<str>        The name of VDS. (required)

standard

  • list
List the virtual switches current on the ESXi host.
  • esxcli network vswitch standard list
  • add
Add a new virtual switch to the ESXi networking system.
  • esxcli network vswitch standard add OPTIONS
OPTIONS
 -P|--ports=<long>     The number of ports to to give this newly created virtual switch. Maximum
                       ports per virtual switch is 4096. If no value is given the default
                       value(128) is used. The number of ports is limited by the number of already
                       allocated ports on the host. The system wide port count cannot be greater
                       than 4608.
 -v|--vswitch-name=<str>
                       The name of the virtual switch to create. (required)
  • remove
Remove a virtual switch from the ESXi networking system.
  • esxcli network vswitch standard remove OPTIONS
OPTIONS
 -v|--vswitch-name=<str>
                       The name of the virtual switch to remove. (required)
  • set
This command sets the MTU size and CDP status of a given virtual switch.
  • esxcli network vswitch standard set OPTIONS
OPTIONS
 -c|--cdp-status=<str> The CDP status of the given virtual switch. It can be 'down', 'listen',
                       'advertise' or 'both'
 -m|--mtu=<long>       The MTU size of the given virtual switch.
 -v|--vswitch-name=<str>
                       The name of virtual switch to apply the configurations. (required)

policy

failover
  • get
Get the failover policy settings governing the given virtual switch
  • esxcli network vswitch standard policy failover get OPTIONS
OPTIONS
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when fetching the switch failover
                       policy. (required)
  • set
Configure the Failover policy for a virtual switch.
  • esxcli network vswitch standard policy failover set OPTIONS
OPTIONS
 -a|--active-uplinks=<str>
                       Configure the list of active adapters and their failover order. This list
                       must be a comma seperated list of values with the uplink name and no
                       spaces. Example:  --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1
 -b|--failback=<bool>  Configure whether a NIC will be used immediately when it comes back in
                       service after a failover
 -f|--failure-detection=<str>
                       Set the method of determining how a network outage is detected.
                           beacon: Detect failures based on active beaconing to the vswitch
                           link: Detect failures based on the NIC link state
 -l|--load-balancing=<str>
                       Set the load balancing policy for this policy. This can be one of the
                       following options:
                           explicit: Always use the highest order uplink from the list of active
                       adapters which pass failover criteria.
                           iphash: Route based on hashing the src and destination IP addresses
                           mac: Route based on the MAC address of the packet source.
                           portid: Route based on the originating virtual port ID.
 -n|--notify-switches=<bool>
                       Indicate whether to send a notification to physical switches on failover
 -s|--standby-uplinks=<str>
                       Configure the list of standby adapters and their failover order. This list
                       must be a comma seperated list of values with the uplink name and no
                       spaces. Example:  --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when configuring the switch failover
                       policy. (required)
security
  • get
Get the Security Policy governing the given virtual switch.
  • esxcli network vswitch standard policy security get OPTIONS
OPTIONS
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when fetching the network security
                       policy. (required)
  • set
Set the security policy for a given virtual switch
  • esxcli network vswitch standard policy security set OPTIONS
OPTIONS
 -f|--allow-forged-transmits=<bool>
                       Allow ports on the virtual switch to send packets with forged source
                       information.
 -m|--allow-mac-change=<bool>
                       Allow ports on the virtual switch to change their MAC address.
 -p|--allow-promiscuous=<bool>
                       Allow ports on the virtual switch to enter promiscuous mode.
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when setting the switch security
                       policy. (required)
shaping
  • get
Get the shaping policy settings for the given virtual switch
  • esxcli network vswitch standard policy shaping get OPTIONS
OPTIONS
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when fetching the switch shaping
                       policy. (required)
  • set
Set the shaping policy settings for the given virtual switch
  • esxcli network vswitch standard policy shaping set OPTIONS
OPTIONS
 -b|--avg-bandwidth=<long>
                       The averge bandwidth allowed for this shaping policy. This value is in Kbps
                       (1 Kbps = 1000 bits/s)
 -t|--burst-size=<long>
                       The largest burst size allowed for this shaping policy. This value is in
                       Kib (1 Kib = 1024 bits)
 -e|--enabled=<bool>   Indicate whether to enable traffic shaping on this policy. If this is true
                       then the --avg-bandwidth, --peak-bandwidth and --burst-size options are
                       required.
 -k|--peak-bandwidth=<long>
                       The peak bandwidth allowed for this shaping policy. This value is in Kbps
                       (1 Kbps = 1000 bits/s)
 -v|--vswitch-name=<str>
                       The name of the virtual switch to use when setting the switch shaping
                       policy. (required)

portgroup

  • list
List all of the port groups currently on the system.
  • esxcli network vswitch standard portgroup list
  • add
Allows the addition of a standard port group to a virtual switch.
  • esxcli network vswitch standard portgroup add OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       The name of the port group to add (required)
 -v|--vswitch-name=<str>
                       The virtual switch to add the port group to. (required)
  • remove
Remove a port group from the given virtual switch
  • esxcli network vswitch standard portgroup remove OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       (required)
 -v|--vswitch-name=<str>
                       (required)
  • set
Set the vlan id for the given port group
  • esxcli network vswitch standard portgroup set OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       The name of the port group to set vlan id for. (required)
 -v|--vlan-id=<long>   The vlan id for this port group. This value is in the range (0 - 4095)
policy
failover
  • get
Get the network failover policy settings governing the given port group
  • esxcli network vswitch standard portgroup policy failover get OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       The name of the port group to use when fetching the port group failover
                       policy. (required)
  • set
Configure the Failover policy for a port group. These setting may potentially override virtual switch settings.
  • esxcli network vswitch standard portgroup policy failover set OPTIONS
OPTIONS
 -a|--active-uplinks=<str>
                       Configure the list of active adapters and their failover order. This list
                       must be a comma seperated list of values with the uplink name and no
                       spaces. Example:  --active-uplinks=vmnic0,vmnic3,vmnic7,vmnic1
 -b|--failback=<bool>  Configure whether a NIC will be used immediately when it comes back in
                       service after a failover
 -f|--failure-detection=<str>
                       Set the method of determining how a network outage is detected.
                           beacon: Detect failures based on active beaconing to the vswitch
                           link: Detect failures based on the NIC link state
 -l|--load-balancing=<str>
                       Set the load balancing policy for this policy. This can be one of the
                       following options:
                           explicit: Always use the highest order uplink from the list of active
                       adapters which pass failover criteria.
                           iphash: Route based on hashing the src and destination IP addresses
                           mac: Route based on the MAC address of the packet source.
                           portid: Route based on the originating virtual port ID.
 -n|--notify-switches=<bool>
                       Indicate whether to send a notification to physical switches on failover
 -p|--portgroup-name=<str>
                       The name of the port group to set failover policy for. (required)
 -s|--standby-uplinks=<str>
                       Configure the list of standby adapters and their failover order. This list
                       must be a comma seperated list of values with the uplink name and no
                       spaces. Example:  --standby-uplinks=vmnic2,vmnic4,vmnic8,vmnic6,vmnic11
 -u|--use-vswitch      Reset all values for this policy to use parent virtual switch's settings
                       instead of overriding the settings for the port group. Using this in
                       conjunction with other settings will first reset all of the fields to use
                       the virtual switch setting and then apply the other options after the
                       reset.
security
  • get
Get the Security Policy governing the given port group.
  • esxcli network vswitch standard portgroup policy security get OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       The name of the port group to use when fetching the network security
                       policy. (required)
  • set
Set the security policy for a given port group
  • esxcli network vswitch standard portgroup policy security set OPTIONS
OPTIONS
 -f|--allow-forged-transmits=<bool>
                       Allow ports on the virtual switch to send packets with forged source
                       information.
 -m|--allow-mac-change=<bool>
                       Allow ports on the virtual switch to change their MAC address.
 -o|--allow-promiscuous=<bool>
                       Allow ports on the virtual switch to enter promiscuous mode.
 -p|--portgroup-name=<str>
                       The name of the port group to set security policy for. (required)
 -u|--use-vswitch      Reset all values for this policy to use parent virtual switch's settings
                       instead of overriding the settings for the port group.   Using this in
                       conjunction with other settings will first reset all of the fields to use
                       the virtual switch setting and then apply the other options after the
                       reset.
shaping
  • get
Get the network shaping policy settings governing the given port group
  • esxcli network vswitch standard portgroup policy shaping get OPTIONS
OPTIONS
 -p|--portgroup-name=<str>
                       The name of the port group to use when fetching the port group shaping
                       policy. (required)
  • set
Set the shaping policy settings for the given port group
  • esxcli network vswitch standard portgroup policy shaping set OPTIONS
OPTIONS
 -b|--avg-bandwidth=<long>
                       The averge bandwidth allowed for this shaping policy. This value is in Kbps
                       (1 Kbps = 1000 bits/s)
 -t|--burst-size=<long>
                       The largest burst size allowed for this shaping policy. This value is in
                       Kib (1 Kib = 1024 bits)
 -e|--enabled=<bool>   Indicate whether to enable traffic shaping on this policy. If this is true
                       then the --avg-bandwidth, --peak-bandwidth and --burst-size options are
                       required.
 -k|--peak-bandwidth=<long>
                       The peak bandwidth allowed for this shaping policy. This value is in Kbps
                       (1 Kbps = 1000 bits/s)
 -p|--portgroup-name=<str>
                       The name of the port group to set shaping policy for. (required)
 -u|--use-vswitch      Reset all values for this policy to use parent virtual switch's settings
                       instead of overriding the settings for the port group. Using this in
                       conjunction with other settings will first reset all of the fields to use
                       the virtual switch setting and then apply the other options after the
                       reset.

uplink

  • add
Add an uplink to the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to enable use of this uplink on this virtual switch
  • esxcli network vswitch standard uplink add OPTIONS
OPTIONS
 -u|--uplink-name=<str>
                       The name of the uplink to add to the virtual switch. (required)
 -v|--vswitch-name=<str>
                       The name of the virtual switch to add an uplink to. (required)
  • remove
Remove an uplink from the given virtual switch. Note if this virtual switch has a NIC teaming policy assigned to it then the policy must also be modified to disable use of this uplink on this virtual switch
  • esxcli network vswitch standard uplink remove OPTIONS
OPTIONS
 -u|--uplink-name=<str>
                       The name of the uplink to remove from the virtual switch. (required)
 -v|--vswitch-name=<str>
                       The name of the virtual switch to remove an uplink from. (required)