ESXi - 6.7 network
Jump to navigation
Jump to search
network
Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components (vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.
diag
- ping
- Send ICMP echo requests to network hosts.
esxcli network diag ping CMD_OPTIONS
CMD_OPTIONS -c|--count=<long> Specify the number of packets to send. -D|--debug VMKPing debug mode. -d|--df Set DF bit on IPv4 packets. -H|--host=<str> Specify the host to send packets to. This parameter is required when not executing ping in debug mode (-D) -I|--interface=<str> Specify the outgoing interface. -i|--interval=<str> Set the interval for sending packets in seconds. --ipv4 Ping with ICMPv4 echo requests. --ipv6 Ping with ICMPv6 echo requests. --netstack=<str> Specify the TCP/IP netstack which the interface resides on -N|--nexthop=<str> Override the system's default route selection, in dotted quad notation. (IPv4 only. Requires interface option) -s|--size=<long> Set the payload size of the packets to send. -t|--ttl=<long> Set IPv4 Time To Live or IPv6 Hop Limit -W|--wait=<str> Set the timeout to wait if no responses are received in seconds.
ens
lcore
- list
- List ENS contexts.
esxcli network ens lcore list
- add
- Create ENS context.
esxcli network ens lcore add ID
ID -l|--lcore-id=<long> ENS context id to be created. (required)
- remove
- Destroy ENS context.
esxcli network ens lcore remove ID
ID -l|--lcore-id=<long> ENS context id to be destroyed. (required)
affinity
- get
- Get the affinity for given ENS context.
esxcli network ens lcore affinity get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- set
- Set affinity for given ENS context.
esxcli network ens lcore affinity set ID NODE
ID -l|--lcore-id=<long> ENS context id. (required) NODE -a|--affinity=<long> Numa node affinity. (required)
switch
- get
- Get the switch associated with given ENS context.
esxcli network ens lcore switch get ID
ID -l|--lcore-id=<long> ENS context id. (required)
- add
- Associate given ENS context with given switch.
esxcli network ens lcore switch add ID SWITCH
ID -l|--lcore-id=<long> ENS context id. (required) SWITCH -s|--switch=<str> Switch name. (required)
- remove
- Disassociate given ENS context from virtual switch.
esxcli network ens lcore switch remove ID
ID -l|--lcore-id=<long> ENS context id. (required)
maxLcores
- get
- Get the maximum number of ENS contexts (lcores).
esxcli network ens maxLcores get
- set
- Set the maximum number of ENS contexts.
esxcli network ens maxLcores set MAXCORES
MAXCORES -n|--maxlcores=<long> Number of maximum ENS contexts to be assigned. (required)
firewall
- get
- Get the firewall status.
esxcli network firewall get
- set
- Set firewall enabled status and default action.
esxcli network firewall set PARAM
- Set firewall enabled status and default action.
PARAM --enabled OR --default-action
- refresh
- Load ruleset configuration for firewall.
esxcli network firewall refresh
- load
- Load firewall module and rulesets configuration.
esxcli network firewall load
- unload
- Allow unload firewall module.
esxcli network firewall unload
- Allow unload firewall module.
- Load firewall module and rulesets configuration.
ruleset
- list
- List the rulesets in firewall.
esxcli network firewall ruleset list
- set
- Set firewall ruleset status (allowedAll flag and enabled status).
esxcli network firewall ruleset set LABEL CMD_OPTIONS
- Set firewall ruleset status (allowedAll flag and enabled status).
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) CMD_OPTIONS -a|--allowed-all=<bool> Set to true to allowed all ip, set to false to use allowed ip list. -e|--enabled=<bool> Set to true to enable ruleset, set to false to disable it.
allowedip
- list
- list allowed ip addresses for rulesets.
esxcli network firewall ruleset allowedip list
- add
- Add allowed ip address/range to the ruleset ruleset.
esxcli network firewall ruleset allowedip add LABEL RANGE
- remove
- Remove allowed ip address/range from the ruleset.
esxcli network firewall ruleset allowedip remove LABEL RANGE
- Add allowed ip address/range to the ruleset ruleset.
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required) RANGE -i|--ip-address=<str> Allowed ip address/range for the ruleset. (required)
client
- get
- Show the number of clients using a firewall ruleset.
esxcli network firewall ruleset client get LABEL
- add
- Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
esxcli network firewall ruleset client add LABEL
- remove
- Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
esxcli network firewall ruleset client remove LABEL
- Remove a client from a firewall ruleset. This decrements the number of clients using the ruleset and if the number reaches zero the ruleset is disabled.
- Add a new client to a firewall ruleset. This enables the firewall ruleset and increments the number of clients using the ruleset.
LABEL -r|--ruleset-id=<str> The label of the ruleset. (required)
rule
- list
- List the rules of each ruleset in firewall.
esxcli network firewall ruleset rule list
ip
- get
- Get global IP settings
esxcli network ip get
- set
- Update global IP settings
esxcli network ip set
Configure the VMkernel Adapter Gateway by Using esxcli Commands
connection
- list
- List active TCP/IP connections
esxcli network ip connection list
dns
search
- list
- List the search domains currently configured on the ESXi host in the order in which they will be used when searching.
esxcli network ip dns search list
- add
- Add a search domain to the list of domains to be searched when trying to resolve an host name on the ESXi host.
esxcli network ip dns search add DOMAIN NETSTACK
- remove
- Remove a search domain from the list of domains to be searched when trying to resolve an host name on the ESXi host.
esxcli network ip dns search remove DOMAIN NETSTACK
server
- list
- Print a list of the DNS server currently configured on the system in the order in which they will be used.
esxcli network ip dns server list
- add
- Add a new DNS server to the end of the list of DNS servers to use for this ESXi host.
esxcli network ip dns server add DOMAIN SERVER
- remove
- Remove a DNS server from the list of DNS servers to use for this ESXi host.
esxcli network ip dns server remove PARAM
DOMAIN -d|--domain=<str> The string name of a domain to remove from the list of search domains. (required) NETSTACK -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance SERVER -s|--server=<str> The IP address (v4 or v6) of the DNS server to add to the DNS server list. (required) PARAM --all, --server
interface
- list
- This command will list the VMkernel network interfaces currently known to the system.
esxcli network ip interface list
- set
- This command sets the enabled status and MTU size of a given IP interface
esxcli network ip interface set CMD_OPTIONS
CMD_OPTIONS -e|--enabled=<bool> Set to true to enable the interface, set to false to disable it. -i|--interface-name=<str> The name of the interface to apply the configurations. (required) -m|--mtu=<long> The MTU size of the IP interface.
- add
- Add a new VMkernel network interface.
esxcli network ip interface add CMD_OPTIONS
CMD_OPTIONS -P|--dvport-id=<str> DVPort ID of the connection point. This requires --dvs-name to be given in the same command -s|--dvs-name=<str> DVSwitch name of the connection point. This requires --dvport-id to be given in the same command -i|--interface-name=<str> The name of the VMkernel network interface to create. This name must be in the form vmkX, where X is a number 0-255 -M|--mac-address=<str> Set the MAC address for the newly created VMkernel network interface. -m|--mtu=<long> Set the MTU setting for a given VMkernel network interface on creation -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance -p|--portgroup-name=<str> The name of the vswitch port group to add this VMkernel network interface to.
- remove
- Remove a VMkernel network interface from the ESXi host. A VMKernel network interface can be uniquely specified by --interface-name or --portgroup-name or --dvs-name/--dvport-id. i.e. Providing its name or its connection point are two ways to uniquely specify a VMKernel network interface.
esxcli network ip interface remove CMD_OPTIONS
CMD_OPTIONS -P|--dvport-id=<str> DVPort ID of the connection point. This requires --dvs-name to be given in the same command -s|--dvs-name=<str> DVSwitch name of the connection point. This requires --dvport-id to be given in the same command -i|--interface-name=<str> The name of the VMkernel network interface to remove. This name must be in the form vmkX, where X is a number 0-255 -N|--netstack=<str> The network stack instance; if unspecified, use the default netstack instance -p|--portgroup-name=<str> The name of the vswitch port group to delete this VMkernel network interface from.
ipv4
- get
- List the IPv4 addresses assigned to VMkernel network interfaces.
esxcli network ip interface ipv4 get
- set
- Configure IPv4 setting for a given VMkernel network interface.
esxcli network ip interface ipv4 set CMD_OPTIONS
CMD_OPTIONS -g|--gateway=<str> The default gateway for this interface. The value must be a valid IPv4 address. Gateway would be reset if not provided -i|--interface-name=<str> The name of the VMkernel network interface to set IPv4 settings for. This name must be an interface listed in the interface list command. (required) -I|--ipv4=<str> The static IPv4 address for this interface. -N|--netmask=<str> The static IPv4 netmask for this interface. -P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings published via DHCPv4 for this interface. -t|--type=<str> IPv4 Address type : dhcp: Use DHCP to aquire IPv4 setting for this interface. none: Remove IPv4 settings form this interface. static: Set Static IPv4 information for this interface. Requires --ipv4 and --netmask options.
address
- list
- List the IPv4 addresses assigned to VMkernel network interfaces.
esxcli network ip interface ipv4 address list
ipv6
- get
- Get IPv6 settings for VMkernel network interfaces. This does not include the IPv6 addresses which can be found in the "address list" command.
esxcli network ip interface ipv6 get
- set
- Configure IPv6 settings for a given VMkernel network interface.
esxcli network ip interface ipv6 set CMD_OPTIONS
CMD_OPTIONS -d|--enable-dhcpv6=<bool> Setting this value to true will enable DHCPv6 on this interface and attempt to aquire an IPv6 address from the network -e|--enable-ipv6=<bool> Setting this value to true enables IPv6 on thisinterface while setting it to false disables IPv6 on this interface. -r|--enable-router-adv=<bool> Setting this value to true will enable IPv6 Router Advertised IPv6 addresses to be added to this interface from any routers broadcasting on the local network. -g|--gateway=<str> A default gateway for this interface. The value must be a valid IPv6 address. -i|--interface-name=<str> The name of the VMkernel network interface to set IPv6 settings for. This name must be an interface listed in the interface list command. (required) -P|--peer-dns=<bool> A boolean value to indicate if the system should use the DNS settings published via DHCPv6 for this interface.
address
- list
- This command will list all of the IPv6 addresses currently assigned to the system
esxcli network ip interface ipv6 address list
- add
- Add a static IPv6 address to a given VMkernel network interface.
esxcli network ip interface ipv6 address add CMD_OPTIONS
CMD_OPTIONS -i|--interface-name=<str> The name of the VMkernel network interface to add a static IPv6 address to. This name must be an interface listed in the interface list command. (required) -I|--ipv6=<str> The IPv6 address to add to the given VMkernel network interface. This must be in X:X:X::/X format (required)
- remove
- Remove an IPv6 address from a given VMkernel network interface.
esxcli network ip interface ipv6 address remove CMD_OPTIONS
CMD_OPTIONS -i|--interface-name=<str> The name of the VMkernel network interface to remove an IPv6 address from. This name must be an interface listed in the interface list command. (required) -I|--ipv6=<str> The IPv6 address to remove from the given VMkernel network interface. This must be in X:X:X::/X format (required)
tag
- get
- Gets the tags set on the given VMkernel network interface.
esxcli network ip interface tag get INTERFACE
- add
- Adds a tag on a given VMkernel network interface. Supported tags are: Management, VMotion, faultToleranceLogging, vSphereReplication, vSphereReplicationNFC, vSphereProvisioning, VSAN, VSANWitness
esxcli network ip interface tag add INTERFACE'TAGNAME'
- remove
- Removes a tag on a given VMkernel network interface.
esxcli network ip interface tag remove INTERFACE'TAGNAME'
INTERFACE -i|--interface-name=<str> Name of the VMkernel network interface (vmknic) whose tags are to be read/set/removed (required) This name must be an interface listed in the interface list command. (required) TAGNAME -t|--tagname=<str> Tag name to assign to the interface (required)
ipsec
sa
- list
- List configured Security Associations
esxcli network ip ipsec sa list
- add
- Add a Security Association.
esxcli network ip ipsec sa add CMD_OPTIONS
CMD_OPTIONS -e|--encryption-algorithm=<str> Encryption algorithm for the Security Association. Should be one in set [null, 3des-cbc, aes128-cbc]. (required) -k|--encryption-key=<str> Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm used. Required when a encryption algorithm has been specified. -i|--integrity-algorithm=<str> Integrity algorithm for the Security Association. Should be one in set [hmac-sha1, hmac-sha2-256]. (required) -K|--integrity-key=<str> Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm used. (required) -d|--sa-destination=<str> Ipv6 address of Security Association destination. Can be specified as 'any' or a correct IPv6 address. (required) -m|--sa-mode=<str> Security Association mode. Should be one in set [transport, tunnel]. -n|--sa-name=<str> Name for the Security Association to be added. (required) -s|--sa-source=<str> Ipv6 address of Security Association source. Can be specified as 'any' or a correct IPv6 address. (required) -p|--sa-spi=<str> SPI value for the Security Association(hex). (required)
- remove
- Operation to remove Security Association(s)
esxcli network ip ipsec sa remove
sp
- list
- List configured Security Policys
esxcli network ip ipsec sp list
- add
- Add a Security Policy.
esxcli network ip ipsec sp add CMD_OPTIONS
CMD_OPTIONS -A|--action=<str> Action for Security Policy. Should be one in set [none, discard, ipsec]. -P|--destination-port=<long> Destination Port for Security Policy. '0' stands for 'any' (required) -w|--flow-direction=<str> Flow direction for Security Policy. Should be one in set [in, out]. -a|--sa-name=<str> Name for the Security Association. Not being Specified lets vmkernel automatically choose an Security Association. If no applicable Security Association exists, then vmkernel may request one using IKE. -p|--source-port=<long> Source Port for Security Policy. '0' stands for 'any' (required) -d|--sp-destination=<str> Ipv6 address and prefix length of Security Policy destination. Can be specified as 'any' or a correct Ipv6 network address. (required) -m|--sp-mode=<str> Security Policy mode. Should be one in set [transport, tunnel]. -n|--sp-name=<str> Name for the Security Policy to be added. (required) -s|--sp-source=<str> Ipv6 address and prefix length of Security Policy source. Can be specified as 'any' or a correct IPv6 network address. (required) -u|--upper-layer-protocol=<str> Upper layer protocol for Security Policy, Should be one in set [any, tcp, udp, icmp6].
- remove
- Operation to remove Security Policy
esxcli network ip ipsec sp remove PARAM
PARAM --remove-all OR --sa-name