6.0
Table Of Contents
- vSphere Command-Line Interface Concepts and Examples
- Contents
- About This Book
- vSphere CLI Command Overviews
- Introduction
- List of Available Host Management Commands
- Targets and Protocols for vCLI Host Management Commands
- Supported Platforms for vCLI Commands
- Commands with an esxcfg Prefix
- ESXCLI Overview
- Connection Options for vCLI Host Management Commands
- Connection Options for DCLI Commands
- vCLI Host Management Commands and Lockdown Mode
- Managing Hosts
- Managing Files
- Managing Storage
- Introduction to Storage
- Examining LUNs
- Detaching Devices and Removing a LUN
- Working with Permanent Device Loss
- Managing Paths
- Managing Path Policies
- Scheduling Queues for Virtual Machine I/O
- Managing NFS/NAS Datastores
- Monitoring and Managing SAN Storage
- Monitoring and Managing Virtual SAN Storage
- Monitoring vSphere Flash Read Cache
- Monitoring and Managing Virtual Volumes
- Migrating Virtual Machines with svmotion
- Configuring FCoE Adapters
- Scanning Storage Adapters
- Retrieving SMART Information
- Managing iSCSI Storage
- iSCSI Storage Overview
- Protecting an iSCSI SAN
- Command Syntax for esxcli iscsi and vicfg-iscsi
- iSCSI Storage Setup with ESXCLI
- iSCSI Storage Setup with vicfg-iscsi
- Listing and Setting iSCSI Options
- Listing and Setting iSCSI Parameters
- Enabling iSCSI Authentication
- Setting Up Ports for iSCSI Multipathing
- Managing iSCSI Sessions
- Managing Third-Party Storage Arrays
- Managing NMP with esxcli storage nmp
- Path Claiming with esxcli storage core claiming
- Managing Claim Rules
- Managing Users
- Managing Virtual Machines
- vmware-cmd Overview
- Listing and Registering Virtual Machines
- Retrieving Virtual Machine Attributes
- Managing Virtual Machine Snapshots with vmware-cmd
- Powering Virtual Machines On and Off
- Connecting and Disconnecting Virtual Devices
- Working with the AnswerVM API
- Forcibly Stopping Virtual Machines with EXCLI
- Managing vSphere Networking
- Introduction to vSphere Networking
- Retrieving Basic Networking Information
- Network Troubleshooting
- Setting Up vSphere Networking with vSphere Standard Switches
- Setting Up Virtual Switches and Associating a Switch with a Network Interface
- Retrieving Information About Virtual Switches
- Adding and Deleting Virtual Switches
- Checking, Adding, and Removing Port Groups
- Managing Uplinks and Port Groups
- Setting the Port Group VLAN ID
- Managing Uplink Adapters
- Adding and Modifying VMkernel Network Interfaces
- Setting Up vSphere Networking with vSphere Distributed Switch
- Managing Standard Networking Services in the vSphere Environment
- Setting the DNS Configuration
- Adding and Starting an NTP Server
- Managing the IP Gateway
- Setting Up IPsec
- Managing the ESXi Firewall
- Monitoring VXLAN
- Monitoring ESXi Hosts
- Index
Getting Started with vSphere Command-Line Interfaces
134 VMware, Inc.
YoucanperformthesemaintaskswithSAs:
CreateanSA.Youspecifythesource,thedestination,andtheauthenticationmode.Youalsospecifythe
authenticationalgorithmandauthenticationkeytouse.Youmustspecifyanencryptionalgorithmand
key,butyoucanspecifynullifyouwantnoencryption.Authenticationisrequiredandcannotbenull.
The
followingexampleincludesextralinebreaksforreadability.Thelastoption(sa_2intheexample)is
thenameoftheSA.
esxcli network ip ipsec sa add
--sa-source 2001:DB8:1::121
--sa-destination 2001:DB8:1::122
--sa-mode transport
--sa-spi 0x1000
--encryption-algorithm 3des-cbc
--encryption-key 0x6970763672656164796c6f676f336465736362636f757432
--integrity-algorithm hmac-sha1
--integrity-key 0x6970763672656164796c6f67736861316f757432
--sa-name sa_2
ListanSAwithesxcli network ip ipsec sa list.ThiscommandreturnsSAscurrentlyavailable
forusebyanSP.ThelistincludesSAsyoucreated.
RemoveasingleSAwithesxcli network ip ipsec sa remove.IftheSAisinusewhenyourunthis
command,thecommandcannotperformtheremoval.
RemoveallSAswithesxcli network ip ipsec sa remove--removeall.ThisoptionremovesallSAs
evenwhentheyareinuse.
Managing Security Policies
AfteryouhavecreatedoneormoreSAs,youcanaddsecuritypolicies(SPs)toyourESXihosts.WhiletheSA
specifiestheauthenticationandencryptionparameterstouse,theSPidentifiesandselectstraffic.
ThefollowingoptionsforSPmanagementaresupported.
ekey <key> encryption-key
<key>
Encryptionkeytobeusedbytheencryptionalgorithm.Aseries
ofhexadecimaldigitswitha0xprefixoranASCIIstring.
ialgo [hmac-sha1 |
hmac-sha2-256 ]
integrity-algorithm
[hmac-sha1 |
hmac-sha2-256 ]
Authenticationalgorithmtobeused.Choosehmac-sha1or
hmac-sha2-256.
ikey integrity-key Authenticationkeytobeused.Aseriesofhexadecimaldigitsor
anASCIIstring.
vicfg-ipsec Option esxcli Option Description
CAUTIONRunningesxcli network ip ipsec sa remove--removeallremovesallSAsonyour
systemandmightleaveyoursysteminaninconsistentstate.
vicfg-ipsec Option esxcli Option Description
sp-src <ip>/<p_len> sp-source
<ip>/<p_len>
SourceIPaddressandprefixlength.
sp-dst <ip>/<p_len> sp-destination
<ip>/<p_len>
DestinationIPaddressandprefixlength.
src-port <port> source-port <port> Sourceport(0‐65535).Specifyanyforanyports.
dst-port <port> destination-port
<port>
Destinationport(0‐65535).Specifyanyforanyports.If
ulprotoisicmp6,thisnumberreferstotheicmp6type.
Otherwise,thisnumberreferstothe
port.
ulproto [any | tcp
| udp | icmp6]
upper-layer-protocol
[any | tcp | udp |
icmp6]
Upperlayerprotocol.UsethisoptiontorestricttheSPtoonly
certainprotocols,oruseanytoapplytheSPtoallprotocols.