6.5
Table Of Contents
- vSphere Command-Line Interface Concepts and Examples
- Contents
- About This Book
- vSphere CLI Command Overviews
- Introduction
- List of Available Host Management Commands
- Targets and Protocols for vCLI Host Management Commands
- Supported Platforms for vCLI Commands
- Commands with an esxcfg Prefix
- ESXCLI Commands Available on Different ESXi Hosts
- Trust Relationship Requirement for ESXCLI Commands
- Using ESXCLI Output
- Connection Options for vCLI Host Management Commands
- Connection Options for DCLI Commands
- vCLI Host Management Commands and Lockdown Mode
- Managing Hosts
- Managing Files
- Managing Storage
- Introduction to Storage
- Examining LUNs
- Detach a Device and Remove a LUN
- Reattach a Device
- Working with Permanent Device Loss
- Managing Paths
- Managing Path Policies
- Scheduling Queues for Virtual Machine I/O
- Managing NFS/NAS Datastores
- Monitor and Manage FibreChannel SAN Storage
- Monitoring and Managing Virtual SAN Storage
- Monitoring vSphere Flash Read Cache
- Monitoring and Managing Virtual Volumes
- Migrating Virtual Machines with svmotion
- Configuring FCoE Adapters
- Scanning Storage Adapters
- Retrieving SMART Information
- Managing iSCSI Storage
- iSCSI Storage Overview
- Protecting an iSCSI SAN
- Command Syntax for esxcli iscsi and vicfg-iscsi
- iSCSI Storage Setup with ESXCLI
- iSCSI Storage Setup with vicfg-iscsi
- Listing and Setting iSCSI Options
- Listing and Setting iSCSI Parameters
- Enabling iSCSI Authentication
- Set Up Ports for iSCSI Multipathing
- Managing iSCSI Sessions
- Managing Third-Party Storage Arrays
- Managing Users
- Managing Virtual Machines
- Managing vSphere Networking
- Introduction to vSphere Networking
- Retrieving Basic Networking Information
- Troubleshoot a Networking Setup
- Setting Up vSphere Networking with vSphere Standard Switches
- Setting Up Virtual Switches and Associating a Switch with a Network Interface
- Retrieving Information About Virtual Switches
- Adding and Deleting Virtual Switches
- Checking, Adding, and Removing Port Groups
- Managing Uplinks and Port Groups
- Setting the Port Group VLAN ID
- Managing Uplink Adapters
- Adding and Modifying VMkernel Network Interfaces
- Managing VMkernel Network Interfaces with ESXCLI
- Add and Configure an IPv4 VMkernel Network Interface with ESXCLI
- Add and Configure an IPv6 VMkernel Network Interface with ESXCLI
- Managing VMkernel Network Interfaces with vicfg-vmknic
- Add and Configure an IPv4 VMkernel Network Interface with vicfg-vmknic
- Add and Configure an IPv6 VMkernel Network Interface with vicfg-vmknic
- Setting Up vSphere Networking with vSphere Distributed Switch
- Managing Standard Networking Services in the vSphere Environment
- Setting the DNS Configuration
- Manage an NTP Server
- Manage the IP Gateway
- Setting Up IPsec
- Manage the ESXi Firewall
- Monitor VXLAN
- Monitoring ESXi Hosts
- Index
--encryption-key 0x6970763672656164796c6f676f336465736362636f757432
--integrity-algorithm hmac-sha1
--integrity-key 0x6970763672656164796c6f67736861316f757432
--sa-name sa_2
n
List an SA by using esxcli network ip ipsec sa list. This command returns SAs currently available
for use by an SP. The list includes SAs you created.
n
Remove a single SA by using esxcli network ip ipsec sa remove. If the SA is in use when you run this
command, the command cannot perform the removal.
n
Remove all SAs by using esxcli network ip ipsec sa remove --removeall. This option removes all
SAs even when they are in use.
C Running esxcli network ip ipsec sa remove --removeall removes all SAs on your system
and might leave your system in an inconsistent state.
Managing Security Policies
After you have created one or more SAs, you can add security policies (SPs) to your ESXi hosts. While the
SA species the authentication and encryption parameters to use, the SP identies and selects trac.
The following options for SP management are supported.
vicfg-ipsec Option esxcli Option Description
sp-src <ip>/<p_len> sp-source <ip>/<p_len>
Source IP address and prex length.
sp-dst <ip>/<p_len> sp-destination <ip>/<p_len>
Destination IP address and prex
length.
src-port <port> source-port <port> Source port (0-65535). Specify any for
any ports.
dst-port <port> destination-port <port> Destination port (0-65535). Specify any
for any ports. If ulproto is icmp6, this
number refers to the icmp6 type.
Otherwise, this number refers to the
port.
ulproto [any | tcp | udp |
icmp6]
upper-layer-protocol [any |
tcp | udp | icmp6]
Upper layer protocol. Use this option
to restrict the SP to only certain
protocols, or use any to apply the SP to
all protocols.
dir [in | out] flow-direction [in | out]
Direction in which you want to
monitor the trac. To monitor trac
in both directions, create two policies.
action [none | discard | ipsec] action [none | discard |
ipsec]
Action to take when trac with the
specied parameters is encountered.
n
none - Take no action, that is,
allow trac unmodied.
n
discard - Do not allow data in or
out.
n
ipsec - Use the authentication and
encryption information specied
in the SA to determine whether the
data come from a trusted source.
sp-mode [tunnel | transport] sp-mode [tunnel | transport] Mode, either tunnel or transport.
sa-name sa-name
Name of the SA to use by this SP.
vSphere Command-Line Interface Concepts and Examples
156 VMware, Inc.