6.5
Table Of Contents
- vSphere Command-Line Interface Concepts and Examples
- Contents
- About This Book
- vSphere CLI Command Overviews
- Introduction
- List of Available Host Management Commands
- Targets and Protocols for vCLI Host Management Commands
- Supported Platforms for vCLI Commands
- Commands with an esxcfg Prefix
- ESXCLI Commands Available on Different ESXi Hosts
- Trust Relationship Requirement for ESXCLI Commands
- Using ESXCLI Output
- Connection Options for vCLI Host Management Commands
- Connection Options for DCLI Commands
- vCLI Host Management Commands and Lockdown Mode
- Managing Hosts
- Managing Files
- Managing Storage
- Introduction to Storage
- Examining LUNs
- Detach a Device and Remove a LUN
- Reattach a Device
- Working with Permanent Device Loss
- Managing Paths
- Managing Path Policies
- Scheduling Queues for Virtual Machine I/O
- Managing NFS/NAS Datastores
- Monitor and Manage FibreChannel SAN Storage
- Monitoring and Managing Virtual SAN Storage
- Monitoring vSphere Flash Read Cache
- Monitoring and Managing Virtual Volumes
- Migrating Virtual Machines with svmotion
- Configuring FCoE Adapters
- Scanning Storage Adapters
- Retrieving SMART Information
- Managing iSCSI Storage
- iSCSI Storage Overview
- Protecting an iSCSI SAN
- Command Syntax for esxcli iscsi and vicfg-iscsi
- iSCSI Storage Setup with ESXCLI
- iSCSI Storage Setup with vicfg-iscsi
- Listing and Setting iSCSI Options
- Listing and Setting iSCSI Parameters
- Enabling iSCSI Authentication
- Set Up Ports for iSCSI Multipathing
- Managing iSCSI Sessions
- Managing Third-Party Storage Arrays
- Managing Users
- Managing Virtual Machines
- Managing vSphere Networking
- Introduction to vSphere Networking
- Retrieving Basic Networking Information
- Troubleshoot a Networking Setup
- Setting Up vSphere Networking with vSphere Standard Switches
- Setting Up Virtual Switches and Associating a Switch with a Network Interface
- Retrieving Information About Virtual Switches
- Adding and Deleting Virtual Switches
- Checking, Adding, and Removing Port Groups
- Managing Uplinks and Port Groups
- Setting the Port Group VLAN ID
- Managing Uplink Adapters
- Adding and Modifying VMkernel Network Interfaces
- Managing VMkernel Network Interfaces with ESXCLI
- Add and Configure an IPv4 VMkernel Network Interface with ESXCLI
- Add and Configure an IPv6 VMkernel Network Interface with ESXCLI
- Managing VMkernel Network Interfaces with vicfg-vmknic
- Add and Configure an IPv4 VMkernel Network Interface with vicfg-vmknic
- Add and Configure an IPv6 VMkernel Network Interface with vicfg-vmknic
- Setting Up vSphere Networking with vSphere Distributed Switch
- Managing Standard Networking Services in the vSphere Environment
- Setting the DNS Configuration
- Manage an NTP Server
- Manage the IP Gateway
- Setting Up IPsec
- Manage the ESXi Firewall
- Monitor VXLAN
- Monitoring ESXi Hosts
- Index
You can perform the following main tasks with SPs.
n
Create an SP by using esxcli network ip ipsec add. You identify the data to monitor by specifying the
selector’s source and destination IP address and prex, source port and destination port, upper layer
protocol, direction of trac, action to take, and SP mode. The last two option are the name of the SA to
use and the name of the SP that is being created. The following example includes extra line breaks for
readability.
esxcli network ip ipsec add
--sp-source=2001:0DB8:0001:/48
--sp-destination=2001:0DB8:0002:/48
--source-port=23
--destination-port=25
--upper-layer-protocol=tcp
--flow-direction=out
--action=ipsec
--sp-mode=transport
--sp-name sp_2
n
List an SP by using esxcli network ip ipsec list. This command returns SPs currently available. All
SPs are created by the administrator.
n
Remove an SP by using esxcli network ip ipsec remove. If the SP is in use when you run this
command, the command cannot perform the removal. You can run esxcli network ip ipsec remove
--removeall instead to remove the SP even when it is in use.
C Running esxcli network ip ipsec remove --removeall removes all SPs on your system and
might leave your system in an inconsistent state.
Manage the ESXi Firewall
To minimize the risk of an aack through the management interface, ESXi includes a rewall between the
management interface and the network.
To ensure the integrity of the host, only a small number of rewall ports are open by default. The vSphere
Security documentation explains how to set up rewalls for your environment and which ports you might
have to temporarily enable for certain trac.
You manage rewalls by seing up rewall rulesets. vSphere Security documentation explains how to
perform these tasks with the vSphere Web Client. You can also use esxcli network firewall to manage
rewall rulesets and to retrieve information about them. Specify one of the options listed in “Connection
Options for vCLI Host Management Commands,” on page 19 in place of <conn_options>.
Procedure
1 Check rewall status and sshServer ruleset status.
esxcli <conn_options> network firewall get
Default Action: DROP
Enabled: true
Loaded: true
esxcli <conn_options> network firewall ruleset list --ruleset-id sshServer
Name Enabled
--------- -------
sshServer true
Chapter 9 Managing vSphere Networking
VMware, Inc. 157