Networking
Esxcfg-firewall
Esxcfg-nics
Esxcfg-vswitch
Esxcfg-vswif
Esxcfg-route
Esxcfg-vmknic
Storage:
Esxcfg-mpath
Esxcfg-nas
Esxcfg-swisci
Esxcfg-vmhbadevs
General:
Esxcfg-advcfg
Esxcfg-auth
Esxcfg-info
Esxcfg-resgrp
Esxcfg-upgrade
Description: Configures the service console firewall portsSyntax: esxcfg-firewall <options>
Options:
Options:
-q | Lists current settings |
-q <service> | Lists settings for the specified service |
-q incoming|outgoing | Lists settings for non-required incoming/outgoing ports |
-s | Lists known services |
-l | Loads current settings |
-r | Resets all options to defaults |
-e <service> | Allows specified service through the firewall (enables) |
-d <service> | Blocks specified service (disables) |
-o <port, tcp|udp,in|out,name> | Opens a port |
-c <port, tcp|udp,in|out> | Closes a port previously opened by –o |
-h | Displays command help |
-allowincoming | Allow all incoming ports |
-allowoutgoing | Allow all outgoing ports |
-blockincoming | Block all non-required incoming ports (default value) |
-blockoutgoing | Block all non-required outgoing ports (default value) |
Default Services:
AAMClient | Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045 |
activeDirectorKerberos | Active Directory Kerberos - outbound TCPs Port 88 and 464 |
CIMHttpServer | First-party optional service: CIM HTTP Server - inbound TCP Port 5988 |
CIMHttpsServer | First-party optional service: CIM HTTPS Server - inbound TCP Port 5989 |
CIMSLP | First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427 |
commvaultDynamic | Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619 |
commvaultStatic | Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403 |
ftpClient | FTP client - outbound TCP Port 21 |
ftpServer | FTP server - inbound TCP Port 21 |
kerberos | Kerberos - outbound TCPs Port 88 and 749 |
LicenseClient | FlexLM license server client - outbound TCP Ports 27000 and 27010 |
nfsClient | NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535) |
nisClient | NIS client - outbound TCP and UDP Ports 111 (0 – 65535) |
ntpClient | NTP client - outbound UDP Port 123 |
smbClient | SMB client - outbound TCP Ports 137 – 139 and 445 |
snmpd | SNMP services - inbound TCP Port 161 and outbound TCP Port 162 |
sshClient | SSH client - outbound TCP Port 22 |
sshServer | SSH server - inbound TCP Port 22 |
swISCSIClient | First-party optional service: Software iSCSI client - outbound TCP Port 3260 |
telnetClient | NTP client - outbound TCP Port 23 |
TSM | Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500 |
veritasBackupExec | Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200 |
veritasNetBackup | Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783 |
vncServer | VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964 |
vpxHeartbeats | vpx heartbeats - outbound UDP Port 902 |
Note: You can configure your own services in the file /etc/vmware/firewall/services.xml
esxcfg-firewall examples:
esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
Disable the Samba client connections: # esxcfg-firewall -d smbClient
# esxcfg-firewall -o 514,udp,out,syslogTurn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoingRe-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoingRe-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.Syntax: esxcfg-nics <options> [nic]
Options:
Options:
-s <speed> | Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter. |
-d <duplex> | Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter. |
-a | Set speed and duplex automatically. Requires a NIC parameter. |
-l | Print the list of NICs and their settings. |
-r | Restore the NICs configured speed/duplex settings. (Internal use only) |
-h | Displays command help |
esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
esxcfg-nics -a vmnic2
Esxcfg-vswitch
Esxcfg-vswitch
Description: Creates and updates virtual machine (vswitch) network settings
Syntax: esxcfg-vswitch <options> [vswitch[:ports]]
Options:
Options:
-a | Add a new virtual switch. |
-d | Delete the virtual switch. |
-l | List all the virtual switches. |
-L <pnic> | Set pnic as an uplink for the vswitch. |
-U <pnic> | Remove pnic from the uplinks for the vswitch. |
-p <portgroup> | Specify a portgroup for operation. Use ALL for operation to work on all portgroups |
-v <vlan id> | Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN. |
-c | Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise. |
-A <name> | Add a new portgroup to the virtual switch. |
-D <name> | Delete the portgroup from the virtual switch. |
-C <name> | Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise. |
-r | Restore all virtual switches from the configuration file (Internal use only) |
-h | Displays command help |
esxcfg-vswitch examples:
Add a pnic (vmnic2) to a vswitch (vswitch1):
esxcfg-vswitch -L vmnic2 vswitch1
Remove a pnic (vmnic3) from a vswitch (vswitch0):
Create a portgroup (VM Network3) on a vswitch (vswitch1):
esxcfg-vswitch -A "VM Network 3" vSwitch1
Syntax: esxcfg-vswif <options> [vswif]
<network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair.
<gateway> is either an IP address or 'default'
Options:
esxcfg-route examples:
esxcfg-vswitch -A "VM Network 3" vSwitch1
Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1):
esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1vSwitch1
Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues.
Syntax: esxcfg-vswif <options> [vswif]
Options:
-a | Add vswif, requires IP parameters. Automatically enables interface. |
-d | Delete vswif. |
-l | List configured vswifs. |
-e | Enable this vswif interface. |
-s | Disable this vswif interface. |
-p | Set the portgroup name of the vswif. |
-i <x.x.x.x> or DHCP | The IP address for this vswif or specify DHCP to use DHCP for this address. |
-n <x.x.x.x> | The IP netmask for this vswif. |
-b <x.x.x.x> | The IP broadcast address for this vswif. (not required if netmask and ip are set) |
-c | Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise. |
-D | Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console) |
-E | Enable all vswif interfaces and bring them up. |
-r | Restore all vswifs from the configuration file. (Internal use only) |
-h | Displays command help. |
Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing.
esxcfg-vswif examples:
esxcfg-vswif examples:
Change your Service Console (vswif0) IP and Subnet Mask:
esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0
Add a Service Console (vswif0):
esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0
Esxcfg-route
Description: Sets or retrieves the default VMkernel gateway route
Syntax: esxcfg-route <options> [<network> [<netmask>] <gateway>]
<network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair.
<gateway> is either an IP address or 'default'
Options:
-a | Add route to the VMkernel, requires network address (or 'default') and gateway IP address. |
-d | Delete route from the VMkernel, requires network address (or 'default'). |
-l | List configured routes for the Service Console. |
-r | Restore route setting to configured values on system start. (Internal use only) |
-h | Displays command help |
esxcfg-route examples:
Set the VMkernel default gateway route:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0
esxcfg-route 172.20.20.1
Add a route to the VMkernel:
esxcfg-route -a default 255.255.255.0 172.20.20.1
Esxcfg-vmknic
Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSISyntax: esxcfg-vmknic <options> [[portgroup]]
Options:
Options:
-a | Add a VMkernel NIC to the system, requires IP parameters and portgroup name. |
-d | Delete VMkernel NIC on given portgroup. |
-e | Enable the given NIC if disabled. |
-D | Disable the given NIC if enabled. |
-l | List VMkernel NICs. |
-i <x.x.x.x> | The IP address for this VMkernel NIC. Setting an IP address requires that the -n option be given in same command. |
-n <x.x.x.x> | The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the -i option be given in the same command. |
-r | Restore VMkernel TCP/IP interfaces from configuration file. (Internal use only) |
-h | Displays command help |
esxcfg-vmknic examples:
Add a VMkernel NIC and set the IP and subnet mask:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0
No comments:
Post a Comment