Friday, July 8, 2011

Esxcfg command

Networking

Esxcfg-firewall
Esxcfg-nics 
Esxcfg-vswitch 
Esxcfg-vswif  
Esxcfg-route
Esxcfg-vmknic

Storage:

Esxcfg-mpath
Esxcfg-nas
Esxcfg-swisci
Esxcfg-vmhbadevs

General:

Esxcfg-advcfg
Esxcfg-auth
Esxcfg-info
Esxcfg-resgrp
Esxcfg-upgrade


Esxcfg-firewall

Description: Configures the service console firewall portsSyntax: esxcfg-firewall <options>

Options:

-qLists current settings
-q <service>Lists settings for the specified service
-q incoming|outgoingLists settings for non-required incoming/outgoing ports
-sLists known services
-lLoads current settings
-rResets all options to defaults
-e <service>Allows specified service through the firewall (enables)
-d <service>Blocks specified service (disables)
-o <port, tcp|udp,in|out,name>Opens a port
-c <port, tcp|udp,in|out>Closes a port previously opened by –o
-hDisplays command help
-allowincomingAllow all incoming ports
-allowoutgoingAllow all outgoing ports
-blockincomingBlock all non-required incoming ports (default value)
-blockoutgoingBlock all non-required outgoing ports (default value)


Default Services:
AAMClientAdded by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045
activeDirectorKerberosActive Directory Kerberos - outbound TCPs Port 88 and 464
CIMHttpServerFirst-party optional service: CIM HTTP Server - inbound TCP Port 5988
CIMHttpsServerFirst-party optional service: CIM HTTPS Server - inbound TCP Port 5989
CIMSLPFirst-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427
commvaultDynamicBackup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619
commvaultStaticBackup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403
ftpClientFTP client - outbound TCP Port 21
ftpServerFTP server - inbound TCP Port 21
kerberosKerberos - outbound TCPs Port 88 and 749
LicenseClientFlexLM license server client - outbound TCP Ports 27000 and 27010
nfsClientNFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535)
nisClientNIS client - outbound TCP and UDP Ports 111 (0 – 65535)
ntpClientNTP client - outbound UDP Port 123
smbClientSMB client - outbound TCP Ports 137 – 139 and 445
snmpdSNMP services - inbound TCP Port 161 and outbound TCP Port 162
sshClientSSH client - outbound TCP Port 22
sshServerSSH server - inbound TCP Port 22
swISCSIClientFirst-party optional service: Software iSCSI client - outbound TCP Port 3260
telnetClientNTP client - outbound TCP Port 23
TSMBackup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500
veritasBackupExecBackup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200
veritasNetBackupBackup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783
vncServerVNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964
vpxHeartbeatsvpx heartbeats - outbound UDP Port 902

Note: You can configure your own services in the file /etc/vmware/firewall/services.xml

esxcfg-firewall examples:
 
Enable ssh client connections from the Service Console:


Disable the Samba client connections: # esxcfg-firewall -d smbClient

# esxcfg-firewall -o 514,udp,out,syslogTurn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoing
Re-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing

Esxcfg-nics

Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.Syntax: esxcfg-nics <options> [nic]

Options:
-s <speed> Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d <duplex> Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter.
-aSet speed and duplex automatically. Requires a NIC parameter.
-lPrint the list of NICs and their settings.
-rRestore the NICs configured speed/duplex settings. (Internal use only)
-hDisplays command help

esxcfg-nics examples:

Set the speed and duplex of a NIC (vmnic2) to 100/Full:

esxcfg-nics -s 100 -d full vmnic2

Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:

esxcfg-nics -a vmnic2

Esxcfg-vswitch

Description: Creates and updates virtual machine (vswitch) network settings

Syntax: esxcfg-vswitch <options> [vswitch[:ports]]

Options:

-a Add a new virtual switch.
-dDelete the virtual switch.
-lList all the virtual switches.
-L <pnic> Set pnic as an uplink for the vswitch.
-U <pnic> Remove pnic from the uplinks for the vswitch.
-p <portgroup>Specify a portgroup for operation. Use ALL for operation to work on all portgroups
-v <vlan id> Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN.
-cCheck to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise.
-A <name> Add a new portgroup to the virtual switch.
-D <name> Delete the portgroup from the virtual switch.
-C <name> Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise.
-rRestore all virtual switches from the configuration file (Internal use only)
-hDisplays command help


esxcfg-vswitch examples:
 
Add a pnic (vmnic2) to a vswitch (vswitch1):


esxcfg-vswitch -L vmnic2 vswitch1

Remove a pnic (vmnic3) from a vswitch (vswitch0):


Create a portgroup (VM Network3) on a vswitch (vswitch1):

esxcfg-vswitch -A "VM Network 3" vSwitch1

Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1):

 
esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1vSwitch1
 
Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues.

Syntax: esxcfg-vswif <options> [vswif]
Options:
-aAdd vswif, requires IP parameters. Automatically enables interface.
-dDelete vswif.
-lList configured vswifs.
-eEnable this vswif interface.
-sDisable this vswif interface.
-pSet the portgroup name of the vswif.
-i <x.x.x.x> or DHCP The IP address for this vswif or specify DHCP to use DHCP for this address.
-n <x.x.x.x> The IP netmask for this vswif.
-b <x.x.x.x> The IP broadcast address for this vswif. (not required if netmask and ip are set)
-cCheck to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise.
-DDisable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console)
-EEnable all vswif interfaces and bring them up.
-rRestore all vswifs from the configuration file. (Internal use only)
-hDisplays command help.

Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing.

esxcfg-vswif examples:

Change your Service Console (vswif0) IP and Subnet Mask:

esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0

Add a Service Console (vswif0):

esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0


Esxcfg-route

Description: Sets or retrieves the default VMkernel gateway route

Syntax: esxcfg-route <options> [<network> [<netmask>] <gateway>]

<network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair.
<gateway> is either an IP address or 'default'

Options:
-aAdd route to the VMkernel, requires network address (or 'default') and gateway IP address.
-dDelete route from the VMkernel, requires network address (or 'default').
-lList configured routes for the Service Console.
-rRestore route setting to configured values on system start. (Internal use only)
-hDisplays command help

esxcfg-route examples:
Set the VMkernel default gateway route:
 
esxcfg-route 172.20.20.1

Add a route to the VMkernel:

esxcfg-route -a default 255.255.255.0 172.20.20.1


Esxcfg-vmknic

Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSISyntax: esxcfg-vmknic <options> [[portgroup]]

Options:

-aAdd a VMkernel NIC to the system, requires IP parameters and portgroup name.
-dDelete VMkernel NIC on given portgroup.
-eEnable the given NIC if disabled.
-DDisable the given NIC if enabled.
-lList VMkernel NICs.
-i <x.x.x.x> The IP address for this VMkernel NIC. Setting an IP address requires that the -n option be given in same command.
-n <x.x.x.x> The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the -i option be given in the same command.
-rRestore VMkernel TCP/IP interfaces from configuration file. (Internal use only)
-hDisplays command help

esxcfg-vmknic examples:

Add a VMkernel NIC and set the IP and subnet mask:


esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0 




 


No comments:

vSphere 8 Security Configuration & Hardening

    The VMware vSphere Security Configuration & Hardening Guide (SCG) has evolved significantly over the past fifteen years, remaining...