Networking
Esxcfg-firewall
Esxcfg-nics
Esxcfg-vswitch
Esxcfg-vswif
Esxcfg-route
Esxcfg-vmknic
Storage:
Esxcfg-mpath
Esxcfg-nas
Esxcfg-swisci
Esxcfg-vmhbadevs
General:
Esxcfg-advcfg
Esxcfg-auth
Esxcfg-info
Esxcfg-resgrp
Esxcfg-upgrade
Description: Configures the service console firewall portsSyntax: esxcfg-firewall <options>
Options:
Options:
| -q | Lists current settings |
| -q <service> | Lists settings for the specified service |
| -q incoming|outgoing | Lists settings for non-required incoming/outgoing ports |
| -s | Lists known services |
| -l | Loads current settings |
| -r | Resets all options to defaults |
| -e <service> | Allows specified service through the firewall (enables) |
| -d <service> | Blocks specified service (disables) |
| -o <port, tcp|udp,in|out,name> | Opens a port |
| -c <port, tcp|udp,in|out> | Closes a port previously opened by –o |
| -h | Displays command help |
| -allowincoming | Allow all incoming ports |
| -allowoutgoing | Allow all outgoing ports |
| -blockincoming | Block all non-required incoming ports (default value) |
| -blockoutgoing | Block all non-required outgoing ports (default value) |
Default Services:
| AAMClient | Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045 |
| activeDirectorKerberos | Active Directory Kerberos - outbound TCPs Port 88 and 464 |
| CIMHttpServer | First-party optional service: CIM HTTP Server - inbound TCP Port 5988 |
| CIMHttpsServer | First-party optional service: CIM HTTPS Server - inbound TCP Port 5989 |
| CIMSLP | First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427 |
| commvaultDynamic | Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619 |
| commvaultStatic | Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403 |
| ftpClient | FTP client - outbound TCP Port 21 |
| ftpServer | FTP server - inbound TCP Port 21 |
| kerberos | Kerberos - outbound TCPs Port 88 and 749 |
| LicenseClient | FlexLM license server client - outbound TCP Ports 27000 and 27010 |
| nfsClient | NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535) |
| nisClient | NIS client - outbound TCP and UDP Ports 111 (0 – 65535) |
| ntpClient | NTP client - outbound UDP Port 123 |
| smbClient | SMB client - outbound TCP Ports 137 – 139 and 445 |
| snmpd | SNMP services - inbound TCP Port 161 and outbound TCP Port 162 |
| sshClient | SSH client - outbound TCP Port 22 |
| sshServer | SSH server - inbound TCP Port 22 |
| swISCSIClient | First-party optional service: Software iSCSI client - outbound TCP Port 3260 |
| telnetClient | NTP client - outbound TCP Port 23 |
| TSM | Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500 |
| veritasBackupExec | Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200 |
| veritasNetBackup | Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783 |
| vncServer | VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964 |
| vpxHeartbeats | vpx heartbeats - outbound UDP Port 902 |
Note: You can configure your own services in the file /etc/vmware/firewall/services.xml
esxcfg-firewall examples:
esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
Disable the Samba client connections: # esxcfg-firewall -d smbClient
# esxcfg-firewall -o 514,udp,out,syslogTurn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoingRe-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoingRe-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.Syntax: esxcfg-nics <options> [nic]
Options:
Options:
| -s <speed> | Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter. |
| -d <duplex> | Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter. |
| -a | Set speed and duplex automatically. Requires a NIC parameter. |
| -l | Print the list of NICs and their settings. |
| -r | Restore the NICs configured speed/duplex settings. (Internal use only) |
| -h | Displays command help |
esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
esxcfg-nics -a vmnic2
Esxcfg-vswitch
Esxcfg-vswitch
Description: Creates and updates virtual machine (vswitch) network settings
Syntax: esxcfg-vswitch <options> [vswitch[:ports]]
Options:
Options:
| -a | Add a new virtual switch. |
| -d | Delete the virtual switch. |
| -l | List all the virtual switches. |
| -L <pnic> | Set pnic as an uplink for the vswitch. |
| -U <pnic> | Remove pnic from the uplinks for the vswitch. |
| -p <portgroup> | Specify a portgroup for operation. Use ALL for operation to work on all portgroups |
| -v <vlan id> | Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN. |
| -c | Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise. |
| -A <name> | Add a new portgroup to the virtual switch. |
| -D <name> | Delete the portgroup from the virtual switch. |
| -C <name> | Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise. |
| -r | Restore all virtual switches from the configuration file (Internal use only) |
| -h | Displays command help |
esxcfg-vswitch examples:
Add a pnic (vmnic2) to a vswitch (vswitch1):
esxcfg-vswitch -L vmnic2 vswitch1
Remove a pnic (vmnic3) from a vswitch (vswitch0):
Create a portgroup (VM Network3) on a vswitch (vswitch1):
esxcfg-vswitch -A "VM Network 3" vSwitch1
Syntax: esxcfg-vswif <options> [vswif]
<network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair.
<gateway> is either an IP address or 'default'
Options:
esxcfg-route examples:
esxcfg-vswitch -A "VM Network 3" vSwitch1
Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1):
esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1vSwitch1
Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues.
Syntax: esxcfg-vswif <options> [vswif]
Options:
| -a | Add vswif, requires IP parameters. Automatically enables interface. |
| -d | Delete vswif. |
| -l | List configured vswifs. |
| -e | Enable this vswif interface. |
| -s | Disable this vswif interface. |
| -p | Set the portgroup name of the vswif. |
| -i <x.x.x.x> or DHCP | The IP address for this vswif or specify DHCP to use DHCP for this address. |
| -n <x.x.x.x> | The IP netmask for this vswif. |
| -b <x.x.x.x> | The IP broadcast address for this vswif. (not required if netmask and ip are set) |
| -c | Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise. |
| -D | Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console) |
| -E | Enable all vswif interfaces and bring them up. |
| -r | Restore all vswifs from the configuration file. (Internal use only) |
| -h | Displays command help. |
Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing.
esxcfg-vswif examples:
esxcfg-vswif examples:
Change your Service Console (vswif0) IP and Subnet Mask:
esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0
Add a Service Console (vswif0):
esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0
Esxcfg-route
Description: Sets or retrieves the default VMkernel gateway route
Syntax: esxcfg-route <options> [<network> [<netmask>] <gateway>]
<network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair.
<gateway> is either an IP address or 'default'
Options:
| -a | Add route to the VMkernel, requires network address (or 'default') and gateway IP address. |
| -d | Delete route from the VMkernel, requires network address (or 'default'). |
| -l | List configured routes for the Service Console. |
| -r | Restore route setting to configured values on system start. (Internal use only) |
| -h | Displays command help |
esxcfg-route examples:
Set the VMkernel default gateway route:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0
esxcfg-route 172.20.20.1
Add a route to the VMkernel:
esxcfg-route -a default 255.255.255.0 172.20.20.1
Esxcfg-vmknic
Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSISyntax: esxcfg-vmknic <options> [[portgroup]]
Options:
Options:
| -a | Add a VMkernel NIC to the system, requires IP parameters and portgroup name. |
| -d | Delete VMkernel NIC on given portgroup. |
| -e | Enable the given NIC if disabled. |
| -D | Disable the given NIC if enabled. |
| -l | List VMkernel NICs. |
| -i <x.x.x.x> | The IP address for this VMkernel NIC. Setting an IP address requires that the -n option be given in same command. |
| -n <x.x.x.x> | The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the -i option be given in the same command. |
| -r | Restore VMkernel TCP/IP interfaces from configuration file. (Internal use only) |
| -h | Displays command help |
esxcfg-vmknic examples:
Add a VMkernel NIC and set the IP and subnet mask:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0
No comments:
Post a Comment