NSX CLI Guide
Associated Commands:
| CLI Description | Command |
|---|---|
Backup KeyManager dataCreate a backup of an NSX KeyManager node. If you do not provide a passphrase on the command line, you will be prompted to enter one. The passphrase is used to encrypt the backup. If you forget the passphrase, you will not be able to restore the backup. Important: This backup command is one part of the backup
process. You must complete all backup and restore tasks in the
correct order. See the NSX-T Administration
Guide for information and instructions about performing backups
and restores.
|
backup node file <filename> [passphrase <passphrase>]
|
Clear all name serversClear all name servers from the DNS configuration. |
clear name-servers
|
Resets configured password complexity requirements to defaultResets configured password complexity requirements to default. |
clear password-complexity
|
Clear search domainsRemove all domain names from the DNS search list. |
clear search-domains
|
Disable password expiration for the userDisable password expiration for the user. |
clear user <node-username> password-expiration
|
Disable password expiration warning for the userDisable password expiration warning for the user. |
clear user <node-username> password-expiration-warning
|
Copy a local file to remote fileCopy a local file to a remote destination. |
copy file <existing-file-arg> url <scp-file-url-arg>
|
Copy a remote file to the local file storeCopy a remote file to the local file store. If no destination file is specified, the copied file has the same file name as the source file. You can use the file argument to specify a different destination file name.To specify IPv6 remote addresses, url server should be enclosed between square brackets. |
copy url <url> [file <filename>]
|
Copy a remote https url file with same filenameCopy a remote https url file to local file using same filename. |
copy url <url> thumbprint <thumbprint> [file <filename>]
|
Delete local fileDelete a local file. |
del file <existing-file-or-pattern-arg>
|
Delete name serverDelete the specified name server from the DNS configuration. |
del name-server <name-server-arg>
|
Remove NTP serverRemove an existing NTP server. |
del ntp-server <hostname-or-ip-address>
|
Delete a domain nameDelete the specified domain name from the DNS search list. |
del search-domains <search-domain-arg>
|
Delete SSH service keys from authorized_keys file for specified userDelete any SSH key with specified label from specified user's authorized_keys file. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin. |
del user <username> ssh-keys label <key-label> [password <password>]
|
Get API account lockout periodGet the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts. |
get auth-policy api lockout-period
|
Get API account lockout reset periodIn order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero. |
get auth-policy api lockout-reset-period
|
Get API maximum authentication faliuresGet the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
get auth-policy api max-auth-failures
|
Get CLI account lockout periodGet the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. |
get auth-policy cli lockout-period
|
Get CLI maximum authentication faliuresGet the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
get auth-policy cli max-auth-failures
|
Get minimum allowable password lengthGet the minimum number of characters that passwords must have. |
get auth-policy minimum-password-length
|
List file in the filestoreDisplay information about the specified file in the filestore. |
get file <existing-file-arg>
|
Display file thumbprintDisplay the file thumbprint. |
get file <existing-file-arg> thumbprint
|
List files in the filestoreDisplay information about the files in the filestore. |
get files
|
Get all name serversGet all name servers in the DNS configuration. |
get name-servers
|
Display upgrade status of the nodeDisplay upgrade status of the node. |
get node upgrade status
|
Display progress state of last rollback taskDisplay the status of the rollback tasks executed on the node and details of the last rollback task. |
get node-rollback progress-status
|
Show NTP associationsDisplay the status of the NTP system. The delay, offset and dispersion values are in seconds. |
get ntp-server associations
|
Show NTP serversDisplay all NTP servers. |
get ntp-servers
|
Get configured password complexity requirementsGet configured password complexity requirements. |
get password-complexity
|
Get all search domainsGet all domain names in the DNS search list. |
get search-domains
|
Save support bundle in filestoreDisplay the contents of the tech support bundle. Specify the file argument to save the bundle to a file with the specified file name in the file store. This support bundle does not contain core or audit log files. To include those files, specify the all argument. Core files contain system information and all information stored in memory at the time of the dump (this may include confidential, sensitive or personal information such as passwords and encryption keys, if they are being processed in memory at that time). If you choose to send the support bundle to VMware, it will be processed in accordance with VMware’s standard processes and policies, to provide you with support, fix problems and improve the product and services. |
get support-bundle [file <filename> [log-age <no-of-days>] [all]]
|
Save support bundle in filestoreSaves support bundle to the specified filename in the filestore. |
get support-bundle [file <filename>]
|
Display progress status of last upgrade stepDisplay the status of the upgrade steps run on the node and details of last upgrade step. |
get upgrade progress-status
|
Display playbook contentsDisplay the contents of the specified playbook for the specified upgrade bundle. |
get upgrade-bundle <bundle-name-arg> playbook <playbook-file-arg>
|
List all playbooks in the filestoreDisplay all playbooks in the file store. |
get upgrade-bundle playbooks
|
Get number of days od details user password expiration detailsGet number of days the user's password is valid after a password change and number of days before user receives password expiration warning message. |
get user <node-username> password-expiration
|
Get SSH keys from authorized_keys file for specified userGet SSH keys from authorized_keys file for specified user. |
get user <node-username> ssh-keys
|
Get user status for specified non-root userGet user status for specified non-root user. |
get user <node-username> status
|
Get V2T migration configGet V2T migration config. |
get v2t-migration-config
|
Get VMC migration modeGet VMC migration mode status. |
get vmc migration-mode
|
Extract rollback scripts and start rollbackExtract the specified rollback scripts and start rollback. |
node-rollback run-step step1_start_rollback
|
Execute a rollback stepNone |
node-rollback run-step step2_restore_data
|
Execute a rollback stepNone |
node-rollback run-step step3_exit_rollback
|
Restore KeyManager from backed up dataRestore a backup of NSX KeyManager node data. If you do not provide a passphrase on the command line, you will be prompted to enter one. If you cannot remember the passphrase used to create the backup, you will not be able to restore the backup. Important: This restore request is one part of the restore
process. You must complete all backup and restore tasks in the
correct order. See the NSX-T Administration
Guide for information and instructions about performing backups
and restores.
|
restore node file <filename> [passphrase <passphrase>]
|
Execute playbook resume actionResume an upgrade after running the command start upgrade-bundle <bundle-name> playbook <playbook-file> and the system was rebooted. |
resume upgrade-bundle <bundle-name-arg> playbook
|
Set API account lockout periodSets the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts. |
set auth-policy api lockout-period <lockout-period-arg>
|
Set API account lockout reset periodIn order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero. |
set auth-policy api lockout-reset-period <lockout-reset-period-arg>
|
Set API maximum authentication faliuresSet the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
set auth-policy api max-auth-failures <auth-failures-arg>
|
Set CLI account lockout periodSets the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
set auth-policy cli lockout-period <lockout-period-arg>
|
Set CLI maximum authentication faliuresSet the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled. |
set auth-policy cli max-auth-failures <auth-failures-arg>
|
Set minimum allowable password lengthSet the minimum number of characters that passwords must have. The smallest value that can be set is 8. |
set auth-policy minimum-password-length <password-length-arg>
|
Set auth-policy vidm propertiesSet the vidm's properties. |
set auth-policy vidm hostname <hostname-or-ip-address> thumbprint <vidm-host-thumbprint-arg> client-id <vidm-client-id-arg> client-secret <vidm-client-secret-arg> node-hostname <hostname-or-ip-address>
|
Add name serverAdd a name server to the DNS configuration. |
set name-servers <name-server-arg>
|
Add NTP serverConfigure a new NTP server. |
set ntp-server <hostname-or-ip-address>
|
Configure password complexity requirementsConfigure password complexity requirements. - Minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128 - Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128 - Number of lower case characters (a..z) expected in user password. N > 0, to set maximum credit for having lower case letters in the new password, i.e. this is the maximum number of lower case characaters that are allowed for a new password. N < 0, to set minimum credit for having lower case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of upper case characters (A..Z) expected in user password. N > 0, to set maximum credit for having upper case letters in the new password, i.e. this is the maximum number of upper case characters that are allowed for a new password. N < 0, to set minimum credit for having upper case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of digits (0..9) expected in user password. N > 0, to set maximum credit for having digits in the new password, i.e. this is the maximum number of digits that are allowed for a new password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of special characters (!@#$&*..) expected in user password. N > 0, to set maximum credit for having special letters in the new password, i.e. this is the maximum number of sepcial characters that are allowed for a new password. N < 0, to set minimum credit for having special letters in the new password, i.e. this is the minimum number of sepcial characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128- Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ] - Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0 |
set password-complexity [<complexity-name> <complexity-value>]
|
Add a domain nameAdd a domain name to the DNS search list. |
set search-domains <search-domain-arg>
|
Set number of days the user's password is valid after a password changeSet number of days the user's password is valid after a password change. |
set user <node-username> password-expiration <password-expiration-arg>
|
Set number of days prior user receives warning message before password expiresSet number of days prior user receives warning message before password expires. Set 0 to disable warning messages for password expiry. |
set user <node-username> password-expiration-warning <password-expiration-warn-arg>
|
Set new username for specified non-root userSet new user name for the specified non-root user. |
set user <node-username> username <new-node-username>
|
Set user passwordSet the password for the specified user. If you do not specify the password on the command line, you will be prompted for it. For details on setting passwords during installation, see the NSX-T Installation Guide. |
set user <username> password [<password> [old-password <old-password>]]
|
Add SSH service key to authorized_keys file for specified userAdd SSH service key to authorized_keys file for specified user. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin. |
set user <username> ssh-keys label <key-label> type <key-type> value <key-value> [password <password>]
|
Set V2T migration configEnable or disable V2T migration. V2T migration is enabled used during V2T migration. When V2T migration is enabled, Edge will send GARP for DR ports when Edge HA state becomes Active. |
set v2t-migration-config <enabled-arg>
|
Set VMC migration modeEnable or disable VMC migration mode. Migration mode is used during upgrade. When an Edge is in VMC migration mode, VMC config will not be written to nestdb. |
set vmc migration-mode <enabled-arg>
|
Execute a playbook given a valid playbook fileStart an upgrade with the specified upgrade bundle and according to the specified playbook. |
start upgrade-bundle <bundle-name-arg> playbook <playbook-file-arg>
|
VDS Migrate Apply TopologyVDS Migrate Apply Topology |
vds-migrate apply-topology
|
VDS Migrate delete TopologyVDS Migrate delete Topology |
vds-migrate delete-topology
|
VDS Migrate DisableVDS Migrate Disable |
vds-migrate disable-migrate
|
Migrate NVDS to VDS By Cluster IdMigrate NVDS to VDS By Cluster Id |
vds-migrate esxi-cluster-id <cluster-id> [maintenance-timeout <timeout>]
|
Migrate NVDS to VDS By Cluster NameMigrate NVDS to VDS By Cluster Name |
vds-migrate esxi-cluster-name <cluster-name> [maintenance-timeout <timeout>]
|
VDS Migrate PrecheckVDS Migrate Precheck |
vds-migrate precheck
|
VDS Migrate Show TopologyVDS Migrate Show Topology |
vds-migrate show-topology
|
Migrate NVDS to VDS By Tn ListMigrate NVDS to VDS By Tn List |
vds-migrate tn-list <configfile> [maintenance-timeout <timeout>]
|
Verify and extract bundle to default locationVerify and extract the specified upgrade bundle to the default location. |
verify upgrade-bundle <bundle-name-arg>
|