NSX CLI Guide

Associated Commands:

CLI Description	Command
Clear all name servers Clear all name servers from the DNS configuration.	clear name-servers
Resets configured password complexity requirements to default Resets configured password complexity requirements to default.	clear password-complexity
Clear search domains Remove all domain names from the DNS search list.	clear search-domains
Disable password expiration for the user Disable password expiration for the user.	clear user <node-username> password-expiration
Disable password expiration warning for the user Disable password expiration warning for the user.	clear user <node-username> password-expiration-warning
Copy a local file to remote file Copy a local file to a remote destination.	copy file <existing-file-arg> url <scp-file-url-arg>
Copy a remote file to the local file store Copy a remote file to the local file store. If no destination file is specified, the copied file has the same file name as the source file. You can use the `file` argument to specify a different destination file name. To specify IPv6 remote addresses, url server should be enclosed between square brackets.	copy url <url> [file <filename>]
Copy a remote https url file with same filename Copy a remote https url file to local file using same filename.	copy url <url> thumbprint <thumbprint> [file <filename>]
Delete local file Delete a local file.	del file <existing-file-or-pattern-arg>
Delete name server Delete the specified name server from the DNS configuration.	del name-server <name-server-arg>
Remove NTP server Remove an existing NTP server.	del ntp-server <hostname-or-ip-address>
Delete a domain name Delete the specified domain name from the DNS search list.	del search-domains <search-domain-arg>
Delete SSH service keys from authorized_keys file for specified user Delete any SSH key with specified label from specified user's authorized_keys file. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.	del user <username> ssh-keys label <key-label> [password <password>]
Get API account lockout period Get the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts.	get auth-policy api lockout-period
Get API account lockout reset period In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero.	get auth-policy api lockout-reset-period
Get API maximum authentication faliures Get the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	get auth-policy api max-auth-failures
Get CLI account lockout period Get the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts.	get auth-policy cli lockout-period
Get CLI maximum authentication faliures Get the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	get auth-policy cli max-auth-failures
Get minimum allowable password length Get the minimum number of characters that passwords must have.	get auth-policy minimum-password-length
List file in the filestore Display information about the specified file in the filestore.	get file <existing-file-arg>
Display file thumbprint Display the file thumbprint.	get file <existing-file-arg> thumbprint
List files in the filestore Display information about the files in the filestore.	get files
Get all name servers Get all name servers in the DNS configuration.	get name-servers
Show NTP associations Display the status of the NTP system. The delay, offset and dispersion values are in seconds.	get ntp-server associations
Show NTP servers Display all NTP servers.	get ntp-servers
Get configured password complexity requirements Get configured password complexity requirements.	get password-complexity
Get all search domains Get all domain names in the DNS search list.	get search-domains
Save support bundle in filestore Display the contents of the tech support bundle. Specify the `file` argument to save the bundle to a file with the specified file name in the file store. This support bundle does not contain core or audit log files. To include those files, specify the `all` argument. Core files contain system information and all information stored in memory at the time of the dump (this may include confidential, sensitive or personal information such as passwords and encryption keys, if they are being processed in memory at that time). If you choose to send the support bundle to VMware, it will be processed in accordance with VMware’s standard processes and policies, to provide you with support, fix problems and improve the product and services.	get support-bundle [file <filename> [log-age <no-of-days>] [all]]
Save support bundle in filestore Saves support bundle to the specified filename in the filestore.	get support-bundle [file <filename>]
Get number of days od details user password expiration details Get number of days the user's password is valid after a password change and number of days before user receives password expiration warning message.	get user <node-username> password-expiration
Get SSH keys from authorized_keys file for specified user Get SSH keys from authorized_keys file for specified user.	get user <node-username> ssh-keys
Get user status for specified non-root user Get user status for specified non-root user.	get user <node-username> status
Set API account lockout period Sets the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts.	set auth-policy api lockout-period <lockout-period-arg>
Set API account lockout reset period In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero.	set auth-policy api lockout-reset-period <lockout-reset-period-arg>
Set API maximum authentication faliures Set the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	set auth-policy api max-auth-failures <auth-failures-arg>
Set CLI account lockout period Sets the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.	set auth-policy cli lockout-period <lockout-period-arg>
Set CLI maximum authentication faliures Set the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	set auth-policy cli max-auth-failures <auth-failures-arg>
Set minimum allowable password length Set the minimum number of characters that passwords must have. The smallest value that can be set is 8.	set auth-policy minimum-password-length <password-length-arg>
Set auth-policy vidm properties Set the vidm's properties.	set auth-policy vidm hostname <hostname-or-ip-address> thumbprint <vidm-host-thumbprint-arg> client-id <vidm-client-id-arg> client-secret <vidm-client-secret-arg> node-hostname <hostname-or-ip-address>
Add name server Add a name server to the DNS configuration.	set name-servers <name-server-arg>
Add NTP server Configure a new NTP server.	set ntp-server <hostname-or-ip-address>
Configure password complexity requirements Configure password complexity requirements. - Minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128 - Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128 - Number of lower case characters (a..z) expected in user password. N > 0, to set maximum credit for having lower case letters in the new password, i.e. this is the maximum number of lower case characaters that are allowed for a new password. N < 0, to set minimum credit for having lower case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 - Number of upper case characters (A..Z) expected in user password. N > 0, to set maximum credit for having upper case letters in the new password, i.e. this is the maximum number of upper case characters that are allowed for a new password. N < 0, to set minimum credit for having upper case letters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 - Number of digits (0..9) expected in user password. N > 0, to set maximum credit for having digits in the new password, i.e. this is the maximum number of digits that are allowed for a new password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 - Number of special characters (!@#$&*..) expected in user password. N > 0, to set maximum credit for having special letters in the new password, i.e. this is the maximum number of sepcial characters that are allowed for a new password. N < 0, to set minimum credit for having special letters in the new password, i.e. this is the minimum number of sepcial characters that must be met for a new password. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 - Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 - Sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ] - Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0	set password-complexity [<complexity-name> <complexity-value>]
Add a domain name Add a domain name to the DNS search list.	set search-domains <search-domain-arg>
Set number of days the user's password is valid after a password change Set number of days the user's password is valid after a password change.	set user <node-username> password-expiration <password-expiration-arg>
Set number of days prior user receives warning message before password expires Set number of days prior user receives warning message before password expires. Set 0 to disable warning messages for password expiry.	set user <node-username> password-expiration-warning <password-expiration-warn-arg>
Set new username for specified non-root user Set new user name for the specified non-root user.	set user <node-username> username <new-node-username>
Set user password Set the password for the specified user. If you do not specify the password on the command line, you will be prompted for it. For details on setting passwords during installation, see the NSX-T Installation Guide.	set user <username> password [<password> [old-password <old-password>]]
Add SSH service key to authorized_keys file for specified user Add SSH service key to authorized_keys file for specified user. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.	set user <username> ssh-keys label <key-label> type <key-type> value <key-value> [password <password>]