Segmentation CLI Reference
CLI commands for configuring and monitoring segmentation (VPNs).
Segmentation Configuration Commands
Use the following commands to configure segmentation on a vEdge router.
vpn vpn-id bandwidth-downstream kbps (on vEdge routers and vManage NMSs only) bandwidth-upstream kbps (on vEdge routers and vManage NMSs only) dns ip-address [primary | secondary] ecmp-hash-key layer4 (on vEdge routers only) host hostname ip ip-address interface interface-name access-list acl-list (on vEdge routers only) arp ip ip-address mac mac-address arp-timeout seconds (on vEdge routers only) autonegotiate (on vEdge routers only) block-non-source-ip (on vEdge routers only) clear-dont-fragment description text dhcp-helper ip-address (on vEdge routers only) dhcp-server (on vEdge routers only) address-pool prefix/length exclude ip-address lease-time seconds max-leases number offer-time minutes options default-gateway ip-address dns-servers ip-address domain-name domain-name interface-mtu mtu tftp-servers ip-address static-lease mac-address ip ip-address host-name hostname dot1x accounting-interval seconds acct-req-attr attribute-number (integer integer | octet octet | string string) auth-fail-vlan vlan-id auth-order (mab | radius) auth-reject-vlan vlan-id auth-req-attr attribute-number (integer integer | octet octet | string string) control-direction direction das client ip-address port port-number require-timestamp secret-key password time-window seconds vpn vpn-id default-vlan vlan-id guest-vlan vlan-id host-mode (multi-auth | multi-host | single-host) mac-authentication-bypass allow mac-addresses server nas-identifier string nas-ip-address ip-address radius-servers tag reauthentication minutes timeout inactivity minutes wake-on-lan duplex (full | half) flow-control (bidirectional | egress | ingress) (ip address ipv4-refix/length | ip dhcp-client [dhcp-distance number]) (ipv6 address ipv6-refix/length | ipv6 dhcp-client [dhcp-distance number] [dhcp-rapid-commit]) ip address-list prefix/length (on vSmart controller containers only) keepalive seconds retries (on vEdge routers only) mac-address mac-address mtu bytes nat (on vEdge routers only) block-icmp-error direction (inside | outside) [no] overload port-forward port-start port-number1 port-end port-number2 proto (tcp | udp) private-ip-address ip address private-vpn vpn-id refresh (bi-directional | outbound) respond-to-ping static source-ip ip-address1 translate-ip ip-address2 (inside | outside) tcp-timeout minutes udp-timeout minutes pmtu (on vEdge routers only) policer policer-name (on vEdge routers only) ppp (on vEdge routers only) ac-name name authentication (chap | pap) hostname name password password pppoe-client (on vEdge routers only) ppp-interface name profile profile-id (on vEdge routers only) qos-map name (on vEdge routers only) rewrite-rule name (on vEdge routers only) secondary-address ipv4-address (on vEdge routers only) shaping-rate name (on vEdge routers only) [no] shutdown speed speed static-ingress-qos number (on vEdge routers only) tcp-mss-adjust bytes technology technology (on vEdge routers only) tloc-extension interface-name (on vEdge routers only) tunnel-interface allow-service service-name bind geslot/port (on vEdge routers only) carrier carrier-name color color [restrict] connections-limit number encapsulation (gre | ipsec) (on vEdge routers only) preference number weight number hello-interval milliseconds hello-tolerance seconds last-resort-circuit (on vEdge routers only) low-bandwidth-link (on vEdge routers only) max-control-connections number (on vEdge routers only) nat-refresh-interval seconds vbond-as-stun-server (on vEdge routers only) vmanage-connection-preference number (on vEdge routers only) tunnel-destination ip-address (GRE interfaces; on vEdge routers only) (tunnel-source ip-address | tunnel-source-interface interface-name) (GRE interfaces; on vEdge routers only) upgrade-confirm minutes vrrp group-name (on vEdge routers only) priority number timer seconds track-omp ! end vpn interface ip route ip-address/subnet next-hop-address name text omp advertise (aggregate prefix [aggregate-only] | bgp | connected | network prefix | ospf type | static) (on vEdge routers only) router (on vEdge routers only) bgp ... igmp ... multicast-replicator local threshold number ospf ... pim ... service service-name address ip-address (on vEdge routers only)
Segmentation Monitoring Commands
Use the following commands to monitor segmentation:
show bgp commands
show interface commands
show ospf commands
Additional Information
Segmentation (VPN) Overview
Segmentation (VPN) Configuration Examples
Service Chaining