Networking: Esxcfg-firewall Esxcfg-nics Esxcfg-vswitch Esxcfg-vswif Esxcfg-route Esxcfg-vmknic
Storage: Esxcfg-mpath Esxcfg-nas Esxcfg-swisci Esxcfg-vmhbadevs
General: Esxcfg-advcfg Esxcfg-auth Esxcfg-info Esxcfg-resgrp Esxcfg-upgrade
Boot/Diagnostic: Esxcfg-boot Esxcfg-dumppart Esxcfg-init Esxcfg-linuxnet Esxcfg-module
Esxcfg-firewall
Description: Configures the service console firewall ports
Syntax: esxcfg-firewall
Options:
-q Lists current settings
-q
-q incoming
outgoing Lists settings for non-required incoming/outgoing ports
-s Lists known services
-l Loads current settings
-r Resets all options to defaults
-e
-d
-o
udp,in
out,name> Opens a port
-c
udp,in
out> Closes a port previously opened by –o
-h Displays command help
-allowincoming Allow all incoming ports
-allowoutgoing Allow all outgoing ports
-blockincoming Block all non-required incoming ports (default value)
-blockoutgoing Block all non-required outgoing ports (default value)
Default Services:
AAMClient Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045
activeDirectorKerberos Active Directory Kerberos - outbound TCPs Port 88 and 464
CIMHttpServer First-party optional service: CIM HTTP Server - inbound TCP Port 5988
CIMHttpsServer First-party optional service: CIM HTTPS Server - inbound TCP Port 5989
CIMSLP First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427
commvaultDynamic Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619
commvaultStatic Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403
ftpClient FTP client - outbound TCP Port 21
ftpServer FTP server - inbound TCP Port 21
kerberos Kerberos - outbound TCPs Port 88 and 749
LicenseClient FlexLM license server client - outbound TCP Ports 27000 and 27010
nfsClient NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535)
nisClient NIS client - outbound TCP and UDP Ports 111 (0 – 65535)
ntpClient NTP client - outbound UDP Port 123
smbClient SMB client - outbound TCP Ports 137 – 139 and 445
snmpd SNMP services - inbound TCP Port 161 and outbound TCP Port 162
sshClient SSH client - outbound TCP Port 22
sshServer SSH server - inbound TCP Port 22
swISCSIClient First-party optional service: Software iSCSI client - outbound TCP Port 3260
telnetClient NTP client - outbound TCP Port 23
TSM Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500
veritasBackupExec Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200
veritasNetBackup Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783
vncServer VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964
vpxHeartbeats vpx heartbeats - outbound UDP Port 902
Note: You can configure your own services in the file /etc/vmware/firewall/services.xml
esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
# esxcfg-firewall -e sshClient
Disable the Samba client connections:
# esxcfg-firewall -d smbClient
Allow syslog outgoing traffic:
# esxcfg-firewall -o 514,udp,out,syslog
Turn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoing
Re-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
Esxcfg-nics
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.
Syntax: esxcfg-nics
Options:
-s
-d
-a Set speed and duplex automatically. Requires a NIC parameter.
-l Print the list of NICs and their settings.
-r Restore the NICs configured speed/duplex settings. (Internal use only)
-h Displays command help
esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
esxcfg-nics -a vmnic2
esxcfg-vswitch
Description: Creates and updates virtual machine (vswitch) network settings
Syntax: esxcfg-vswitch
Options:
-a Add a new virtual switch.
-d Delete the virtual switch.
-l List all the virtual switches.
-L
-U
-p
-v
-c Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise.
-A
-D
-C
-r Restore all virtual switches from the configuration file (Internal use only)
-h Displays command help
esxcfg-vswitch examples:
Add a pnic (vmnic2) to a vswitch (vswitch1):
esxcfg-vswitch -L vmnic2 vswitch1
Remove a pnic (vmnic3) from a vswitch (vswitch0):
esxcfg-vswitch -U vmnic3 vswitch0
Create a portgroup (VM Network3) on a vswitch (vswitch1):
esxcfg-vswitch -A "VM Network 3" vSwitch1
Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1):
esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1
Esxcfg-vswif
Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues.
Syntax: esxcfg-vswif
Options:
-a Add vswif, requires IP parameters. Automatically enables interface.
-d Delete vswif.
-l List configured vswifs.
-e Enable this vswif interface.
-s Disable this vswif interface.
-p Set the portgroup name of the vswif.
-i
-n
-b
-c Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise.
-D Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console)
-E Enable all vswif interfaces and bring them up.
-r Restore all vswifs from the configuration file. (Internal use only)
-h Displays command help.
Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing.
esxcfg-vswif examples:
Change your Service Console (vswif0) IP and Subnet Mask:
esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0
Add a Service Console (vswif0):
esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0
Esxcfg-route
Description: Sets or retrieves the default VMkernel gateway route
Syntax: esxcfg-route
Options: -a Add route to the VMkernel, requires network address (or 'default') and gateway IP address.
-d Delete route from the VMkernel, requires network address (or 'default').
-l List configured routes for the Service Console.
-r Restore route setting to configured values on system start. (Internal use only)
-h Displays command help
esxcfg-route examples:
Set the VMkernel default gateway route:
esxcfg-route 172.20.20.1
Add a route to the VMkernel:
esxcfg-route -a default 255.255.255.0 172.20.20.1
Esxcfg-vmknic
Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSI
Syntax: esxcfg-vmknic
Options:
-a Add a VMkernel NIC to the system, requires IP parameters and portgroup name.
-d Delete VMkernel NIC on given portgroup.
-e Enable the given NIC if disabled.
-D Disable the given NIC if enabled.
-l List VMkernel NICs.
-i
-n
-r Restore VMkernel TCP/IP interfaces from configuration file. (Internal use only)
-h Displays command help
esxcfg-vmknic examples:
Add a VMkernel NIC and set the IP and subnet mask:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0
No comments:
Post a Comment