Posts from 2020-11-25

NSX-T - useful CLI commands at one place

In this article I will try to summarize most useful CLI commands inside NSX-T environment, which I personally favorize, so you can quickly make observations/troubleshooting decisions, hopefully in an easy manner with relevant outputs. Now, NSX-T environment and support for CLI comes with many options - many GETs / SETs CLI commands etc. with included option also for Central CLI (more on very nice post at this LINK) - but here I'm going to put most interesting one, from my perspective, and for sure this list is going to be expanded:

- PING test using TEP interface

vmkping ++netstack=vxlan <IP> [vmkping ++netstack=vxlan -d -s 1572 <destination IP>] - example with sending packet with MTU=1572 w/o fragmentation

- Enable firewall logging for rules configured inside NSX-T

esxcli network firewall ruleset set -r syslog -e true - enable firewall SYSLOG generation inside ESXi transport node

tail -f /var/log/dfwpktlogs.log | grep <expression> - check distributed firewall LOGs inside ESXi, with expression included if needed

- PACKET capturing session configuration

get interfaces - find out interesting interface UUID where packet capturing process should start (T0 SR, TEPs...)

set capture session <interface UUID> file test.pcap - basic capture session configuration

set capture session <interface UUID> file test.pcap expression port 179 - filtering only for BGP interesting traffic

set capture session <interface UUID> file test.pcap expression host <interesting IP> - filtering for specific IP during capture session

/var/vmware/nsx/file-store/ - generated *.pcap file location

- T0 running-config in "IOS style" presentation

set debug

get service router running-config

- Edge node ADMIN - ROOT shell change inside session

st en - followed by the ROOT password