ian_mack
Contributor
Contributor

NSX-T dfw central cli vif identification

Jump to solution

Hi all,

We normally don't have access to esxi cli so need to troubleshoot dfw issues from the NSX-T manager central cli.

(All of this assumes I know the vm name)

In NSX-V I would do get cluster, get host, get vm in order to identify the vm nic filter, and then do show dfw host <host-ID filter <filterID> rules

However I can't seem to find an equivalent method in -T without resorting to finding the filter id via the manager gui

I can run get nodes to identify node id's

For example, the command I want to run is

on <node-id> exec get <vif-id> ruleset rules

However I can't see any way of finding the vif-id via cli

I can see it in the gui under Advanced Networking & Security-> Switching->Ports

on <node-id> exec get ports shows vm-name to switch port eg (snipped)

--------------------------------------------------------------------------------------------------------------------------------------------

PortNum     Switch                Client                          DVSPort                         MAC                   Uplink   

==================================================================================================================================

but I cant find out to go from here to vif-id

Any suggestions?

0 Kudos
1 Solution

Accepted Solutions
simonre
Hot Shot
Hot Shot

Hi Ian,

The following command run from a NSX-T manager shows VIF to logical switch port mapping for a particular transport node:

sa-nsxmgr-01> get transport-node a254f45e-5a02-4fb3-b578-2b1d92be0e4c vifs

VIF                                   LogSwitchPort-ID                      TransportNode-ID

ceea176d-76d9-403b-803d-9595c3edce85  327b469a-74f7-4baa-a64a-cdf4a5df047c  a254f45e-5a02-4fb3-b578-2b1d92be0e4c

b6b20f84-99d5-426c-b2e8-10a849b6362c  c16b54e4-a227-4772-a507-8880a1102a4f  a254f45e-5a02-4fb3-b578-2b1d92be0e4c

Cheers

Simon

View solution in original post

0 Kudos
2 Replies
simonre
Hot Shot
Hot Shot

Hi Ian,

The following command run from a NSX-T manager shows VIF to logical switch port mapping for a particular transport node:

sa-nsxmgr-01> get transport-node a254f45e-5a02-4fb3-b578-2b1d92be0e4c vifs

VIF                                   LogSwitchPort-ID                      TransportNode-ID

ceea176d-76d9-403b-803d-9595c3edce85  327b469a-74f7-4baa-a64a-cdf4a5df047c  a254f45e-5a02-4fb3-b578-2b1d92be0e4c

b6b20f84-99d5-426c-b2e8-10a849b6362c  c16b54e4-a227-4772-a507-8880a1102a4f  a254f45e-5a02-4fb3-b578-2b1d92be0e4c

Cheers

Simon

0 Kudos
ian_mack
Contributor
Contributor

Brilliant Simon, thanks

just tried it and got what I wanted.

Ian

0 Kudos