vflow-mgmt-show

This command is used to display the management flow details for the configured vFlows.

Syntax   vflow-mgmt-show

name name-string

The flow name.

scope local|fabric

The scope for the flow.

Specify any of the following options:

vnet vnet-name

The virtual network (vNET) for the flow.

bd bridge-domain name

The bridge domain for the vFlow.

vlan 0..4095

The VLAN identifier for the flow. The value ranges between 0-4095.

inner-vlan 0..4095

The inner VLAN ID of the QinQ frame.

in-port port-list

The ingress (input) port for the flow.

out-port port-list

The egress (output) port for the flow.

ether-type ipv4|arp|wake|rarp|vlan|ipv6|lacp|mpls-uni|mpls-multi|jumbo|   dot1X|aoe|qinq|lldp|macsec|ecp|ptp|fcoe|fcoe-init|qinq-old

The EtherType for the flow.

src-mac mac-address

The source MAC address for the flow .

src-mac-mask mac-address

The source MAC address wildcard mask for the flow.

dst-mac mac-address

The destination MAC address for the flow.

dst-mac-mask mac-address

The destination MAC address wildcard mask for the flow.

src-ip ip-address

The source IP address for the flow.

src-ip-mask ip-address

The source IP address wildcard mask for the flow.

dst-ip ip-address

The destination IP address for the flow.

dst-ip-mask ip-address

The destination IP address wildcard mask for the flow.

src-port src-port-number

The Layer 3 protocol source port for the flow.

src-port-end src-port-end-number

The ending port for a range of source ports.

src-port-mask src-port-mask-number 

The source port mask.

dst-port dst-port-number

The Layer 3 protocol destination port for the flow.

dst-port-end dst-port-end-number 

The ending port for a range of destination ports.

dst-port-mask dst-port-mask-number

The destination port mask.

dscp-start number

The starting DSCP number. This is a value between 0, and 63.

dscp-end number

The ending DSCP number. This is a value between 0, and 63.

dscp dscp-number

The 6-bit Differentiated Services Code Point (DSCP) of the flow.

dscp-map dscp-map name|none

The DSCP map to apply on the flow. Please reapply if map priorities are updated.

tos-start tos-start-number

The starting ToS number.

tos-end tos-end-number

The ending ToS number.

tos tos-number 

The Type of Service (ToS) number for the flow.

dropped|no-dropped

Specify if the vFlow matches a dropped packet or forwards the packet.

vlan-pri number

The priority for the VLAN. This is a value between 0 (lowest), and 7 (highest).

inner-vlan-pri number

The priority for the inner VLAN. This is a value between 0 (lowest), and 7 (highest).

internal-pri 0..7

The internal priority as a  value between 0, and 7.

vrf vrf-name

The name of the VRF.

ttl ttl-number

The time to live in seconds.

proto tcp|udp|icmp|igmp|ip|icmpv6

The Layer 3 protocol for the flow.

tcp-flags fin|syn|rst|push|ack|urg|ece|cwr

The TCP flags to filter a vFlow.

flow-class vflow-class name

The vflow class.

ingress-tunnel tunnel-name

The name of the ingress tunnel.

egress-tunnel tunnel name

The name of the egress tunnel.

bw-min bw-min-number

The minimum bandwidth in Gbps for the vFlow. This is a range from 0 to 40Gbps.

bw-max bw-max-number

The maximum bandwidth in Gbps for the vFlow. This is a range from 0 to 40Gbps.

burst-size auto

The burst size. This parameter auto-calculates the burst size based on the maximum bandwidth settings for the vFlow. You can also configure a burst-size number between 256B through 128MB.

vrouter-name vrouter name

The vRouter name if you are configuring Policy-based Routing (PBR). You should not use this parameter unless you are configuring PBR.

precedence default|0..15

The traffic priority for the flow (between 0, and 15)

action none|drop|to-port|to-cpu|trap|copy-to-cpu|copy-to-port|setvlan|add-outer-vlan|set-tpid|to-port-set-vlan|to-span|set-metadata|set-dscp|set-dmac|to-next-hop-ip|set-dmac-to-port|to-ports-and-cpu|set-vlan-pri|set-smac|drop-cancel-trap|to-ecmp-group|redirect-to-vrouter|strip-outer-vlan|cancel-switch-to-cpu

The forwarding action to apply to the flow.

action-value number

An optional value argument for the forwarding action above (for example, a switch port number to forward the packet to). This is a value between 1, and 64.

action-set-mac-value mac-address

MAC address to apply the action.

action-to-next-hop-ip-value ip-address

The next-hop IP address for packet redirection.

action-to-ecmp-group-value static-ecmp-group group-name

The ECMP group for packet redirection.

action-to-ports-value port-list

Port list to apply the action.

mirror mirror-name

The name of the mirror configuration.

process-mirror|no-process-mirror

Process mirrored traffic for the vFlow.

packet-log-max packet-log-max-number

The maximum packet count for log rotation in the flow.

log-stats|no-log-stats

Log packet statistics for the flow

stats-interval seconds

The interval to update packet statistics for the log (in seconds). This is a value between 1, and 604800.

dur dur-number

The minimum duration required for the flow to be captured (in seconds).

metadata metadata-number

Metadata number for the flow.

transient|no-transient

Capture transient flows.

vxlan vxlan-name

The name of the VXLAN.

vxlan-ether-type ipv4|arp|wake|rarp|vlan|ipv6|lacp|mpls-uni|mpls-multi|   jumbo|dot1X|aoe|qinq|lldp|macsec|ecp|ptp|fcoe|fcoe-init|qinq-old

The type of VXLAN.

from-tunnel-decap|no-from-tunnel-decap

Include tunnel terminated VXLAN packets.

stp-state Disabled|Discarding|Learning|Forwarding packet-res l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast

The STP state.

packet-res l2-unicast|l2-unknown-unicast|l2-multicast|l2-unknown-multicast|l2-broadcast

The packet resolution in ASIC.

fwding-type vlan|vxlan|vle

The ASIC forwarding type.

set-src ip-address

The source IP address of IPv4 packets.

set-dst ip-address

The destination IP address of IPv4 packets.

set-src-port set-src-port-number

The source port of IPv4 packets.

set-dst-port set-dst-port-number

The destination port of IPv4 packets.

src-vpg vpg-name

The source vPG name for Network Packet Broker (NPB) configuration.

dst-vpg vpg-name

The destination vPG name for Network Packet Broker (NPB) configuration.

bidir-vpg-1 vpg name

The name of the first bidirectional vPG for NPB configuration.

bidir-vpg-2 vpg name

The name of the second bidirectional vPG for NPB configuration.

transparency enable|disable

Transparency for protocol packets

udf-name1 udf name

The User-Defined Field name.

udf-data1 udf-data1-number

The User-Defined Field data.

udf-data1-mask udf-data1-mask-number

The mask for the User-Defined Field data.

udf-name2 udf name

The User-Defined Field name.

udf-data2 udf-data2-number

The User-Defined Field data.

udf-data2-mask udf-data2-mask-number

The mask for the User-Defined Field data.

udf-name3 udf name

The User-Defined Field name.

udf-data3 udf-data3-number

The User-Defined Field data.

udf-data3-mask udf-data3-mask-number

The mask for the User-Defined Field data.

enable|no-enable

Enable or disable flows in hardware.

table-name vflow-table name

Table name from the following list:

  • Egress-Table-1-0
  • System-L1-L4-Tun-1-0
  • System-VCAP-table-1-0
  • VCAP-IPv6-table-1-0


The following actions are supported for this parameter:

  • InnerVlan
  • OuterVlan
  • Dscp
  • Vxlan
  • Drop
  • VlanPri

flow-cb default-cb|arp-cb|bcast-cb|igmp-cb|pim-cb|dhcp-cb|dhcpv6-cb|dmac-miss-cb|l2-miss-cb|no-cb

CPU to process, vFlow callback function.

cpu-class cpu-class name

The CPU class name.

description description-string

The vFlow description.

if mgmt|data

The administrative service interface.

phy-dst-port phy-dst-port-number


The packet destination port for the vFlow.


Defaults   None.

Access   CLI

History   

Version 1.2

Command introduced.

Version 2.1

The parameter type is deprecated. The option cluster for scope is deprecated. The option meter for action is deprecated. The parameters mirror|no mirror, and process-mirror|no-process-mirror added.

Version 2.2.3

The parameters dscp-start, dscp-end, tos-start, tos-end, vlan-pri, and ttl added.

Version 2.2.5

The parameters set-dscp|to-ports-and-cpu|set-vlan-pri| set-dmac|set-dmac-to-port, action-set-mac-value, and action-to-ports-value added. The parameter mirror added. The parameter mirror|no-mirror changed to process-mirror|no-process-mirror.

Version 2.3

The parameters set-src, set-dst, set-src-port, and set-dst-port added.

Version 2.3.1

The parameter table added.

Version 2.4

The parameter type, and stats deprecated. The parameters src-port-mask, and dst-port-mask added. The action to-port-set-nat| is deprecated. The parameter log-stats added.

Version 2.5.3

The parameter tcp-flags added. The fields UDF-, and enable|disable added.

Version 2.5.4

The parameter burst-size auto has added functionality. User can configure a burst-size number between 256B through 128MB.

Version 2.6.0

The parameter table-name added.

Version 2.6.2

The parameter dscp-map and cpu-class added.

Version 3.0.0

The parameter dropped|no-dropped added.

Version 5.0.0

The parameter  if mgmt|data added.

Version 5.1.0

The parameter packet-res added.

Version 5.2.0

The parameters src-port-end, and dst-port-end added

Version 6.0.0

The parameter vrf added.

Version 6.0.1

The parameters src-vpg, and dst-vpg added.

Version 6.1.0

The parameters inner-vlan, inner-vlan-pri, dst-vpg-1, dst-vpg-2, transparency, flow-cb, phy-dst-port added.

Version 7.0.0

The option strip-outer-vlan added to parameter action.

Version 7.0.1

The options check, tunnel-pkt, cpu, set-tunnel-id, cpu-rx, cpu-rx-tx, decap, tcp-seq-offset, tcp-ack-offset, and l3-to-cpu-switch for parameter action are deprecated. 

The parameter vxlan-proto is deprecated. 


Usage   Each fabric, cluster, standalone switch, or virtual network can track application flow statistics. This command displays information about vFlow configured on the switch.


Examples  To display the configured vFlow rules from the IPTables, use the command: 

CLI (network-admin@spine1) > vflow-mgmt-show


name                          scope type    src-ip      dst-port proto burst-size precedence action from-tunnel-decap transparency enable if

----------------------------- ----- ------- ----------- -------- ----- ---------- ---------- ------ ----------------- ------------ ------ ---- 

mgmt-access1                  local iptable 10.13.36.22 22       tcp   auto       default    drop   none              disable      enable mgmt

implicitv4_drop_tcp_22_vmgmt0 local iptable             22       tcp              18         drop                                  enable mgmt

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south