Skip to main content
Viptela is now part of Cisco.
Product Documentation
Viptela Documentation

Segmentation CLI Reference

CLI commands for configuring and monitoring segmentation (VPNs).

Segmentation Configuration Commands

Use the following commands to configure segmentation on a vEdge router.

vpn vpn-id
  bandwidth-downstream kbps (on vEdge routers and vManage NMSs only)
  bandwidth-upstream kbps (on vEdge routers and vManage NMSs only)
  dns ip-address [primary | secondary]
  ecmp-hash-key layer4 (on vEdge routers only)
  ​host hostname ip ip-address  
  interface interface-name    
    access-list acl-list (on vEdge routers only)
      ip ip-address mac mac-address    
    arp-timeout seconds (on vEdge routers only)
    autonegotiate (on vEdge routers only)
    block-non-source-ip (on vEdge routers only)
    dead-peer-detection interval seconds retries number (on vEdge routers only)
    description text 
    dhcp-helper ip-address (on vEdge routers only)
    dhcp-server (on vEdge routers only)
      address-pool prefix/length
      exclude ip-address
      lease-time seconds
      max-leases number
      offer-time minutes
        default-gateway ip-address
        dns-servers ip-address
        domain-name domain-name
        interface-mtu mtu
        tftp-servers ip-address
      static-lease mac-address ip ip-address host-name hostname
      accounting-interval seconds
      acct-req-attr attribute-number (integer integer | octet octet | string string)
      auth-fail-vlan vlan-id
      auth-order (mab | radius)
      auth-reject-vlan vlan-id
      auth-req-attr attribute-number (integer integer | octet octet | string string)
      control-direction direction
        client ip-address
        port port-number
        secret-key password
        time-window seconds
        vpn vpn-id
      default-vlan vlan-id
      guest-vlan vlan-id
      host-mode (multi-auth | multi-host | single-host)
        allow mac-addresses
      nas-identifier string
      nas-ip-address ip-address
      radius-servers tag
      reauthentication minutes
        inactivity minutes
    dead-peer-detection interval time-units retries number (on vEdge routers only)
    ​duplex (full | half) 
    flow-control (bidirectional | egress | ingress)
    ike (on vEdge routers only)
      authentication-type type
        local-id id
        pre-shared-secret password 
        remote-id id
      cipher-suite suite
      group number
      mode mode
      rekey seconds
      version number
    (ip address ipv4-refix/length | ip dhcp-client [dhcp-distance number])
    (ipv6 address ipv6-refix/length | ipv6 dhcp-client [dhcp-distance number] [dhcp-rapid-commit])
    ip address-list prefix/length (on vSmart controller containers only)
    ipsec (on vEdge routers only)
      cipher-suite suite
      perfect-forward-secrecy pfs-setting 
      rekey seconds
      replay-window number
    keepalive seconds retries (on vEdge routers only)
    mac-address mac-address    
    mtu bytes 
    nat (on vEdge routers only)
      direction (inside | outside)
      [no] overload 
      port-forward port-start port-number1 port-end port-number2
        proto (tcp | udp) private-ip-address ip address private-vpn vpn-id
      refresh (bi-directional | outbound)
      static source-ip ip-address1 translate-ip ip-address2 (inside | outside)
      tcp-timeout minutes
      udp-timeout minutes
    pmtu (on vEdge routers only)
    policer policer-name (on vEdge routers only)
    ppp (on vEdge routers only)
      ac-name name
      authentication (chap | pap) hostname name password password 
    pppoe-client (on vEdge routers only)
      ppp-interface name 
    profile profile-id (on vEdge routers only)
    qos-map name (on vEdge routers only)
    rewrite-rule name (on vEdge routers only)
    secondary-address ipv4-address (on vEdge routers only)
    shaping-rate name (on vEdge routers only)
    [no] shutdown
    speed speed 
    static-ingress-qos number (on vEdge routers only)
    tcp-mss-adjust bytes
    technology technology (on vEdge routers only)
    tloc-extension interface-name (on vEdge routers only)
      allow-service service-name
      bind geslot/port (on vEdge routers only)
      carrier carrier-name 
      color color [restrict]
      connections-limit number
      encapsulation (gre | ipsec) (on vEdge routers only)
        preference number     
        weight number
      hello-interval milliseconds
      hello-tolerance seconds
      last-resort-circuit (on vEdge routers only)
      low-bandwidth-link (on vEdge routers only)
      max-control-connections number (on vEdge routers only)
      nat-refresh-interval seconds
      vbond-as-stun-server (on vEdge routers only)
      vmanage-connection-preference number (on vEdge routers only)
    tunnel-destination ip-address (GRE interfaces; on vEdge routers only)
    tunnel-destination (dns-name | ipv4-address) (IPsec interfaces; on vEdge routers only)
    (tunnel-source ip-address | tunnel-source-interface interface-name) (GRE interfaces; on vEdge routers only)
    (tunnel-source ip-address | tunnel-source-interface interface-name) (IPsec interfaces; on vEdge routers only)
    upgrade-confirm minutes
    vrrp group-name (on vEdge routers only)
      priority number
      timer seconds
  ! end vpn interface
  ip route ip-address/subnet next-hop-address
  name text
    advertise (aggregate prefix [aggregate-only] | bgp | connected | network prefix | ospf type | static) (on vEdge routers only)
  router (on vEdge routers only)
    bgp ... 
    igmp ...
    multicast-replicator local
      threshold number 
    ospf ...
    pim ...
  service service-name address ip-address (on vEdge routers only)

Segmentation Monitoring Commands

Use the following commands to monitor segmentation:

show bgp commands
show interface commands
show ospf commands

  • Was this article helpful?