VCDX – Revision Burst Part1

As you may be aware , Cody Bunch and myself have joined forces to create a Brown Bag series for the VCDX exams, the first session concentrated on vNetworking via the Command line – now remember that the current Advanced Admin exam is based on VI3 so no vNDS. below are the commands that we investigated on the first Brown Bag session.

As you may be aware , Cody Bunch and myself have joined forces to create a Brown Bag series for the VCDX exams, the first session concentrated on vNetworking via the Command line – now remember that the current Advanced Admin exam is based on VI3 so no vNDS.  below are the commands that we investigated on the first Brown Bag session.


This command is utilised for configuring the properties of the virtual nics.


This command can give you some very useful pieces of information:

Name:  the device name for the virtual NIC

PCI: The PCI slot that the physical card is located in

Driver: The type of the NIC

Link: Whether or not the network card is up

Speed: Physical speed of the link

Duplex: whether the card can transmit and receive at the same time (Duplex) or is half duplex meaning it is bi-directional but can only send or receive or transmit at any one time

MTU:  the maximum frame size per packet.

Description: Description of the NIC

The command line options for esxcfg-nics are:

esxcfg-nics <options> [nic]

-s|–speed <speed> Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d|–duplex <duplex> Set the duplex of this NIC to one of ‘full’ or ‘half’. Requires a NIC parameter.
-a|–auto Set speed and duplexity automatically.  Requires a NIC parameter.
-l|–list Print the list of NICs and their settings.
-r|–restore Restore the nics configured speed/duplex settings (INTERNAL ONLY)
-h|–help Display this message.


This Command is used to view and set configure the VMkernel ports on virtual Ethernet switches. The VMkernel port is a special type of port group on a virtual Ethernet switch which is used to assign an IP address to the VMkernel, remember the VMkernel only requires an IP address for VMotion, software-initiated iSCSI or NFS access.

To create a VMkernel port at the command line, you need to create your port group first and then enable it as a VMkernel port.

IMPORTANT: A major limitation of this tool is that is does not allow you to enable the VMkernel port for vMotion, to do this you must either use vimsh, PowerCLI, or the VI client for that.


Verify the creation of the port group by issuing the following command

Next create the VMkernel IP address for the vMotion portgroup


now verify the creation of the device, note that the Used port number has incremented by one and the ports assigned to the vMotion Portgroup has also incremented by one.


Issuing the command results in an additional connection to the virtual Ethernet switch, specifically the VMkernel port. The esxcfg-vmknic command has assigned the VMkernel an IP address & the portgroup called VMotion is now explicitly VMkernel port. Let’s now add another VMkernel port, this time for NFS access to our NAS device.


Lets verify the portgroup creation again.


next add the IP address to the vNAS port group


Opps,  remember only one VMkernel per subnet,  so bang goes your flat network :D.  time to add a vLAN id to the group (more on that later)esxcfg-vmknic-8

Next we list the VMkernel ports, then use esxcfg-vmknic to delete one of them and then list them again.


With the release of ESX 3.5, VMware reworked the command and added the ability to set the MTU for VMkernel initiated traffic.

Aside: We should be aware however that currently Jumbo frames is only technically supported for VMotion and not iSCSI or NAS, even though it does work.

IMPORTANT: Jumbo Frames can only be set a VMkernel port creation time.

So, continuing our above example, if we wanted to enable an MTU of 9000 on the port group “vNAS” we would need to do the following:


Notice that as each VMkernel interface is created, an interface name is created of the form vmkx where x is just an incremental value. So you can see as we recreated the “vNAS” VMkernel interface, the interface was named a vmk2, where as previously it was vmk1. This shouldn’t cause you any problems as this seems to just be an internal reference to the interface.

One final note on this utility is about the disable function. If you disable the VMkernel port, you cannot delete it while in this state. If you want to delete a VMkernel port, it must be enabled or the call to delete it is ignored.

The command line options for esxcfg-vmknic are:

esxcfg-vmknic <options> [[<portgroup>]]

-a|–add Add a VMkernel NIC to the system, requires IP parameters and portgroup name.
-d|–del Delete VMkernel NIC on given portgroup.
-e|–enable Enable the given NIC if disabled.
-D|–disable Disable the given NIC if enabled.
-l|–list List VMkernel NICs.
i|–ip <X.X.X.X> – The IP address for this VMkernel NIC. Setting an IP address requires that the – netmask option be given in same command.
-n|–netmask <X.X.X.X> The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the –ip otion be given in the same command.
-r|–restore Restore VMkernel TCP/IP interfaces from Configuration file (FOR INTERNAL USE ONLY).
-h|–help Show this message.


This command is used to set the default gateway for the VMkernel network.

esxcfg-route <options> [<network> [<netmask] <gateway>] | <default gateway>

The <network> option can be specified in 3 ways:

  • As a single argument in <Network>/<Mask> format (ala Cisco Stylie)
  • Or as a <Network> <Netmask> pair.
  • Or as ‘default’

If no options are specified then it will print the default gateway.


Here you can see that currently There is not default route for the VMkernel.

The default gateway can be set directly as :


The command line options for esxcfg-route are:

-a|–add Add route, to the VMkernel, requires <network> (described above) and gateway IP address
-d|–del Delete route from VMkernel. Requires <network> (described above)
-l|–list List configured routes for the VMkernel
-r|–restore Restore route setting to configured values on system start. (INTERNAL USE ONLY)
-h|–help Show this message.


This tool can manage the Ethernet interfaces of the service console.

When we use the esxcfg-vswif tool, we are examining, creating or modifying a service console port.   To see what ports have been created.


If we wanted to add a 2nd service console port, we could use this command. However, all this command will do is turn a regular portgroup into a service console port and bind an IP address to Linux. So in the following command line example, we create a portgroup first, and then we turn it into a service console port with esxcfg-vswif.


So now if we run esxcfg-vswif to list the service console ports, we will be able to see the original service console port as well as our new one we just created. We’ve shown you the graphical representation as well from the VI client so you can compare.


The command line options for esxcfg-vswif are:

esxcfg-vswif <options> [<vswif>]

-a|–add Add vswif, requires IP parameters. Automatically enables interface.
-d|–del Delete vswif.
-l|–list List configured vswifs.
-e|–enable Enable this vswif interface.
-s|–disable Disable this vswif interface.
-p|–portgroup Set the portgroup name of the vswif.
-i|–ip <X.X.X.X> or DHCP The IP address for this vswif or specify DHCP to use DHCP for address.
-n|–netmask <X.X.X.X> The IP netmask for this vswif.
-b|–broadcast <X.X.X.X> The IP broadcast address for this vswif (not required if netmask and ip are set).
-c|–check Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists and is enabled, 0 otherwise.
-D|–disable-all Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console).
-E|–enable-all Enable all vswif interfaces and bring them up.
-A|–autoNet Setup one DHCP vswif per vSwitch.
-r|–restore Restore all vswifs from the configuration file (FOR INTERNAL USE ONLY).
-h|–help Show this message.


Loss of network connectivity may result if invalid parameters are passed to Add, Delete, Portgroup or IP operations.


This command allows you to list, add, modify or delete virtual Ethernet switches on an ESX host. The simplest option with this command is the -l option to list the virtual switches and portgroups defined on the host.


To add another virtual Ethernet switch, we would use esxcfg-vswitch command with the “-a” switch. Note that the -a is specified in lowercase. Take care to ensure you have specified lowercase because uppercase “A” performs a different function with this command. So, lets add a new virtual switch to our ESX host called vSwitch1 and then list the switches to check our command has worked ok.


An alternative method is to use the –add which is inreality use the longer version of -a

esxcfg-vswitch –add vSwitch2

Next lets create a portgroup to the new virtual switches we have created, to do this we use the esxcfg-vswitch -A command.  the syntax for creating a portgroup does not change on the type of port you are creating , be that a service console port, a VM port group or a VMkernel port. It is only after creation the port group that we specify if it is to be anything other than a VM port group.

Next we will add a new portgroup called “Prod_01” on the virtual switch vSwitch1.


Alternatively you could use the following command to add a port group to a virtual switch.

[root@esx1host root]# esxcfg-vswitch –add-pg=”Prod_01″ vSwitch1

Now we have created a new virtual switch and have created a VM port group on it, however, the virtual switch itself does not have any uplinks.  Remember that when we bind a physical network adapter to a virtual switch we are uplinking a vmnic to the switch and the switch then “owns” that adapter, i.e. it is not available to be used by any other virtual switches. We perform the uplink by using the esxcfg-vswitch command with the -L switch for link.


So in one simple command we have linked the physical network adapter vmnic1 to our new virtual Ethernet switch vSwitch1.

To unlink the vmnic just issue the following:


In the above you will notice that we unbound vmnic1 and rebound the switch to vmnic2

VLANs with esxcfg-vswitch

If we wish to do VLAN tagging in the virtual switch (VST), then we can assign a VLAN ID to a port group using the -v switch to this command. All traffic passing through this portgroup will now be tagged (IEEE 802.1q) with the VLAN ID specified as a numeric parameter after the -v switch. This must match the VLAN ID of the network defined in the physical switch topology in the range 1 through 4094. The physical switch port that the traffic uplinks through from ESX will also need to be configured to accept q-tagged traffic for that VLAN. In Cisco terminology this is a trunk port, in HP ProCurve terminology this is a tagged port.


NOTE: If you wanted to do VLAN tagging in the guest operating system itself – called Virtual Guest Tagging (VGT), then you can set the VLAN ID of the port group to 4095, which allows tagged traffic from the guest to pass through the portgroup.
Cisco Discovery Protocol with esxcfg-vswitch

As of ESX 3.5, VMware added Cisco Discovery Protocol (CDP) support for virtual switches. We can view CDP information of the current neighbour of the physical NIC. In the VI Client, we can see this by clicking on the icon to the right side of the vmnic in the network view of the ESX host.

To display the CDP configuration setting for a virtual switch, we use the lowercase b switch, where we will find which of the four CDP modes it is in: disable, listen, advertise or both.


We can change the CDP mode with the -B (uppercase) option. Here we are changing virtual switch called vSwitch0 to support both advertise and listen.


The command line options for esxcfg-vswitch are:

esxcfg-vswitch [options] [vswitch[:ports]]

-a|–add Add a new virtual switch.
-d|–delete Delete the virtual switch.
-l|–list List all the virtual switches.
-L|–link=pnic Set pnic as an uplink for the vswitch.
-U|–unlink=pnic Remove pnic from the uplinks for the vswitch.
-M|–add-pg-uplink Add an uplink to the list of uplinks for a portgroup
-N|–del-pg-uplink Delete an uplink from the list of uplinks for a portgroup
-p|–pg=portgroup Specify a portgroup for operation Use ALL to set VLAN IDs on all portgroups
-v|–vlan=id Set vlan id for portgroup specified by –p 0 would disable the vlan
-c|–check Check to see if a virtual switch exists.  Program outputs a 1 if it exists, 0 otherwise.
-A|–add-pg=name Add a new portgroup to the virtual switch.
-D|–del-pg=name Delete the portgroup from the virtual switch.
-C|–check-pg=name Check to see if a portgroup exists.  Program outputs a 1 if it exists, 0 otherwise.
-B|–set-cdp Set the CDP status for a given virtual switch.  To set pass one of “down”, “listen”, “advertise”, “both”.
-b|–get-cdp Print the current CDP setting for this switch.
-m|–mtu=MTU Set MTU for the vswitch. This affects all the nics attached on the vswitch.
-r|–restore Restore all virtual switches from the configuration file (FOR INTERNAL USE ONLY).
-h|–help Show this message.

One thought on “VCDX – Revision Burst Part1”

Comments are closed.