esxcfg commands



query or configure the advanced configuration.


‘-g’ get information from the advanced configuration

‘-s’ sets values


esxcfg-advcfg -g /Misc/HostName

returns the hostname


esxcfg-advcfg -s 32 /NFS/MaxVolumes

change number of nfs exports (from default of 8) to maximum value of 32


esxcfg-info -o

returns list of configurable advanced options


Usage: esxcfg-advcfg [options] [adv cfg Path]
-g|–get Get the value of the config option
-s|–set Set the value of the config option
-d|–default Reset Config option to default
-q|–quiet Suppress output
-k|–set-kernel Set a VMkernel load time option value.
-j|–get-kernel Get a VMkernel load time option value.
-h|–help Show this message.
-r|–restore Restore all advanced options from the configuration file. (FOR INTERNAL USE ONLY).



Control the ESX host firewall. Open a port or allow a service to communicate through the firewall




esxcfg-firewall -q

returns all ESX firewall settings


esxcfg-firewall -e nfsClient

enables the nfsClient to communicate through the firewall


esxcfg-firewall -d nfsClient

disables the nfsClient. stops the client from communicating through the firewall


esxcfg-firewall -o port,protocol,direction,name

open a port in the firewall
example: esxcfg-firewall -o 3315,tcp,out,MySQLClient


List of services that can be controlled:



Usage: esxcfg-firewall [options]
-q Lists current settings
-q [service] Lists settings for the specified service
-q incoming|outgoing Lists settings for non-required incoming/outgoing ports
-s Lists known services
-l Loads current settings
-u Unloads current settings
-r Resets all options to defaults
-e [service] Allows specified service through the firewall (enables)
-d [service] Blocks specified service (disables)
-o [port, tcp|udp,in|out,name] Opens a port
-c [port, tcp|udp,in|out] Closes a port previously opened by –o
-h Displays command help
-allowincoming Allow all incoming ports
-allowoutgoing Allow all outgoing ports
-blockincoming Block all non-required incoming ports (default value)
-blockoutgoing Block all non-required outgoing ports (default value)



list or set options for the VMKernel modules and drivers




esxcfg-module -l
return a list of modules and attributes


output from esxcfg-module -l
Module Type Enabled Loaded
vmkapimod vmkapimod true true
vmklinux linux true true
cciss.o scsi true false
tg3.o nic true false
qla2300_7xx.o fc true false


esxcfg-module -s ql2xmaxqdepth=128 qla2300_707_vmw
Sets ‘maxqdepth’ of qLogic hba (from default value 32) to 128

esxcfg-module -s “lpfc0_lun_queue_depth=128 lpfc1_lun_queue_depth=128 lpfc2_lun_queue_depth=128 lpfc3_lun_queue_depth=128"



perform an hba rescan (vmkfstools -rescan).


esxcfg-rescan vmhba32


Usage: esxcfg-rescan [vmkernel SCSI adapter name]



list, create, modify or delete virtual switches


virtual switch examples:


esxcfg-vswitch -a vSwitch1

create virtual switch, 'vSwitch1'


esxcfg-vswitch -d vSwitch1

delete the virtual switch vSwitch1


port group examples:


esxcfg-vswitch -A “Prod” vSwitch1

create 'Prod' portgroup on 'vSwitch1'


esxcfg-vswitch -D “Prod” vSwitch1

delete portgroup 'Prod' from vSwitch1


vmnic examples:


esxcfg-vswitch -L vmnic1 vSwitch1

add vmnic1 to vSwitch1 (link)


esxcfg-vswitch -U vmnic1 vSwitch1

remove vmnic1 from vSwitch1 (unlink)


VLAN example:


esxcfg-vswitch -v 3322 Prod vSwitch1

set vlan3322 for portgroup Prod on vSwitch


Usage: esxcfg-vswitch [options] [vswitch[:ports]]
-a Add a new virtual switch.
-d Delete the virtual switch.
-l List all the virtual switches.
-L [pnic] Set pnic as an uplink for the vswitch.
-U [pnic] Remove pnic from the uplinks for the vswitch.
-p [portgroup] Specify a portgroup for operation. Use ALL for operation to work on all portgroups
-v [vlan id] Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN.
-c Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise.
-A [name] Add a new portgroup to the virtual switch.
-D [name] Delete the portgroup from the virtual switch.
-C [name] Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise.
-r Restore all virtual switches from the configuration file (Internal use only)
-h Displays command help



configure the service console user authentication.




esxcfg-auth –enabled – –

bind AD domain '' and AD DC ''


esxcfg-auth –maxpassdays=42 –minpassdays=2 –passwwarnage=28

set password policy for service console user




display information



esxcfg-info >/tmp/esxinfo_[date].txt

save info to a file


esxcfg-info -s

filter information, using the -s (storage) option

other options are:

r resource
s storage
n network
y system
w hardware
o advanced options


manage multi-pathing for storage

esxcfg-mpath -l

show storage paths


Disk vmhba0:0:0 /dev/cciss/c0d0 (69459MB) has 1 paths and policy of Fixed
Local 2:1.0 vmhba0:0:0 On active preferred

Disk vmhba1:0:0 (0MB) has 1 paths and policy of Most Recently Used
FC 10:1.0 210000e08b846a72<->5006016930221397 vmhba1:0:0 On active preferred

Disk vmhba1:0:6 /dev/sda (9216MB) has 1 paths and policy of Most Recently Used
FC 10:1.0 210000e08b846a72<->5006016930221397 vmhba1:0:6 On active preferred

Disk vmhba1:0:21 /dev/sdb (10240MB) has 1 paths and policy of Most Recently Used
FC 10:1.0 210000e08b846a72<->5006016930221397 vmhba1:0:21 On active preferred



This command will be used to create, manage and delete ressource groups.

Usage: esxcfg-resgrp [options] [ResGrp Path]
-l –list List all resource groups on the ESX Server currently under the specified path.
-a –add resgrp_name Add a new resource group to the resource hierarchy with the given name. The new resource group will be added under the specification path.
-d –delete Delete a resource group (and all subgroups), given the name of the resource group to delete.
-r –restore Restore resource groups from persistent storage. This should be used only on system startup and should not be used by users.
-h –help Print a help message for this command.

e.g.: create a ressource group
esxcfg-resgrp –add=new_group /host/user

e.g.: delete a ressource group
esxcfg-resgrp –delete /host/user/new_group


This command will show you the virtual storage name (vmhba notation) and the linux storage name.
vmhba0:0:0 /dev/sda
vmhba0:0:1 /dev/sdb
vmhba0:0:2 /dev/sdc
vmhba0:0:3 /dev/sdd
vmhba2:0:0 /dev/sde
vmhba2:1:0 /dev/sdf

If you use the option ‘-m’ only the vmfs volumes will be listed in output. In this case the hexadecimal storage name will also be listed in output.
esxcfg-hbadevs -m
vmhba0:0:0:1 /dev/sda1 45407607-fbc43ced-94cb-00145e231ce3
vmhba0:0:2:1 /dev/sdc1 455b08a8-8af7fee3-daa9-00145e231e35
vmhba2:0:0:3 /dev/sde3 4559c75f-831d8f3e-bc81-00145e231e35

This volumes are mounted to /vmfs/volumes

Usage: esxcfg-vmhbadevs [options]
Print the mappings between vmhba names and /dev names
-m|–vmfs Print mappings for VMFS volumes to their Service Console partitions and vmhba names.
-q|–query Print mapping in 2.5 compatibility mode to mimic vmkpcidivy -q vmhba_devs.
-h|–help Show this message.


This command will be used to configure the grub bootloader options. With the option ‘-q’ you can query the boot options. Additionally you have to specifiy which boot informations you will have, add ‘boot’ for informations about the bootimage or ‘vmkmod’ for informations about the modules to loaded when booting an ESX server system.
e.g.: esxcfg-boot -q boot
800 2:;7:;10:; UUID=847199e4-d3c7-11da-8ef8-930e3d734c03 /vmlinuz-2.4.21-37.0.2.ELvmnix /initrd-2.4.21-37.0.2.ELvmnix.img

e.g.: esxcfg-boot -q vmkmod
vmkapimod vmkapimod
vmklinux linux
cciss.o scsi
tg3.o nic
qla2300_7xx.o fc

If you change some settings by using the esxcfg-module command you finally have to do a rebuild of the linux boot image. This rebuild will be initiated by using the command ‘esxcfg-boot -b’.

Usage: esxcfg-boot [option]
-q|–query boot|vmkmod
-d|–rootdev UUID=[uuid]
-a|–kernelappend [kernel append]
-h|–help Show this message.




This command will be used to manage NFS mounts connected to the VMKernel interface. You can mount NFS exports, query and umount mounted exports.

e.g.: mount a NFS share (Attention: the export has to be a root export):
esxcfg-nas -a -o -s /vm_export vm_NFS01
‘-o’ defines the NFS server
‘-s’ defines the NFS root export
vm_NFS01 name of the mountpoint at the ESX host
Connecting to NAS volume: vm_NFS01
vm_NFS01 created and connected.

e.g.: list the mounted NFS mounts:
esxcfg-nas -l
vm_NFS01 is /NFS from mounted

e.g.: deletition of NFS mounts (Attention: deletition is only possible when the volume is in a non-busy state):
esxcfg-nas -d vm_NFS01

To successfully mount a NFS export there must be a completely configured VMKernel interface (portgroup). This interface could also be configured on command line by using the esxcfg-vmknic command.

Usage: esxcfg-nas [options] [label]
-a|–add Add a new NAS filesystem to /vmfs volumes. Requires –host and –share options.
-o|–host [host] Set the host name or ip address for a NAS mount.
-s|–share [share] Set the name of the NAS share on the remote system.
-d|–delete Unmount and delete a filesystem.
-l|–list List the currently mounted NAS file systems.
-r|–restore Restore all NAS mounts from the configuration file. (FOR INTERNAL USE ONLY).
-h|–help Show this message.


This command will be used to configure, list or delete the VMKernel network gateway. Additionally you could add further static routes for your VMKernel interface.

e.g.: list the actual VMKernel routing configuration:
esxcfg-route -l
VMkernel Routes:
Network Netmask Gateway Local Subnet

e.g.: add an additional route:
esxcfg-route -a
Adding static route to VMkernel
esxcfg-route -l Local Subnet

e.g.: deletition of a static route:
esxcfg-route -d
Deleting static route from VMkernel

Usage: esxcfg-route [options] [network [netmask] gateway]
can be specified in 2 ways:
* As a single argument in [Network]/[Mask] format
* Or as a [Network] [Netmask] pair.
[gateway] is either an IP address or ‘default’
-a|–add Add route, to the VMkernel, requires network address (or default) and gateway IP address
-d|–del Delete route from VMkernel. Requires network address (or “default”)
-l|–list List configured routes for the service console
-r|–restore Restore route setting to configured values on system start. (INTERNAL USE ONLY)
-h|–help Show this message.


This command will be used to create, configure and delete a VMKernel port. A VMKernel port is a special kind of portgroups which will assign (fixed IP configured in VMKernel properties) an ip address to the connected uplink adapter.
The VMKernel port needs a fixed ip address for vmotion, software based iscsi connection and nfs export mounts.

To be able to create a VMKernel port there must be a portgroup at first. The VMKernel port will be assigned to this portgroup during creation and this step ‘convert’ the portgroup to a VMKernel portgroup. To enable VMotion on command line you have to use the command vimsh or do the configuration in the virtual infrastructure client (VI).
create a VMKernel port:
1. create a portgroup: esxcfg-vswitch -A VMotion vSwitch1
2. create the VMKernel port: esxcfg-vmknic -a -i -n VMotion
3. add the default gateway for VMK: esxcfg-route -a default

To connect NFS export to your ESX host you could create an additional VMKernel port without problems. This makes sense if you plan to place your virtual machine files on NFS and (like recommended) this NFS network will be a dedicated one. In this scenario it makes sense to create the VMKernel port with the ‘-m’ option to enable Jumbo Frames (Jumbo Frames must also be enabled on physical switches and the storage subsystem (NFS server) as well!)
create a VMKernel port with Jumbo Frames enabled:
1. create a portgroup: esxcfg-vswitch -A VMKernel_NFS
2. create a VMKernel port with JF enabled: esxcfg-vmknic -a -n -m 9000 VMKernel_NFS

The dedicated NFS network should not be routet, that’s why the configuration of a gateway would make no sense. (but it’s possible).

esxcfg-vmknic -l
Interface Port Group IP Address Netmask Broadcast MAC Address MTU Enabled
vmk1 VMotion 00:50:56:63:ba:e6 1500 true
vmk2 VMKernel_NFS 00:50:56:63:ba:f6 9000 true

deletition of a VMKernel port (port have to be in state ‘enabled’):
esxcfg-vmknic -d [VMKernel Interface Name]

Enable VMotion per command line:
vimsh -n -e “/hostsvc/vmotion/vnic_set [portgroup]”

Usage: esxcfg-vmknic [options] [[portgroup]]
-a|–add Add a VMkernel NIC to the system, requires IP parameters and portgroup name.
-d|–del Delete VMkernel NIC on given portgroup.
-e|–enable Enable the given NIC if disabled.
-D|–disable Disable the given NIC if enabled.
-l|–list List VMkernel NICs.
-i|–ip [X.X.X.X] The IP address for this VMkernel NIC. Setting an IP address requires that the –netmask option be given in same command.
-m set MTU size
-n|–netmask [X.X.X.X] The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the –ip option be given in the same command.
-r|–restore Restore VMkernel TCP/IP interfaces from Configuration file (FOR INTERNAL USE ONLY).
-h|–help Show this message.


This command will be used to configure the VMKernel dump partition. To find out where the dump partition is located you have to use the ‘-l’ option:
esxcfg-dumppart -l
VM Kernel Name Console Name Is Active Is Configured
vmhba0:0:0:7 /dev/cciss/c0d0p7 yes yes

Usage: esxcfg-dumppart [options] [partition]
-l|–list List the partitions available for Dump Partitions. WARNING: This will scan all LUNs on the system.
-t|–get-active Get the active Dump Partition for this system, returns the internal name of the partition vmhbaX:X:X:X) or ‘none’.
-c|–get-config Get the configured Dump Partition for this system, returns the internal name of the partition vmhbaX:X:X:X) or ‘none’.
-s|–set Set the Dump Partition for this system and activate it, either vmhbaX:X:X:X or ‘none’ to deactivate the active dump partition.
-f|–find Find usable Dump partitions and list in order of preference.
-S|–smart-activate Activate the configured dump partition or find the first appropriate partition and use it(same order as -f).
-a|–activate Activate the configured dump partition.
-d|–deactivate Deactivate the active dump partition.
-h|–help Show this message.


This command will be used to replicate the service console network interface ip to the eth0 interface in troubleshooting mode. Because the VMKernel won’t be loaded in troubleshooting mode. The needed drivers and configuration will be provided by linux. In this scenario the service console netwrk interface won’t be named as vswif but as eth0 (linux standard).

Usage: esxcfg-linuxnet [option]
The –setup option could not be combined with the –remove option.


This command will be used to configure the speed and the duplex mode of the physical network interfaces. Additionally you could list the vmnics.
e.g.: list all vmnics:
esxcfg-nics -l
Name PCI Driver Link Speed Duplex Description
vmnic0 01:01.00 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5703 Gigabit Ethernet
vmnic2 01:02.00 tg3 Up 100Mbps Full Broadcom Corporation NC7781 Gigabit Server Adapter (PCI-X, 10,100,1000-T)
vmnic1 04:02.00 tg3 Up 1000Mbps Full Broadcom Corporation NC7781 Gigabit Server Adapter (PCI-X, 10,100,1000-T)

Here you can see that the physical to virtual network interface assignment is dynamic.

Usage: esxcfg-nics [options] [nic]
-s|–speed [speed] Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d|–duplex [duplex] Set the duplex of this NIC to one of ‘full’ or ‘half’. Requires a NIC parameter.
-a|–auto Set speed and duplexity automatically. Requires a NIC parameter.
-l|–list Print the list of NICs and their settings.
-r|–restore Restore the nics configured speed/duplex settings (INTERNAL ONLY)
-h|–help Display this message.


VMWare ESX 3.x supports software initiated iSCSI as well as hardware initiated iSCSI via an iSCSI HBA. When using a hardware based solution (iSCSI HBA) the VMKernel will discharged. The iSCSI handling is done by the HBA, the VMKernel only needs to send the SCSI commands to the HBA. So, in relation to software based iSCSI, the hosts CPU will be discharged and could be used for the virtual servers running on the host. This variant is even more expensive because the additional needed hardware HBA.

To configure software based iSCSI you have to do some more steps:
1. add a VMKernel port to a vSwitch connected to the iSCSI network
2. be sure the service console network interface has a connection to the iSCSI target
3. open port TCP 3260 (iSCSI) in the ESX firewall
4. activate iSCSI per ‘esxcfg-swiscsi -e’
5. activate the ‘Discovery’ address per ‘vmkiscsi-tool -D -a vmhba32′
6. list the discovered targets by using ‘vmkiscsi-tool -T -1 vmhba32′
7. do a rescan on vmhba32 by using ‘esxcfg-rescan vmhba32′
8. list the iSCSI LUNS by using ‘vmkiscsi-tool -L -1 vmhba32′

To force that all changes will be displayed in VI client immediately you have to restart the management agent running on host system by using ‘service mgmt-vmware restart’. While the restart is done the connection between host and VI client will be disconnected.

Usage: esxcfg-swiscsi [options]
-e|–enable Enable sw iscsi
-d|–disable Disable sw iscsi
-q|–query Check if sw iscsi is on/off
-s|–scan Scan for disk available through sw iscsi interface
-k|–kill Try to forcibly remove iscsi sw stack
-r|–restore Restore sw iscsi configuration from file (FOR INTERNAL USE ONLY)
-h|–help Show this message


This command will be used to create, manage and delete a service console network interface ‘vswif’. While the first installation of an ESX host a default service console is created and configured. The configuration has to be done manually or by silent installation script ;-)

e.g.: creation of a service console interface (a portgroup has to exist prior to vswif creation):
(esxcfg-vswitch -A “Service Console Backup” vSwitch1)
esxcfg-vswif -a -i -n -p “Service Console Backup” vSwitch1

e.g.: list hte service console interfaces:
esxcfg-vswif -l
Name Port Group IP Address Netmask Broadcast Enabled DHCP
vswif0 Service Console true false
vswif1 Service Console Backup true false

e.g.: activate Jumbo Frames (per vSwitch):
esxcfg-vswitch -m 9000 vSwitch1

e.g.: delete a service console interface:
esxcfg-vswif -d vswif1

Usage: esxcfg-vswif [options] [vswif]
-a Add vswif, requires IP parameters. Automatically enables interface.
-d Delete vswif.
-l List configured vswifs.
-e Enable this vswif interface.
-s Disable this vswif interface.
-p Set the portgroup name of the vswif.
-i [x.x.x.x] or DHCP The IP address for this vswif or specify DHCP to use DHCP for this address.
-n [x.x.x.x] The IP netmask for this vswif.
-b [x.x.x.x] The IP broadcast address for this vswif. (not required if netmask and ip are set)
-c Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise.
-D Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console)
-E Enable all vswif interfaces and bring them up.
-r Restore all vswifs from the configuration file. (Internal use only)
-h Displays command help.