You can use the NSX Command Line Interface (CLI) to do some L2 VPN troubleshooting.


L2 VPN is not working as expected.


  1. Use the following central CLI command to see configuration issues:

    show edge <edgeID> configuration l2vpn.

    For example, show edge edge-1 configuration l2vpn.

  2. Use the following commands on both the client and server edge:
    • show configuration l2vpn - Check the four following key values to verify the server.

    • show service l2vpn bridge - The number of interfaces depends on the number of L2 VPN clients. In below output, a single L2 VPN client (na1) is configured. Port1 refers to vNic_2. The MAC address of 02:50:56:56:44:52 has been learned on the vNic_2 interface, and is not local to the edge ( L2 VPN server). Row 3 in the following example refers to na1 interface.

    • show service l2vpn trunk table

    • show service l2vpn conversion table - In the following example, an Ethernet frame which arrives on tunnel #1 will have its VLAN ID #1 converted to VXLAN with a VLAN # of 5001 before the packet is passed to the VDS.

    • show process monitor - Identify if the l2vpn (server) and naclientd (client) processes are running.

    • show service network-connections - Identify if the l2vpn (server) and naclientd (client) processes are listening on port 443.