The Cisco Nexus 1000V differentiates between virtual and physical ports on each of the VEMs. Figure 10-1 shows how ports on the Cisco Nexus 1000V switch are bound to physical and virtual Microsoft Hyper-V ports within a VEM.
Figure 10-1 VEM View of Ports
On the virtual side of the switch, three layers of ports are mapped together:
Virtual NICs—There are two types of Virtual NICs. The virtual NIC (vnic) is part of the VM and represents the physical port of the host that is plugged into the switch. Internal NICs are used by the hypervisor for internal purposes. Each type maps to a vEth port within the Cisco Nexus 1000V.
Virtual Ethernet Ports (VEth)—A vEth port is a port on the Cisco Nexus 1000V distributed virtual switch. The Cisco Nexus 1000V has a flat space of vEth ports 0..N. The virtual cable plugs into these vEth ports that are moved to the host that is running the VM.
vEth ports are assigned to port groups.
Local virtual Ethernet ports (lveth)—Each host has a number of local vEth ports. These ports are dynamically selected for vEth ports that are needed on the host.
These local ports do not move and you can address them by the module-port number method.
Each physical NIC is represented by an interface called a vmnic. The vmnic number is allocated during Microsoft Hyper-V installation, or when a new physical NIC is installed, and remains the same for the life of the host.
Each uplink port on the host represents a physical interface. The port acts like an local vEth port, but because physical ports do not move between hosts, the mapping is 1:1 between an uplink port and a vmnic.
Each physical port that is added to the Cisco Nexus 1000V switch appears as a physical Ethernet port, just as it would on a hardware-based switch.
The uplink port concept is handled entirely by the hypervisor and is used to associate port configuration with vmnics. There is no fixed relationship between the uplink number and vmnic number, and the uplink and the vmnic numbers can be different on different hosts and can change throughout the life of the host. On the VSM, the Ethernet interface number, such as ethernet 2/4, is derived from the vmnic number, not the uplink number.
Step 1 View the state of the VLANs associated with the port by entering the show vlan command on the VSM. If the VLAN associated with a port is not active, the port might be down. In this case, you must create the VLAN and activate it.
Step 2 To see the state of the port on the VSM, enter the show interface brief command.
Step 3 Display the ports that are present on the VEM, their local interface indices, VLAN, type (physical or virtual), CBL state, port mode, and port name by entering the module vem module-number execute vemcmd show port command.
The key things to look for in the output are as follows:
State of the port.
Attached device name.
The LTL of the port that you are trying to troubleshoot. It will help you identify the interface quickly in other VEM commands where the interface name is not displayed.
Make sure that the state of the port is up. If not, verify the configuration of the port on the VSM.
Step 4 View the VLANs and their port lists on a particular VEM by entering the module vem module-number execute vemcmd show bd command.
n1000V# module vem 5 execute vemcmd show bd
If you are trying to verify that a port belongs to a particular VLAN, make sure that you see the port name or LTL in the port list of that VLAN.
Verifying a Connection Between VEMs
Step 1 Check if the VLAN associated with the port is created on the VSM by entering the show vlan command.
Step 2 Check if the ports are up in the VSM by entering the show interface brief command.
Step 3 Check if the CBL state of the two ports is set to the value of 1 for forwarding (active) by entering the module vem 3 execute vemcmd show port command on the VEM.
Step 4 Check if the two vEth ports are listed in the flood list of the VLAN to which they are trying to communicate by entering the module vem 3 execute vemcmd show bd command on the VEM.
Step 5 Verify that the uplink switch to which the VEMs are connected is carrying the VLAN to which the ports belong.
Step 6 Find the port on the upstream switch to which the physical NIC (that is supposed to be carrying the VLAN) on the VEM is connected to.
n1000v# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device ID Local Intrfce Hldtme Capability Platform Port ID
swordfish-6k-2 Eth5/2 168 R S I WS-C6506-E Gig1/38
The PNIC (Eth 5/2) is connected to swordfish-6k-2 on port Gig1/38.
Step 7 Log in to the upstream switch and make sure the port is configured to allow the VLAN that you are looking for.
n1000v# show running-config interface gigabitEthernet 1/38
Current configuration : 161 bytes
switchport trunk allowed vlan 1,60-69,231-233
switchport mode trunk
As this output shows, VLANs 1, 60 to 69 and 231 to 233 are allowed on the port. If a particular VLAN is not in the allowed VLAN list, make sure to add it to the allowed VLAN list of the port.
Isolating Traffic Interruptions
Step 1 In the output of the show port-profile name command, verify the following information:
The control and packet VLANs that you configured are present (in the example, these VLANs are 3002 and 3003)
If the physical NIC in your configuration carries the VLAN for VM, that VLAN is also present in the allowed VLAN list.
Microsoft Network Load Balancing (MS-NLB) is a clustering technology offered by Microsoft as part of the Windows server operating systems. Clustering enables a group of independent servers to be managed as a single system for higher availability, easier manageability, and greater scalability.
For more information about MS-NLB, see the following URL:
Note Access to third-party websites identified in this document is provided solely as a courtesy to customers and others. Cisco Systems, Inc. and its affiliates are not in any way responsible or liable for the functioning of any third-party website, or the download, performance, quality, functioning or support of any software program or other item accessed through the website, or any damages, repairs, corrections or costs arising out of any use of the website or any software program or other item accessed through the website. Cisco's End User License Agreement does not apply to the terms and conditions of use of a third-party website or any software program or other item accessed through the website.
Limitations and Restrictions
A syslog is generated if one of the following configurations exists when you try to disable automatic static MAC learning for MS-NLB because they do not support this feature:
Private VLAN (PVLAN) port
Ports configured with unknown unicast flood blocking (UUFB)
Ports configured with a switchport port-security mac-address sticky
Disabling Automatic Static MAC Learning on vEthernet Interfaces
You must disable automatic static MAC learning before you can successfully configure NLB on a vEthernet (vEth) interface.
In interface configuration mode, enter these commands:
switch(config)# interface veth 1
switch(config-if)# no mac auto-static-learn
In port profile configuration mode, enter these commands:
switch(config)# port-profile type vethernet ms-nlb
switch(config-port-prof)# no mac auto-static-learn
Checking the Status on a VSM
If the NLB unicast mode configuration does not function, check the status of the Virtual Supervisor Module (VSM).
Confirm that no mac auto-static-learn is listed in the vEth and/or port profile configurations.
This example shows how to generate the VSM status in the interface configuration mode: