Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.0(4)SV1(2)
Configuring System Port Profiles
Downloads: This chapterpdf (PDF - 145.0KB) The complete bookPDF (PDF - 1.83MB) | Feedback

Configuring System Port Profiles

Table Of Contents

Configuring System Port Profiles

Information About System Port Profiles

Guidelines and Limitations for System Port Profiles

Creating a System Port Profile

Deleting System VLANs from a Port

Modifying the System VLANs in a Port Profile

Modifying the System VLANs in a Trunk Mode Port Profile

Modifying System VLANs in an Access Mode Port Profile

Feature History for System Port Profiles


Configuring System Port Profiles


This chapter describes system port profiles and how to configure them.

This chapter includes the following sections:

Information About System Port Profiles

Guidelines and Limitations for System Port Profiles

Creating a System Port Profile

Deleting System VLANs from a Port

Modifying the System VLANs in a Port Profile

Feature History for System Port Profiles

Information About System Port Profiles

System port profiles are designed to establish and protect those ports and VLANs which need to be configured before the VEM contacts the VSM.

For this reason, the following ports must use system VLANs:

Control and packet VLANs in the uplinks that communicate with the VSM.

Management VLAN in the uplinks and VMware kernel NICs used for VMware vCenter server connectivity or SSH or Telnet connections.

Storage VLAN used by the VSM for VM file system access in the uplinks and VMware kernel NICs used for iSCSI or network file systems. This is needed only in the host that runs the VSM on the VEM.

VSM ports on the VEM must be system ports.

For more information about system port profiles and system VLANs, see the Cisco Nexus 1000V Getting Started Guide, Release 4.0(4)SV1(2).

Guidelines and Limitations for System Port Profiles

System port profiles and system VLANs are subject to the following guidelines and limitations:

System VLANs must be used sparingly and only as described in the "Information About System Port Profiles" section.

In a single ESX host, one VLAN can be a system VLAN on one port but a regular VLAN on another.

You cannot delete a system VLAN when the port profile is in use.

You can add or delete VLANs that are not system VLANs when the port profile is in use because one or more distributed virtual switch (DVS) ports are carrying that profile.

System VLANs can be added to a port profile, even when the port profile is in use.

You can only delete a system VLAN from a port profile after removing the port profile from service. This is to prevent accidentally deleting a critical VLAN, such as the management VLAN for a host, or the storage VLAN for the VSM.

A system port profile cannot be converted to a port profile that is not a system port profile.

The native VLAN on a system port profile can be a system VLAN but it does not have to be.

When a system port profile is in use, you can change the native VLAN as follows:

From one VLAN that is not a system VLAN to another VLAN that is not a system VLAN.

From a VLAN that is not a system VLAN to a system VLAN

From one system VLAN to another system VLAN

When a system port profile is in use, you cannot change the native VLAN from a system VLAN to a VLAN that is not a system VLAN.

Creating a System Port Profile

You can use this procedure to configure a system port profile for critical ports.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

The VSM is connected to vCenter server.

You have configured the following:

Port admin status is active (no shutdown).

Port mode is access or trunk.

VLANs that are to be used as system VLANs already exist.

VLANs are configured as access VLANs or trunk-allowed VLANs.

Once a port profile is created, you cannot change its type (Ethernet or vEthernet).

SUMMARY STEPS

1. config t

2. port-profile [type {ethernet | vethernet}] profilename

3. description profiledescription

4. switchport mode trunk

5. switchport trunk allowed vlan vlan-id-list

6. system vlan vlan-id-list

7. show port-profile [brief | expand-interface | usage] [name profilename]

8. copy running-config startup-config

DETAILED STEPS

 
Command
Description

Step 1 

config t


Example:

n1000v# config t

n1000v(config)#

Enters global configuration mode.

Step 2 

port-profile [type {ethernet | vethernet}] name


Example:

n1000v(config)# port-profile AccessProf

n1000v(config-port-prof)#

Enters port profile configuration mode for the named port profile.

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type.

Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).

Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3 

description profiledescription


Example:

n1000v(config-port-prof)# description System profile for critical ports

n1000v(config-port-prof)#

Adds a description of up to 80 ASCII characters to the port profile. This description is automatically pushed to the vCenter Server.

Step 4 

switchport mode trunk


Example:

n1000v(config-port-prof)# switchport mode trunk

n1000v(config-port-prof)#

Designates that the interfaces are to be used as a trunking ports.

A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

Step 5 

switchport trunk allowed vlan vlan-id-list


Example:

n1000v(config-port-prof)# switchport trunk allowed vlan 114,115

n1000v(config-port-prof)#

Designates the port profile as trunking and defines VLAN access to it as follows:

allowed-vlans—Defines VLAN IDs that are allowed on the port.

add—Lists VLAN IDs to add to the list of those allowed on the port.

except—Lists VLAN IDs that are not allowed on the port.

remove—Lists VLAN IDs whose access is to be removed from the port.

all—Indicates that all VLAN IDs are allowed on the port, unless exceptions are also specified.

none—Indicates that no VLAN IDs are allowed on the port.

If you do not configure allowed VLANs, then the default VLAN 1 is used as the allowed VLAN.

Step 6 

system vlan vlan-id-list


Example:

n1000v(config-port-prof)# system vlan 114,115

n1000v(config-port-prof)#

Adds system VLANs to this port profile.

Step 7 

show port-profile [brief | expand-interface | usage] [name profile-name]


Example:

n1000v(config-port-prof)# show port-profile name AccessProf

(Optional) Displays the configuration for verification.

EXAMPLES

This example shows how to create a system port profile:

n1000v# config t
n1000v(config)# port-profile AccessProf

n1000v(config-port-prof)# description "System profile for critical ports"

n1000v(config-port-prof)# system vlan 1
n1000v(config-port-prof)# show port-profile name AccessProf
port-profile AccessProf
  description:
  type: vethernet
  status: disabled
  capability l3control: no
  pinning control-vlan: -
  pinning packet-vlan: -
  system vlans: 1
  port-group:
  max ports: 32
  inherit: port-profile xyz
  config attributes:
    switchport mode access
    switchport access vlan 1
    switchport trunk allowed vlan 1-10
    channel-group auto mode on sub-group cdp
    no shutdown
  evaluated config attributes:
    switchport mode access
    switchport access vlan 1
    switchport trunk allowed vlan 1-10
    channel-group auto mode on sub-group cdp
    no shutdown
  assigned interfaces:

Deleting System VLANs from a Port

You can use this procedure to delete system VLANs from a port from vCenter server.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to vCenter server.

The VSM is connected to vCenter server.

DETAILED STEPS


Step 1 From vCenter server, delete the port from the DVS.

Step 2 Add the port to vCenter with a different or modified port profile.


Modifying the System VLANs in a Port Profile

You can use the following procedures in this section to modify the system VLANs in a port profile without removing all system VLANs.

Modifying the System VLANs in a Trunk Mode Port Profile

Modifying System VLANs in an Access Mode Port Profile

Modifying the System VLANs in a Trunk Mode Port Profile

You can use this procedure to change the set of system VLANs in a trunk mode port profile without removing all system VLANs.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to vCenter server.

You are logged in to the Cisco Nexus 1000V CLI in EXEC mode.

The VSM is connected to vCenter server.

You know the VLAN ID of a system VLAN in your network. It does not matter which system VLAN it is.

You know the VLAN IDs of the system VLANs required for the port profile you are modifying.

DETAILED STEPS


Step 1 From the upstream switch for each VEM that carries this profile, shut off the switchport that carries the control VLAN.

The VEMs are disconnected from the VSM.

Step 2 From the Cisco Nexus 1000V, use the following commands to convert the port profile to an access profile with a system VLAN. It does not matter which system VLAN you use.

config t

port-profile name

no system vlan

switchport mode access

switchport access vlan  vlan-id

system vlan vlan-id

Example:
n1000v# config t
n1000v(config)# port-profile Trunk_System_Prof

n1000v(config-port-prof)# no system vlan

n1000v(config-port-prof)# switchport mode access

n1000v(config-port-prof)# switchport access vlan 1

n1000v(config-port-prof)# system vlan 300

The trunk port profile is converted to an access port profile with a system VLAN.

Step 3 From the Cisco Nexus 1000V, use the following commands to convert the port profile back to a trunk profile with the required system VLAN IDs.

config t

port-profile name

switchport mode trunk

system vlan vlan-id-list

show port-profile [brief | expand-interface | usage] [name profile-name]

copy running-config startup-config

Example:
n1000v# config t
n1000v(config)# port-profile Trunk_System_Prof
n1000v(config-port-prof)# switchport mode trunk
n1000v(config-port-prof)# system vlan 114,115
n1000v(config-port-prof)# show port-profile name Trunk_System_Prof
port-profile Trunk_System_Prof
  description: 
  type: vethernet
  status: enabled
  capability l3control: no
  pinning control-vlan: -
  pinning packet-vlan: -
  system vlans: 114,115
  port-group: 
  max ports: 32
  inherit: 
  config attributes:
    switchport mode trunk
    switchport trunk allowed vlan all
    no shutdown
  evaluated config attributes:
    switchport mode trunk
    switchport trunk allowed vlan all
    no shutdown
  assigned interfaces:
n1000v(config-port-prof)# copy running-config startup-config

The port profile is changed back to a trunk profile with the required system VLANs, and the changes are saved in the running configuration.

Step 4 From the upstream switch for each VEM that carries this profile, unshut the switchport that carries the control VLAN.

The VEMs are reconnected to the VSM.


Modifying System VLANs in an Access Mode Port Profile

You can use this procedure to change the set of system VLANs in an access port profile without removing all system VLANs.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to vCenter server.

You are logged in to the Cisco Nexus 1000V CLI in EXEC mode.

The VSM is connected to vCenter server.

You know the VLAN IDs of the system VLANs required for the port profile you are modifying.

DETAILED STEPS


Step 1 From the upstream switch for each VEM that carries this profile, shut off the switchport that carries the control VLAN.

The VEMs are disconnected from the VSM.

Step 2 From the Cisco Nexus 1000V, use the following commands to configure a new list of system VLANs in the port profile.

config t

port-profile name

system vlan vlan-id-list

show port-profile name profile-name]

copy running-config startup-config

Example:
n1000v# config t
n1000v(config)# port-profile Access_System_Prof

n1000v(config-port-prof)# system vlan 114,115

n1000v(config-port-prof)# show port-profile name Access_System_prof
port-profile Access_System_Prof
  description: 
  type: vethernet
  status: enabled
  capability l3control: no
  pinning control-vlan: -
  pinning packet-vlan: -
  system vlans: 114,115
  port-group: 
  max ports: 32
  inherit: 
  config attributes:
    switchport mode access
    switchport trunk allowed vlan all
    no shutdown
  evaluated config attributes:
    switchport mode access
    switchport trunk allowed vlan all
    no shutdown
  assigned interfaces:

n1000v(config-port-prof)# copy running-config startup-config

The list of system VLANs is changed and saved in the running configuration.

Step 3 From the upstream switch for each VEM that carries this profile, unshut the switchport that carries the control VLAN.

The VEMs are reconnected to the VSM.


Feature History for System Port Profiles

This section provides the feature history for system port profiles.

Feature Name
Releases
Feature Information

System Port Profiles

4.0(4)SV1(1)

This feature was introduced.