Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a)
Configuring the Domain
Downloads: This chapterpdf (PDF - 217.0KB) The complete bookPDF (PDF - 4.4MB) | Feedback

Table of Contents

Configuring the Domain

Information About the Domain

About Layer 3 Control

Guidelines and Limitations

Default Settings

Configuring the Domain

Creating a Domain

Changing to Layer 3 Transport

Changing to Layer 2 Transport

Creating a Port Profile for Layer 3 Control

Creating a Control VLAN

Creating a Packet VLAN

Feature History for the VSM Domain

Configuring the Domain

This chapter describes how to configure the Cisco Nexus 1000V domain, including creating the domain, assigning VLANs, configuring Layer 3 Control, and so forth.

This chapter includes the following topics:

Information About the Domain

You must create a domain name for Cisco Nexus 1000V and then add control and packet VLANs for communication and management. This process is part of the initial setup of the a Cisco Nexus 1000V when installing the software. If you need to create a domain later, you can do so using the setup command or the procedures described in this chapter.

About Layer 3 Control

Layer 3 control, or IP connectivity, is supported between the VSM and VEM for control and packet traffic. With Layer 3 control, a VSM can be Layer 3 accessible and control hosts that reside in a separate Layer 2 network. All hosts controlled by a VSM, however, must still reside in the same Layer 2 network. Since a VSM cannot control a host that is outside of the Layer 2 network it controls, the host on which it resides must be controlled by another VSM.

To implement Layer 3 control, you must make the following configurations:

  • Configure the VSM domain transport mode as Layer 3.

For more information, see the Changing to Layer 3 Transport

  • Configure a port profile using the Creating a Port Profile for Layer 3 Control.
  • Create an VMware kernel NIC interface on each host and apply the Layer 3 control port profile to it. For more information, see your VMware documentation.

Figure 3-1 illustrates the following example of Layer 3 control.

  • VSM0 controls VEM_0_1.
  • VEM_0_1, in turn, hosts VSM1 and VSM2.
  • VSM1 and VSM2 control VEMs in other Layer 2 networks.

Figure 3-1 Example of Layer 3 Control IP Connectivity

 

 

Guidelines and Limitations

The VSM domain has the following configuration guidelines and limitations:

  • UDP port 4785 is required for Layer 3 communication between the VSM and VEM. If you have a firewall in your network, and are configuring Layer 3 control, then make sure UDP port 4785 is open on your upstream switch or firewall device. For more information, see the documentation for your upstream switch or firewall device.
  • In a Layer 2 network, you can switch between the Layer 2 and Layer 3 transport modes, but when you do so, the modules may be out of service briefly.
  • The capability attribute (Layer 3 control) cannot be inherited from the port profile.
  • Different hosts can use different VLANs for Layer 3 control.
  • A port profile used for Layer 3 control must be an access port profile. It cannot be a trunk port profile.
  • We recommend that if you are using the VMware kernel NIC for Layer 3 Control, you do not use it for any other purpose. For example, do not also use the Layer 3 Control VMware kernel NIC for VMotion or NFS mount.
  • Control VLANs, packet VLANs, and management VLANs must be configured as regular VLANs and not as private VLANs.
  • If you have a firewall in your network, ensure that TCP ports 80 and 443 are open for traffic destined to the vCenter Server and TCP port 80 is open for traffic destined to the Cisco Nexus 1000V Virtual Supervisor Module (VSM).

Default Settings

Table 3-1 lists the default settings in the domain configuration.

 

Table 3-1 Domain Defaults

Parameter
Default

Control VLAN (svs-domain)

VLAN 1

Packet VLAN (svs-domain)

VLAN 1

VMware port group name (port-profile)

The name of the port profile

SVS mode (svs-domain)

Layer 2

Switchport mode (port-profile)

Access

State (port-profile)

Disabled

State (VLAN)

Active

Shut state (VLAN)

No shutdown

Configuring the Domain

This section includes the following procedures:

Creating a Domain

Use this procedure to create a domain name for the Cisco Nexus 1000V that identifies the VSM and VEMs; and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when installing the software. If you need to create a domain after initial setup, you can do so using this procedure.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • If two or more VSMs share the same control and/or packet VLAN, the domain helps identify the VEMs managed by each VSM.
  • You are logged in to the CLI in EXEC mode.
  • You must have a unique domain ID for this Cisco Nexus 1000V instance.
  • You must identify the VLANs to be used for control and packet traffic.
  • We recommend using one VLAN for control traffic and a different VLAN for packet traffic.
  • We recommend using a distinct VLAN for each instances of Cisco Nexus 1000V (different domains)
  • The svs mode command in the SVS Domain Configuration mode is not used and has no effect on a configuration.
  • For information about changing a domain ID after adding a second VSM see the Cisco Nexus 1000V High Availability and Redundancy Configuration Guide, Release 4.2(1)SV1(4) .

SUMMARY STEPS

1. config t

2. svs-domain

3. domain id domain-id

4. control vlan vlan-id

5. packet vlan vlan-id

6. exit

7. show svs domain

8. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

n1000v# config t

n1000v(config)#

Places you into CLI Global Configuration mode.

Step 2

svs-domain

 

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you into the SVS Domain Configuration mode.

Step 3

domain id number

 

Example:

n1000v(config-svs-domain)# domain id 100

n1000v(config-svs-domain)#

Creates the domain ID for this Cisco Nexus 1000V instance.

Step 4

control vlan number

 

Example:

n1000v(config-svs-domain)# control vlan 190

n1000v(config-vlan)#

Assigns the control VLAN for this domain.

Step 5

packet vlan number

 

Example:

n1000v(config-vlan)# packet vlan 191

n1000v(config-vlan)#

Assigns the packet VLAN for this domain.

Step 6

show svs domain

 

Example:

n1000v(config-vlan)# show svs domain

Displays the domain configuration.

Step 7

exit

 

Example:

n1000v(config-vlan)# exit

n1000v(config)#

Returns you to CLI Global Configuration mode.

Step 8

copy running-config startup-config

 

Example:

n1000v(config)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

 

Example:
n1000v# config t
n1000v(config)# svs-domain
n1000v(config-svs-domain)# domain id 100
n1000v(config-svs-domain)# control vlan 190
n1000v(config-svs-domain)# packet vlan 191
n1000v(config-vlan)# exit
 
n1000v (config)# show svs domain
SVS domain config:
Domain id: 100
Control vlan: 190
Packet vlan: 191
L2/L3 Aipc mode: L2
L2/L3 Aipc interface: mgmt0
Status: Config push to VC successful.
 
n1000v(config)#
n1000v(config)# copy run start
[########################################] 100%
n1000v(config)#

Changing to Layer 3 Transport

Use this procedure to change the transport mode from Layer 2 to Layer 3 for the VSM domain control and packet traffic.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • You are logged in to the CLI in EXEC mode.
  • This procedure requires you to disable the control and packet VLANs. You cannot change to Layer 3 Control before disabling the control and packet VLANs.
  • You have already configured the Layer 3 interface (mgmt 0 or control 0) and assigned an IP address.
  • When control 0 is used for Layer 3 transport, proxy-arp must be enabled on the control 0 VLAN gateway router.

For information about configuring an interface, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4a) .

SUMMARY STEPS

1. show svs domain

2. config t

3. svs-domain

4. no control vlan

5. no packet vlan

6. show svs domain

7. svs mode L2 | svs mode L3 interface { mgmt0 | control0 }

8. show svs domain

9. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

show svs domain

Example:

n1000v(config)# show svs domain

SVS domain config:

Domain id: 100

Control vlan: 100

Packet vlan: 101

L2/L3 Control mode: L2

L3 control interface: NA

Status: Config push to VC successful.

Displays the existing domain configuration, including control and packet VLAN IDs.

Step 2

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 3

svs-domain

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you in the CLI SVS Domain Configuration mode.

Step 4

no packet vlan

Example:

n1000v(config-svs-domain)# no packet vlan
n1000v(config-svs-domain)#

Removes the packet VLAN configuration.

Step 5

no control vlan

Example:

n1000v(config-svs-domain)# no control vlan
n1000v(config-svs-domain)#

Removes the control VLAN configuration.

Step 6

show svs domain

Example:

n1000v(config)# show svs domain

SVS domain config:
Domain id: 100
Control vlan: 1
Packet vlan: 1
L2/L3 Control mode: L2
L2/L3 Control interface: NA
Status: Config push to VC successful.
switch(config-svs-domain)#
 

Displays the existing domain configuration, with the default control and packet VLAN IDs.

Step 7

svs mode L3 interface { mgmt0 | control0 }

Example:

n1000v(config-svs-domain)# svs mode l3 interface mgmt0

n000v(config-svs-domain)#

Configures Layer 3 transport mode for the VSM domain.

If configuring Layer 3 transport, then you must designate which interface to use; and the interface must already have an IP address configured.

This example shows how to configure Layer 3 transport over the management 0 interface.

Step 8

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 1

Packet vlan: 1

L2/L3 Control mode: L3

L3 control interface: mgmt0

Status: Config push to VC successful.

n1000v(config-svs-domain)#

 

(Optional) Displays the new Layer 3 control mode configuration for this VSM domain.

Step 9

copy running-config startup-config

Example:

n1000v(config-svs-domain)# copy running-config startup-config

[########################################] 100%

n1000v(config-svs-domain)#

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Changing to Layer 2 Transport

Use this procedure to change the transport mode to Layer 2 for the VSM domain control and packet traffic. The transport mode is Layer 2 by default, but if it is changed, you can use this procedure to configure it again as Layer 2.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • You are logged in to the CLI in EXEC mode.
  • This procedure requires you to configure a control VLAN and a packet VLAN. You cannot configure these VLANs if the VSM domain capability is Layer 3 Control. You will first change the capability to Layer 3 Control, and then configure the control VLAN and packet VLAN.

SUMMARY STEPS

1. show svs domain

2. config t

3. svs-domain

4. svs mode L2 | svs mode L3 interface { mgmt0 | control0 }

5. show svs domain

6. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 1

Packet vlan: 1

L2/L3 Control mode: L3

L3 control interface: mgmt0

Status: Config push to VC successful.

n1000v(config-svs-domain)#

 

Displays the existing domain configuration, including control and packet VLAN IDs and the Layer 3 interface configuration.

Step 2

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 3

svs-domain

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you in the CLI SVS Domain Configuration mode.

Step 4

svs mode L2

Example:

n1000v(config-svs-domain)# svs mode l2

n000v(config-svs-domain)#

Configures Layer 2 transport mode for the VSM domain.

Step 5

control vlan vlanID

Example:
n1000v(config-svs-domain)# control vlan 100

Configures the specified VLAN ID as the control VLAN for the VSM domain.

Step 6

packet vlan vlanID

Example:
n1000v(config-svs-domain)# packet vlan 101

Configures the specified VLAN ID as the packet VLAN for the VSM domain.

Step 7

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 100

Packet vlan: 101

L2/L3 Control mode: L2

L3 control interface: NA

Status: Config push to VC successful.

n1000v(config-svs-domain)#

 

(Optional) Displays the new Layer 2 control mode configuration for this VSM domain.

Step 8

copy running-config startup-config

Example:

n1000v(config-svs-domain)# copy running-config startup-config

[########################################] 100%

n1000v(config-svs-domain)#

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Creating a Port Profile for Layer 3 Control

Use this procedure to allow the VSM and VEM to communicate over IP for control and packet traffic.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • You are logged in to the CLI in EXEC mode.
  • The transport mode for the VSM domain has already been configured as Layer 3. For more information, see the Changing to Layer 2 Transport.
  • All VEMs must belong to the same Layer 2 domain.
  • The VEM VM kernel NIC must connect to this Layer 3 control port profile when adding the host to the Cisco Nexus 1000V DVS.
  • Only one VM kernel NIC can be assigned to this Layer 3 control port profile per host.
  • You know the VLAN ID for the VLAN you are adding to this Layer 3 control port profile.

The VLAN must already be created on the Cisco Nexus 1000V.

The VLAN assigned to this Layer 3 control port profile must be a system VLAN.

One of the uplink ports must already have this VLAN in its system VLAN range.

  • The port profile must be an access port profile. It cannot be a trunk port profile. This procedure includes steps to configure the port profile as an access port profile.
  • More than one port profile can be configured as capability L3 control .
  • Different hosts can use different VLANs for Layer 3 control.

SUMMARY STEPS

1. config t

2. port-profile name

3. capability l3control

4. vmware port-group [ name ]

5. switchport mode access

6. switchport access vlan vlanID

7. no shutdown

8. system vlan vlanID

9. state enabled

10. (Optional) show port-profile name

11. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 2

port-profile name

Example:

n1000v(config)# port-profile l3control-150

n1000v(config-port-prof)#

Creates a port profile and places you into Port Profile Configuration mode for the named port profile.

The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Step 3

capability l3control

Example:

n1000v(config-port-prof)# capability l3control

n1000v(config-port-prof)#

Allows the port to be used for IP connectivity.

In vCenter Server, the Layer 3 control port profile must be selected and assigned to the VM kernel NIC physical port.

Step 4

vmware port-group [ name ]

Example:

n1000v(config-port-prof)# vmware port-group

n1000v(config-port-prof)#

Designates the port-profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name. When a vCenter Server connection is established, the port group created in Cisco Nexus 1000V is then distributed to the virtual switch on the vCenter Server.

name: Port group name. If you do not specify a name, then the port group name will be the same as the port profile name. If you want to map the port profile to a different port group name, use the alternate name.

Step 5

switchport mode access ]

Example:

n1000v(config-port-prof)# switchport mode access

n1000v(config-port-prof)#

Designates that the interfaces are switch access ports (the default).

Step 6

switchport access vlan vlanID

Example:

n1000v(config-port-prof)# switchport access vlan 150

n1000v(config-port-prof)#

Assigns the system VLAN ID to the access port for this Layer 3 control port profile.

Step 7

no shutdown

Example:

n1000v(config-port-prof)# no shutdown

n1000v(config-port-prof)#

Administratively enables all ports in the profile.

Step 8

system vlan vlanID

Example:

n1000v(config-port-prof)# system vlan 150

n1000v(config-port-prof)#

Adds the system VLAN to this Layer 3 control port profile.

This ensures that, when the host is added for the first time or rebooted later, the VEM will be able to reach the VSM. One of the uplink ports must have this VLAN in its system VLAN range.

Step 9

state enabled

Example:

n1000v(config-port-prof)# state enabled

n1000v(config-port-prof)#

Enables the Layer 3 control port profile.

The configuration for this port profile is applied to the assigned ports, and the port group is created in the VMware vSwitch on the vCenter Server.

Step 10

show port-profile name name

Example:

n1000v(config-port-prof)# show port-profile name l3control-150

port-profile l3control-150

description:

type: vethernet

status: enabled

capability l3control: yes

pinning control-vlan: 8

pinning packet-vlan: 8

system vlans: 150

port-group: l3control-150

max ports: 32

inherit:

config attributes:

switchport mode access

switchport access vlan 150

no shutdown

evaluated config attributes:

switchport mode access

switchport access vlan 150

no shutdown

assigned interfaces:

 

n1000v(config-port-prof)#

(Optional) Displays the current configuration for the port profile.

Step 11

copy running-config startup-config

Example:

n1000v(config-port-prof)# copy running-config startup-config

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Creating a Control VLAN

Use this procedure to add a control VLAN to the domain.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • You are logged in to the CLI in EXEC mode.
  • If Layer 3 Control is configured on your VSM, you can not create a control VLAN. You must first disable Layer 3 Control.
  • You have already configured and enabled the required switched virtual interface (SVI) using the document, Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4a) The SVI is also called the VLAN interface and provides communication between VLANs.
  • You are familiar with how VLANs are numbered. For more information, see the document,
    Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4) .
  • Newly-created VLANs remain unused until Layer 2 ports are assigned to them.

SUMMARY STEPS

1. config t

2. vlan vlan-id

3. name vlan-name

4. state vlan-state

5. exit

6. show vlan id vlan-id

7. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

n1000v# config t

n1000v(config)#

Places you into CLI Global Configuration mode.

Step 2

vlan 30

 

Example:

n1000v(config)# vlan 30

n1000v(config-vlan)#

Creates VLAN ID 30 for control traffic and places you into CLI VLAN Configuration mode.

Note If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error message.

Step 3

name cp_control

 

Example:

n1000v(config-vlan)# name cp_control

n1000v(config-vlan)#

Adds the descriptive name, cp_control, to this VLAN.

Step 4

state active

 

Example:

n1000v(config-vlan)# state active

n1000v(config-vlan)#

Changes the operational state of the VLAN to active.

Step 5

show vlan id 30

 

Example:

n1000v(config-vlan)# show vlan id 30

Displays the configuration for VLAN ID 30.

Step 6

copy running-config startup-config

 

Example:

n1000v(config-vlan)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Example:
n1000v# config t
n1000v(config)# vlan 30
n1000v(config-vlan)# name cp_control
n1000v(config-vlan)# state active
n1000v(config)# show vlan id 30
 
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
30 cp_control active
 
VLAN Type MTU
---- -----
5 enet 1500
 
Remote SPAN VLAN
----------------
Disabled
 
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
 
n1000v(config)# copy run start
[########################################] 100%
n1000v(config)#
 

Creating a Packet VLAN

Use this procedure to add the packet VLAN to the domain.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

  • You are logged in to the CLI in EXEC mode.
  • You have already configured and enabled the required switched virtual interface (SVI) using the document, Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4a) . The SVI is also called the VLAN interface and provides communication between VLANs.
  • You are familiar with how VLANs are numbered. For more information, see the document,
    Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4) .
  • Newly-created VLANs remain unused until Layer 2 ports are assigned to them.

SUMMARY STEPS

1. config t

2. vlan vlan-id

3. name vlan-name

4. state vlan-state

5. exit

6. show vlan id vlan-id

7. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

n1000v# config t

n1000v(config)#

Places you into CLI Global Configuration mode.

Step 2

vlan 31

 

Example:

n1000v(config)# vlan 31

n1000v(config-vlan)#

Creates VLAN ID 31 for packet traffic and places you into CLI VLAN Configuration mode.

Note If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error message.

Step 3

name cp_packet

 

Example:

n1000v(config-vlan)# name cp_packet

n1000v(config-vlan)#

Adds the descriptive name, cp_packet, to this VLAN.

Step 4

state active

 

Example:

n1000v(config-vlan)# state active

n1000v(config-vlan)#

Changes the operational state of the VLAN to active.

Step 5

show vlan id 31

 

Example:

n1000v(config-vlan)# show vlan id 30

Displays the configuration for VLAN ID 31.

Step 6

exit

 

Example:

n1000v(config-vlan)# exit

n1000v(config)#

Returns you to CLI Global Configuration mode.

Step 7

copy running-config startup-config

 

Example:

n1000v(config)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Example:
n1000v# config t
n1000v(config)# vlan 31
n1000v(config-vlan)# name cp_packet
n1000v(config-vlan)# state active
n1000v(config-vlan)# exit
n1000v(config)# show vlan id 31
 
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
31 cp_packet active
 
VLAN Type MTU
---- -----
5 enet 1500
 
Remote SPAN VLAN
----------------
Disabled
 
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
 
n1000v(config)# copy run start
[########################################] 100%
n1000v(config)#
 

Feature History for the VSM Domain

This section provides the VSM domain feature release history.

 

Feature Name
Releases
Feature Information

Layer 3 Control

4.0(4)SV1(2)

Added the following information:

VSM Domain

4.0(4)SV1(1)

This feature was introduced.