Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV2(1.1)
Configuring System Port Profiles
Downloads: This chapterpdf (PDF - 518.0KB) The complete bookPDF (PDF - 1.65MB) | The complete bookePub (ePub - 492.0KB) | Feedback

Configuring System Port Profiles

Configuring System Port Profiles

This chapter contains the following sections:

Information About System Port Profiles

System port profiles are designed to establish and protect those ports and VLANs which need to be configured before the VEM contacts the VSM.

For this reason, the following ports must use system VLANs:

  • Control and packet VLANs in the uplinks that communicate with the VSM.
  • Management VLAN in the uplinks and VMware kernel NICs used for VMware vCenter server connectivity or SSH or Telnet connections.
  • Storage VLAN used by the VSM for VM file system access in the uplinks and VMware kernel NICs used for iSCSI or network file systems. This is needed only in the host that runs the VSM on the VEM.
  • VSM ports on the VEM must be system ports.

For more information about system port profiles and system VLANs, see the Cisco Nexus 1000V Installation and Upgrade Guide.

For a summary of the default settings used with port profiles, see Default Settings.

Guidelines and Limitations for System Port Profiles

  • System VLANs must be used sparingly and only as described in the Information About System Port Profiles.
  • For maximum system port profiles per host and DVS, see the Port Profile Configuration Limits.
  • In a single ESX host, one VLAN can be a system VLAN on one port but a regular VLAN on another.
  • You cannot delete a system VLAN when the port profile is in use.
  • You can add or delete VLANs that are not system VLANs when the port profile is in use because one or more distributed virtual switch (DVS) ports are carrying that profile.
  • System VLANs can be added to a port profile, even when the port profile is in use.
  • You can only delete a system VLAN from a port profile after removing the port profile from service. This is to prevent accidentally deleting a critical VLAN, such as the management VLAN for a host, or the storage VLAN for the VSM.
  • A system port profile cannot be converted to a port profile that is not a system port profile.
  • The native VLAN on a system port profile can be a system VLAN but it does not have to be.
  • When a system port profile is in use, you can change the native VLAN as follows:
    • From one VLAN that is not a system VLAN to another VLAN that is not a system VLAN.
    • From a VLAN that is not a system VLAN to a system VLAN
    • From one system VLAN to another system VLAN
  • When a system port profile is in use, you cannot change the native VLAN from a system VLAN to a VLAN that is not a system VLAN.
  • Reboots of the ESX can result in an MTU mismatch and failure of the VSM and VEM. If you use an MTU other than 1500 (the default), for example in networks with jumbo frames, then you must configure the MTU in the system port profile so that it is preserved across reboots of the ESX.

Creating a System Port Profile

A system port profile must be of the Ethernet type because it is used for physical ports. This procedure configures the Ethernet type.

Before You Begin
  • You are logged in to the CLI in EXEC mode.
  • The VSM is connected to vCenter Server.
  • You have configured the following:
    • Port admin status is active (no shutdown).
    • Port mode is access or trunk.
    • VLANs that are to be used as system VLANs already exist.
    • VLANs are configured as access VLANs or trunk-allowed VLANs.
  • In an installation where multiple Ethernet port profiles are active on the same VEM, it is recommended that they do not carry the same VLAN(s). The allowed VLAN list should be mutually exclusive. Overlapping VLANs can be configured but may cause duplicate packets to be received by virtual machines in the network.
  • For more information, see the Cisco Nexus 1000V Interface Configuration Guide.
Procedure
      Command or Action Purpose
    Step 1 switch# configure terminal 

    Enters global configuration mode.

     
    Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

    Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

    • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
    • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
      Note   

      If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

    Once a port profile is created, you cannot change its type (Ethernet or vEthernet).

     
    Step 3 switch(config-port-prof)# description profile-description   (Optional)

    Adds a description of up to 80 ASCII characters in length to the port profile. This description is automatically pushed to vCenter Server.

     
    Step 4 switch(config-port-prof)# switchport mode trunk 

    Designates that the interfaces are to be used as a trunking ports.

    A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

     
    Step 5 switch(config-port-prof)# switchport trunk allowed vlan {vlan-id-list | all | none | [add | except | remove {vlan-list}]} 

    Designates the port profile as trunking and defines VLAN access to it as follows:

    • allowed vlan—Defines VLAN IDs that are allowed on the port.
    • add—Lists VLAN IDs to add to the list of those allowed on the port.
    • except—Lists VLAN IDs that are not allowed on the port.
    • remove—Lists VLAN IDs whose access is to be removed from the port.
    • all—Indicates that all VLAN IDs are allowed on the port, unless exceptions are also specified.
    • none—Indicates that no VLAN IDs are allowed on the port.

    If you do not configure allowed VLANs, then the default VLAN 1 is used as the allowed VLAN.

     
    Step 6 switch(config-port-prof)# no shutdown 

    Changes the port to administrative status so that system VLAN can be configured.

    Note    If you do not change the port state, then you will see the following error when you try to configure system VLAN:

    ERROR: Cannot set system vlans. Change port admin status to 'no shutdown' and retry.

     
    Step 7 switch(config-port-prof)# system vlan vlan-id-list  

    Adds system VLANs to this port profile.

     
    Step 8 switch(config-port-prof)# mtu mtu-size  (Optional)

    Designates the MTU size.

    • If you do not set the MTU size here, the default of 1500 is used.
    • Must be an even number between 1500 and 9000.

    The MTU size you set must be less than or equal to the fixed system jumbomtu size of 9000.

    The MTU configured on an interface takes precedence over the MTU configured on a port profile.

    For more information, see the Cisco Nexus 1000V Interface Configuration Guide.

     
    Step 9 switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name]  (Optional)

    Displays the configuration for verification.

     
    Step 10 switch(config-port-prof)# copy running-config startup-config  (Optional)

    Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

     

    This example shows how to create a system port profile:

    switch# configure terminal
    switch(config)# port-profile AccessProf
    switch(config-port-prof)# description “System profile for critical ports”
    switch(config-port-prof)# system vlan 1
    switch(config-port-prof)# show port-profile name AccessProf
    port-profile AccessProf
      description:
      type: vethernet
      status: disabled
      capability l3control: no
      pinning control-vlan: -
      pinning packet-vlan: -
      system vlans: 1
      port-group:
      max ports: 32
      inherit: port-profile xyz
      config attributes:
        switchport mode access
        switchport access vlan 1
        switchport trunk allowed vlan 1-10
        channel-group auto mode on sub-group cdp
        no shutdown
      evaluated config attributes:
        switchport mode access
        switchport access vlan 1
        switchport trunk allowed vlan 1-10
        mtu 1500
        channel-group auto mode on sub-group cdp
        no shutdown
      assigned interfaces:
    switch(config-port-prof)# 

    Deleting System VLANs from a Port

    Before You Begin
    • You are logged in to vCenter Server.
    • The VSM is connected to vCenter Server.
    Procedure
      Step 1   From the vCenter Server, delete the port from the DVS.
      Step 2   Add the port to the vCenter Server with a different or modified port profile.

      Modifying the System VLANs in a Trunk Mode Port Profile

      You can use the following procedures to change the set of system VLANs in a trunk mode port profile without removing all system VLANs.

      Before You Begin
      • You are logged in to the vCenter server.
      • You are logged in to the Cisco Nexus 1000V CLI in EXEC mode.
      • The VSM is connected to the vCenter Server.
      • You know the VLAN ID of a system VLAN in your network. It does not matter which system VLAN it is.
      • You know the VLAN IDs of the system VLANs required for the port profile you are modifying.
      Procedure
        Step 1   From the upstream switch for each VEM that carries this profile, shut off the switch port that carries the control VLAN.
        Step 2   Convert the port profile to an access profile with a system VLAN.

        See Converting a Port Profile to an Access Profile with a System VLAN

        Step 3   Convert the access port profile back to a trunk profile.

        See Converting an Access Port Profile to a Trunk Port Profile

        Step 4   From the upstream switch for each VEM that carries this profile, unshut the switchport that carries the control VLAN.

        The VEMS are reconnected to the VSM.


        Converting a Port Profile to an Access Profile with a System VLAN

        You can use this procedure to change the set of system VLANs in a trunk mode port profile without removing all system VLANs.

        Procedure
            Command or Action Purpose
          Step 1 switch# configure terminal 

          Enters global configuration mode.

           
          Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

          Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

          • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
          • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
            Note   

            If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

           
          Step 3 switch(config-port-prof)# no system vlan  

          Remove the system VLAN from a port profile.

           
          Step 4 switch(config-port-prof)# switchport mode access  

          Sets port mode access.

           
          Step 5 switch(config-port-prof)# switchport access vlan vlan-id  

          Set the access mode of an interface.

           
          Step 6 switch(config-port-prof)# no shutdown 

          Changes the port to administrative status so that system VLAN can be configured.

          Note   

          If you do not change the port state, then you will see the following error when you try to configure system VLAN:ERROR: Cannot set system vlans. Change port admin status to 'no shutdown' and retry.

           
          Step 7 switch(config-port-prof)# system vlan vlan-id-list  

          Adds system VLANs to this port profile.

           

          The trunk port profile is converted to an access port profile with a system VLAN.

          This example shows how to convert a trunk port profile to an access port profile.

          switch# configure terminal
          switch(config)# port-profile Trunk_System_Prof
          switch(config-port-prof)# no system vlan
          switch(config-port-prof)# switchport mode access
          switch(config-port-prof)# switchport access vlan 1
          switch(config-port-prof)# system vlan 300
          switch(config-port-prof)#

          Converting an Access Port Profile to a Trunk Port Profile

          Procedure
              Command or Action Purpose
            Step 1 switch# configure terminal 

            Enters global configuration mode.

             
            Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

            Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

            • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
            • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
              Note   

              If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

             
            Step 3 switch(config-port-prof)# switchport mode trunk 

            Designates that the interfaces are to be used as a trunking ports.

            A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

             
            Step 4 system vlan vlan-id-list
             

            Adds system VLANs to this port profile.

             
            Step 5 switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name]  (Optional)

            Displays the configuration for verification.

             
            Step 6 switch(config-port-prof)# copy running-config startup-config  (Optional)

            Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

             

            This example shows how to convert an access port profile to a trunk port profile.

            switch# config terminal
            switch(config)# port-profile Trunk_System_Prof
            switch(config-port-prof)# switchport mode trunk
            switch(config-port-prof)# system vlan 114,115
            switch(config-port-prof)# show port-profile name Trunk_System_Prof
            port-profile Trunk_System_Prof
              description: 
              type: vethernet
              status: enabled
              capability l3control: no
              pinning control-vlan: -
              pinning packet-vlan: -
              system vlans: 114,115
              port-group: 
              max ports: 32
              inherit: 
              config attributes:
                switchport mode trunk
                switchport trunk allowed vlan all
                no shutdown
              evaluated config attributes:
                switchport mode trunk
                switchport trunk allowed vlan all
                mtu 1500
                no shutdown
              assigned interfaces:
            switch(config-port-prof)# copy running-config startup-config
            

            Modifying System VLANs in an Access Mode Port Profile

            You can use this procedure to change the set of system VLANs in an access port profile without removing all system VLANs.

            Before You Begin
            • You are logged in to vCenter Server.
            • You are logged in to the Cisco Nexus 1000V CLI in EXEC mode.
            • The VSM is connected to vCenter server.
            • You know the VLAN IDs of the system VLANs required for the port profile you are modifying.
            • From the upstream switch for each VEM that carries this profile, shut off the switch port that carries the control VLAN.
            Procedure
                Command or Action Purpose
              Step 1 switch# configure terminal 

              Enters global configuration mode.

               
              Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

              Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

              • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
              • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
                Note   

                If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

               
              Step 3 switch(config-port-prof)# system vlan vlan-id-list  

              Adds system VLANs to this port profile.

               
              Step 4 switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name]  (Optional)

              Displays the configuration for verification.

               
              Step 5 switch(config-port-prof)# copy running-config startup-config  (Optional)

              Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

               

              This example shows how to change the set of system VLANs in an access port profile without removing all system VLANs.

              switch# configure terminal
              switch(config)# port-profile Access_System_Prof
              switch(config-port-prof)# system vlan 114,115
              switch(config-port-prof)# show port-profile name Access_System_prof
              port-profile Access_System_Prof
                description: 
                type: vethernet
                status: enabled
                capability l3control: no
                pinning control-vlan: -
                pinning packet-vlan: -
                system vlans: 114,115
                port-group: 
                max ports: 32
                inherit: 
                config attributes:
                  switchport mode access
                  switchport trunk allowed vlan all
                  no shutdown
                evaluated config attributes:
                  switchport mode access
                  switchport trunk allowed vlan all
                  mtu 1500
                  no shutdown
                assigned interfaces:
              switch(config-port-prof)# copy running-config startup-config
              What to Do Next

              From the upstream switch for each VEM that carries this profile, unshut the switchport that carries the control VLAN.

              Feature History for System Port Profiles

              Feature Name

              Release

              Feature Information

              MTU

              4.2(1)SV1(4)

              The system mtu command is removed and replaced with the mtu command.

              system mtu

              4.0(4)SV1(3)

              The system mtu command allows you to preserve a non-default MTU setting on the PNIC attached to the Cisco Nexus 1000V across reboots of the ESX server.

              System Port Profiles

              4.0(4)SV1(1)

              This feature was introduced.