The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to create virtual device contexts (VDCs) on Cisco NX-OS devices.
This chapter includes the following sections:
•Information About Creating VDCs
•Licensing Requirements for VDCs
•Prerequisites for Creating VDCs
•Guidelines and Limitations for VDCs
•Default Settings for Creating VDCs
•Verifying the VDC Configuration
•Configuration Example for Ethernet VDC Creation and Initialization
•Configuration Examples for Default and Nondefault VDCs
•Additional References for Creating VDCs
•Feature History for Creating VDCs
In Cisco NX-OS, only a user with the network-admin role can create VDCs.
Beginning with the Cisco NX-OS Release 5.2(1), you can run Fibre Channel over Ethernet (FCoE) on the Cisco Nexus 7000 Series devices. You must create a storage VDC to run FCoE. The storage VDC cannot be the default VDC. You can have one storage VDC on the device. See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on configuring FCoE.
Beginning with Cisco NX-OS Release 6.2(2), Supervisor 2e module supports the new Cisco Nexus 7718 switch and the Cisco Nexus 7710 switch. These switches supports F2e line cards only. For more information, see the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.
This section includes the following topics:
Beginning with Cisco NX-OS Release 5.2(1), you can run FCoE on the Cisco Nexus 7000 Series devices. You must create a separate storage VDC when you run FCoE on the device. Only one of the VDCs can be a storage VDC, and the default VDC cannot be configured as a storage VDC.
You allocate specified FCoE VLANs to the storage VDC as well as specified interfaces. See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on configuring FCoE.
You can configure shared interfaces that carry both Ethernet and Fibre Channel traffic. In this specific case, the same interface belongs to more than one VDC. The shared interface is allocated to both an Ethernet and a storage VDC.
The high-availability (HA) policies for a VDC defines the action that the Cisco NX-OS software takes when an unrecoverable VDC fault occurs.
You can specify the HA policies for single supervisor module or dual supervisor module configurations when you create the VDC. The HA policy options are as follows:
•Single supervisor module configuration:
–Bringdown—Puts the VDC in the failed state.
–Reload— Reloads the supervisor module.
–Restart—Takes down the VDC processes and interfaces and restarts them using the startup configuration.
•Dual supervisor module configuration:
–Bringdown—Puts the VDC in the failed state.
–Restart—Takes down the VDC processes and interfaces and restarts them using the startup configuration.
–Switchover— Initiates a supervisor module switchover.
The default HA policies for a nondefault VDC that you create is restart for a single supervisor module configuration and switchover for a dual supervisor module configuration. The default HA policy for the default VDC is reload for a single supervisor module configuration and switchover for a dual supervisor module configuration.
For information about changing the HA policies after you create a VDC, see Chapter 5 "Managing VDCs."
Note See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on allocating interfaces for storage VDCs and FCoE.
The only physical resources that you can allocate to a VDC are the physical interfaces. You can assign an interface to only one VDC, except in the specific case of shared interfaces that carry both Fibre Channel and Ethernet traffic. You allocate a shared interface to both an Ethernet VDC and to the storage VDC. When you move an interface from one VDC to another VDC, the interface loses its configuration.
When you first create a VDC, you can specifically allocate interfaces to it. All interfaces initially reside in the default VDC (VDC 1). After you allocate the interfaces to a VDC, you can only view and configure them from that specific VDC. You can also remove interfaces from a VDC by moving them back to the default VDC.
Note Beginning with Cisco NX-OS Release 5.2(1) for Nexus 7000 Series devices, all members of a port group are automatically allocated to the VDC when you allocate an interface.
You must be aware of the hardware architecture of your platform when allocating interfaces to a VDC. You can allocate the interfaces on your physical device in any combination. See Table 4-1 and Table 4-2 for the port numbering for the port groups.
Beginning with Cisco NX-OS Release 6.1, the following M2 Series modules are supported on Cisco Nexus 7000 Series platforms:
•24-port 10G (N7K-M224XP-23L)
•6-port 40G (N7K-M206FQ-23L)
•2-port 100G (N7K-M202-CF-22L)
Note There is no port group restriction on M2 Series modules. Any port in M2 Series modules can be placed in any VDC.
You must allocate the interfaces on your physical device in the specified combination on the Cisco Nexus 7000 Series 32-port, 10-Gbps Ethernet module N7K-F132XP-15. This module has 16 port groups that consist of 2 ports each. You must assign the specified port pairs in the same VDC. Table 4-2 shows the port numbering for the port groups.
You must allocate the interfaces on your physical device in the specified combination on the Cisco Nexus 7000 Series 48-port, 10-Gbps Ethernet modules N7K-F248XP-25[E] and N7K-F248XT-25[E]. These modules have 12 port groups that consist of 4 ports each. You must assign all four ports in a port group to the same VDC. Table 4-3 shows the port numbering for the port groups.
For more information about port groups on the Cisco Nexus 7000 Series 32-port, 10-Gbps Ethernet modules, see the Cisco Nexus 7000 Series Hardware Installation and Reference Guide. For information about changing the interface allocation after you create a VDC, see Chapter 5 "Managing VDCs."
The Cisco NX-OS software provides a virtual management (mgmt 0) interface for out-of-band management of each VDC. You can configure this interface with a separate IP address that is accessed through the physical mgmt 0 interface. You also use one of the Ethernet interfaces on the physical device for in-band management. For more information about management connections, see the "VDC Management Connections" section.
A new VDC is similar to a new physical device. You must set the VDC admin user account password and perform the basic configuration to establish connectivity to the VDC.
Without a license, the following restrictions will prevent you from creating additional VDCs:
•Only the default VDC can exist and no other VDC can be created.
•On all supported Supervisor modules, if you enable the default VDC as an admin VDC, you can only enable one nondefault VDC.
The following table shows the licensing requirements for VDCs:
Table 4-4 Licensing Requirements for VDC
VDC creation has the following prerequisites:
•You are logged on to the default or admin VDC with a username that has the network-admin user role.
•The Advance Services Package License and/or the VDC license is installed for the additional VDCs.
•You have a name for the VDC.
•You have resources available on the physical device to allocate to the VDCs.
VDCs have the following configuration guidelines and limitations:
•Standard VDCs cannot share interfaces, VLANs, Virtual Routing and Forwarding (VRF) tables, or port channels.
•Only users with the network-admin role can create VDCs.
•The following guidelines and limitations apply to the switchto vdc command:
– Only users with the network-admin or network-operator role can use the switchto vdc command. No other users are permitted to use it.
– No user can grant permission to another role to use the switchto vdc command.
–After a network-admin uses the switchto vdc command, this user becomes a vdc-admin for the new VDC. Similarly, after a network-operator uses the switchto vdc command, this user becomes a vdc-operator for the new VDC. Any other roles associated with the user are not valid after the switchto vdc command is entered.
–After a network-admin or network-operator uses the switchto vdc command, this user cannot use this command to switch to another VDC. The only option is to use the switchback command to return to the original VDC.
•Cisco NX-OS Release 6.2.2 introduced a separate F2e Series VDC type which must be entered to enable F2e Series support. In Cisco NX-OS Release 6.1, the F2 VDC type supports both F2 and F2e Series modules.
•F2 Series modules can exist with F2e Series modules in the same VDC. F2 Series modules cannot exist with any other module type in the VDC. This restriction applies to both LAN and storage VDCs. See Table 5-4 and Table 5-5 of Chapter 5 "Managing VDCs" for more detailed information on module type restrictions and conditions.
•F2 and F2e Series modules support FCoE only with Supervisor 2 and Supervisor 2e modules.
•F2 and F3 Series modules in a specific VDC do not support OTV.
•F2 and F3 Series modules in a specific VDC do not support 64,000 unicast entries if the VPN routing and forwarding (VRF) instance is spread across the F2 and F3 Series modules.
Table 4-5 lists the default settings for VDC parameters.
To create VDCs, follow these steps:
Step 1 If necessary, create a VDC resource template (see Chapter 3 "Configuring VDC Resource Templates").
Step 2 Create the VDC and allocate interfaces (see the "Creating VDCs" section).
Step 3 Initialize the VDC (see the "Initializing a VDC" section).
Note Allocating interfaces to a VDC is optional. You can allocate the interfaces after you have verified the VDC configuration. For information about allocating interfaces, see the "Allocating Interfaces to an Ethernet VDC" section.
Note When creating an FCoE type VDC, you must enter the type storage command at the time the nondefault VDC is being created, because it cannot be specified later. You must also allocate specified VLANs as FCoE VLANs that will run only in the storage VDC. For details about implementing FCoE and allocating interfaces, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500.
Note You can enable FCoE on F1 Series modules with Supervisor 1 modules. You can also enable FCoE on F1 Series modules and on the F248XP-25[E] Series with Supervisor 2 and Supervisor 2e modules.
Note You cannot enable FCoE on F2 and F2e Series modules with Supervisor 1 modules.
You must create a VDC before you can use it.
Note VDC creation can take a few minutes to complete. Use the show vdc command to verify the completion of the create request.
Log in to the default or admin VDC as a network administrator.
Choose a VDC resource template if you want to use resource limits other than those limits provided in the default VDC resource template. If there is no resource template available with the limits you want to use, see Chapter 3 "Configuring VDC Resource Templates."
Note When creating an FCoE type VDC, you must enter the type storage command at the time the nondefault VDC is being created, because it cannot be specified later. For information on allocating FCoE VLANs and interfaces to the storage VDC, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500.
1. config t
2. vdc {switch | vdc-name} [ha-policy {dual-sup {bringdown | restart | switchover} [single-sup {bringdown | reload | restart}] [id vdc-number] [template template-name] [template template-name] [type storage]
3. (Optional) [no] allocate interface ethernet slot/port
[no] allocate interface ethernet slot/port - last-port
[no] allocate interface ethernet slot/port, ethernet slot/port,...
4. (Optional) show vdc membership
5. (Optional) show vdc shared membership
6. exit
7. (Optional) show vdc
8. (Optional) copy running-config startup-config
A newly created VDC is much like a new physical device. To access a VDC, you must first initialize it. The initialization process includes setting the VDC admin user account password and optionally running the setup script (see the "Configuration Example for Ethernet VDC Creation and Initialization" section). The setup script helps you to perform basic configuration tasks such as creating more user accounts and configuring the management interface.
Note The VDC admin user account in the nondefault VDC is separate from the network admin user account in the default VDC. The VDC admin user account has its own password and user role.
Log in to the default or admin VDC as a network administrator.
Obtain an IPv4 or IPv6 address for the management interface (mgmt 0) if you want to use out-of-band management for the VDC.
1. switchto vdc vdc-name
2. (Optional) show vdc current-vdc
To display the VDC configuration, perform one of the following tasks:
For information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference.
Note Beginning with the Cisco NX-OS Release 5.2(1), you can run FCoE on the Cisco Nexus Series 7000 devices. You must create a separate storage VDC to run FCoE. See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for an example of configuring a storage VDC.
This example shows how to create and initialize a VDC:
switch# config t
switch(config)# vdc test
switch(config-vdc)# allocate interface ethernet 2/46
Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports? [yes] yes
switch(config-vdc)# exit
switch(config)# switchto vdc test
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: y
Enter the password for "admin":<password>
Confirm the password for "admin":<password>
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco Nexus7000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus7000 devices must be registered to receive
entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the switch name : Test
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Mgmt0 IPv4 address : 10.10.5.5
Mgmt0 IPv4 netmask : 255.255.254.0
Configure the default gateway? (yes/no) [y]: y
IPv4 address of the default gateway : 10.10.5.1
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]: y
Type of ssh key you would like to generate (dsa/rsa/rsa1) : rsa
Number of key bits <768-2048> : 768
Configure the ntp server? (yes/no) [n]:
Configure default switchport interface state (shut/noshut) [shut]:
Configure default switchport trunk mode (on/off/auto) [on]:
The following configuration will be applied:
switchname Test
interface mgmt0
ip address 10.10.5.5 255.255.254.0
no shutdown
exit
vrf context management
ip route 0.0.0.0/0 10.10.5.1
exit
telnet server enable
ssh key rsa 768 force
ssh server enable
system default switchport shutdown
system default switchport trunk mode on
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]:
[########################################] 100%
Cisco Data Center Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software may be covered under the GNU Public
License or the GNU Lesser General Public License. A copy of
each such license is available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
switch-test# exit
switch#
This example displays the prompt to choose admin VDC during the switch bootup:
Enter the password for "admin":
Confirm the password for "admin":
Do you want to enable admin vdc (yes/no) [n]:yes
This example shows how to change the name of a VDC:
n7k-ts-2# show vdc
vdc_id vdc_name state mac
------ -------- ----- ----------
1 n7k-ts-2 active 00:22:55:7a:72:c1
2 c2 active 00:22:55:7a:72:c2
3 d2 active 00:22:55:7a:72:c3 <----! current name is 'd2'
4 dcn-sv active 00:22:55:7a:72:c4
n7k-ts-2# switchto vdc d2
n7k-ts-2-d2(config)# hostname d2-new
n7k-ts-2-d2-new# 2010 Mar 16 18:40:40 n7k-ts-2-d2-new %$ VDC-3 %$
%VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by on console0
n7k-ts-2-d2-new# exit
n7k-ts-2# show vdc
vdc_id vdc_name state mac
------ -------- ----- ----------
1 n7k-ts-2 active 00:22:55:7a:72:c1
2 c2 active 00:22:55:7a:72:c2
3 d2-new active 00:22:55:7a:72:c3 <-----!!! VDC name changed
4 dcn-sv active 00:22:55:7a:72:c4
n7k-ts-2# show running-config vdc
!Command: show running-config vdc
vdc d2-new id 3 <------------------ VDC name changed!!!!
allocate interface
Ethernet1/1-9,Ethernet1/11,Ethernet1/13,Ethernet1/15,Ethern
et1/25,Ethernet1/27,Ethernet1/29,Ethernet1/31
allocate interface Ethernet2/2-12
boot-order 1
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 200
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 8 maximum 8
This section includes the following topics:
•Example Running Configuration from the Default VDC
•Example Running Configuration from a Nondefault VDC
This example shows a nondefault VDC configuration from the running configuration of the default VDC:
vdc payroll id 2
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 1000
limit-resource port-channel minimum 0 maximum 192
limit-resource u4route-mem minimum 8 maximum 80
limit-resource u6route-mem minimum 4 maximum 48
This example shows the initial running configuration from a nondefault VDC:
version 4.0(1)
username admin password 5 $1$/CsUmTw5$/.3SZpb8LRsk9HdWAsQ501 role vdc-admin
telnet server enable
ssh key rsa 768 force
aaa group server radius aaa-private-sg
use-vrf management
snmp-server user admin vdc-admin auth md5 0x061d8e733d8261dfb2713a713a95e87c priv 0x061d8e733d8261dfb2713a713a95e87c localizedkey
vrf context management
ip route 0.0.0.0/0 10.10.5.1
interface Ethernet2/46
interface mgmt0
ip address 10.10.5.5/23
For additional information related to creating VDCs, see the following section:
•Related Documents for Creating VDCs
Table 4-6 lists the release history for this feature.