Cisco Virtual Security Gateway, Rel. 4.2(1)VSG1(3.1) and Cisco Virtual Network Management Center, Rel. 1.3 Installation and Upgrade Guide
Installing the Cisco Virtual Security Gateway on a Cisco Nexus 1010 Appliance
Downloads: This chapterpdf (PDF - 174.0KB) The complete bookPDF (PDF - 5.8MB) | Feedback

Installing the Cisco Virtual Security Gateway on a Cisco Nexus 1010 Virtual Services Appliance

Table Of Contents

Installing the Cisco Virtual Security Gateway on a Cisco Nexus 1010 Virtual Services Appliance

Information About Installing the Cisco VSG on the Cisco Nexus1010

Prerequisites

Guidelines and Limitations

Installing a Cisco VSG on a Cisco Nexus 1010


Installing the Cisco Virtual Security Gateway on a Cisco Nexus 1010 Virtual Services Appliance


This chapter describes how to install the Cisco Virtual Security Gateway (VSG) on a Cisco Nexus 1010 Virtual Services Appliance.

This chapter includes the following sections:

Information About Installing the Cisco VSG on the Cisco Nexus1010

Prerequisites

Guidelines and Limitations

Installing a Cisco VSG on a Cisco Nexus 1010

Information About Installing the Cisco VSG on the Cisco Nexus1010

The Cisco VSG software is provided with the other virtual service blade (VSB) software in the Cisco Nexus 1010 bootflash: repository directory. As shown in Figure 6-1, the Cisco Nexus 1010 has up to six virtual service blades (VSBs) on which you can choose to place a Cisco VSG, VSM, or Network Analysis Module (NAM).

Figure 6-1 Cisco Nexus 1010 Architecture Showing Virtual Service Blades Usage

Prerequisites

Installing the Cisco VSG on a Cisco Nexus 1010 has the following prerequisites:

You must first install the Cisco Nexus 1010 Virtual Services Appliance and connect it to the network. For procedures on installing the hardware, see the Cisco Nexus 1010 Virtual Services Appliance Hardware Installation Guide.

After you install the hardware appliance and connect it to the network, you can configure the Cisco Nexus 1010 management software, migrate existing VSMs residing on a VM to the Cisco Nexus 1010 as virtual service blades (VSBs), and create and configure new VSBs that might host the Cisco VSG. For procedures on configuring the software, see the Cisco Nexus 1010 Software Configuration Guide.

Guidelines and Limitations

Installing the Cisco VSG on a Cisco Nexus 1010 as a VSB has the following guidelines and limitations:

The Cisco Nexus 1010 appliance and its hosted Cisco VSG VSBs must share the same management VLAN.

Unlike the data and high availability (HA) VLANs that are set when a Cisco VSG VSB is created, a Cisco VSG VSB inherits its management VLAN from the Cisco Nexus 1010.


Caution Do not change the management VLAN on a VSB. Because the management VLAN is inherited from the Cisco Nexus 1010, any changes to the management VLAN are applied to both the Cisco Nexus 1010 and all of its hosted VSBs.

Installing a Cisco VSG on a Cisco Nexus 1010

You can install the Cisco VSG on a Cisco Nexus 1010 as a virtual service blade (VSB).

BEFORE YOU BEGIN

Before starting the procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

You know the name of the Cisco VSG VSB that you want to create.

Whether you are using a new ISO file from the bootflash repository folder or from an existing VSB, do one of the following.

If you are using a new ISO file in the bootflash repository, you know the filename.

Cisco VSG: nexus-1000v.VSG1.2.iso

If you are using an ISO file from an existing VSB, you must know the name of the VSB type. This procedure includes information about identifying this name.

You know the following properties for the Cisco VSG VSB:

HA ID

Management IP address

Management subnet mask length

Default gateway IPV4 address

Cisco VSG name

Administrator password

Data and HA VLAN IDs

This procedure shows you how to identify and assign data and HA VLANs for the Cisco VSG VSB. Do not assign a management VLAN because the management VLAN is inherited from the Cisco Nexus 1010.

SUMMARY STEPS

1. configure

2. virtual-service-blade name

3. (Optional) show virtual-service-blade-type summary

4. virtual-service-blade-type [name name | new iso file name]

5. (Optional) description description

6. (Optional) show virtual-service-blade name name

7. interface name vlan vlanid

8. Repeat Step 7 to apply additional interfaces.

9. enable [primary | secondary]

10. (Optional) show virtual-service-blade name name

11. (Optional) copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure

Example:

N1010# configure

N1010(config)#

Places you in the global configuration mode.

Step 2 

virtual-service-blade name

Example:

N1010(config)# virtual-service-blade vsg-1

N1010(config-vsb-config)#

Creates the named VSB and places you into configuration mode for that service.

The name can be an alphanumeric string of up to 80 characters.

Step 3 

show virtual-service-blade-type summary

(Optional) Displays a summary of all VSB configurations by type name, such as Cisco VSG, VSM, or NAM. You use this type name (in this case, the name for the Cisco VSG) in the next step.

 

Example:

 
        
N1010(config-vsb-config)# show virtual-service-blade-type summary
 
        
-------------------------------------------------------------------------------
Virtual-Service-Blade-Type    Virtual-Service-Blade
-------------------------------------------------------------------------------
 
        
VSM_SV1_3                      vsm-1
                               vsm-2
 
        
NAM-MV                         nam-1
 
        
VSG-1                          vsg-1

switch(config-vsb-config)#

Step 4 

virtual-service-blade-type [name name | new iso file name]

Example:

N1010(config-vsb-config)# virtual-service-blade-type new nexus-1000v.VSG1.2.iso

N1010(config-vsb-config)#

Example:

N1010(config-vsb-config)# virtual-service-blade-type name VSG-1

N1010(config-vsb-config)#

Specifies the type and name of the software image file to add to this Cisco VSG VSB.

Use the new keyword to specify the name of the new Cisco VSG ISO software image file in the bootflash repository folder.

Use the name keyword to specify the name of the existing Cisco VSG VSB type. Enter the name of an existing type found in the command output.

Step 5 

description description

Example:

N1010(config-vsb-config)# description vsg-1 for Tenant1

N1010(config-vsb-config)#

(Optional) Adds a description to the Cisco VSG VSB.

The description is an alphanumeric string of up to 80 characters.

Step 6 

show virtual-service-blade name name

Example:

N1010(config-vsb-config)# show virtual-service-blade name vsg-1

virtual-service-blade vsm2

Description:

Slot id: 2

Host Name:

Management IP:

VSB Type Name : VSG-1.0

Interface:   ha         vlan: 0

Interface:   management vlan: 231

Interface:   data       vlan: 0

Interface:   internal   vlan: NA

Ramsize: 2048

Disksize: 3

Heartbeat: 0

HA Admin role: Primary

HA Oper role: NONE

Status: VSB NOT PRESENT

Location: PRIMARY

SW version:

HA Admin role: Secondary

HA Oper role: NONE

Status: VSB NOT PRESENT

Location: SECONDARY

SW version:

VSB Info:

switch(config-vsb-config)#

Displays the Cisco VSG VSB that you have just created including the interface names that you configure in the next step.

Step 7 

interface name vlan vlanid

Example:

N1010(config-vsb-config)# interface data vlan 1044

N1010(config-vsb-config)#

Example:

N1010(config-vsb-config)# interface ha vlan 1045

N1010(config-vsb-config)#

Applies the interface and VLAN ID to this Cisco VSG. Use the interface names from command output.

Note If you try to apply an interface that is not present, the following error is displayed:

ERROR: Interface name not found in the associated virtual-service-blade type.


Caution Do not assign a management VLAN. Unlike data and HA VLANs, the management VLAN is inherited from the Cisco Nexus 1010.

Caution To prevent loss of connectivity, you must configure the same data and HA VLANs on the hosted Cisco VSGs.

Step 8 

Repeat Step 7 to apply additional interfaces.

Step 9 

enable [primary | secondary]

Example:

N1010(config-vsb-config)# enable

Enter domain id[1-4095]: 1054

Enter Management IP address: 10.78.108.40

Enter Management subnet mask length 28

IPv4 address of the default gateway: 10.78.108.117

Enter Switchname: VSG-1

Enter the password for 'admin': Hello_123

N1010(config-vsb-config)#

Initiates the configuration of the VSB and then enables it.

If you enter the enable command without the optional primary or secondary keywords, it enables both.

If you are deploying a redundant pair, you do not need to specify primary or secondary.

If you are enabling a nonredundant VSB, you can specify its HA role as follows:

Use the primary keyword to designate the VSB in a primary role.

Use the secondary keyword to designate the VSB in a secondary role.

The Cisco Nexus 1010 prompts you for the following:

HA ID

Management IP address

Management subnet mask length

Default gateway IPV4 address

Cisco VSG name

Administrator password

Step 10 

show virtual-service-blade name name

Example:

N1010(config-vsb-config)# show virtual-service-blade name vsg-1

virtual-service-blade vsg-1

Description:

Slot id: 1

SW version: 4.0(4)SV1(3)

Host Name: vsg-1

Management IP: 10.78.108.40

VSB Type Name : VSG-1.1

Interface: ha            vlan: 1044

Interface: management vlan: 1032

Interface: data          vlan: 1045

Interface: internal      vlan: NA

Ramsize: 2048

Disksize: 3

Heartbeat: 1156

HA Admin role: Primary

HA Oper role: STANDBY

Status: VB POWERED ON

Location: PRIMARY

HA Admin role: Secondary

HA Oper role: ACTIVE

Status: VB POWERED ON

Location: SECONDARY

VB Info:

Domain ID : 1054

switch(config-vsb-config)#

(Optional) Displays the new VSB for verification.

While the Cisco Nexus 1010 management software is configuring the Cisco VSG, the output for this command progresses from in progress to powered on.

Step 11 

copy running-config startup-config

Example:

N1010(config-vsb-config)# copy running-config startup-config

(Optional)Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

EXAMPLES

This example shows how to display the contents of the bootflash: repository directory:

N1010# dir bootflash:repository
  159250432     May 11 06:35:04 2011  nam-app-x86_64.4-2-1n.iso
  183412736     May 10 23:03:23 2011  nam-app-x86_64.5-1-1.iso
  255090688     May 03 17:45:25 2011  nexus-1010.4.2.1.SP1.2.15.iso
  109043712     May 12 21:51:15 2011  nexus-1000v.VSG1.2.iso
 
   
Usage for bootflash://sup-local
  386187264 bytes used
 3605192704 bytes free
 3991379968 bytes total
 
   

This example shows how to configure a Nexus 1010 appliance VSB as a Cisco VSG:

N1010# configure
Enter configuration commands, one per line.  End with CNTL/Z.
N1010(config)# virtual-service-blade vsg1
N1010(config-vsb-config)# virtual-service-blade-type new nexus-1000v.VSG1.2.iso
N1010(config-vsb-config)# interface data vlan 72
N1010(config-vsb-config)# interface ha vlan 72
N1010(config-vsb-config)# enable
Enter vsb image: [nexus-1000v.VSG1.2.iso]
Enter HA id[1-4095]: 1233
Management IP version [V4/V6]: [V4]
Enter Management IP address: 10.193.73.42
Enter Management subnet mask: 255.255.248.0
IPv4 address of the default gateway: 10.193.72.1
Enter HostName: vsg-1
Enter the password for 'admin': Hello_123
N1010(config-vsb-config)#
N1010(config-vsb-config)# end
N1010#
 
   

This example shows how to display a virtual service blade summary on the Cisco Nexus 1010:

N1010# show virtual-service-blade summary
 
   
-------------------------------------------------------------------------------
Name                Role        State                    Nexus1010-Module
-------------------------------------------------------------------------------
vsg-1               PRIMARY     VSB POWERED ON           Nexus1010-PRIMARY
vsg-1               SECONDARY   VSB POWERED OFF          Nexus1010-SECONDARY
vsg9                PRIMARY     VSB NOT PRESENT          Nexus1010-PRIMARY
vsg9                SECONDARY   VSB DEPLOY IN PROGRESS   Nexus1010-SECONDARY
nam_1               PRIMARY     VSB POWERED OFF          Nexus1010-PRIMARY
nam_1               SECONDARY   VSB NOT PRESENT          Nexus1010-SECONDARY
vsgc1               PRIMARY     VSB POWERED ON           Nexus1010-PRIMARY
vsgc1               SECONDARY   VSB POWERED ON           Nexus1010-SECONDARY
nam_2               PRIMARY     VSB POWERED OFF          Nexus1010-PRIMARY
nam_2               SECONDARY   VSB NOT PRESENT          Nexus1010-SECONDARY
N1010#
.
.
.