Cisco Virtual Security Gateway, Release 4.2(1)VSG1(4.1) and Cisco Virtual Network Management Center, Release 2.0 Installation and Upgrade Guide
Installing the Cisco VSG on a Cisco Cloud Services Platform Virtual Services Appliance
Downloads: This chapterpdf (PDF - 1.24MB) The complete bookPDF (PDF - 5.68MB) | Feedback

Installing the Cisco VSG on a Cisco Cloud Services Platform Virtual Services Appliance

Installing the Cisco VSG on a Cisco Cloud Services Platform Virtual Services Appliance

This chapter contains the following sections:

Information About Installing the Cisco VSG on the Cisco Nexus 1010

The Cisco VSG software is provided with the other virtual service blade (VSB) software in the Cisco Nexus 1010 bootflash: repository directory. The Cisco Nexus 1010 has up to six virtual service blades (VSBs) on which you can choose to place a Cisco VSG, VSM, or Network Analysis Module (NAM).

Figure 1. Cisco Nexus 1010 Architecture Showing Virtual service Blades Usage



Prerequisites for Installing Cisco VSG on Nexus 1010

  • You must first install the Cisco Nexus 1010 Virtual Services Appliance and connect it to the network. For procedures on installing the hardware, see the Cisco Nexus 1010 Virtual Services Appliance Hardware Installation Guide.
  • After you install the hardware appliance and connect it to the network, you can configure the Cisco Nexus 1010 management software, migrate existing VSMs residing on a VM to the Cisco Nexus 1010 as virtual service blades (VSBs), and create and configure new VSBs that might host the Cisco VSG. For procedures on configuring the software, see the Cisco Nexus 1010 Software Configuration Guide.

Guidelines and Limitations

  • The Cisco Nexus 1010 appliance and its hosted Cisco VSG VSBs must share the same management VLAN.
  • Unlike the data and high availability (HA) VLANs that are set when a Cisco VSG VSB is created, a Cisco VSG VSB inherits its management VLAN from the Cisco Nexus 1010.

    Caution


    Do not change the management VLAN on a VSB. Because the management VLAN is inherited from the Cisco Nexus 1010, any changes to the management VLAN are applied to both the Cisco Nexus 1010 and all of its hosted VSBs.


Installing a Cisco VSG on a Cisco Nexus 1000V

You can install the Cisco VSG on a Cisco Nexus 1000V as a virtual service blade (VSB).

Before You Begin
  • Log in to the CLI in EXEC mode.
  • Know the name of the Cisco VSG VSB that you want to create.
  • Whether you are using a new ISO file from the bootflash repository folder or from an existing VSB, do one of the following: – If you are using a new ISO file in the bootflash repository, you know the filename. Cisco VSG: nexus-1000v.VSG1.2.iso – If you are using an ISO file from an existing VSB, you must know the name of the VSB type. This procedure includes information about identifying this name.
  • Know the following properties for the Cisco VSG VSB: – HA ID –Management IP address – Cisco VSG name – Management subnet mask length – Default gateway IPV4 address – Administrator password – Data and HA VLAN IDs
  • This procedure shows you how to identify and assign data and HA VLANs for the Cisco VSG VSB. Do not assign a management VLAN because the management VLAN is inherited from the Cisco Nexus 1000V.
Procedure
      Command or Action Purpose
    Step 1 switch# configure terminal 

    Enters global configuration mode.

     
    Step 2 (config)# virtual-service-blade name 

    Creates the named VSB and places you into configuration mode for that service. The name can be an alphanumeric string of up to 80 characters.

     
    Step 3 (config-vsb-config)# show virtual-service-blade-type summary 

    (Optional) Displays a summary of all VSB configurations by type name, such as Cisco VSG, VSM, or NAM. You use this type name (in this case, the name for the Cisco VSG) in the next step.

     
    Step 4 (config-vsb-config)# virtual-service-blade-type [name name | new iso file name] 
    Specifies the type and name of the software image file to add to this Cisco VSG VSB:
    • Use the new keyword to specify the name of the new Cisco VSG ISO software image file in the bootflash repository folder.
    • Use the name keyword to specify the name of the existing Cisco VSG VSB type. Enter the name of an existing type found in the command output.
     
    Step 5 (config-vsb-config)# description description 

    (Optional) Adds a description to the Cisco VSG VSB.

    The description is an alphanumeric string of up to 80 characters.

     
    Step 6 (config-vsb-config)# show virtual-service-blade name name 

    Displays the Cisco VSG VSB that you have just created including the interface names that you configure in the next step.

     
    Step 7 (config-vsb-config)# interface name vlan vlanid 

    Applies the interface and VLAN ID to this Cisco VSG. Use the interface names from the command output.

    Note   

    If you try to apply an interface that is not present, the following error is displayed:

    ERROR: Interface name not found in the associated virtual-service-blade type.

    Caution   

    Do not assign a management VLAN. Unlike data and HA VLANs, the management VLAN is inherited from the Cisco Nexus 1000V.

    Caution   

    To prevent loss of connectivity, you must configure the same data and HA VLANs on the hosted Cisco VSGs.

     
    Step 8 Repeat Step 7 to apply additional interfaces   
    Step 9 (config-vsb-config)# enable [primary | secondary] 

    Initiates the configuration of the VSB and then enables it.

    If you enter the enable command without the optional primary or secondary keywords, it enables both.

    If you are deploying a redundant pair, you do not need to specify primary or secondary.

    If you are enabling a nonredundant VSB, you can specify its HA role as follows:

    • Use the primary keyword to designate the VSB in a primary role.
    • Use the secondary keyword to designate the VSB in a secondary role

    The Cisco Nexus 1000V prompts you for the following:

    • HA ID
    • Management IP address
    • Management subnet mask length
    • Default gateway IPV4 address
    • Cisco VSG name
    • Administrator password
     
    Step 10 (config-vsb-config)# show virtual-service-blade name name 

    (Optional) Displays the new VSB for verification.

    While the Cisco Nexus 1000V management software is configuring the Cisco VSG, the output for this command progresses from in progress to powered on.

     
    Step 11 (config-vsb-config)# copy running-config startup-config  (Optional)

    Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

     

    This example shows how to configure a Cisco Nexus 1000V appliance VSB as a Cisco VSG:

    N1010# configure
    Enter configuration commands, one per line. End with CNTL/Z.
    N1010(config)# virtual-service-blade vsg1
    N1010(config-vsb-config)# virtual-service-blade-type new nexus-1000v.VSG1.2.iso
    N1010(config-vsb-config)# interface data vlan 72
    N1010(config-vsb-config)# interface ha vlan 72
    N1010(config-vsb-config)# enable
    Enter vsb image: [nexus-1000v.VSG1.2.iso]
    Enter HA id[1-4095]: 1233
    Management IP version [V4/V6]: [V4]
    Enter Management IP address: 10.193.73.42
    Enter Management subnet mask: 255.255.248.0
    IPv4 address of the default gateway: 10.193.72.1
    Enter HostName: vsg-1
    Enter the password for 'admin': Hello_123
    N1010(config-vsb-config)# end
    N1010#
    This example show how to install the Cisco VSG on a Cisco Nexus 1000V as a VSB.
    N1010# configure
    N1010(config)# virtual-service-blade vsg-1
    N1010(config-vsb-config)# show virtual-service-blade-type summary
        -------------------------------------------------------------------------------
        Virtual-Service-Blade-Type          Virtual-Service-Blade
        -------------------------------------------------------------------------------
        VSM_SV1_3                           vsm-1 vsm-2
        NAM-MV                              nam-1
        VSG-1                               vsg-1
        -------------------------------------------------------------------------------
    
    N1010(config-vsb-config)# virtual-service-blade-type new nexus-1000v.VSG1.2.iso
    or
    N1010(config-vsb-config)# show virtual-service-blade name vsg-1
    
    N1010(config-vsb-config)# description vsg-1 for Tenant1
    N1010(config-vsb-config)# show virtual-service-blade name vsg-1
    -------------------------------------------------------------------------------
       virtual-service-blade vsm2
       Description:
       Slot id: 2
       Host Name:
       Management IP:
       VSB Type Name : VSG-1.0
       Interface: ha vlan: 0
       Interface: management vlan: 231
       Interface: data vlan: 0
       Interface: internal vlan: NA
       Ramsize: 2048
       Disksize: 3
       Heartbeat: 0
       HA Admin role: Primary
       HA Oper role: NONE
       Status: VSB NOT PRESENT
       Location: PRIMARY
       SW version:
       HA Admin role: Secondary
       HA Oper role: NONE
       Status: VSB NOT PRESENT
       Location: SECONDARY
       SW version:
       VSB Info:
    -------------------------------------------------------------------------------
    N1010(config-vsb-config)# interface data vlan 1044
    or
    N1010(config-vsb-config)# interface ha vlan 1045
    
    N1010(config-vsb-config)# enable
    -------------------------------------------------------------------------------
        Enter domain id[1-4095]: 1054
        Enter Management IP address: 10.78.108.40
        Enter Management subnet mask length 28
        IPv4 address of the default gateway: 10.78.108.117
        Enter Switchname: VSG-1
        Enter the password for 'admin': Hello_123
    -------------------------------------------------------------------------------
    N1010(config-vsb-config)# show virtual-service-blade name vsg-1
    ------------------------------------------------------------------------------
        virtual-service-blade vsg-1
        Description:
        Slot id: 1
        SW version: 4.0(4)SV1(3)
        Host Name: vsg-1
        Management IP: 10.78.108.40
        VSB Type Name : VSG-1.1
        Interface: ha vlan: 1044
        Interface: management vlan: 1032
        Interface: data vlan: 1045
        Interface: internal vlan: NA
        Ramsize: 2048
        Disksize: 3
        Heartbeat: 1156
        HA Admin role: Primary
        HA Oper role: STANDBY
        Status: VB POWERED ON
        Location: PRIMARY
        HA Admin role: Secondary
        HA Oper role: ACTIVE
        Status: VB POWERED ON
        Location: SECONDARY
        VB Info:
        Domain ID : 1054
    -------------------------------------------------------------------------------
    N1010(config-vsb-config)# copy running-config startup-config

    This example shows how to display a virtual service blade summary on the Cisco Nexus 1000V:

    N1010# show virtual-service-blade summary
    -------------------------------------------------------------------------------
    Name   Role          State                  Nexus1010-Module
    -------------------------------------------------------------------------------
    vsg-1  PRIMARY      VSB POWERED ON          Nexus1010-PRIMARY
    vsg-1  SECONDARY    VSB POWERED OFF         Nexus1010-SECONDARY
    vsg9   PRIMARY      VSB NOT PRESENT         Nexus1010-PRIMARY
    vsg9   SECONDARY    VSB DEPLOY IN PROGRESS  Nexus1010-SECONDARY
    nam_1  PRIMARY      VSB POWERED OFF         Nexus1010-PRIMARY
    nam_1  SECONDARY    VSB NOT PRESENT         Nexus1010-SECONDARY
    vsgc1  PRIMARY      VSB POWERED ON          Nexus1010-PRIMARY
    vsgc1  SECONDARY    VSB POWERED ON          Nexus1010-SECONDARY
    nam_2  PRIMARY      VSB POWERED OFF         Nexus1010-PRIMARY
    nam_2  SECONDARY    VSB NOT PRESENT         Nexus1010-SECONDARY