Cisco UCS Manager CLI Configuration Guide, Release 2.1
Configuring Network-Related Policies
Downloads: This chapterpdf (PDF - 1.49MB) The complete bookPDF (PDF - 9.41MB) | The complete bookePub (ePub - 1.36MB) | Feedback

Configuring Network-Related Policies

Contents

Configuring Network-Related Policies

This chapter includes the following sections:

Configuring vNIC Templates

vNIC Template

This policy defines how a vNIC on a server connects to the LAN. This policy is also referred to as a vNIC LAN connectivity policy.

Cisco UCS Manager does not automatically create a VM-FEX port profile with the correct settings when you create a vNIC template. If you want to create a VM-FEX port profile, you must configure the target of the vNIC template as a VM.

You need to include this policy in a service profile for it to take effect.


Note


If your server has two Emulex or QLogic NICs (Cisco UCS CNA M71KR-E or Cisco UCS CNA M71KR-Q), you must configure vNIC policies for both adapters in your service profile to get a user-defined MAC address for both NICs. If you do not configure policies for both NICs, Windows still detects both of them in the PCI bus. Then because the second eth is not part of your service profile, Windows assigns it a hardware MAC address. If you then move the service profile to a different server, Windows sees additional NICs because one NIC did not have a user-defined MAC address.


Configuring a vNIC Template

Procedure
      Command or Action Purpose
    Step 1 UCS-A# scope org org-name 

    Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

     
    Step 2 UCS-A /org # create vnic-templ vnic-templ-name [eth-if vlan-name] [fabric {a | b}] [target [adapter | vm]]  

    Creates a vNIC template and enters organization vNIC template mode.

    The target you choose determines whether or not Cisco UCS Manager automatically creates a VM-FEX port profile with the appropriate settings for the vNIC template. This can be one of the following:

    • Adapter—The vNICs apply to all adapters. No VM-FEX port profile is created if you choose this option.
    • VM—The vNICs apply to all virtual machines. A VM-FEX port profile is created if you choose this option.
     
    Step 3 UCS-A /org/vnic-templ # set descr description   (Optional)

    Provides a description for the vNIC template.

     
    Step 4 UCS-A /org/vnic-templ # set fabric {a | a-b | b | b-a}   (Optional)

    Specifies the fabric to use for the vNIC. If you did not specify the fabric when creating the vNIC template in Step 2, you have the option to specify it with this command.

    If you want this vNIC to be able to access the second fabric interconnect if the default one is unavailable, choose a-b (A is the primary) or b-a (B is the primary) .

    Note   

    Do not enable fabric failover for the vNIC under the following circumstances:

    • If the Cisco UCS domain is running in Ethernet Switch Mode. vNIC fabric failover is not supported in that mode. If all Ethernet uplinks on one fabric interconnect fail, the vNICs do not fail over to the other.
    • If you plan to associate this vNIC with a server that has an adapter which does not support fabric failover, such as the Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so, Cisco UCS Manager generates a configuration fault when you associate the service profile with the server.
     
    Step 5 UCS-A /org/vnic-templ # set mac-pool mac-pool-name  

    The MAC address pool that vNICs created from this vNIC template should use.

     
    Step 6 UCS-A /org/vnic-templ # set mtu mtu-value  

    The maximum transmission unit, or packet size, that vNICs created from this vNIC template should use.

    Enter an integer between 1500 and 9216.

    Note   

    If the vNIC template has an associated QoS policy, the MTU specified here must be equal to or less than the MTU specified in the associated QoS system class. If this MTU value exceeds the MTU value in the QoS system class, packets may be dropped during data transmission.

     
    Step 7 UCS-A /org/vnic-templ # set nw-control-policy policy-name  

    The network control policy that vNICs created from this vNIC template should use.

     
    Step 8 UCS-A /org/vnic-templ # set pin-group group-name  

    The LAN pin group that vNICs created from this vNIC template should use.

     
    Step 9 UCS-A /org/vnic-templ # set qos-policy policy-name  

    The quality of service policy that vNICs created from this vNIC template should use.

     
    Step 10 UCS-A /org/vnic-templ # set stats-policy policy-name  

    The statistics collection policy that vNICs created from this vNIC template should use.

     
    Step 11 UCS-A /org/vnic-templ # set type {initial-template | updating-template}  

    Specifies the vNIC template update type. If you do not want vNIC instances created from this template to be automatically updated when the template is updated, use the initial-template keyword; otherwise, use the updating-template keyword to ensure that all vNIC instances are updated when the vNIC template is updated.

     
    Step 12 UCS-A /org/vnic-templ # commit-buffer  

    Commits the transaction to the system configuration.

     

    The following example configures a vNIC template and commits the transaction:

    UCS-A# scope org /
    UCS-A /org* # create vnic template VnicTempFoo
    UCS-A /org/vnic-templ* # set descr "This is a vNIC template example."
    UCS-A /org/vnic-templ* # set fabric a
    UCS-A /org/vnic-templ* # set mac-pool pool137
    UCS-A /org/vnic-templ* # set mtu 8900
    UCS-A /org/vnic-templ* # set nw-control-policy ncp5
    UCS-A /org/vnic-templ* # set pin-group PinGroup54
    UCS-A /org/vnic-templ* # set qos-policy QosPol5
    UCS-A /org/vnic-templ* # set stats-policy ServStatsPolicy
    UCS-A /org/vnic-templ* # set type updating-template
    UCS-A /org/vnic-templ* # commit-buffer
    UCS-A /org/vnic-templ # 
    

    Deleting a vNIC Template

    Procedure
        Command or Action Purpose
      Step 1 UCS-A# scope org org-name 

      Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

       
      Step 2 UCS-A /org # delete vnic-templ vnic-templ-name  

      Deletes the specified vNIC template.

       
      Step 3 UCS-A /org # commit-buffer  

      Commits the transaction to the system configuration.

       

      The following example deletes the vNIC template named VnicTemp42 and commits the transaction:

      UCS-A# scope org /
      UCS-A /org # delete vnic template VnicTemp42
      UCS-A /org* # commit-buffer
      UCS-A /org # 
      

      Configuring Ethernet Adapter Policies

      Ethernet and Fibre Channel Adapter Policies

      These policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:

      • Queues
      • Interrupt handling
      • Performance enhancement
      • RSS hash
      • Failover in an cluster configuration with two fabric interconnects

      Note


      For Fibre Channel adapter policies, the values displayed by Cisco UCS Manager may not match those displayed by applications such as QLogic SANsurfer. For example, the following values may result in an apparent mismatch between SANsurfer and Cisco UCS Manager:

      • Max LUNs Per Target—SANsurfer has a maximum of 256 LUNs and does not display more than that number. Cisco UCS Manager supports a higher maximum number of LUNs.
      • Link Down Timeout—In SANsurfer, you configure the timeout threshold for link down in seconds. In Cisco UCS Manager, you configure this value in milliseconds. Therefore, a value of 5500 ms in Cisco UCS Manager displays as 5s in SANsurfer.
      • Max Data Field Size—SANsurfer has allowed values of 512, 1024, and 2048. Cisco UCS Manager allows you to set values of any size. Therefore, a value of 900 in Cisco UCS Manager displays as 512 in SANsurfer.

      Operating System Specific Adapter Policies

      By default, Cisco UCS provides a set of Ethernet adapter policies and Fibre Channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.

      Important:

      We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support.

      However, if you are creating an Ethernet adapter policy for a Windows OS (instead of using the default Windows adapter policy), you must use the following formulas to calculate values that work with Windows:

      • Completion Queues = Transmit Queues + Receive Queues
      • Interrupt Count = (Completion Queues + 2) rounded up to nearest power of 2

      For example, if Transmit Queues = 1 and Receive Queues = 8 then:

      • Completion Queues = 1 + 8 = 9
      • Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16

      Configuring an Ethernet Adapter Policy

      Procedure
          Command or Action Purpose
        Step 1 UCS-A# scope org org-name  

        Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

         
        Step 2 UCS-A /org # create eth-policy policy-name  

        Creates the specified Ethernet adapter policy and enters organization Ethernet policy mode.

         
        Step 3 UCS-A /org/eth-policy # set comp-queue count count   (Optional)

        Configures the Ethernet completion queue.

         
        Step 4 UCS-A /org/eth-policy # set descr description   (Optional)

        Provides a description for the policy.

        Note   

        If your description includes spaces, special characters, or punctuation, you must begin and end your description with quotation marks. The quotation marks will not appear in the description field of any show command output.

         
        Step 5 UCS-A /org/eth-policy # set failover timeout timeout-sec   (Optional)

        Configures the Ethernet failover.

         
        Step 6 UCS-A /org/eth-policy # set interrupt {coalescing-time sec | coalescing-type {idle | min} | count count | mode {intx | msi | msi-x}}   (Optional)

        Configures the Ethernet interrupt.

         
        Step 7 UCS-A /org/eth-policy # set offload {large-receive | tcp-rx-checksum | tcp-segment | tcp-tx-checksum} {disabled | enabled}   (Optional)

        Configures the Ethernet offload.

         
        Step 8 UCS-A /org/eth-policy # set recv-queue {count count | ring-size size-num}   (Optional)

        Configures the Ethernet receive queue.

         
        Step 9 UCS-A /org/eth-policy # set rss receivesidescaling {disabled | enabled}   (Optional)

        Configures the RSS.

         
        Step 10 UCS-A /org/eth-policy # set trans-queue {count count | ring-size size-num}   (Optional)

        Configures the Ethernet transmit queue.

         
        Step 11 UCS-A /org/eth-policy # commit-buffer  

        Commits the transaction to the system configuration.

         

        The following example configures an Ethernet adapter policy, and commits the transaction:

        UCS-A# scope org /
        UCS-A /org* # create eth-policy EthPolicy19
        UCS-A /org/eth-policy* # set comp-queue count 16
        UCS-A /org/eth-policy* # set descr "This is an Ethernet adapter policy example."
        UCS-A /org/eth-policy* # set failover timeout 300
        UCS-A /org/eth-policy* # set interrupt count 64
        UCS-A /org/eth-policy* # set offload large-receive disabled
        UCS-A /org/eth-policy* # set recv-queue count 32
        UCS-A /org/eth-policy* # set rss receivesidescaling enabled
        UCS-A /org/eth-policy* # set trans-queue
        UCS-A /org/eth-policy* # commit-buffer
        UCS-A /org/eth-policy # 
        

        Configuring an Ethernet Adapter Policy to Enable eNIC Support for MRQS on Linux Operating Systems

        Cisco UCS Manager includes eNIC support for the Multiple Receive Queue Support (MRQS) feature on Red Hat Enterprise Linux Version 6.x and SUSE Linux Enterprise Server Version 11.x.

        Procedure
          Step 1   Create an Ethernet adapter policy.
          Use the following parameters when creating the Ethernet adapter policy:
          • Transmit Queues = 1
          • Receive Queues = n (up to 8)
          • Completion Queues = # of Transmit Queues + # of Receive Queues
          • Interrupts = # Completion Queues + 2
          • Receive Side Scaling (RSS) = Enabled
          • Interrupt Mode = Msi-X

          See Creating an Ethernet Adapter Policy.

          Step 2   Install an eNIC driver Version 2.1.1.35 or later.

          See Cisco UCS Virtual Interface Card Drivers for Linux Installation Guide.

          Step 3   Reboot the server

          Deleting an Ethernet Adapter Policy

          Procedure
              Command or Action Purpose
            Step 1 UCS-A# scope org org-name  

            Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

             
            Step 2 UCS-A /org # delete eth-policy policy-name  

            Deletes the specified Ethernet adapter policy.

             
            Step 3 UCS-A /org # commit-buffer  

            Commits the transaction to the system configuration.

             

            The following example deletes the Ethernet adapter policy named EthPolicy19 and commits the transaction:

            UCS-A# scope org /
            UCS-A /org # delete eth-policy EthPolicy19
            UCS-A /org* # commit-buffer
            UCS-A /org # 
            

            Configuring the Default vNIC Behavior Policy

            Default vNIC Behavior Policy

            Default vNIC behavior policy allow you to configure how vNICs are created for a service profile. You can choose to create vNICS manually, or you can allow them to be created automatically

            You can configure the default vNIC behavior policy to define how vNICs are created. This can be one of the following:

            • NoneCisco UCS Manager does not create default vNICs for a service profile. All vNICs must be explicitly created.
            • HW Inherit—If a service profile requires vNICs and none have been explicitly defined, Cisco UCS Manager creates the required vNICs based on the adapter installed in the server associated with the service profile.

            Note


            If you do not specify a default behavior policy for vNICs, HW Inherit is used by default.


            Configuring a Default vNIC Behavior Policy

            Procedure
                Command or Action Purpose
              Step 1 UCS-A# scope org / 

              Enters the root organization mode.

               
              Step 2 UCS-A/org # scope vnic-beh-policy 

              Enters default vNIC behavior policy mode.

               
              Step 3 UCS-A/org/vnic-beh-policy # set action {hw-inherit [template_name name] | none} 

              Specifies the default vNIC behavior policy. This can be one of the following:

              • hw-inherit—If a service profile requires vNICs and none have been explicitly defined, Cisco UCS Manager creates the required vNICs based on the adapter installed in the server associated with the service profile. If you specify hw-inherit, you can also specify a vNIC template to create the vNICs.
              • noneCisco UCS Manager does not create default vNICs for a service profile. All vNICs must be explicitly created.
               
              Step 4 UCS-A/org/vnic-beh-policy # commit-buffer 

              Commits the transaction to the system configuration.

               

              This example shows how to set the default vNIC behavior policy to hw-inherit:

              UCS-A # scope org /
              UCS-A/org # scope vnic-beh-policy
              UCS-A/org/vnic-beh-policy # set action hw-inherit
              UCS-A/org/vnic-beh-policy* # commit-buffer
              UCS-A/org/vnic-beh-policy # 

              Configuring LAN Connectivity Policies

              LAN and SAN Connectivity Policies

              Connectivity policies determine the connections and the network communication resources between the server and the LAN or SAN on the network. These policies use pools to assign MAC addresses, WWNs, and WWPNs to servers and to identify the vNICs and vHBAs that the servers use to communicate with the network.


              Note


              We do not recommend that you use static IDs in connectivity policies, because these policies are included in service profiles and service profile templates and can be used to configure multiple servers.


              Privileges Required for LAN and SAN Connectivity Policies

              Connectivity policies enable users without network or storage privileges to create and modify service profiles and service profile templates with network and storage connections. However, users must have the appropriate network and storage privileges to create connectivity policies.

              Privileges Required to Create Connectivity Policies

              Connectivity policies require the same privileges as other network and storage configurations. For example, you must have at least one of the following privileges to create connectivity policies:

              • admin—Can create LAN and SAN connectivity policies
              • ls-server—Can create LAN and SAN connectivity policies
              • ls-network—Can create LAN connectivity policies
              • ls-storage—Can create SAN connectivity policies

              Privileges Required to Add Connectivity Policies to Service Profiles

              After the connectivity policies have been created, a user with ls-compute privileges can include them in a service profile or service profile template. However, a user with only ls-compute privileges cannot create connectivity policies.

              Interactions between Service Profiles and Connectivity Policies

              You can configure the LAN and SAN connectivity for a service profile through either of the following methods:

              • LAN and SAN connectivity policies that are referenced in the service profile
              • Local vNICs and vHBAs that are created in the service profile
              • Local vNICs and a SAN connectivity policy
              • Local vHBAs and a LAN connectivity policy

              Cisco UCS maintains mutual exclusivity between connectivity policies and local vNIC and vHBA configuration in the service profile. You cannot have a combination of connectivity policies and locally created vNICs or vHBAs. When you include a LAN connectivity policy in a service profile, all existing vNIC configuration is erased, and when you include a SAN connectivity policy, all existing vHBA configuration in that service profile is erased.

              Creating a LAN Connectivity Policy

              Procedure
                  Command or Action Purpose
                Step 1 UCS-A# scope org org-name 

                Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                 
                Step 2 UCS-A /org # create lan-connectivity-policy policy-name  

                Creates the specified LAN connectivity policy, and enters organization LAN connectivity policy mode.

                This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object has been saved.

                 
                Step 3 UCS-A /org/lan-connectivity-policy # set descr policy-name   (Optional)

                Adds a description to the policy. We recommend that you include information about where and how the policy should be used.

                Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).

                 
                Step 4 UCS-A /org/lan-connectivity-policy # commit-buffer  

                Commits the transaction to the system configuration.

                 

                The following example shows how to create a LAN connectivity policy named LanConnect42 and commit the transaction:

                UCS-A# scope org /
                UCS-A /org* # create lan-connectivity-policy LanConnect42
                UCS-A /org/lan-connectivity-policy* # set descr "LAN connectivity policy"
                UCS-A /org/lan-connectivity-policy* # commit-buffer
                UCS-A /org/lan-connectivity-policy #
                What to Do Next

                Add one or more vNICs and/or iSCSI vNICs to this LAN connectivity policy.

                Creating a vNIC for a LAN Connectivity Policy

                If you are continuing from Creating a LAN Connectivity Policy, begin this procedure at Step 3.

                Procedure
                    Command or Action Purpose
                  Step 1 UCS-A# scope org org-name 

                  Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                   
                  Step 2 UCS-A /org # scope lan-connectivity-policy policy-name  

                  Enters LAN connectivity policy mode for the specified LAN connectivity policy.

                   
                  Step 3 UCS-A /org/lan-connectivity-policy # create vnic vnic-name [eth-if eth-if-name] [fabric {a | b}]  

                  Creates a vNIC for the specified LAN connectivity policy.

                  This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object has been saved.

                   
                  Step 4 UCS-A /org/lan-connectivity-policy/vnic # set fabric {a | a-b | b | b-a}  

                  Specifies the fabric to use for the vNIC. If you did not specify the fabric when you created the vNIC in Step 3, you have the option to specify it with this command.

                  If you want this vNIC to be able to access the second fabric interconnect if the default one is unavailable, choose a-b (A is the primary) or b-a (B is the primary) .

                  Note   

                  Do not enable fabric failover for the vNIC under the following circumstances:

                  • If the Cisco UCS domain is running in Ethernet Switch Mode. vNIC fabric failover is not supported in that mode. If all Ethernet uplinks on one fabric interconnect fail, the vNICs do not fail over to the other.
                  • If you plan to associate this vNIC with a server that has an adapter which does not support fabric failover, such as the Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so, Cisco UCS Manager generates a configuration fault when you associate the service profile with the server.
                   
                  Step 5 UCS-A /org/lan-connectivity-policy/vnic # set adapter-policy policy-name  

                  Specifies the adapter policy to use for the vNIC.

                   
                  Step 6 UCS-A /org/lan-connectivity-policy/vnic # set identity {dynamic-mac {mac-addr | derived} | mac-pool mac-pool-name}  

                  Specifies the identity (MAC address) for the vNIC. You can set the identity using one of the following options:

                  • Create a unique MAC address in the form nn: nn:nn:nn :nn:nn.
                  • Derive the MAC address from one burned into the hardware at manufacture.
                  • Assign a MAC address from a MAC pool.
                   
                  Step 7 UCS-A /org/lan-connectivity-policy/vnic # set mtu size-num  

                  Specifies the maximum transmission unit, or packet size, that this vNIC accepts.

                  Enter an integer between 1500 and 9216.

                  Note   

                  If the vNIC has an associated QoS policy, the MTU specified here must be equal to or less than the MTU specified in the associated QoS system class. If this MTU value exceeds the MTU value in the QoS system class, packets might get dropped during data transmission.

                   
                  Step 8 UCS-A /org/lan-connectivity-policy/vnic # set nw-control-policy policy-name  

                  Specifies the network control policy that the vNIC should use.

                   
                  Step 9 UCS-A /org/lan-connectivity-policy/vnic # set order {order-num | unspecified}  

                  Specifies the relative order for the vNIC.

                   
                  Step 10 UCS-A /org/lan-connectivity-policy/vnic # set pin-group group-name  

                  Specifies the LAN pin group that the vNIC should use.

                   
                  Step 11 UCS-A /org/lan-connectivity-policy/vnic # set qos-policy policy-name  

                  Specifies the quality of service policy that the vNIC should use.

                   
                  Step 12 UCS-A /org/lan-connectivity-policy/vnic # set stats-policy policy-name  

                  Specifies the statistics collection policy that the vNIC should use.

                   
                  Step 13 UCS-A /org/lan-connectivity-policy/vnic # set template-name policy-name  

                  Specifies the dynamic vNIC connectivity policy to use for the vNIC.

                   
                  Step 14 UCS-A /org/lan-connectivity-policy/vnic # set vcon {1 | 2 | 3 | 4 | any}  

                  Assigns the vNIC to the specified vCon. Use the any keyword to have Cisco UCS Manager automatically assign the vNIC.

                   
                  Step 15 UCS-A /org/lan-connectivity-policy/vnic # commit-buffer  

                  Commits the transaction to the system configuration.

                   

                  The following example shows how to configure a vNIC for a LAN connectivity policy named LanConnect42 and commit the transaction:

                  UCS-A# scope org /
                  UCS-A /org # scope lan-connectivity-policy LanConnect42
                  UCS-A /org/lan-connectivity-policy* # create vnic vnic3 fabric a
                  UCS-A /org/lan-connectivity-policy/vnic* # set fabric a-b
                  UCS-A /org/lan-connectivity-policy/vnic* # set adapter-policy AdaptPol2
                  UCS-A /org/lan-connectivity-policy/vnic* # set identity mac-pool MacPool3
                  UCS-A /org/lan-connectivity-policy/vnic* # set mtu 8900
                  UCS-A /org/lan-connectivity-policy/vnic* # set nw-control-policy ncp5
                  UCS-A /org/lan-connectivity-policy/vnic* # set order 0
                  UCS-A /org/lan-connectivity-policy/vnic* # set pin-group EthPinGroup12
                  UCS-A /org/lan-connectivity-policy/vnic* # set qos-policy QosPol5
                  UCS-A /org/lan-connectivity-policy/vnic* # set stats-policy StatsPol2
                  UCS-A /org/lan-connectivity-policy/vnic* # set template-name VnicConnPol3
                  UCS-A /org/lan-connectivity-policy/vnic* # set vcon any
                  UCS-A /org/lan-connectivity-policy/vnic* # commit-buffer
                  UCS-A /org/lan-connectivity-policy/vnic # 
                  
                  What to Do Next

                  If desired, add another vNIC or an iSCSI vNIC to the LAN connectivity policy. If not, include the policy in a service profile or service profile template.

                  Deleting a vNIC from a LAN Connectivity Policy

                  Procedure
                      Command or Action Purpose
                    Step 1 UCS-A# scope org org-name 

                    Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                     
                    Step 2 UCS-A /org # scope lan-connectivity-policy policy-name  

                    Enters LAN connectivity policy mode for the specified LAN connectivity policy.

                     
                    Step 3 UCS-A /org/lan-connectivity-policy # delete vnic vnic-name 

                    Deletes the specified vNIC from the LAN connectivity policy.

                     
                    Step 4 UCS-A /org/lan-connectivity-policy # commit-buffer  

                    Commits the transaction to the system configuration.

                     

                    The following example shows how to delete a vNIC named vnic3 from a LAN connectivity policy named LanConnect42 and commit the transaction:

                    UCS-A# scope org /
                    UCS-A /org # scope lan-connectivity-policy LanConnect42
                    UCS-A /org/lan-connectivity-policy # delete vnic vnic3
                    UCS-A /org/lan-connectivity-policy* # commit-buffer
                    UCS-A /org/lan-connectivity-policy # 
                    

                    Creating an iSCSI vNIC for a LAN Connectivity Policy

                    If you are continuing from Creating a LAN Connectivity Policy, begin this procedure at Step 3.

                    Before You Begin

                    The LAN connectivity policy must include an Ethernet vNIC that can be used as the overlay vNIC for the iSCSI device.

                    Procedure
                        Command or Action Purpose
                      Step 1 UCS-A# scope org org-name 

                      Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                       
                      Step 2 UCS-A /org # scope lan-connectivity-policy policy-name  

                      Enters LAN connectivity policy mode for the specified LAN connectivity policy.

                       
                      Step 3 UCS-A /org/lan-connectivity-policy # create vnic-iscsi iscsi-vnic-name . 

                      Creates an iSCSI vNIC for the specified LAN connectivity policy.

                      This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object has been saved.

                       
                      Step 4 UCS-A /org/lan-connectivity-policy/vnic-iscsi # set iscsi-adaptor-policy iscsi-adaptor-name   (Optional)

                      Specifies the iSCSI adapter policy that you have created for this iSCSI vNIC.

                       
                      Step 5 UCS-A /org/lan-connectivity-policy/vnic-iscsi # set auth-name authentication-profile-name   (Optional)

                      Sets the authentication profile to be used by the iSCSI vNIC. The authentication profile must already exist for it to be set. For more information, see Creating an Authentication Profile.

                       
                      Step 6 UCS-A /org/lan-connectivity-policy/vnic-iscsi # set identity { dynamic-mac {dynamic-mac-address | derived } | mac-pool mac-pool-name }  
                      Specifies the MAC address for the iSCSI vNIC.
                      Note   

                      The MAC address is set only for the Cisco UCS NIC M51KR-B Adapters.

                       
                      Step 7 UCS-A /org/lan-connectivity-policy/vnic-iscsi # set iscsi-identity {initiator-name initiator-name | initiator-pool-name iqn-pool-name}  

                      Specifies the name of the iSCSI initiator or the name of an IQN pool from which the iSCSI initiator name will be provided. The iSCSI initiator name can be up to 223 characters.

                       
                      Step 8 UCS-A /org/lan-connectivity-policy/vnic-iscsi # set overlay-vnic-name overlay-vnic-name  

                      Specifies the Ethernet vNIC that is used by the iSCSI device as the overlay vNIC. For more information, see Configuring a vNIC for a Service Profile.

                       
                      Step 9 UCS-A /org/lan-connectivity-policy/vnic-iscsi # create eth-if 

                      Creates an Ethernet interface for a VLAN assigned to the iSCSI vNIC.

                       
                      Step 10 UCS-A /org/ex/vnic-iscsi/eth-if # set vlanname vlan-name 

                      Specifies the VLAN name. The default VLAN is default. For the Cisco UCS M81KR Virtual Interface Card and the Cisco UCS VIC-1240 Virtual Interface Card, the VLAN that you specify must be the same as the native VLAN on the overlay vNIC. For the Cisco UCS M51KR-B Broadcom BCM57711 Adapter, the VLAN that you specify can be any VLAN assigned to the overlay vNIC.

                       
                      Step 11 UCS-A /org/lan-connectivity-policy/vnic-iscsi # commit-buffer  

                      Commits the transaction to the system configuration.

                       

                      The following example shows how to configure an iSCSI vNIC for a LAN connectivity policy named LanConnect42 and commit the transaction:

                      UCS-A# scope org /
                      UCS-A /org # scope lan-connectivity-policy LanConnect42
                      UCS-A /org/lan-connectivity-policy # create vnic-iscsi iSCSI1
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # set iscsi-adaptor-policy iscsiboot
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # set auth-name initauth
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # set identity dynamic-mac derived
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # set iscsi-identity initiator-name iSCSI1
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # set overlay-vnic-name eth1
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi* # create eth-if
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi/eth-if* # set vlanname default
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi/eth-if* # commit buffer
                      UCS-A /org/lan-connectivity-policy/vnic-iscsi/eth-if
                      
                      What to Do Next

                      If desired, add another iSCI vNIC or a vNIC to the LAN connectivity policy. If not, include the policy in a service profile or service profile template.

                      Deleting an iSCSI vNIC from a LAN Connectivity Policy

                      Procedure
                          Command or Action Purpose
                        Step 1 UCS-A# scope org org-name 

                        Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                         
                        Step 2 UCS-A /org # scope lan-connectivity-policy policy-name  

                        Enters LAN connectivity policy mode for the specified LAN connectivity policy.

                         
                        Step 3 UCS-A /org/lan-connectivity-policy # delete vnic-iscsi iscsi-vnic-name 

                        Deletes the specified iSCSI vNIC from the LAN connectivity policy.

                         
                        Step 4 UCS-A /org/lan-connectivity-policy # commit-buffer  

                        Commits the transaction to the system configuration.

                         

                        The following example shows how to delete an iSCSI vNIC named iscsivnic3 from a LAN connectivity policy named LanConnect42 and commit the transaction:

                        UCS-A# scope org /
                        UCS-A /org # scope lan-connectivity-policy LanConnect42
                        UCS-A /org/lan-connectivity-policy # delete vnic-iscsi iscsivnic3
                        UCS-A /org/lan-connectivity-policy* # commit-buffer
                        UCS-A /org/lan-connectivity-policy # 
                        

                        Deleting a LAN Connectivity Policy

                        If you delete a LAN connectivity policy that is included in a service profile, you will delete all vNICs and iSCSI vNICs from that service profile and disrupt LAN data traffic for the server associated with the service profile.

                        Procedure
                            Command or Action Purpose
                          Step 1 UCS-A# scope org org-name 

                          Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                           
                          Step 2 UCS-A /org # delete lan-connectivity-policy policy-name  

                          Deletes the specified LAN connectivity policy.

                           
                          Step 3 UCS-A /org # commit-buffer  

                          Commits the transaction to the system configuration.

                           

                          The following example shows how to delete the LAN connectivity policy named LanConnectiSCSI42 from the root organization and commit the transaction:

                          UCS-A# scope org /
                          UCS-A /org # delete lan-connectivity-policy LanConnectiSCSI42
                          UCS-A /org* # commit-buffer
                          UCS-A /org # 
                          

                          Configuring Network Control Policies

                          Network Control Policy

                          This policy configures the network control settings for the Cisco UCS domain, including the following:

                          • Whether the Cisco Discovery Protocol (CDP) is enabled or disabled
                          • How the virtual interface ( VIF) behaves if no uplink port is available in end-host mode
                          • The action that Cisco UCS Manager takes on the remote Ethernet interface, vEthernet interface , or vFibre Channel interface when the associated border port fails
                          • Whether the server can use different MAC addresses when sending packets to the fabric interconnect
                          • Whether MAC registration occurs on a per-VNIC basis or for all VLANs

                          Action on Uplink Fail

                          By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. For adapters such as the Cisco UCS M81KR Virtual Interface Card, this default behavior directs Cisco UCS Manager to bring the vEthernet or vFibre Channel interface down if the associated border port fails. For Cisco UCS systems using a non-VM-FEX capable converged network adapter that supports both Ethernet and FCoE traffic, such as Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, this default behavior directs Cisco UCS Manager to bring the remote Ethernet interface down if the associated border port fails. In this scenario, any vFibre Channel interfaces that are bound to the remote Ethernet interface are brought down as well.


                          Note


                          if your implementation includes those types of non-VM-FEX capable converged network adapters mentioned in this section and the adapter is expected to handle both Ethernet and FCoE traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning. Note that this configuration might result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.


                          MAC Registration Mode

                          MAC addresses are installed only on the native VLAN by default, which maximizes the VLAN port count in most implementations.


                          Note


                          If a trunking driver is being run on the host and the interface is in promiscuous mode, we recommend that you set the Mac Registration Mode to All VLANs.


                          Configuring a Network Control Policy

                          MAC address-based port security for Emulex converged Network Adapters (N20-AE0102) is not supported. When MAC address-based port security is enabled, the fabric interconnect restricts traffic to packets that contain the MAC address that it first learns. This is either the source MAC address used in the FCoE Initialization Protocol packet, or the MAC address in an ethernet packet, whichever is sent first by the adaptor. This configuration can result in either FCoE or Ethernet packets being dropped.

                          Procedure
                              Command or Action Purpose
                            Step 1 UCS-A# scope org org-name 

                            Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.

                             
                            Step 2 UCS-A /org # create nw-ctrl-policy policy-name  

                            Creates the specified network control policy, and enters organization network control policy mode.

                             
                            Step 3 UCS-A /org/nw-ctrl-policy # {disable | enable} cdp  

                            Disables or enables Cisco Discovery Protocol (CDP).

                             
                            Step 4 UCS-A /org/nw-ctrl-policy # set uplink-fail-action {link-down | warning}  

                            Specifies the action to be taken when no uplink port is available in end-host mode.

                            Use the link-down keyword to change the operational state of a vNIC to down when uplink connectivity is lost on the fabric interconnect, and facilitate fabric failover for vNICs. Use the warning keyword to maintain server-to-server connectivity even when no uplink port is available, and disable fabric failover when uplink connectivity is lost on the fabric interconnect. The default uplink failure action is link-down.

                             
                            Step 5 UCS-A /org/nw-ctrl-policy # set mac-registration-mode{all-host-vlans | only-native-vlan  

                            Whether adapter-registered MAC addresses are added only to the native VLAN associated with the interface or added to all VLANs associated with the interface. This can be one of the following:

                            • Only Native Vlan—MAC addresses are only added to the native VLAN. This option is the default, and it maximizes the port+VLAN count.
                            • All Host Vlans—MAC addresses are added to all VLANs with which they are associated. Select this option if your VLANs are configured to use trunking but are not running in Promiscuous mode.
                             
                            Step 6 UCS-A /org/nw-ctrl-policy # create mac-security  

                            Enters organization network control policy MAC security mode

                             
                            Step 7 UCS-A /org/nw-ctrl-policy/mac-security # set forged-transmit {allow | deny}  

                            Allows or denies the forging of MAC addresses when sending traffic. MAC security is disabled when forged MAC addresses are allowed, and MAC security is enabled when forged MAC addresses are denied. By default, forged MAC addresses are allowed (MAC security is disabled).

                             
                            Step 8 UCS-A /org/nw-ctrl-policy/mac-security # commit-buffer  

                            Commits the transaction to the system configuration.

                             

                            The following example creates a network control policy named ncp5, enables CDP, sets the uplink fail action to link-down, denies forged MAC addresses (enables MAC security), and commits the transaction:

                            UCS-A# scope org /
                            UCS-A /org # create nw-ctrl-policy ncp5
                            UCS-A /org/nw-ctrl-policy* # enable cdp
                            UCS-A /org/nw-ctrl-policy* # set uplink-fail-action link-down   
                            UCS-A /org/nw-ctrl-policy* # create mac-security
                            UCS-A /org/nw-ctrl-policy/mac-security* # set forged-transmit deny
                            UCS-A /org/nw-ctrl-policy/mac-security* # commit-buffer
                            UCS-A /org/nw-ctrl-policy/mac-security #
                            

                            Deleting a Network Control Policy

                            Procedure
                                Command or Action Purpose
                              Step 1 UCS-A# scope org /  

                              Enters the root organization mode.

                               
                              Step 2 UCS-A /org # delete nwctrl-policy policy-name  

                              Deletes the specified network control policy.

                               
                              Step 3 UCS-A /org # commit-buffer  

                              Commits the transaction to the system configuration.

                               

                              The following example deletes the network control policy named ncp5 and commits the transaction:

                              UCS-A# scope org /
                              UCS-A /org # delete nwctrl-policy ncp5
                              UCS-A /org* # commit-buffer
                              UCS-A /org #
                              

                              Configuring Multicast Policies

                              Multicast Policy

                              This policy is used to configure Internet Group Management Protocol (IGMP) snooping and IGMP querier. IGMP Snooping  dynamically determines hosts in a VLAN that should be included in particular multicast transmissions. You can create, modify, and delete a multicast policy that can be associated to one or more VLANs.  When a multicast policy is modified, all VLANs associated with that multicast policy are re-processed to apply the changes. By default, IGMP snooping is enabled and IGMP querier is disabled.  In the case of a private VLANs, you can set a multicast policy for primary VLANs but not for their associated isolated VLANs due to a Cisco NX-OS forwarding implementation.

                              The following limitations apply to multicast policies on the Cisco UCS 6100 series fabric interconnect and the 6200 series fabric interconnect:
                              • If a Cisco UCS domain includes only 6100 series fabric interconnects, only the default multicast policy is allowed for local VLANs or global VLANs.
                              • If a Cisco UCS domain includes one 6100 series fabric interconnect and one 6200 series fabric interconnect:
                                • Only the default multicast policy is allowed for a local VLAN on a 6100 series fabric interconnect.
                                • On a 6200 series fabric interconnect, user-defined multicast policies can also be assigned along with the default multicast policy.
                                • Only the default multicast policy is allowed for a global VLAN (as limited by one 6100 series fabric interconnect in the cluster.
                              • If a Cisco UCS domain includes only 6200 series fabric interconnects, any multicast policy can be assigned.

                              Creating a Multicast Policy

                              A multicast policy can be created only in the root organization and not in a sub-organization.

                              Procedure
                                  Command or Action Purpose
                                Step 1 UCS-A# scope org  

                                Enters organization mode for the specified organization.

                                 
                                Step 2 UCS-A /org # create mcast-policy policy-name  

                                Creates a multicast policy with the specified policy name, and enters organization multicast policy mode.

                                 
                                Step 3 UCS-A /org/mcast-policy* # commit-buffer  

                                Commits the transaction to the system configuration.

                                 

                                The following example shows how to create a multicast policy named policy1:

                                
                                         
                                         UCS-A# scope org /
                                UCS-A /org # create mcast-policy policy1
                                UCS-A /org/mcast-policy* # commit-buffer
                                UCS-A /org/mcast-policy # 
                                

                                Configuring IGMP Snooping Parameters

                                You can enable or disable IGMP snooping for a multicast policy. By default, the IGMP snooping state is enabled for a multicast policy. You can also set the IGMP snooping querier state and IPv4 address for the multicast policy.

                                Procedure
                                    Command or Action Purpose
                                  Step 1 UCS-A# scope org  

                                  Enters organization mode for the specified organization.

                                   
                                  Step 2 UCS-A /org # create mcast-policy policy-name  

                                  Creates a new multicast policy with the specified policy name, and enters organization multicast policy mode.

                                   
                                  Step 3 UCS-A /org/mcast-policy* # set querier{enabled | disabled}  

                                  Enables or disables IGMP snooping querier. By default, IGMP snooping querier is disabled for a multicast policy.

                                   
                                  Step 4 UCS-A /org/mcast-policy* # set querierip IGMP snooping querier IPv4 address  

                                  Specifies the IPv4 address for the IGMP snooping querier.

                                   
                                  Step 5 UCS-A /org/mcast-policy* # set snooping{enabled | disabled}  

                                  Enables or disables IGMP snooping. By default, IGMP snooping is enabled for a multicast policy.

                                   
                                  Step 6 UCS-A /org/mcast-policy* # commit-buffer  

                                  Commits the transaction to the system configuration.

                                   

                                  The following example shows how to create and enter a multicast policy named policy1:

                                  
                                           
                                           UCS-A# scope org /
                                  UCS-A /org # create mcast-policy policy1
                                  UCS-A /org/mcast-policy* # set querier enabled
                                  UCS-A /org/mcast-policy* # set querierip 1.2.3.4
                                  UCS-A /org/mcast-policy* # set snooping enabled
                                  UCS-A /org/mcast-policy* # commit-buffer
                                  UCS-A /org/mcast-policy # 
                                  

                                  Modifying Multicast Policy Parameters

                                  You can modify an existing multicast policy to change the state of IGMP snooping or IGMP snooping querier. When a multicast policy is modified, all VLANs associated with that multicast policy are re-processed to apply the changes.

                                  Procedure
                                      Command or Action Purpose
                                    Step 1 UCS-A# scope org 

                                    Enters organization mode for the specified organization.

                                     
                                    Step 2 UCS-A /org # scope mcast-policy policy-name  

                                    Enters organization multicast policy mode.

                                     
                                    Step 3 UCS-A /org/mcast-policy* # set querier{enabled | disabled}  

                                    Enables or disables IGMP snooping querier. By default, IGMP snooping querier is disabled for a multicast policy.

                                     
                                    Step 4 UCS-A /org/mcast-policy* # set querierip IGMP snooping querier IPv4 address  

                                    Specifies the IPv4 address for the IGMP snooping querier.

                                     
                                    Step 5 UCS-A /org/mcast-policy* # set snooping{enabled | disabled}  

                                    Enables or disables IGMP snooping. By default, IGMP snooping is enabled for a multicast policy.

                                     
                                    Step 6 UCS-A /org/mcast-policy* # commit-buffer  

                                    Commits the transaction to the system configuration.

                                     

                                    The following example shows how to create a multicast policy named policy1:

                                    
                                             
                                             UCS-A# scope org /
                                    UCS-A /org # scope mcast-policy policy1
                                    UCS-A /org/mcast-policy* # set querier enabled
                                    UCS-A /org/mcast-policy* # set querierip 1.2.3.4
                                    UCS-A /org/mcast-policy* # set snooping enabled
                                    UCS-A /org/mcast-policy* # commit-buffer
                                    UCS-A /org/mcast-policy # 
                                    

                                    Assigning a VLAN Multicast Policy

                                    You can set a multicast policy for a VLAN in the Ethernet uplink fabric mode. You cannot set a multicast policy for an isolated VLAN.

                                    Before You Begin

                                    Create a VLAN.

                                    Procedure
                                        Command or Action Purpose
                                      Step 1 UCS-A# scope eth-uplink  

                                      Enters Ethernet uplink mode.

                                       
                                      Step 2 UCS-A /eth-uplink # scope fabric{a | b}  

                                      Enters Ethernet uplink fabric mode for the specified fabric interconnect.

                                       
                                      Step 3 UCS-A /eth-uplink/fabric # scope vlan vlan-name  

                                      Enters Ethernet uplink fabric VLAN mode.

                                       
                                      Step 4 UCS-A /eth-uplink/fabric/vlan # set mcastpolicy policy-name  

                                      Assigns a multicast policy for the VLAN.

                                       
                                      Step 5 UCS-A /eth-uplink/fabric/vlan # commit-buffer  

                                      Commits the transaction to the system configuration.

                                       

                                      The following example sets a named VLAN accessible to one fabric interconnect and commits the transaction:

                                      UCS-A# scope eth-uplink
                                      UCS-A /eth-uplink # scope fabric a
                                      UCS-A /eth-uplink/fabric # scope vlan vlan1
                                      UCS-A /eth-uplink/fabric/vlan # set mcastpolicy policy1
                                      UCS-A /eth-uplink/fabric/vlan* # commit-buffer
                                      UCS-A /eth-uplink/fabric/vlan #
                                      
                                      

                                      Deleting a Multicast Policy


                                      Note


                                      If you assigned a non-default (user-defined) multicast policy to a VLAN and then delete that multicast policy, the associated VLAN inherits the multicast policy settings from the default multicast policy until the deleted policy is re-created.


                                      Procedure
                                          Command or Action Purpose
                                        Step 1 UCS-A# scope org  

                                        Enters organization mode for the specified organization.

                                         
                                        Step 2 UCS-A /org # delete mcast-policy policy-name  

                                        Deletes a multicast policy with the specified policy name.

                                         
                                        Step 3 UCS-A /org # commit-buffer  

                                        Commits the transaction to the system configuration.

                                         

                                        The following example shows how to delete a multicast policy named policy1:

                                        
                                                 
                                                 UCS-A# scope org /
                                        UCS-A /org # delete mcast-policy policy1
                                        UCS-A /org* # commit-buffer
                                        UCS-A /org #