Table Of Contents
Configuring Network Segmentation Manager
Information About Network Segmentation Manager
Prerequisites
Guidelines and Limitations
Default Settings
Network Segmentation Manager Configuration Process
Enabling the NSM Feature
Creating a Port Profile for Network Segmentation Policies
Creating Network Segmentation Policies
Registering vShield Manager with Network Segmentation Manager
Unregistering vShield Manager with Network Segmentation Manager
Verifying the NSM Configuration
Configuration Examples for Network Segmentation Manager
Changing a Port Profile Associated with a Network Segmentation Policy
Identifying the Networks Associated with the Network Segmentation Policy
Updating the Network Segmentation Policy
Changing the Network Segmentation Policy Associated with a Network.
Identifying the Networks
Migrating Networks to Non Default Network Segmentation Policy
Feature History for Network Segmentation Manager
Configuring Network Segmentation Manager
This chapter describes how to configure the Network Segmentation Manager and includes the following sections:
•
Prerequisites
•Guidelines and Limitations
•Default Settings
•Network Segmentation Manager Configuration Process
•Verifying the NSM Configuration
•Configuration Examples for Network Segmentation Manager
•Changing a Port Profile Associated with a Network Segmentation Policy
•Changing the Network Segmentation Policy Associated with a Network.
•Feature History for Network Segmentation Manager
Information About Network Segmentation Manager
For more information, see the Information About Network Segmentation Manager.
Prerequisites
Network Segmentation Manager has the following prerequisites:
•You have installed the Cisco Nexus 1000V software and configured the following using the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV1(5.1).
•You have a vCenter Server 4.1 or 5.0 configured in vCloud Director 1.5 and vShield Manager 5.
•You have associated a vShield Manager with every vCenter Server.
•You have created an organization in vCloud Director.
•You have created provider and organization vDC in vCloud Director.
•Ensure that Virtual Supervisor Module (VSM) has an active SVS connection.
•Ensure that Virtual Supervisor Module (VSM)- Virtual Ethernet Module (VEM) connectivity is functioning.
•You have added hosts to Cisco Nexus 1000V.
•Ensure that the user specified for NSM on vShield Manager is a network administrator.
Guidelines and Limitations
Network Segmentation feature has the following configuration guidelines and limitations:
•You must enable the VLANs that are going to be used through NSM and add them to the uplink.
•Ensure that the infrastructure has port 443 open.
•You must enable feature http-server in order to allow web service communication.
•You must enable the segmentation feature in order to use NSM for Virtual Extensible Local Area Network (VXLAN) via vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. See the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
Default Settings
Table 2-1 lists the default settings for network segmentation policies.
Table 2-1 Default Network Segmentation Policies
Parameters
|
Default
|
VLAN policy (port-profile template)
|
default_vlan_template
|
segmentation policy (port-profile template)
|
default_segmentation_template
|
Note If a network creation request comes with a tenant ID and backing type that does not match a network segmentation policy, the default_vlan_template or default_segmentation_template is used during network creation from vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1). If required, you can add additional policies to the default NSM template.
Network Segmentation Manager Configuration Process
The following section guides you through the NSM configuration process. See Figure 2-1. After completing each procedure, return to this section to make sure that you have completed all required procedures in the correct sequence.
Figure 2-1 Network Segmentation Manager Configuration Process
Step 1 Enable the NSM feature using the "Enabling the NSM Feature" section.
Step 2 Create a port profile for network segmentation policies using the "Creating a Port Profile for Network Segmentation Policies" section.
Step 3 Create network segmentation policies using the "Creating Network Segmentation Policies" section.
Step 4 Register NSM with vShield Manager using the "Registering vShield Manager with Network Segmentation Manager" section.
Enabling the NSM Feature
You can enable the NSM feature in Cisco Nexus 1000V.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in EXEC mode.
SUMMARY STEPS
1. configure terminal
2. feature network-segmentation-manager
3. (Optional) show network-segment manager switch
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure terminal
Example:
n1000v# configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
feature network-segmentation-manager
Example:
n1000v(config)# feature
network-segmentation-manager
n1000v(config)#
|
Enables the Network Segmentation Manager feature.
|
Step 3
|
show network-segment manager switch
Example:
n1000v# show network-segment manager
switch
dvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d
4c 36 ca 1c d1 f0
mgmt-srv-uuid:
087F202C-8937-4F1E-8676-6F714C1AB96C
last alert: - seconds ago
connection status: disconnected
|
(Optional) Displays the Cisco Nexus 1000V configured with NSM.
|
EXAMPLES
This example shows how to enable the NSM feature:
n1000v# configure terminal
n1000v(config)# feature network-segmentation-manager
n1000v# show network-segment manager switch
dvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d 4c 36 ca 1c d1 f0
mgmt-srv-uuid: 087F202C-8937-4F1E-8676-6F714C1AB96C
last alert: - seconds ago
connection status: disconnected
Creating a Port Profile for Network Segmentation Policies
You can create a port profile that contains policies such as QoS, ACLs, and so on for network segmentation policies in Cisco Nexus 1000V.
For more information on port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
For more information on QoS, see the Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV1(5.1).
For more information on ACL, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(5.1).
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in EXEC mode.
•The VSM is connected to vCenter Server.
•The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. port-profile [type vethernet] name
3. no shutdown
4. state enabled
5. (Optional) show running-config port-profile name
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure terminal
Example:
n1000v#configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
port-profile [type vethernet] name
Example:
n1000v(config)# port-profile type
vethernet ABC_profile_segmentation
n1000v(config-port-prof)#
|
Enters port profile configuration mode for the named port profile.
|
Step 3
|
no shutdown
Example:
n1000v(config-port-prof)# no shutdown
n1000v(config-port-prof)#
|
Administratively enables all ports in the profile.
|
Step 4
|
state enabled
Example:
n1000v(config-port-prof)# state enabled
n1000v(config-port-prof)#
|
Enables the port profile and applies its configuration to the assigned ports.
|
Step 5
|
show running-config port-profile
Example:
n1000v(config-port-prof)# show
running-config port-profile
ABC_profile_segmentation
|
(Optional) Displays the configuration for verification.
|
EXAMPLES
This example shows how to create a segmentation type port profile:
n1000v# configure terminal
n1000v(config)# port-profile type vethernet ABC_profile_segmentation
n1000v(config-port-prof)# no shutdown
n1000v(config-port-prof)# state enabled
n1000v(config-port-prof)# show running-config port-profile ABC_profile_segmentation
!Command: show running-config port-profile ABC_profile_segmentation
!Time: Thu Dec 1 19:58:44 2011
port-profile type vethernet ABC_profile_segmentation
Creating Network Segmentation Policies
Network segmentation policies are a set of policies that are inherited on a port profile that is created as a result of a network. The policy type can be either VLAN or Segmentation. This policy type corresponds to the network pool type in the vCloud Director. VLAN network segmentation policies are used for networks created from VLAN-backed network pools and Segmentation network segmentation policies are used for networks created from network isolation-backed network pools.
The network segmentation policies also contains a tenant ID and a reference to a port profile that may contain other policies for features such as QoS, ACL, and so on. Each tenant ID is unique and can be associated with only one Segmentation and one VLAN network segmentation policy. The tenant ID correlates to the Organization Universally Unique Identifier (UUID) in the vCloud Director. For more information on retrieving the organization UUID from VMware vCloud Director, see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2012943
Note If a network segmentation policy with a tenant ID is not created, the default_vlan_template or default_segmentation_template is used during network creation from vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
You can create network segmentation policies.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in EXEC mode.
•The NSM feature is enabled.
•You know the tenant IDs for tenants that require non default network segmentation policies. The tenant IDs for network segment policies can be found on vCloud Director. It is located in the address bar of the browser when viewing an organization.
In the following example,
https://[VCloud_director_IP]/cloud/#/vAppListPage?org=91e87e80-e18b-460f-a761-b978c0d28aea
the tenant ID is "91e87e80-e18b-460f-a761-b978c0d28aea"
•You must create the port profiles with all the required feature port profiles before importing them to the network segmentation policy. To create a port profile, see the "Creating a Port Profile for Network Segmentation Policies" section.
•You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy name
3. description description
4. type {segmentation | VLAN}
5. id {vCloud Director Organization tenant-id}
6. import port-profile name
7. (Optional) show running-config network-segment policy
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure terminal
Example:
n1000v# configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
network-segment policy name
Example:
n1000v(config)# network-segment policy
abc-policy-vxlan
n1000v(config-network-segment-policy)#
|
Creates a network segmentation policy. The policy name can be up to 80 characters and must be unique for each policy on the NSM.
|
Step 3
|
description description
Example:
n1000v(config-network-segment-policy)#
description network segmentation policy
for ABC
n1000v(config-network-segment-policy)#
|
Adds a description of up to 80 ASCII characters to the policy.
|
Step 4
|
type {segmentation | VLAN}
Example:
n1000v(config-network-segment-policy)#
type segmentation
n1000v(config-network-segment-policy)#
|
Defines the network segmentation policy type. The policy type can be Segmentation or VLAN. For segmentation policy, VXLAN is used. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
The policy type corresponds to the network pools (VLAN-backed or network isolation-backed) in the vCloud Director.
Once configured, the type cannot be changed.
|
Step 5
|
id {vCloud Director Organization
tenant-id}
Example:
n1000v(config-network-segment-policy)#
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
n1000v(config-network-segment-policy)#
|
Associates the network segmentation policy with the tenant ID. The tenant ID correlates to the Organization UUID in the vCloud Director and cannot be changed once it is configured.
|
Step 6
|
import port-profile name
Example:
n1000v(config-network-segment-policy)#
import port-profile
ABC_profile_segmentation
n1000v(config-network-segment-policy)#
|
Associates the port profile with the network segmentation policy. Each network created that uses this network segmentation policy will inherit the associated port profile.
|
Step 7
|
show running-config network-segment
policy
Example:
n1000v#show running-config
network-segment policy abc-policy-vxlan
!Command: show running-config
network-segment policy abc-policy-vxlan
!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)
feature network-segmentation-manager
network-segment policy abc-policy-vxlan
description network segmentation policy
for ABC for VXLAN networks
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
type segmentation
import port-profile port-profile
ABC_profile_segmentation
|
(Optional) Displays the network segmentation policy configuration.
|
EXAMPLES
This example shows how to create a NSM policy for ABC Inc for VXLAN networks:
n1000v# configure terminal
n1000v(config)# network-segment policy abc-policy-vxlan
n1000v(config-network-segment-policy)# description network segmentation policy for ABC for
VXLAN networks
n1000v(config-network-segment-policy)# type segmentation
n1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation
n1000v(config-network-segment-policy)#show running-config network-segment policy
abc-policy-vxlan
!Command: show running-config network-segment policy abc-policy-vxlan
!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)
feature network-segmentation-manager
network-segment policy abc-policy-vxlan
description network segmentation policy for ABC for VXLAN networks
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
type segmentation
import port-profile port-profile ABC_profile_segmentation
This example shows how to create a NSM policy for ABC Inc for VLAN networks:
n1000v# configure terminal
n1000v(config)# network-segment policy abc-policy-vlan
n1000v(config-network-segment-policy)# description network segmentation policy for ABC for
VLAN networks
n1000v(config-network-segment-policy)# type vlan
n1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
n1000v(config-network-segment-policy)# import port-profile ABC_profile_vlan
n1000v(config-network-segment-policy)#
Note As a best practice, if a tenant specific policy is defined through network segmentation policies, you should define it for both segmentation and VLAN types.
Registering vShield Manager with Network Segmentation Manager
You can use this procedure to register VMware vShield Manager with NSM.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to vShield Manager.
•The vShield Manager is connected to vCenter Server.
•The NSM feature is enabled.
•You know the range of multicast addresses.
•You know the segment ID pool.
•Ensure that the segment ID range allocated to vShield Manager does not overlap with other instances in the network or VXLANs used on the Cisco Nexus 1000V.
•Ensure that the user specified for NSM on vShield Manager is a network administrator.
DETAILED STEPS
Step 1 In the vShield Manager, navigate to the Settings and Report window.
Step 2 In the Setting and Reports pane, click Configuration.
Step 3 Click Networking. The Edit Settings window opens.
Step 4 Enter the segment ID pool. The segment ID pool should be greater than 4097.
Step 5 Enter the multicast address range.
Step 6 Click OK.
Step 7 In the vShield Manager, navigate to the External Switch Providers window.
Step 8 Click Add Switch Provider. The External Switch Provider window opens.
Step 9 Enter the name of the switch.
Step 10 Enter the NSM API service URL (https://Cisco-VSM-IP-Address/n1k/services/NSM).
Step 11 Enter the network administrator username and password.
Step 12 Accept the SSL thumbprint.
Step 13 In the External Switch Providers window, a green check mark in the Status column indicates that the connection between vShield Manager and NSM is established.
Step 14 You can verify the registration of the vShield Manager with NSM by entering the following command on the Cisco Nexus 1000V CLI:
n1000v# show network-segment manager switch
dvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d 4c 36 ca 1c d1 f0
mgmt-srv-uuid: 087F202C-8937-4F1E-8676-6F714C1AB96C
last alert: 30 seconds ago
connection status: connected
Unregistering vShield Manager with Network Segmentation Manager
You can use this procedure to unregister VMware vShield Manager with NSM.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to vShield Manager.
•The vShield Manager is registered with NSM.
DETAILED STEPS
Step 1 In the vShield Manager, navigate to the Settings and Report window.
Step 2 In the Setting and Reports pane, click Configuration.
Step 3 Click Networking. The Edit Settings window opens.
Step 4 In the External Switch Providers pane, click the Delete link for the switch you wish to unregister.
Step 5 You can verify that the vShield Manager has been unregistered by entering the following command on the Cisco Nexus 1000V CLI:
n1000v# show network-segment manager switch
dvs-uuid: ff 05 32 50 5b d5 db fe-da 48 70 e1 0f bd ae 43
mgmt-srv-uuid: 35B101C8-DE9B-42F9-BE85-284DD679367D
last alert: - seconds ago
connection status: disconnected
Verifying the NSM Configuration
To display NSM configuration information, perform one of the following tasks:
Command
|
Purpose
|
show network-segment manager switch
|
Displays the Cisco Nexus 1000V configured with NSM.
|
show running-config port-profile
|
Displays the port profile configuration.
|
show running-config network-segment policy
|
Displays the NSM policy configuration.
|
For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1).
Configuration Examples for Network Segmentation Manager
The following example shows how to configure Network Segmentation Manager feature:
Step 1 Enable Network Segmentation Manager.
n1000v# configure terminal
n1000v(config)# feature network-segmentation-manager
Step 2 Create a port profiles for segmentation and VLAN policies.
n1000v# configure terminal
n1000v(config)# port-profile type vethernet ABC_profile_segmentation
n1000v(config-port-prof)# no shutdown
n1000v(config-port-prof)# state enabled
n1000v# configure terminal
n1000v(config)# port-profile type vethernet ABC_profile_vlan
n1000v(config-port-prof)# no shutdown
n1000v(config-port-prof)# state enabled
Step 3 Create a NSM Policy
n1000v# configure terminal
n1000v(config)# network-segment policy abc-policy-vxlan
n1000v(config-network-segment-policy)# description network segmentation policy for ABC for
VXLAN networks
n1000v(config-network-segment-policy)# type segmentation
n1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation
n1000v#configure terminal
n1000v(config)# network-segment policy abc-policy-vlan
n1000v(config-network-segment-policy)# description network segmentation policy for ABC for
VLAN networks
n1000v(config-network-segment-policy)# type vlan
n1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
n1000v(config-network-segment-policy)# import port-profile ABC_profile_vlan
Step 4 Verify the configuration.
n1000v# configure terminal
n1000v(config)# show running-config network-segment policy abc-policy-vxlan
!Command: show running-config network-segment policy abc-policy-vxlan
!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)
feature network-segmentation-manager
network-segment policy abc-policy-vxlan
description network segmentation policy for ABC for VXLAN networks
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
type segmentation
import port-profile port-profile ABC_profile_segmentation
Changing a Port Profile Associated with a Network Segmentation Policy
During a network creation in the vCloud Director, network segmentation policies are created on the NSM and these network segmentation policies are inherited on a port profile. In order to associate a different port profile with the deployed network, you can change the port profile associated with the network segmentation policy.
To change the port profile associated with the network segmentation policy perform the following steps:
Step 1 Identify all the networks associated with the network segmentation policy. For more information, see Identifying the Networks Associated with the Network Segmentation Policy.
Step 2 Manually remove the inheritance for the existing port profile. See section "Removing Inherited Policies from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 3 Manually inherit the new port profile that will be associated with the network segmentation policy. See section "Inheriting a Configuration from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 4 Update the network segmentation policy. For more information, see Updating the Network Segmentation Policy
Identifying the Networks Associated with the Network Segmentation Policy
You can identify the networks associated with the network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in configuration mode.
•The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. show network-segment policy usage
DETAILED STEPS
| |
Command
|
Description
|
Step 1
|
configure terminal
Example:
n1000v# configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
show network-segment policy usage
Example:
n1000v(config)# show network-segment policy
usage
|
Displays the network segmentation policy usage by networks.
|
EXAMPLES
This example shows how to identify the networks associated with a network segmentation policy:
n1000v(config)# show network-segment policy usage
network-segment policy default_segmentation_template
dvs.VCDVSint-org-cn2-e46e9686-2327-49df-ad5c-a3f89c00cfb8
network-segment policy default_vlan_template
network-segment policy abc-policy-vxlan
dvs.VCDVSint-org-nexus-6141babd-bdc8-4e86-8f16-1ac786fb377f
network-segment policy abc-policy-vlan
Updating the Network Segmentation Policy
You can update a network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in EXEC mode.
•The NSM feature is enabled.
•You know the tenant IDs for tenants that require non default network segmentation policies.
•You must create the port profiles with all the required feature port profiles before importing them to the network segmentation policy. To create a port profile, see the Creating a Port Profile for Network Segmentation Policies.
•You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy name
3. import port-profile name force
4. (Optional) show run network-segment policy
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure terminal
Example:
n1000v# configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
network-segment policy name
Example:
n1000v(config)# network-segment policy
abc-policy-vxlan
n1000v(config-network-segment-policy)
|
Creates a network segmentation policy. The policy name can be up to 80 characters and must be unique for each policy on the NSM.
|
Step 3
|
import port-profile name force
Example:
n1000v(config-network-segment-policy)#
import port-profile
ABC_profile_segmentation force
n1000v(config-network-segment-policy)
|
Forces the new port profile to be used and migrates existing the networks to the new port profile. Each network created that uses this network segmentation policy will inherit the associated port profile.
Note The force option overrides any checks in the NSM that prevent you from modifying the port profile. After updating the network segmentation policy, a warning is displayed listing any networks that are not inheriting the new port profile.
|
Step 4
|
show running-config network-segment
policy
Example:
n1000v(config-network-segment-policy)#
show running-config network-segment
policy abc-policy-vxlan
|
(Optional) Displays the network segmentation policy configuration.
|
EXAMPLES
This example shows how to update the network segmentation policy:
n1000v# configure terminal
n1000v(config)# show running-config network-segment policy abc-policy-vxlan
network-segment policy abc-policy-vxlan
description network segmentation policy for ABC for VXLAN networks
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
import port-profile ABC_profile_segmentation
n1000v(config)# network-segment policy abc-policy-vxlan
n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation_new
force
n1000v(config)# show running-config network-segment policy abc-policy-vxlan
network-segment policy abc-policy-vxlan
description network segmentation policy for ABC for VXLAN networks
id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170
import port-profile ABC_profile_segmentation_new
Changing the Network Segmentation Policy Associated with a Network.
During a network creation in the vCloud Director, network segmentation policies are created on the NSM. In order to use other non default policies for any new or old networks associated with an Organization vDC in the vCloud Director, you must change the network segmentation policy associated with a network.
To change the network segmentation policy associated with a network, perform the following steps:
Step 1 Identify all the networks that need to be migrated. For more information, see Identifying the Networks.
Step 2 Manually remove the inheritance of the port profile associated with the network segmentation policy from the network. See section "Removing Inherited Policies from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 3 Manually inherit the new port profile that will be associated with the network segmentation policy on the network. See section "Inheriting a Configuration from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 4 Migrate the networks from the default network segmentation policy to the non default network segmentation policy. For more information, see Migrating Networks to Non Default Network Segmentation Policy.
Identifying the Networks
You can identify the networks that have to be migrated.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in configuration mode.
•The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. show network-segment network
DETAILED STEPS
| |
Command
|
Description
|
Step 1
|
configure terminal
Example:
n1000v# configure terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
show network-segment network
Example:
n1000v(config)# show network-segment network
|
Displays the networks associated with a network segmentation policy.
|
EXAMPLES
This example shows you how to display the networks associated with a network segmentation policy:
n1000v(config)# show network-segment network
network dvs.VCDVSint-org-cn2-e46e9686-2327-49df-ad5c-a3f89c00cfb8
tenant id: 2b4ca1b2-ba8e-456c-b772-a4730af16e2e
network-segment policy: default_segmentation_template
network dvs.VCDVSint-org-nexus-6141babd-bdc8-4e86-8f16-1ac786fb377f
tenant id: 91e87e80-e18b-460f-a761-b978c0d28aea
network-segment policy: seg-template-nexus-org
Migrating Networks to Non Default Network Segmentation Policy
You can migrate the networks from the default network segmentation policy to the non default network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
•You are logged in to the CLI in EXEC mode.
•The NSM feature is enabled.
•You know the tenant IDs for tenants that require non default network segmentation policies.
•You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy migrate id isolation_id type nw_type dest-policy policy
3. (Optional) show network-segment network
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure terminal
Example:
n1000v# config terminal
n1000v(config)#
|
Enters global configuration mode.
|
Step 2
|
network-segment policy migrate id
isolation_id type nw_type dest-policy policy
Example:
n1000v(config)# network-segment policy
migrate id
da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87
type vlan dest-policy org_vlan
|
Migrates the the networks from the default network segmentation policy to the non default destination network segmentation policy.
•isolation_id: Tenant ID of for the networks to be migrated.
•nw_type: Type of networks (VLAN or Segmentation) to be migrated
•policy: Name of the destination network segmentation policy to migrate to.
Note If there are any existing networks that match the tenant ID and type, but are not inheriting the port profile associated with the destination network segmentation policy, a warning will be displayed listing the port-profiles that are not migrated.
|
Step 3
|
show network-segment network
|
(Optional) Displays the networks associated with a network segmentation policy.
|
EXAMPLES
This example shows you how to migrate networks to non default segmentation policy:
n1000v(config)# show network-segment network
network dvs.VCDVStenantid_vlan-74e36255-e588-4357-8abe-15d2cc7feaec
tenant id: da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87
network-segment policy: default_segmentation_template
n1000v(config)# network-segment policy migrate id da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87
type segmentation dest-policy org_seg
Note In case a warning appears then, first manually remove the inheritance of the port profile associated with the network segmentation policy from the network. See section "Removing Inherited Policies from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information. Then, manually inherit the new port profile that will be associated with the network segmentation policy on the network. See section "Inheriting a Configuration from a Port Profile" in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
n1000v(config)#show network-segment network
network dvs.VCDVStenantid_vlan-74e36255-e588-4357-8abe-15d2cc7feaec
tenant id: da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87
network-segment policy: org_seg
Feature History for Network Segmentation Manager
Table 2-2 lists the release history for this feature. Only features that were introduced or modified in Release 4.2(1)SV1(5.1) or a later release appear in the table.
Table 2-2 Feature History for NSM
Feature Name
|
Releases
|
Feature Information
|
Network Segmentation Manager
|
4.2(1)SV1(5.1)
|
Introduced the Network Segmentation Manager (NSM) feature.
|
Feedback
