Table Of Contents
Configuring the Cisco Virtual Security Gateway Port Profile on the Cisco Nexus 1000V Series Switch
Configuring the Cisco VSG Port Profile on the Cisco Nexus 1000V Series Switch VSM for Protection from Service Loss
Verifying the Cisco VSG Configuration
Where to Go Next
Configuring the Cisco Virtual Security Gateway Port Profile on the Cisco Nexus 1000V Series Switch
This chapter describes the Cisco Virtual Security Gateway (VSG) for the Cisco Nexus 1000V Series switch licensing and configuration requirements on the Cisco Nexus 1000V Series switch and includes the following section:
•
Configuring the Cisco VSG Port Profile on the Cisco Nexus 1000V Series Switch VSM for Protection from Service Loss
For additional details about the Cisco Nexus 1000V Series switch port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4).
Configuring the Cisco VSG Port Profile on the Cisco Nexus 1000V Series Switch VSM for Protection from Service Loss
You can configure the vn-service parameter in the port profile on the Virtual Supervisor Module (VSM) for protection from service loss.
BEFORE YOU BEGIN
You have the Cisco VSG software installed and the basic installation completed. For details, see the Cisco Virtual Security Gateway, Release 4.2(1)VSG1(1) and Cisco Virtual Network Management Center, Release 1.0.1 Installation Guide.
You must have the NEXUS_VSG_SERVICES_PKG license installed on the Cisco Nexus 1000V Series switch. Ensure that you have enough licenses to cover the number of ESX hosts (VEMs) you want to protect.
The data IP address and management IP addresses should be configured. To configure the data IP address, see the Cisco Virtual Security Gateway, Release 4.2(1)VSG1(1) and Cisco Virtual Network Management Center, Release 1.0.1 Installation Guide.
You have completed creating the Cisco VSG port profiles for the service and HA interface.
You are logged in to the Cisco Nexus 1000V Series switch CLI in EXEC mode.
SUMMARY STEPS
1. configure
2. port-profile port-profile-name
3. switchport mode access
4. switchport access vlan vlan-id
5. no shutdown
6. vn-service ip-address ip-address vlan vlan-id mgmt-ip-address ip-address [fail {open | close}] [security-profile name]
7. vmware port-group
8. state enabled
9. (Optional) copy running-config startup-config
10. exit
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
configure
Example:
n1000v# configure
n1000v(config)#
|
Places you in global configuration mode.
|
Step 2
|
port-profile port-profile-name
Example:
n1000v(config-port-prof)# port-profile
host-profile
n1000v(config-port-prof)#
|
Enters the port profile configuration mode for the named port profile. If the port profile does not exist, it is created using the following characteristics:
port-profile-name—The port profile name can be up to 80 alphanumeric characters and must be unique for each port profile on the Cisco VSG.
|
Step 3
|
switchport mode access
Example:
n1000v(config-port-prof)# switchport mode
access
n1000v(config-port-prof)#
|
Designates that the new port profile is used as an access port.
|
Step 4
|
switchport access vlan vlan-id
Example:
n1000v(config-port-prof)# switchport
access vlan 2000
n1000v(config-port-prof)#
|
Specifies the access VLAN for the new port profile.
vlan-id—The VLAN ID is a unique identifier from 0 through 4096.
|
Step 5
|
no shutdown
Example:
n1000v(config-port-prof)# no shutdown
n1000v(config-port-prof)#
|
Enables all ports in the new port profile.
|
Step 6
|
vn-service ip-address ip-address vlan
vlan-id mgmt-ip-address ip-address [fail
{open | close}] [security-profile name]
Example:
n1000v(config-port-prof)# vn-service ip
100.1.1.100 vlan 1000 mgmt-ip 10.10.10.11
profile vnsp-1
n1000v(config-port-prof)#
|
Configures the IP, VLAN, management IP, and profile for the Cisco VSG, and optionally allows a fail safe configuration.
Note If you do not pick a security profile name, the default name is assumed. The security profile name must match the security profile created on the Cisco VSG.
Note The IP address must match the data interface (data0) IP address on the Cisco VSG.
Note The management IP address must match the management IP address that you entered when installing or configuring your Cisco VSG settings.
|
Step 7
|
vmware port-group
Example:
n1000v(config-port-prof)# vmware
port-group
n1000v(config-port-prof)#
|
Designates the port profile as a VMware port group.
|
Step 8
|
state enabled
Example:
n1000v(config-port-prof)# state enabled
n1000v(config-port-prof)#
|
Sets the port profile state to enabled.
|
Step 9
|
copy running-config startup-config
Example:
n1000v(config-port-prof)# copy
running-config startup-config
n1000v(config-port-prof)#
|
(Optional) Saves configuration changes.
|
Step 10
|
exit
Example:
n1000v(config-port-prof)# exit
n1000v(config)#
|
Exits the configuration mode.
|
Verifying the Cisco VSG Configuration
To display information related to a Cisco VSG, perform one of the following tasks on the Cisco Nexus 1000V Series switch CLI:
Command
|
Purpose
|
show license usage
Example:
vsg# show license usage
|
Displays a table with the Cisco VSG license usage information for the Cisco Nexus 1000V Series switch.
|
show license usage NEXUS_VSG_SERVICES_PKG
Example:
vsg# show license usage
NEXUS_VSG_SERVICES_PKG
|
Displays the usage information for the license package NEXUS_VSG_SERVICES_PKG.
|
show vsnstate {statistics | brief | {detail
[{{vlan vlan-num [ip ip-addr]} | module
module-num}]}}
Example:
vsg# show vsnstate statistics detail vlan 1
|
Displays configuration information, MAC address, state of associated Cisco VSG and Virtual Ethernet Module (VEM), Veths to which Cisco VSGs are bound, and Virtual Service Node (VSN) statistics for all VEM modules associated with Cisco VSGs.
|
For detailed information about the fields in the output from these commands, see the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4).
Where to Go Next
After you have completed configuring the Cisco VSG port profile on the Cisco Nexus 1000V Series switch for protection, you may proceed to assign port profiles to your VMs for Cisco VSG firewall protection on the vCenter.
Feedback