The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Information About Network Segmentation Manager
Network Segmentation Manager has the following prerequisites:
The network segmentation manager feature has the following configuration guidelines and limitations:
The network-segmentation-manager feature is enabled on the VSM by default. Verify the output of the show feature command on the VSM to make sure that the network-segmentation-manager feature is enabled by default.
Microsoft SCVMM should be able to communicate with the Cisco Nexus 1000V using HTTP.
The http-server feature is enabled by default on the Cisco Nexus 1000V to allow web service communication.
To modify the association of a published network segment to a network segment pool, you must delete and re-create the network segment with the new association. This rule is applicable for the network segment pool, the network uplink, and the virtual port-profiles.
Building Network Infrastructure for Microsoft SCVMM
You can create a logical network for the host connectivity using the following steps:
1. switch# configure terminal
2. switch(config)# nsm logical network <name>
3. (Optional) switch(config-logical-net)# description <description >
4. (Optional) switch(config-logical-net)# no description
5. switch(config-logical-net)# end
6. switch(config-logical-net)# exit
This example shows how to create a logical network named IntranetSFO. Use the show nsm logical network name <name> command to display the configuration details of the logical network.
switch# configure terminal switch(config)# nsm logical network IntranetSFO switch(config-logical-net)# description Network for external Internet connectivity switch(config-logical-net)# exit switch(config)# show nsm logical network name IntranetSFO Name: IntranetSFO Description: Network for external Internet connectivity
You can create a network segment pool for the host connectivity using the following steps:
1. switch# configure terminal
2. switch(config)#nsm network segment pool <name>
3. switch(config-net-seg-pool)#member-of logical network name
4. (Optional) switch(config-net-seg-pool)#no [intraportcom | member-of]
5. (Optional) switch(config-net-seg-pool)#this config
6. switch(config-net-seg-pool)# end
7. switch(config-net-seg-pool)# exit
This example shows how to configure a network segment pool named IntranetSJ. Use the show nsm network segment pool name <name> to view the configuration.
switch# configure terminal switch(config)# nsm network segment pool IntranetSJ switch(config-net-seg-pool)# member-of logical network IntranetSFO switch(config-net-seg-pool)# exit switch(config)# show nsm network segment pool name IntranetSJ Name: IntranetSJ GUID: 5e4cb505-3255-4ef8-8480-685904fc9685 Logical network Name: IntranetSFO Intra Port Communication: Disabled Publish-name: IntranetSJ
You can create an IP pool template using the following steps:
1. switch# configure terminal
2. switch(config)#nsm ip pool template <name>
3. switch(config-ip-pool-template)#ip [address | reserved]
4. switch(config-ip-pool-template)#network <A.B.C.D> <a.b.c.d>
5. (Optional) switch(config-ip-pool-template)#default-router <A.B.C.D>
6. (Optional) switch(config-ip-pool-template)#description
7. (Optional) switch(config-ip-pool-template)#dhcp
8. (Optional) switch(config-ip-pool-template)#dns-server <A.B.C.D>
9. (Optional) switch(config-ip-pool-template)#dns-suffix
10. (Optional) switch(config-ip-pool-template)#netbios-name-server <A.B.C.D>
11. (Optional) switch(config-ip-pool-template)#netbt
12. (Optional) switch(config-ip-pool-template)#no <description>
13. switch(config-ip-pool-template)#end
14. switch(config-ip-pool-template)#exit
The following example displays how to create an IP pool template named pool10. Add a description and configure a range of the IP address, subnet mask, and gateway for the IP pool template using the commands in the example. Use the show nsm ip pool template name <name> command to view the configuration.
switch# configure terminal switch(config)# nsm ip pool template pool10 switch(config-ip-pool-template)# description pool switch(config-ip-pool-template)# ip address 172.16.10.7 172.16.10.100 switch(config-ip-pool-template)# network 172.16.10.10 255.255.255.0 switch(config-ip-pool-template)# exit switch(config)# show nsm ip pool template name pool10 Name: pool10 Description: pool IP-address-range: 172.16.10.7-172.16.10.100 Network: 172.16.10.10 Subnet mask: 255.255.255.0 Default router: Netbios: Disabled DHCP: Disabled Reserved-ip-list: Netbios-name-server-list: DNS-server-list: DNS-suffix-list: switch(config)# show nsm ip pool template usage network segment Ip-pool: pool10 VMNetworkA switch(config)# //Modify the IP pool range switch(config)# nsm ip pool template pool10 switch(config-ip-pool-template)# ip address 172.16.10.7 172.16.10.150 switch(config)# show nsm ip pool template name pool10 Name: pool10 Description: pool IP-address-range: 172.16.10.7-172.16.10.150 Network: 172.16.10.10 Subnet mask: 255.255.255.0 Default router: Netbios: Disabled DHCP: Disabled Reserved-ip-list: Netbios-name-server-list: DNS-server-list: DNS-suffix-list:
You can create a network segment for the VM connectivity using the following steps:
1. switch# configure terminal
2. switch(config)#nsm network segment <name>
3. (Optional) switch(config-net-seg)#description <name>
4. switch(config-net-seg)# ip pool import template <template-name>
5. switch(config-net-seg)#member-of network segment pool <name>
6. (Optional) switch(config-net-seg)#no [description | ip | network | publish | switchport | system ]
7. switch(config-net-seg)#switchport [ access | private-vlan ]
8. (Optional) switch(config-net-seg)#system network segment
9. switch(config-net-seg)#publish network segment <name>
10. switch(config-net-seg)#end
11. switch(config-net-seg)#exit
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | switch(config)#nsm network segment <name> |
Creates a network segment. | ||
Step 3 | switch(config-net-seg)#description <name> | (Optional)
Enters the description of the network segment. | ||
Step 4 | switch(config-net-seg)# ip pool import template <template-name> |
Import an IP pool template.
| ||
Step 5 | switch(config-net-seg)#member-of network segment pool <name> |
Configures a network segment pool for the VM network segment pool. | ||
Step 6 | switch(config-net-seg)#no [description | ip | network | publish | switchport | system ] | (Optional)
Negates a command or sets its defaults. | ||
Step 7 | switch(config-net-seg)#switchport [ access | private-vlan ] |
Configures the switchport mode as access or private-vlan for the network segment pool. The default mode is access. | ||
Step 8 | switch(config-net-seg)#system network segment | (Optional)
Configures the segment as a system segment. | ||
Step 9 | switch(config-net-seg)#publish network segment <name> |
Publishes the VM network segment to SCVMM. The name option is used to publish the segment with a different name. The default published name is same as the segment name. | ||
Step 10 | switch(config-net-seg)#end |
Goes to the configuration mode. | ||
Step 11 | switch(config-net-seg)#exit |
Exits the configuration. |
The following example shows how to configure a network segment named VMNetworkA. Configure the switchport mode as access and associate a network segment pool named IntranetSJ to the network segment. Use the show nsm network segment name <name>, show nsm network segment brief, and show nsm network segment virtual usage commands to view the network segment configuration.
switch# configure terminal switch(config)# nsm network segment VMNetworkA switch(config-net-seg)# switchport access vlan 100 switch(config-net-seg)# member-of network segment pool IntranetSJ switch(config-net-seg)# ip pool import template pool10 switch(config-net-seg)# publish network segment VMNetworkA switch(config-net-seg)# end switch(config)# show nsm network segment name VMNetworkA Name: VMNetworkA VM Network Name: VMNetworkA VM Network GUID: 584d510b-0eba-485d-9262-a78c0a1fcfe3 Description: GUID: 68f827e8-247d-4f3d-bebf-73d14d0a613a Network segment pool: IntranetSJ Vlan: 100 System Network Segment: FALSE ip pool template: pool10 ip pool template GUID: fb05d8b0-724d-478b-a550-bf75f0a646ad Publish-name: VMNetworkA switch(config)# show nsm network segment brief -------------------------------------------------------------------------------- Network segment Mode VLAN Pub Sys -------------------------------------------------------------------------------- VMNetworkA access 100 1 0 -------------------------------------------------------------------------------- Total Total Pub Total Sys -------------------------------------------------------------------------------- 1 1 0 switch(config)# show nsm network segment virtual usage ------------------------------------------------------------------------------- Network segment Port Profile Port Owner ------------------------------------------------------------------------------- VMNetworkA dynpp_34417837-ae75-4360-87e8-3c33d9f59370_ 3fb0ef6f-2b0e-47c8-b226-2da2dbc1bbe2 Veth2 ABC_VM_02 Veth3 ABC_VM_03 net-seg-101 dynpp_34417837-ae75-4360-87e8-3c33d9f59370_ 60b14436-6cc6-45df-8071-082b2e2e5652 Veth1 XYZ_VM_01
Ethernet port profiles define a template that can be applied on physical Ethernet (uplink) ports on Hyper-V hosts. Unlike Virtual Ethernet profiles which are published to SCVMM, Ethernet port profiles are not published to SCVMM. Instead, Ethernet port profiles are imported by the uplink-network that is defined on the Cisco Nexus 1000V VSM.
Note | The auto-generated profile will have all the contents derived from the uplink network and it should not be modified. |
Complete the following steps to configure an Ethernet port profile:
1. switch# configure terminal
2. switch(config)# port-profile type ethernet name
3. (Optional) switch(config-port-prof)# channel-group auto mode on [mac-pinning |sub-group ]
4. switch(config-port-prof)# no shutdown
5. switch(config-port-prof)# state enabled
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | switch(config)# port-profile type ethernet name | Enters the port profile configuration mode for the named Ethernet port profile. If the port profile does not already exist, it is created using the following characteristics:
| ||
Step 3 | switch(config-port-prof)# channel-group auto mode on [mac-pinning |sub-group ] | (Optional) Configure the ports and channels in the port profile using a mac-pinning or sub-group mode.
| ||
Step 4 | switch(config-port-prof)# no shutdown | Enables all ports in the port profile. | ||
Step 5 | switch(config-port-prof)# state enabled | Enables the operational state of the port profile. |
The following example shows how to create an Ethernet port profile named UplinkNoPortChannel. Use the show port-profile name UplinkNoPortChannel and show running-config port-profile UplinkNoPortChannel commands to view the port profile configuration.
switch# configure terminal switch(config)# port-profile type ethernet UplinkNoPortChannel switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# end switch(config)# show port-profile name UplinkNoPortChannel port-profile UplinkNoPortChannel type: Ethernet description: status: enabled max-ports: 512 min-ports: 1 inherit: config attributes: no shutdown evaluated config attributes: no shutdown assigned interfaces: port-group: system vlans: none capability l3control: no capability iscsi-multipath: no capability vxlan: no capability l3-vn-service: no port-profile role: none port-binding: static switch(config)# show running-config port-profile UplinkNoPortChannel !Command: show running-config port-profile UplinkNoPortChannel !Time: Fri Feb 15 12:56:33 2013 version 5.2(1)SM1(5.1) port-profile type ethernet UplinkNoPortChannel no shutdown guid 38b1aff5-5fc4-4086-87d5-1a19fb3fde60 max-ports 512 state enabled switch(config)#
Complete the following steps to configure a vEthernet port profile:
1. switch# configure terminal
2. switch(config)# port-profile type vethernet name
3. switch(config-port-prof)# no shutdown
4. switch(config-port-prof)# state enabled
5. switch(config-port-prof)# publish port-profile name
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# port-profile type vethernet name | Enters the port profile configuration mode for the named vEthernet port profile. |
Step 3 | switch(config-port-prof)# no shutdown | Enables all ports in the port profile. |
Step 4 | switch(config-port-prof)# state enabled | Enables the operational state of the port profile. |
Step 5 | switch(config-port-prof)# publish port-profile name | Changes the published name to the Microsoft SCVMM. |
This example shows how to create a vEthernet port profile:
switch# configure terminal switch(config)# port-profile type vethernet AllAccess1 switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# publish port-profile switch(config-port-prof)# show port-profile name AllAccess1 port-profile AllAccess1 type: Vethernet description: status: enabled max-ports: 32 min-ports: 1 inherit: config attributes: no shutdown evaluated config attributes: no shutdown assigned interfaces: port-group: AllAccess1 system vlans: none capability l3control: no capability iscsi-multipath: no capability vxlan: no capability l3-vn-service: no port-profile role: none port-binding: static switch(config-port-prof)# switch(config)# show running-config port-profile AllAccess1 !Command: show running-config port-profile AllAccess1 !Time: Wed Feb 13 14:38:38 2013 version 5.2(1)SM1(5.1) port-profile type vethernet AllAccess1 no shutdown guid f7adc9ea-19c0-4e96-995c-04c6dfd85112 publish port-profile state enabled switch(config)#
The uplink network is a combination of an Ethernet port profile and one or more network segment pools. When applied to the physical adapter on a server, the uplink network defines the policy and the VLANs that are allowed on the physical adapter.
Note | The switchport mode trunk and switch port mode private-vlan trunk commands are not supported under the nsm network uplink command. |
Note | For an uplink network mode access functionality, create an uplink network with trunk mode and allow a native VLAN to achieve the same result. |
Complete the following steps to configure an uplink network:
1. switch# configure terminal
2. switch(config)#nsm network uplink <name>
3. (Optional) switch(config-uplink-net)#allow network segment pool <name>
4. (Optional) switch(config-uplink-net)#import port-profile name
5. (Optional) switch(config-uplink-net)#native network segment <name>
6. switch(config-uplink-net)#system network uplink
7. switch(config-uplink-net)#publish network uplink <name>
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | switch(config)#nsm network uplink <name> | Configures the uplink network. | ||
Step 3 | switch(config-uplink-net)#allow network segment pool <name> | (Optional) Configures the allowed network segment pools.
| ||
Step 4 | switch(config-uplink-net)#import port-profile name | (Optional) Imports the Ethernet port profile that gives the policy for the uplink. | ||
Step 5 | switch(config-uplink-net)#native network segment <name> | (Optional) Configures the network segment to be a native network segment.
| ||
Step 6 | switch(config-uplink-net)#system network uplink | Enables system VLAN on the network uplinks. | ||
Step 7 | switch(config-uplink-net)#publish network uplink <name> | Publishes the uplink network to the Microsoft SCVMM. Adding the name of the network uplink, for example, the variable <name> in the command is optional. When the network uplink is published to Microsoft SCVMM, it is published as an uplink port profile. |
The following example shows how to create a new uplink network named NexusUplink, how to import a port profile named UplinkNoPortChannel that gives the policy for the uplink, how to associate the uplink network to a network segment pool, and publish the uplink network. Use the show nsm network uplink name <name> command to view the network uplink configuration.
switch(config)# configure terminal switch(config)# nsm network uplink NexusUplink switch(config-uplink-net)# allow network segment pool IntranetSJ switch(config-uplink-net)# import port-profile UplinkNoPortChannel switch(config-uplink-net)# native network segment VMNetworkA switch(config-uplink-net)# system network uplink switch(config-uplink-net)# publish network uplink NexusUplink switch(config-uplink-net)# exit switch# show nsm network uplink name NexusUplink uplink network: NexusUplink Publish-name: NexusUplink import port-profile: UplinkNoPortChannel network segment pool: IntranetSJ System Uplink-Network: TRUE Native network segment: VMNetworkA port-profile config: switchport mode private-vlan trunk promiscuous switchport private-vlan trunk allowed vlan 100,200 switchport private-vlan trunk native vlan 101 switch# show nsm network uplink brief -------------------------------------------------------------------------------- network uplink Pub Sys -------------------------------------------------------------------------------- NexusUplink 1 1 -------------------------------------------------------------------------------- Total Total Pub Total Sys -------------------------------------------------------------------------------- 1 1 1
Workflows in Microsoft SCVMM
You can create the network segments with VLANs that are carried by a network uplink:
1. switch# configure terminal
2. switch(config)# nsm logical network <name>
3. switch(config-logical-net)# description <name>
4. switch(config-logical-net)# exit
5. switch(config)# nsm network segment pool <name>
6. switch(config-net-seg-pool)# member-of logical network <name>
7. switch(config-net-seg-pool)# exit
8. switch(config)# nsm network segment <name>
9. switch(config-net-seg)# switchport access vlan <number>
10. switch(config-net-seg)# member-of network segment pool <name>
11. switch(config-net-seg)# ip pool import template <name>
12. switch(config-net-seg)# publish network segment <name>
13. switch(config-net-seg)# exit
14. switch(config)# nsm network uplink <name>
15. switch(config-uplink-net)# allow network segment pool <name>
16. switch(config-uplink-net)# native network segment <name>
17. switch(config-uplink-net)# import port-profile <name>
18. switch(config-uplink-net)# publish network uplink
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# nsm logical network <name> | Creates a logical network with a given name. |
Step 3 | switch(config-logical-net)# description <name> | Describes the logical network. |
Step 4 | switch(config-logical-net)# exit | Exits the configuration. |
Step 5 | switch(config)# nsm network segment pool <name> | Creates a network segment pool with a given name. |
Step 6 | switch(config-net-seg-pool)# member-of logical network <name> | Associates the logical network to the network segment pool. |
Step 7 | switch(config-net-seg-pool)# exit | Exits the configuration. |
Step 8 | switch(config)# nsm network segment <name> | Creates a network segment with a given name. |
Step 9 | switch(config-net-seg)# switchport access vlan <number> | Sets the VLAN ID for the segment. It automatically creates a VLAN if it does not exist. |
Step 10 | switch(config-net-seg)# member-of network segment pool <name> | Associates the network segment to the network segment pool. |
Step 11 | switch(config-net-seg)# ip pool import template <name> | Associates the IP pool template to the network segment. |
Step 12 | switch(config-net-seg)# publish network segment <name> | Publishes the network segment to the Microsoft SCVMM. Adding a name of the network segment, for example, the variable <name> in the command is optional. |
Step 13 | switch(config-net-seg)# exit | Exits the configuration. |
Step 14 | switch(config)# nsm network uplink <name> | Creates a network uplink object. |
Step 15 | switch(config-uplink-net)# allow network segment pool <name> | Associates the network uplink object with network segment pool that is carrying one or more segments. |
Step 16 | switch(config-uplink-net)# native network segment <name> | Declares a network segment to be native. |
Step 17 | switch(config-uplink-net)# import port-profile <name> | Inherits the profile that you created. |
Step 18 | switch(config-uplink-net)# publish network uplink | Publishes the network uplink to the Microsoft SCVMM. |
Refer to the following example to create the network segments with VLANs that are carried by an uplink, associate each network segment to a network segment pool, create an uplink network named trunk with the required network segment pool under it, and publish the uplink network to the Microsoft SCVMM. Use the show run port-profile <name> command to view the configuration.
switch(config)# nsm logical network IntranetSFO switch(config-logical-net)# description network for host connectivity switch(config-logical-net)# exit switch(config)# nsm network segment pool IntranetSJ switch(config-net-seg-pool)# member-of logical network IntranetSFO switch(config-net-seg-pool)# exit switch(config)# nsm network segment VMNetworkB switch(config-net-seg)# switchport access vlan 100 switch(config-net-seg)# member-of network segment pool IntranetSJ switch(config-net-seg)# ip pool import template pool10 switch(config-net-seg)# publish network segment VMNetworkB switch(config-net-seg)# exit switch(config-uplink-net)# nsm network uplink NexusUplink switch(config-uplink-net)# allow network segment pool IntranetSJ switch(config-uplink-net)# native network segment VMNetworkB switch(config-uplink-net)# import port-profile UplinkNoPortChannel switch(config-uplink-net)# publish network uplink switch(config-net-seg)# end switch# show nsm network segment name VMNetworkB Name: VMNetworkB VM Network Name: VMNetworkB VM Network GUID: 3248a6f9-30ca-4cc5-b925-ef0bf6994b75 Description: GUID: 65a6d0de-c666-448b-a912-60cc960f11cc Network segment pool: IntranetSJ Vlan: 100 System Network Segment: FALSE ip pool template: pool10 ip pool template GUID: 3ea151c8-ab80-47b1-8491-88a5fb651fe7 Publish-name: VMNetworkB switch# show nsm network segment pool name IntranetSJ Name: IntranetSJ GUID: 39362fa4-7ae2-47ee-8f64-1f8ecceda867 Logical network Name: IntranetSFO Intra Port Communication: Disabled Publish-name: IntranetSJ switch# show nsm network uplink name NexusUplink uplink network: NexusUplink Publish-name: NexusUplink import port-profile: UplinkNoPortChannel network segment pool: IntranetSJ System Uplink-Network: TRUE Switchport mode override: auto Native network segment: VMNetworkB port-profile config: switchport mode trunk switchport trunk allowed vlan 100 switchport trunk native vlan 100 switch# show nsm logical network name IntranetSFO Name: IntranetSFO Description: Intranet network switch(config)# show run port-profile UplinkNoPortChannel !Command: show running-config port-profile UplinkNoPortChannel !Time: Sun Apr 28 14:08:50 2013 version 5.2(1)SM1(5.1) port-profile type ethernet UplinkNoPortChannel guid d7ebe0d0-9152-4415-815d-36ec25deece6 max-ports 512
You can configure an uplink profile in port-channel mode:
1. switch# configure terminal
2. switch(config)#nsm logical network <name>
3. switch(config-log-net)# description <name>
4. switch(config-log-net)#exit
5. switch(config)#nsm network segment pool <name>
6. switch(config-net-seg-pool)#member-of logical network <name>
7. switch(config-net-seg-pool)#exit
8. switch(config)#nsm network segment <name>
9. switch(config-net-seg)#switchport access vlan <number>
10. switch(config-net-seg)#member-of network segment pool <name>
11. switch(config-net-seg)# publish network segment <name>
12. switch(config-net-seg)# exit
13. switch(config)# port-profile type ethernet <name>
14. switch(config-port-prof)#channel-group auto mode on
15. switch(config-port-prof)#state enabled
16. switch(config-port-prof)#no shut
17. switch(config-net-seg)# exit
18. switch(config)#nsm network uplink <name>
19. switch(config-uplink-net)# allow network segment pool <name>
20. switch(config-uplink-net)#import port-profile <name>
21. switch(config-uplink-net)#publish network uplink <name>
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)#nsm logical network <name> | Enters a name for the logical network. |
Step 3 | switch(config-log-net)# description <name> | Describes the logical network. |
Step 4 | switch(config-log-net)#exit | Exits the configuration. |
Step 5 | switch(config)#nsm network segment pool <name> | Enters a name for the network segment pool. |
Step 6 | switch(config-net-seg-pool)#member-of logical network <name> | Associates the logical network to the network segment pool. |
Step 7 | switch(config-net-seg-pool)#exit | Exits the configuration. |
Step 8 | switch(config)#nsm network segment <name> | Creates a network segment. |
Step 9 | switch(config-net-seg)#switchport access vlan <number> | Creates a network segment for access VLAN that is carried by an uplink. |
Step 10 | switch(config-net-seg)#member-of network segment pool <name> | Associates the network segment to the network segment pool. |
Step 11 | switch(config-net-seg)# publish network segment <name> | Publishes the network segment to the Microsoft SCVMM. |
Step 12 | switch(config-net-seg)# exit | Exits the configuration. |
Step 13 | switch(config)# port-profile type ethernet <name> | Enters a name for the Ethernet port profile. |
Step 14 | switch(config-port-prof)#channel-group auto mode on | Creates a classification profile carrying the channel-group command. |
Step 15 | switch(config-port-prof)#state enabled | Configure the state as enabled. |
Step 16 | switch(config-port-prof)#no shut | Configure no shutdown command. |
Step 17 | switch(config-net-seg)# exit | Exits the configuration. |
Step 18 | switch(config)#nsm network uplink <name> | Creates a network uplink object. |
Step 19 | switch(config-uplink-net)# allow network segment pool <name> | Associates the network uplink object with the network segment pool. |
Step 20 | switch(config-uplink-net)#import port-profile <name> | Imports the port profile. |
Step 21 | switch(config-uplink-net)#publish network uplink <name> | Publishes the network uplink object to the Microsoft SCVMM. The name parameter is optional and it can be used to change the name with which the uplink object is published. By default, the uplink is published with the uplink object name. |
Use the following example to create a network uplink named NexusUplink in port-channel mode. Use the show nsm network uplink name <name> command to view the configuration.
switch# configure terminal switch(config)# port-profile type ethernet UplinkNoPortChannel switch(config-port-prof)# channel-group auto mode on switch(config-port-prof)# state enabled switch(config-port-prof)# no shutdown switch(config-port-prof)# exit switch(config)# nsm network uplink NexusUplink switch(config-uplink-net)# allow network segment pool IntranetSJ switch(config-uplink-net)# import port-profile UplinkNoPortChannel switch(config-uplink-net)# publish network uplink NexusUplink switch(config-uplink-net)# exit switch(config)# show nsm network uplink name NexusUplink uplink network: NexusUplink Publish-name: NexusUplink import port-profile: UplinkNoPortChannel network segment pool: IntranetSJ System Uplink-Network: TRUE Native network segment: port-profile config: switchport mode trunk switchport trunk allowed vlan 100 switchport trunk native vlan 100
You can configure a vEthernet profile with features:
1. switch# configure terminal
2. switch(config)# port-profile type vethernet <name>
3. switch(config-port-prof)# service-policy input <name>
4. switch(config-port-prof)# ip port access-group <name> in
5. switch(config-port-prof)# publish port-profile
6. switch(config-port-prof)# state enabled
7. switch(config-port-prof)# no shut
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# port-profile type vethernet <name> | Creates a vEthernet port profile with a given name. |
Step 3 | switch(config-port-prof)# service-policy input <name> | Attaches a QoS policy to the port profile. |
Step 4 | switch(config-port-prof)# ip port access-group <name> in | Attaches an ACL policy to the port profile. |
Step 5 | switch(config-port-prof)# publish port-profile | Publishes the port profile to the Microsoft SCVMM. Associates both the network segment and the profile to a vEthernet interface on the Microsoft SCVMM. |
Step 6 | switch(config-port-prof)# state enabled | Enables the port profile for the server administrator usage. |
Step 7 | switch(config-port-prof)# no shut | Configures the no shutdown command. |
See the following example to configure a service policy on the vEthernet port profile named ACL_POLICY. Use the show run port-profile ACL_policy command to view the configured policy on the port profile.
switch# config t switch(config)# port-profile type vethernet ACL_policy switch(config-port-prof)# service-policy input policy1 switch(config-port-prof)# ip port access-group acl-test in switch(config-port-prof)# publish port-profile switch(config-port-prof)# state enabled switch(config-port-prof)# no shut switch(config-port-prof)# end switch(config)# show run port-profile ACL_policy !Command: show running-config port-profile ACL_POLICY !Time: Sun Feb 24 20:33:56 2013 version 5.2(1)SM1(5.1) port-profile type vethernet ACL_POLICY service-policy input policy1 ip port access-group acl-test in no shutdown guid be85760a-e01d-4417-b7a7-6cf5ffb83423 publish port-profile state enabled
For more information on configuring port profiles, see Cisco Nexus 1000V for Microsoft Hyper-V Port Profile Configuration Guide.
You can configure a system VLAN after completing the following steps:
1. switch# configure terminal
2. switch(config)#nsm logical network <name>
3. switch(config-logical-net)# description <name>
4. switch(config-logical-net)#exit
5. switch(config)#nsm network segment pool <name>
6. switch(config-net-seg-pool)#member-of logical network <name>
7. switch(config-net-seg-pool)#exit
8. switch(config)#nsm network segment name
9. switch(config-net-seg)#switchport access vlan <number>
10. switch(config-net-seg)#allow network segment pool <name>
11. switch(config-net-seg)#system network segment
12. switch(config-net-seg)# publish network segment
13. switch(config-net-seg)# exit
14. switch(config)#nsm network uplink <name>
15. switch(config-uplink-net)#allow network segment pool <name>
16. switch(config-uplink-net)#system network uplink
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)#nsm logical network <name> | Enters a name for the logical network. |
Step 3 | switch(config-logical-net)# description <name> | Describes the logical network. |
Step 4 | switch(config-logical-net)#exit | Exits the configuration. |
Step 5 | switch(config)#nsm network segment pool <name> | Enters a name for the network segment pool. |
Step 6 | switch(config-net-seg-pool)#member-of logical network <name> | Associates the logical network to the network segment pool. |
Step 7 | switch(config-net-seg-pool)#exit | Exits the configuration. |
Step 8 | switch(config)#nsm network segment name | Creates a network segment. |
Step 9 | switch(config-net-seg)#switchport access vlan <number> | Creates a network segment with access VLAN that will be carried by an uplink. |
Step 10 | switch(config-net-seg)#allow network segment pool <name> | Associates the network segment to the network segment pool. |
Step 11 | switch(config-net-seg)#system network segment | Enables system VLANs. |
Step 12 | switch(config-net-seg)# publish network segment | Publishes the network segment to the Microsoft SCVMM. |
Step 13 | switch(config-net-seg)# exit | Exits the configuration. |
Step 14 | switch(config)#nsm network uplink <name> | Creates a network uplink object. System VLANs on the uplink port profile are enabled by creating an uplink network object with a network segment pool carrying the system network segments. |
Step 15 | switch(config-uplink-net)#allow network segment pool <name> | Associates the network uplink object with network segment pool. |
Step 16 | switch(config-uplink-net)#system network uplink | Enables the system VLANs on the uplink object. |
See the following example to create a network segment with access VLAN that will be carried by a network uplink named Channel. Use the show nsm network uplink name <name> command to view the system VLAN configuration.
switch(config)# configure terminal switch(config)# nsm logical network IntranetSFO switch(config-logical-net)# description network for host connectivity switchM(config-logical-net)# exit switch(config)# nsm network segment pool IntranetSJ switch(config-net-seg-pool)# member-of logical network IntranetSFO switch(config-net-seg-pool)# exit switch(config)# nsm network segment VMNetworkB switch(config-net-seg)# switchport access vlan 101 switch(config-net-seg)# network segment pool IntranetSJ switch(config-net-seg)# system network segment switch(config-net-seg)# publish network segment switch(config-net-seg)# exit switch(config)# nsm network uplink Channel switch(config-uplink-net)# allow network segment pool IntranetSJ switch(config-uplink-net)# publish network uplink switch(config-uplink-net)# show nsm network uplink name Channel uplink-network: Channel Publish-name: Channel import port-profile: uplink_network_default_policy network-segment-pool: IntranetSJ port-profile config: switchport mode trunk switchport trunk allowed vlan 101 switch(config)# show run port-profile Channel !Command: show running-config port-profile channel !Time: Mon Feb 25 10:02:43 2013 version 5.2(1)SM1(5.1) port-profile type ethernet channel inherit port-profile uplink_network_default_policy switchport mode trunk guid 6fe46002-5a4d-4d6f-949c-12eb41ee7ae3 max-ports 512 description NSM created profile. Do not delete. system vlan 101 state enabled
You can configure a PVLAN on vEthernet and Ethernet interfaces:
1. switch# configure terminal
2. switch(config)#feature private-vlan
3. switch(config)#nsm logical network <name>
4. switch(config-logical-net)#description <description>
5. switch(config-logical-net)#exit
6. switch(config)#nsm network segment pool <name>
7. switch(config-net-seg-pool)#member-of logical network <name>
8. switch(config-net-seg-pool)#exit
9. switch(config)#nsm network segment <name>
10. switch(config-net-seg)#member-of network segment pool <name>
11. switch(config-net-seg)#switchport mode private-vlan primary
12. switch(config-net-seg)#switchport private-vlan primary "primary vlan"
13. switch(config-net-seg)#exit
14. switch(config)#nsm network segment <name>
15. switch(config-net-seg)#member-of network segment pool <name>
16. switch(config-net-seg)#switchport mode private-vlan host [ isolated | community | promiscuous ]
17. switch(config-net-seg)#switchport private-vlan host association "primary vlan" "secondary vlan" OR switchport private-vlan mapping "primary vlan" "list of secondary vlan"
18. switch(config-net-seg)#publish network segment
19. switch(config-net-seg)#exit
20. switch(config)#nsm network uplink name
21. switch(config-uplink-net)#allow network segment pool <name>
22. switch(config-uplink-net)# publish network uplink
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | switch(config)#feature private-vlan |
Enables the PVLAN feature on the VSM. | ||
Step 3 | switch(config)#nsm logical network <name> |
Enters a name for the logical network. | ||
Step 4 | switch(config-logical-net)#description <description> |
Describes the logical network. | ||
Step 5 | switch(config-logical-net)#exit |
Exits the configuration. | ||
Step 6 | switch(config)#nsm network segment pool <name> |
Enters a name for the network segment pool. | ||
Step 7 | switch(config-net-seg-pool)#member-of logical network <name> |
Associates the logical network to the network segment pool. | ||
Step 8 | switch(config-net-seg-pool)#exit |
Exits the configuration. | ||
Step 9 | switch(config)#nsm network segment <name> |
Creates a network segment. | ||
Step 10 | switch(config-net-seg)#member-of network segment pool <name> |
Associates the network segment to the network segment pool. | ||
Step 11 | switch(config-net-seg)#switchport mode private-vlan primary |
Configures the network segment to be type private-vlan primary.
| ||
Step 12 | switch(config-net-seg)#switchport private-vlan primary "primary vlan" |
Sets primary VLAN on a network segment. The primary VLAN segment is used as an anchor segment for creating the secondary VLAN segment. | ||
Step 13 | switch(config-net-seg)#exit |
Exits the configuration. | ||
Step 14 | switch(config)#nsm network segment <name> |
Configures a secondary VLAN. | ||
Step 15 | switch(config-net-seg)#member-of network segment pool <name> |
Associates the network segment to the network segment pool which was used in step 10. | ||
Step 16 | switch(config-net-seg)#switchport mode private-vlan host [ isolated | community | promiscuous ] |
Create a network segment for secondary VLAN with the port mode as private-vlan host and configure the PVLAN mapping.
| ||
Step 17 | switch(config-net-seg)#switchport private-vlan host association "primary vlan" "secondary vlan" OR switchport private-vlan mapping "primary vlan" "list of secondary vlan" |
The host association is used for creating a private-vlan host segment in either isolated or community mode. The mapping option is used for creating the private-vlan host segment in promiscuous mode. | ||
Step 18 | switch(config-net-seg)#publish network segment |
Publishes the secondary network segments to the Microsoft SCVMM. The vEthernet interfaces can be attached to these segments on the Microsoft SCVMM. | ||
Step 19 | switch(config-net-seg)#exit |
Exits the configuration. | ||
Step 20 | switch(config)#nsm network uplink name |
Creates a network uplink with the network segment pool that carries the primary and secondary VLAN network segments. | ||
Step 21 | switch(config-uplink-net)#allow network segment pool <name> |
Associates the network uplink with the network segment pool. | ||
Step 22 | switch(config-uplink-net)# publish network uplink |
Publishes the network segments and the network uplinks to the Microsoft SCVMM. |
switch# configure terminal switch(config)# feature private vlan switch# show feature | inc private-vlan private-vlan 1 enabled switch(config)# nsm logical network IntranetSFO switch(config-logical-net)# description network for host connectivity switch(config-logical-net)# exit switch(config)# nsm network segment pool IntranetSJ switch(config-net-seg-pool)#member-of logical network IntranetSFO switch(config-net-seg-pool)#exit switch(config)# nsm network segment Pvlan_Primary_Segment switch(config-net-seg)# member-of network segment pool IntranetSJ switch(config-net-seg)# switchport mode private-vlan primary switch(config-net-seg)# switchport private-vlan primary 100 switch(config-net-seg)# exit switch(config)# nsm network segment VMNetworkB switch(config-net-seg)# member-of network segment pool IntranetSJ switch(config-net-seg)# switchport mode private-vlan host community switch(config-net-seg)# switchport private-vlan host-association 100 200 switch(config-net-seg)# publish network segment switch(config-net-seg)# exit switch(config)# nsm network uplink Channel switch(config-uplink-net)# allow network segment pool IntranetSJ switch(config-uplink-net)# publish network uplink switch(config-uplink-net)# exit switch# show vlan private-vlan Primary Secondary Type Ports ------- --------- --------------- ------------------------------------------- 101 200 primary Po1, Po3, Po5, Po7, Po9, Po11 400 402 community Po1, Po3, Po5, Po7, Po9, Po11
You can change the secondary PVLAN mode from community to isolated and vice versa:
1. switch# configure terminal
2. switch(config)#nsm network segment sec -2169
3. switch(config-net-seg)#no switch port private host-association
4. switch(config-net-seg)#switchport mode private-vlan host isolated
5. switch(config-net-seg)#switchport private-vlan host-association 2167 2169
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)#nsm network segment sec -2169 |
Creates a network segment. |
Step 3 | switch(config-net-seg)#no switch port private host-association |
|
Step 4 | switch(config-net-seg)#switchport mode private-vlan host isolated |
. |
Step 5 | switch(config-net-seg)#switchport private-vlan host-association 2167 2169 |
|
Here sec-2169 is orignally a community network segment as follows: Name: sec-2169 VM Network Name: sec-2169 VM Network GUID: 188a9da2-3685-4dfd-b42e-14594256ee37 Description: GUID: 45fbeb2c-9c51-497f-94e4-43b922bb412e Network segment pool: hyperv Mode: switchport mode private-vlan host community. Vlan: 0 PVLAN Host-Association: primary {2167} secondary {2169} System Network Segment: FALSE ip pool template: ip-pool ip pool template GUID: 420a9b02-d4eb-42da-ba42-9dfc699ddcff Publish-name: sec169
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name | Release | Feature Information |
---|---|---|
Network Segmentation Manager |
5.2(1)SK1(2.1) |
Introduced the Network Segmentation Manager (NSM) feature. |