The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
A network segment is an isolated Layer 2 network with a unique broadcast domain (similar to a VLAN). A network segment also facilitates the availability of the network resources to a virtual machine. In OpenStack, a network segment is a VLAN or VXLAN type of network, which provides isolation on virtual networks.
You create a virtual network on the OpenStack Controller using the OpenStack dashboard or the OpenStack CLI commands. When you create a virtual network of type VLAN or VXLAN on the OpenStack controller, OpenStack triggers the auto-creation of a network segment with VLANs or VXLANs on the VSM.
Network Segmentation Manager has the following prerequisites:
The network segmentation manager feature has the following configuration guidelines and limitations:
The network-segmentation-manager feature is enabled on the VSM by default. Verify the output of the show feature command on the VSM to make sure that the network-segmentation-manager feature is enabled by default.
The OpenStack controller should be able to communicate with the Cisco Nexus 1000V using HTTP.
The http-server feature is enabled by default on the Cisco Nexus 1000V to allow web service communication.
The Network Segmentation Manager feature is enabled by default on the VSM. However, if you need to, you can enable or disable it.
You must be logged in to the CLI in EXEC mode.
This example shows how to enable the NSM feature and verify that it is enabled:
switch# configure terminal switch(config)# feature network-segmentation-manager switch# show feature Feature Name Instance State -------------------- -------- -------- http-server 1 enabled lacp 1 disabled netflow 1 enabled network-segmentation 1 enabled port-profile-roles 1 disabled privilege 1 disabled scpServer 1 disabled segmentation 1 enabled sftpServer 1 disabled sshServer 1 enabled tacacs 1 disabled telnetServer 1 enabled vxlan-gateway 1 disabled switch(config)#
Use one of the following commands to verify the configuration:
show nsm ip pool template
show nsm ip pool template filter description description
show nsm ip pool template usage network segment
show nsm logical network name <name>
show nsm network segment brief
show nsm network segment filter description description
show nsm network segment filter network segment pool name <name>
show nsm network segment filter vlan <vlan_ID>
show nsm network segment filter network segment pool <name>
show nsm network segment name <name>
show nsm network segment pool filter description description
show nsm network segment pool name <name>
show dynamic-port-profile
show dynamic-port-profile <name>
show dynamic-port-profile inherit <name>
show dynamic-port-profile network segment <name>
This show command displays an IP pool template of a given name.
switch# show nsm ip pool template Name: 00683778-cbd4-4e76-b181-bd562b6a1b3d Description: subnet-vlan-39 IP-address-range: 39.1.1.2-39.1.1.254 Network: 39.1.1.0 Subnet mask: 255.255.255.0 Default router: 39.1.1.1 Netbios: Disabled DHCP: Enabled Reserved-ip-list: Netbios-name-server-list: DNS-server-list: DNS-suffix-list: switch#
This show command displays a specific IP pool template based on its description. (The description in the VSM is the name in OpenStack.)
switch# show nsm ip pool template filter description sub-10-1 Name: d259d433-3e5c-491b-afda-787ddc260dea Description: sub-10-1 IP-address-range: 10.10.1.2-10.10.1.254 Network: 10.10.1.0 Subnet mask: 255.255.255.0
The following show command displays the network using an IP pool template.
switch# show nsm ip pool template usage network segment Ip-pool: 00683778-cbd4-4e76-b181-bd562b6a1b3d 51c652ca-b118-41ea-b3ff-f02bb2ac934b switch#
This command displays the Logical Network of a given name.
switch# show nsm logical network name 9a8d49b6-4590-47a5-8ecd-8616276694d2_log_net Name: 9a8d49b6-4590-47a5-8ecd-8616276694d2_log_net Description: seg-pool-11-310
This command displays information about mode, VLAN, publish status, and the system segment status for all the network segments.
switch# show nsm network segment brief -------------------------------------------------------------------------------- Network segment Mode VLAN Pub Sys -------------------------------------------------------------------------------- 0200362d-0d69-44bc-8f2d-40685f474ddf access 63 1 0 027f02fa-2854-40d2-a0ad-04cd37025cab access 20 1 0 03625912-ce1b-4e53-ae14-88255f2f1de7 access 17 1 0 -------------------------------------------------------------------------------- Total Total Pub Total Sys -------------------------------------------------------------------------------- 3 3 0
This command displays a specific network segment based on its description. (The description in the VSM is the name in OpenStack.)
switch# show nsm network segment filter description net-10-1 Name: 3a43c169-bbf9-404d-abf0-3580b9a7113e Description: net-10-1 UUID: 3a43c169-bbf9-404d-abf0-3580b9a7113e Network segment pool: 39e45a8d-8ecd-4bb0-9666-6ddcec2cfefc Mode: switchport mode access Vlan: 1090 System Network Segment: FALSE ip pool template: d259d433-3e5c-491b-afda-787ddc260dea ip pool template UUID: d259d433-3e5c-491b-afda-787ddc260dea Publish-name: 3a43c169-bbf9-404d-abf0-3580b9a7113e
This command displays all network segments that are part of a given network segment pool.
switch# show nsm network segment filter network segment pool 9a8d49b6-4590-47a5-8ecd-8616276694d2 Name: 0200362d-0d69-44bc-8f2d-40685f474ddf Description: vlan-seg-63 UUID: 0200362d-0d69-44bc-8f2d-40685f474ddf Network segment pool: 9a8d49b6-4590-47a5-8ecd-8616276694d2 Mode: switchport mode access Vlan: 63 System Network Segment: FALSE ip pool template: c3a3f619-1a80-402c-b05d-829ce4eaed8f ip pool template UUID: c3a3f619-1a80-402c-b05d-829ce4eaed8f Publish-name: 0200362d-0d69-44bc-8f2d-40685f474ddf
This command displays the network segment that is using a given VLAN ID.
switch# show nsm network segment filter vlan 70 Name: 34e94f30-4ed5-48dc-8e60-820e125692d8 Description: vlan-seg-70 UUID: 34e94f30-4ed5-48dc-8e60-820e125692d8 Network segment pool: 9a8d49b6-4590-47a5-8ecd-8616276694d2 Mode: switchport mode access Vlan: 70 System Network Segment: FALSE ip pool template: b5a716d4-b2d6-45fa-b685-806947ed48b0 ip pool template UUID: b5a716d4-b2d6-45fa-b685-806947ed48b0 Publish-name: 34e94f30-4ed5-48dc-8e60-820e125692d8 switch#
The following show command displays the details of the network segment.
switch# show nsm network segment name 1c3046fb-d33c-4156-9b7d-ac0fb74f5891 Name: 1c3046fb-d33c-4156-9b7d-ac0fb74f5891 Description: vlan-seg-62 UUID: 1c3046fb-d33c-4156-9b7d-ac0fb74f5891 Network segment pool: 9a8d49b6-4590-47a5-8ecd-8616276694d2 Mode: switchport mode access Vlan: 62 System Network Segment: FALSE ip pool template: 2e88cb6c-5a7a-4916-a17e-126d1dc370d2 ip pool template UUID: 2e88cb6c-5a7a-4916-a17e-126d1dc370d2 Publish-name: 1c3046fb-d33c-4156-9b7d-ac0fb74f5891 switch#
The following show command displays a specific network segment pool based on its description. (The description in the VSM is the name in OpenStack.)
switch# show nsm network segment pool filter description vm-pool1 Name: 39e45a8d-8ecd-4bb0-9666-6ddcec2cfefc Description: vm-pool1 UUID: 39e45a8d-8ecd-4bb0-9666-6ddcec2cfefc Logical network Name: 39e45a8d-8ecd-4bb0-9666-6ddcec2cfefc_log_net Intra Port Communication: Disabled Publish-name: 39e45a8d-8ecd-4bb0-9666-6ddcec2cfefc
The following show command displays which network segments are used by a given network segment pool.
switch# show nsm network segment pool name 9a8d49b6-4590-47a5-8ecd-8616276694d2 Name: 9a8d49b6-4590-47a5-8ecd-8616276694d2 Description: seg-pool-11-310 UUID: 9a8d49b6-4590-47a5-8ecd-8616276694d2 Logical network Name: 9a8d49b6-4590-47a5-8ecd-8616276694d2_log_net Intra Port Communication: Disabled Publish-name: 9a8d49b6-4590-47a5-8ecd-8616276694d2 switch#
The following show command displays a list of all the dynamically created profiles.
switch# show dynamic-port-profile dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_0200362d-0d69-44bc-8f2d-40685f474ddf inherit port-profile: dhcp_pp network segment: 0200362d-0d69-44bc-8f2d-40685f474ddf dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_027f02fa-2854-40d2-a0ad-04cd37025cab inherit port-profile: dhcp_pp network segment: 027f02fa-2854-40d2-a0ad-04cd37025cab switch#
The following show command displays a specific dynamic port profile.
switch# show dynamic-port-profile name vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_3ff2d845-e587-4bdd-8737-75044e99a7c7 dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_3ff2d845-e587-4bdd-8737-75044e99a7c7 inherit port-profile: dhcp_pp network segment: 3ff2d845-e587-4bdd-8737-75044e99a7c7 switch#
The following show command displays the list of dynamic port profile inheriting a specific vEthernet policy profile.
switch# show dynamic-port-profile inherit dhcp_pp dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_0200362d-0d69-44bc-8f2d-40685f474ddf inherit port-profile: dhcp_pp network segment: 0200362d-0d69-44bc-8f2d-40685f474ddf dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_027f02fa-2854-40d2-a0ad-04cd37025cab inherit port-profile: dhcp_pp network segment: 027f02fa-2854-40d2-a0ad-04cd37025cab switch#
The following show command displays the list of dynamic port profile using a given network segment.
switch# show dynamic-port-profile network segment 03625912-ce1b-4e53-ae14-88255f2f1de7 dynamic-port-profile: vmn_f58d3545-a0a1-4441-8b7e-1a7c8339524b_03625912-ce1b-4e53-ae14-88255f2f1de7 inherit port-profile: dhcp_pp network segment: 03625912-ce1b-4e53-ae14-88255f2f1de7 switch#
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name | Release | Feature Information |
---|---|---|
Network Segmentation Manager |
5.2(1)SK1(2.1) |
Introduced the Network Segmentation Manager (NSM) feature. |