Network Segmentation Manager

This chapter describes how to identify and resolve problems with Network Segmentation Manger (NSM) and includes the following sections:

Information About Network Segmentation Manager

See the Cisco Nexus 1000V Network Segmentation Manager Configuration Guide for more information.

Problems with Network Segmentation Manager

This section includes symptoms, possible causes and solutions for the following problems with Network Segmentation Manager (NSM). The system message for the majority of the problems is logged in vShield Manager or vCloud Director.

Symptom
Possible Causes
Verification and Solution

Registration failure of vShield Manager with Network Segmentation Manager has occurred.

A system message is logged in vShield Manager.

vShield Manager is unable to reach NSM.

Verify that the connection between the Cisco Nexus 1000V and VMware vShield Manager is enabled.

Check that vShield Manager is able to ping the Cisco Nexus 1000V.

If not, reestablish the Layer 2 or Layer 3 connectivity between vShield Manager and the Cisco Nexus 1000V. See the Cisco Nexus 1000V Network Segmentation Manager Configuration Guide for more information.

vShield Manager is unable to authenticate with NSM.

Verify if the username and password are accurate by checking the Virtual Supervisor Module system logs. The following system log will be displayed if the username and password are inaccurate.

2012 Jan 20 00:49:59 switch %USER-3-SYSTEM_MSG: VALIDATE: user: admin, Authentication failure - validate

If not, replace the username and password on the in the networking configuration on vShield Manager.

The NSM feature is not enabled on the Cisco Nexus 1000V.

Verify if the NSM feature is enabled on the Cisco Nexus 1000V.

show feature

If not, enable the NSM feature.

feature network-segmentation-manager

HTTPS is not enabled on the Cisco Nexus 1000V.

Check if the browser can connect to https://<vsm-ip>/?

If not, enable the HTTPS server on the VSM.

feature http-server

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in the vCloud Director:

Failed to create network segment

vCloud Director is unable to create the VLAN associated with the network.

1.blank.gif Verify that the resources are available to create a VLAN by checking the existing number of VLAN.

show vlan summary

If the number of existing VLANs exceeds the number of supported VLANs (2048), then evaluate if there are any of the VLANs that can be removed from the system.

2.blank.gif Verify that the VLAN pool in vCloud Director does not contain more than 2048 available VLANs.

The network creation triggered from vCloud Directors fail. A system message similar to the following is logged in vCloud Director:

Template could not be inherited on port-profile

vCloud Director is unable to inherit the port profile associated with the network segment policy onto the port profile created for the network.

1.blank.gif Verify if the port profile exists.

show running-config port-profile name

To identify the name of the port profile, you will need to determine the network segment policy the network was attempting to use. You will need the information about the tenant/organization UUID and the type of network pool the network was being created from (VXLAN or VLAN) to find the corresponding network segment policy that has these values configured. If no network segment policy is configured with these values, then use the default network segment policy to identify the name of the port profile.

2.blank.gif Check the system logs for a port profile inheritance failure message reported by network segmentation manager. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in the vCloud Director:

Failed to set max-ports

vCloud Director is unable to set the max ports on the port profile.

Check system logs for a maximum number of port failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Network already exists

A network with the same name already exists in the vCloud Director.

1.blank.gif Delete the existing network that has the same name.

no port-profile network name

2.blank.gif Delete the bridge domain with the same name if it exists.

no bridge-domain name

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to create port-profile

The Cisco Nexus 1000V is unable to create the port profile required for the network.

Check system logs for a port profile failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Directors fails. A system message similar to the following is logged in the vCloud Director:

Template does not exist

vCloud Director is unable to find the port profile associated with the network segment policy associated with the network.

1.blank.gif Verify if the port profile exists.

show running-config port-profile name

To identify the name of the port profile, you will need to determine the network segment policy the network was attempting to use. You need the information about the tenant/organization UUID and the type of network pool the network was being created from (VXLAN or VLAN) to find the corresponding network segment policy that has these values configured. If no network segment policy is configured with these values, use the default network segment policy to identify the name of the port profile.

2.blank.gif Check system logs for a port profile failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Alias ID not found

vCloud Director is unable to retrieve the port group ID associated with the port profile created for the network.

Verify that the Virtual Supervisor Module (VSM) has an active SVS connection.

show svs connection

When you enter the command, the output must display

operational status: connected

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set port-binding

vCloud Director is unable to set the port binding on the port profile associated with the network

Check system logs for a port binding failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set vlan

vCloud Director is unable to set the access VLAN on the port profile associated with the network.

Check system logs for a set VLAN failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set vmware port-group

vCloud Director is unable to set Vmware port group property on the port profile.

Check system logs for a port group property failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set state enabled

vCloud Director is unable to set the property state on the port profile to enabled.

Check system logs for a state enabled property failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to collect svs configuration

vCloud Director is unable to execute the command.

show svs connection

Verify that the Virtual Supervisor Module (VSM) has an active SVS connection.

show svs connection

When you enter the command, the output must display “operational status: connected”.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Operational status is missing

vCloud Director is unable to locate the operational status in the SVS connection.

1.blank.gif Verify that the Virtual Supervisor Module (VSM) has an active SVS connection.

show svs connection

When you enter the command, the output must display “operational status: connected”.

2.blank.gif Check system logs for a operational status failure message. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

SVS connection is disconnected

SVS connection is disconnected.

Verify that the Virtual Supervisor Module (VSM) has an active SVS connection.

show svs connection

When you enter the command, the output must display

operational status: connected

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to create bridge domain

vCloud Director is unable to create the bridge dmain associated with the network.

Verify that the feature Segmentation is enabled.

show feature

If not, enable the segmentation feature by using the feature segmentation command.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set segment ID

vCloud Director is unable to set the segment ID associated with the network.

Verify that the segment ID is not already in use by another bridge domain.

show bridge-domain

Check the error message on the system log to retrieve the segment ID.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set group IP

vCloud Director is unable to set the group IP associated with the network.

Verify that the group IP is a valid multicast IP address by checking the system logs for invalid IP address error message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network creation triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to set port-profile description

vCloud Director is unable to set the description for the port profile associated with the network.

Check system logs for a port profile description failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

The network deletion triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to delete interface using the port-profile

vCloud Director is unable to delete the interfaces inheriting the port profile.

1.blank.gif Manually delete the interfaces.

2.blank.gif In vCenter Server, ensure that the VMs associated with the vApp are powered down.

3.blank.gif In the VSM enter the no interface vethernet vethernet number command.

The network deletion triggered from vCloud Director fails. A system message similar to the following is logged in vCloud Director:

Failed to delete the port-profile

vCloud Director is unable to delete the port profile associated with the network.

1.blank.gif Manually delete the port profile.

2.blank.gif Check system logs for a port profile deletion failure message reported by NSM. See the Cisco NX-OS System Messages Reference for more information.

An vEthernet interface is administratively down. The interface will be in the NoPortProfile state.

The vEthernet interface is in a quarantine state.

1.blank.gif Verify the interface is quarantined.

show port-profile sync-status

2.blank.gif Bring the interface out of quarantine.

no shutdown

The interface comes back online.

3.blank.gif Verify if the interface is online.

show interface vethernet

Network Segmentation Manager Troubleshooting Commands

You can use the commands in this section to troubleshoot problems related to the NSM.

 

Command
Purpose

show network-segment manager switch

Displays the Cisco Nexus 1000V configured with NSM.

show running-config port-profile

Displays the port profile configuration.

show running-config network-segment policy

Displays the NSM policy configuration.

show network-segment policy usage

Displays the network segmentation policy usage by networks.

show network-segment network

Displays the networks associated with a network segmentation policy.

show network-segment network id id

 

Displays the network IDs associated with a network segmentation policy.

show network-segment network name name

Displays the name of the networks associated with a network segmentation policy.

show logging logfile | grep NSMGR

Displays the system logs from the network segmentation manager.

For detailed information about show command output, see the Cisco Nexus 1000V Command Reference.