Installation and Configuration Guide for Remote Integrated Service Engine (RISE)
Configuring RISE
Downloads: This chapterpdf (PDF - 321.0KB) The complete bookPDF (PDF - 1.54MB) | Feedback

Configuring RISE

Table Of Contents

Configuring RISE

Information About Configuring RISE

Licensing Requirements for RISE

Prerequisites for Configuring RISE

Guidelines and Limitations for Configuring RISE

Default Settings for RISE

Accessing the Switch and Appliance Interfaces

Accessing the Cisco Nexus 7000 Series Switch CLI

Accessing the Citrix NetScaler Appliance

Using the NetScaler CLI

Using the NetScaler GUI

Using the NetScaler Configuration Utility

Using the Statistical Utility

Configuring RISE in a Direct Mode Deployment

Configuring RISE on the Cisco Nexus 7000 Series Switch

Configuring RISE on the NetScaler Appliance

Configuring RISE in an Indirect Mode Deployment

Configuring RISE on the Cisco Nexus 7000 Series Switch

Configuring RISE on the NetScaler Appliance

Configuring NSIP

Configuring NSVLAN

Verifying the RISE Configuration

Monitoring RISE

Configuration Examples for RISE

Configuration Example for RISE in a Directly Connected Deployment

Configuration Example for RISE in an Indirectly Connected Deployment

Related Documents

Feature History for RISE


Configuring RISE


Revised October 24, 2013

This chapter describes how to configure the RISE feature on the Cisco Nexus 7000 Series switches and the NetScaler appliance. The Cisco NX-OS software supports the Cisco Nexus 7000 Series that includes Cisco Nexus 7000 switches and Cisco Nexus 7700 switches. You can find detailed information about supported hardware in the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.

This chapter includes the following sections:

Information About Configuring RISE

Licensing Requirements for RISE

Prerequisites for Configuring RISE

Guidelines and Limitations for Configuring RISE

Default Settings for RISE

Accessing the Switch and Appliance Interfaces

Configuring RISE in a Direct Mode Deployment

Configuring RISE in an Indirect Mode Deployment

Verifying the RISE Configuration

Monitoring RISE

Configuration Examples for RISE

Related Documents

Feature History for RISE

Information About Configuring RISE

You can configure RISE in direct mode on the Cisco Nexus 7000 Series switches and the NetScaler appliance, or you can configure RISE in an indirect mode on the Cisco Nexus 7000 Series switches and the NetScaler appliance.

Licensing Requirements for RISE

The following table shows the licensing requirements for this feature:

Product
License Requirement

Cisco NX-OS

RISE requires an Base Services license on the Cisco Nexus 7000 Series switches. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.

NetScaler appliance operating system

RISE does not require a license on the NetScaler appliance for bootstrap and auto-discovery functionality.


Prerequisites for Configuring RISE

RISE has the following prerequisite:

Control Plane Policing (CoPP) limits the number of packets that can be handled by the Cisco Nexus 7000 Series switches at one time. Therefore, you must configure the CoPP policies on the switch before enabling RISE. See the Cisco Nexus 7000 Series NX-OS Security Configuration Guide for information on configuring CoPP.

Guidelines and Limitations for Configuring RISE

RISE has the following configuration guidelines and limitations:

Auto-discovery/bootstrap and auto port configuration are supported only in direct mode. In indirect mode, manual configuration is required at each end on the Cisco Nexus 7000 Series switches and the NetScaler appliance in order to establish control channel connectivity and for the discovery and bootstrap process to occur.

When the NetScaler appliance is indirectly connected to the Cisco Nexus 7000 Series switches, the following must be true:

The physical port configuration on the NetScaler appliance must match the Cisco Nexus 7000 Series switches configuration for RISE (VLANs, port channels, and so on).

The service or management VLAN on the NetScaler appliance must establish the TCP RISE control channel with the Cisco Nexus 7000 Series switches.

The NetScaler appliance must permit the rise-tcp management class on the management VLAN.

In a RISE deployment, VLANs cannot be shared across Virtual Device Contexts (VDCs), even though the Cisco Nexus 7000 Series switches configuration allows it.

You can create up to 32 RISE services. However, only 8 RISE services are supported.

Multiple instances of RISE services are supported per VDC.

vPC deployments are supported when one NetScaler appliance is connected to a Cisco Nexus 7000 Series switches and another NetScaler appliance is connected to a second Cisco Nexus 7000 Series switches that are in virtual port channel (vPC) mode via a peer link.

After the RISE service is enabled on the Cisco Nexus 7000 Series switches, you must specify the VLAN group to enable some features.

Default Settings for RISE

Table 3-1 lists the default settings for RISE parameters.

Table 3-1 Default RISE Parameters on the Cisco Nexus 7000 Series Switch

RISE Parameters
Default

RISE mode

Disabled


Accessing the Switch and Appliance Interfaces

This section provides information on how to access the command line interface (CLI) for the Cisco Nexus Series 7000 switch and the CLI and GUI for the NetScaler appliance. The switch and appliance interfaces enable you to perform many administrative tasks, including configuring the RISE feature.

Before logging into the interfaces, ensure that you have completed the installation process outlined in Chapter 2 "Preparing for RISE Integration."

This section includes the following topics:

Accessing the Cisco Nexus 7000 Series Switch CLI

Accessing the Citrix NetScaler Appliance

Accessing the Cisco Nexus 7000 Series Switch CLI

After the Cisco Nexus 7000 Series switches boots up, you can access the CLI:


Step 1 Use the switch's IP address to establish a Telnet connection from your PC to the switch.

Step 2 When the login prompt appears, enter your login ID and password to access the switch CLI.

Step 3 See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide for more information on using the CLI.


Accessing the Citrix NetScaler Appliance

A NetScaler appliance has both a command line interface (CLI) and a graphical user interface (GUI). The GUI includes a configuration utility, for configuring the appliance, and a statistical utility called the Dashboard. For initial access, all appliances ship with the default NetScaler IP address (NSIP) of 192.168.100.1 and default subnet mask of 255.255.0.0. You can assign a new NSIP and an associated subnet mask during initial configuration.

Table 3-2 summarizes the available access methods.

Table 3-2 Methods for Access a NetScaler Appliance

Access Method
Port
Default IP Address Required?

CLI

Console

No

CLI and GUI

Ethernet

Yes


Using the NetScaler CLI

You can access the CLI either locally, by connecting a workstation to the console port, or remotely, by connecting through secure shell (SSH) from any workstation on the same network.

Logging onto the CLI Using the Console Port

The appliance has a console port for connecting to a computer workstation. To log on to the appliance, you need a serial crossover cable and a workstation with a terminal emulation program. Follow these steps to log onto the CLI through the console port:


Step 1 Connect the console port to a serial port on the workstation, as described in the Citrix eDoc, Connecting the Console Cable.

Step 2 On the workstation, start HyperTerminal or any other terminal emulation program. If the logon prompt does not appear, you might need to press ENTER one or more times to display it.

Step 3 Log on using the administrator credentials. The command prompt (>) appears on the workstation monitor.


Logging onto the CLI Using SSH

The SSH protocol is the preferred remote access method for accessing an appliance remotely from any workstation on the same network. You can use either SSH version 1 (SSH1) or SSH version 2 (SSH2). To verify that the SSH client is installed properly, use it to connect to any device on your network that accepts SSH connections. Follow these steps to log onto the CLI using SSH:


Step 1 On your workstation, start the SSH client.

Step 2 2. For initial configuration, use the default NetScaler IP address (NSIP), which is 192.168.100.1. For subsequent access, use the NSIP that was assigned during initial configuration. Select either SSH1 or SSH2 as the protocol. For information on initial configurations, see the Citrix eDoc, Configuring a NetScaler for the First Time.

Step 3 Log on by using the administrator credentials. For initial configuration, use nsroot as both the username and password. For example:

login as: nsroot
Using keyboard-interactive authentication.
Password:
Last login: Tue Jun 16 10:37:28 2009 from 10.102.29.9
 Done
>
 
   

Using the NetScaler GUI

The graphical user interface (GUI) includes a configuration utility and a statistical utility, called the Dashboard, either of which you access through a workstation connected to an Ethernet port on the appliance. If your computer does not have a supported Java plug-in installed, the utility prompts you to download and install the plug-in the first time you log on. If automatic installation fails, you can install the plug-in separately before you attempt to log on to the configuration utility or Dashboard.

Your workstation must have a supported web browser and version 1.6 or above of the Java® applet plug-in installed to access the configuration utility and Dashboard.

Using the NetScaler Configuration Utility

Once you log on to the configuration utility, you can configure the appliance through a graphical interface that includes context-sensitive help.

If your computer does not have a supported Java plug-in installed, the first time you log on to the appliance, the configuration utility prompts you to download and install the plug-in.


Note Before installing the Java 2 Runtime Environment, make sure that you have installed the full set of required operating system patches needed for the current Java release.


Follow these steps to log onto the configuration utility:


Step 1 Open your web browser and enter the NetScaler IP (NSIP) address as an HTTP address. If you have not yet set up the initial configuration, enter the default NSIP address (http://192.168.100.1). The Citrix Logon page appears.


Note Note: If you have two NetScaler appliances in a high availability setup, make sure that you do not access the GUI by entering the IP address of the secondary NetScaler. If you do so and use the GUI to configure the secondary NetScaler, your configuration changes are not applied to the primary NetScaler.


Step 2 In the User Name text box, type nsroot.

Step 3 In the Password text box, type the administrative password you assigned to the nsroot account during initial configuration.

Step 4 For Deployment Type, select NetScaler ADC.

Step 5 In the Start in list, click Configuration, and then click Login. The Configuration Utility page appears.


Note Note: If your workstation does not already have a supported version of the Java runtime plug-in installed, the NetScaler prompts you to download the Java Plug-in. After the download is complete, the configuration utility page appears.



Using the Statistical Utility

Dashboard, the statistical utility, is a browser-based application that displays charts and tables on which you can monitor NetScaler performance.

Follow these steps to log onto Dashboard:


Step 1 Open your web browser and enter the NetScaler Appliance's NSIP address as an HTTP address (http://<NSIP>). The Citrix Logon page appears.

Step 2 In the User Name text box, type nsroot.

Step 3 In the Password text box, type the administrative password that you assigned to the nsroot account during initial configuration.

Step 4 In the Start in list, click Dashboard, and then click Login.

For more information, see the Citrix eDoc, Accessing a Citrix NetScaler.


Configuring RISE in a Direct Mode Deployment

This section describes the configuration required to enable the RISE feature on the Cisco Nexus 7000 Series switches and the NetScaler appliance in a direct mode deployment. It includes the following topics:

Configuring RISE on the Cisco Nexus 7000 Series Switch

Configuring RISE on the NetScaler Appliance

Configuring RISE on the Cisco Nexus 7000 Series Switch

You can configure a RISE service on the Cisco Nexus 7000 Series switches using the ports that connect to the NetScaler appliance.

BEFORE YOU BEGIN

Power up the NetScaler appliance and connect it to the Cisco Nexus 7000 Series switches. See Chapter 2 "Preparing for RISE Integration," for information on connecting the NetScaler appliance.

Create a port channel on the Cisco Nexus 7000 Series switches and add all relevant management and data VLANs for the NetScaler appliance. See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for information on creating port channels.

Make sure that you are in the correct VDC on the Cisco Nexus 7000 Series switches. To switch VDCs, use the switchto vdc command.

DETAILED STEPS

 
Command
Purpose

Step 1 

switch# configure terminal

Enters global configuration mode.

Step 2 

switch(config)# feature rise

Enables the RISE feature on the Cisco Nexus 7000 Series switches.

Step 3 

switch(config)# service vlan-group group-number vlan-range

Creates a VLAN group for the NetScaler appliance data VLANs on the Cisco Nexus 7000 Series switches.

The range for the VLAN group is from 1 to 32, and the range for the configured VLANs is from 1 to 3967. You can enter the vlan-range using a comma (,), a dash (-), and the numbers.

Step 4 

switch(config)# service type rise name service-name mode direct

Creates a RISE service instance, enters the RISE configuration mode on the Cisco Nexus 7000 Series switches, and specifies that the NetScaler appliance is directly connected to the switch in order to establish RISE connectivity.

You can enter up to 31 alphanumeric characters for the name of the RISE service instance.

Step 5 

switch(config-rise)# vlan vlan-id

Assigns a VLAN to the NetScaler appliance that is directly connected to the Cisco Nexus 7000 Series switches.

The range is from 1 to 4094.

This VLAN controls message communication with the supervisor over the RISE port channel. The same VLAN can be used for the NetScaler appliance management VLAN.

The VLAN ID and SVI interface must be created before the RISE channel can be established. The IP address of the SVI interface is the supervisor IP address for NetScaler appliance to communicate with and send the control messages.

Step 6 

switch(config-rise)# ip ip-address mask

Specifies the IP address of the NetScaler appliance that is directly connected to the Cisco Nexus 7000 Series switches.

This IP address controls message communication with the supervisor over the RISE port channel. The same IP address can be used for the management IP address of NetScaler appliance.

Step 7 

switch(config-rise)# vlan group vlan-group

Specifies the RISE VLAN group to be used by NetScaler appliance.

The range is from 1 to 32.

Note The trunk-allowed VLANs on the port channel must include all of the VLANs in the VLAN group as well as the VLAN for the RISE control message.

Step 8 

switch(config-rise)# ethernet slot/port

or

switch(config-rise)# port-channel channel-number

Creates an interface for sending out RISE discovery packets.

The range for the slot argument is from 1 to 253. The range for the port argument isfrom 1 to 128.

The range for the channel-number argument is from 1 to 4096.

Step 9 

switch(config-rise)# no shutdown

Launches the auto-discovery and bootstrap configuration process. The NetScaler appliance port channel is created with the RISE IP address set at the NetScaler appliance.

Note The Cisco Nexus 7000 Series switches associates the NetScaler appliance serial number with the virtual slot number for this NetScaler appliance.

Note Discovery does not start if any required information (such as the port, RISE VLAN, RISE IP address, or switch virtual interface [SVI] of the RISE VLAN) is not provided. If the discovery times out, the virtual module is shown in the inactive state. The show rise command on the switch displays the reason for discovery failure.

Step 10 

switch(config-rise)# show module service

(Optional) Displays the status of the RISE service module on the Cisco Nexus 7000 Series switches. If the RISE service module is operational, the status displays as "active."

Step 11 

switch(config-rise)# attach rise {slot slot-number | name name}

(Optional) Connects the Cisco Nexus 7000 Series switches to the RISE service module and generates a RISE session from the switch, which allows Telnet access.

The slot number range varies based on the valid slot numbers for a particular VDC. The Cisco Nexus 7000 Series switches supports 32 RISE instances per VDC. The slot number range is as follows:

300-331 for VDC 1

332-363 for VDC 2

364-395 for VDC 3

396-427 for VDC 4

You can enter up to 32 alphanumeric characters for the RISE service module name.

After you enter the password, you can access the NetScaler appliance to configure it.

Step 12 

switch(config-rise)# show rise

(Optional) Displays the RISE configuration status on the Cisco Nexus 7000 Series switches. If RISE is configured on the switch, the state displays as "active."

Configuring RISE on the NetScaler Appliance

After configuring RISE on the Cisco Nexus 7000 Series switches, the NetScaler appliance that is directly connected to it is automatically configured for RISE mode, and all of its ports are in operation mode. No further configuration is required to deploy RISE on the NetScaler appliance.

Configuring RISE in an Indirect Mode Deployment

This section describes the configuration required to enable the RISE feature on the Cisco Nexus 7000 Series switches and the NetScaler appliance in an indirectly connected deployment. It includes the following topics:

Configuring RISE on the Cisco Nexus 7000 Series Switch

Configuring RISE on the NetScaler Appliance

Configuring RISE on the Cisco Nexus 7000 Series Switch

You can configure a RISE service on the Cisco Nexus 7000 Series switches using the ports that connect to the NetScaler appliance.

BEFORE YOU BEGIN

Cable and power up the NetScaler appliance. See Chapter 2 "Preparing for RISE Integration" for information on connecting the NetScaler appliance.

Create a port channel on the Cisco Nexus 7000 Series switches and add all relevant management and data VLANs for the NetScaler appliance. See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for information on creating port channels.

Make sure that you are in the correct VDC on the Cisco Nexus 7000 Series switches. To switch VDCs, use the switchto vdc command.

DETAILED STEPS

 
Command
Purpose

Step 1 

switch# configure terminal

Enters global configuration mode.

Step 2 

switch(config)# feature rise

Enables the RISE feature on the Cisco Nexus 7000 Series switches.

Step 3 

switch(config)# service vlan-group group-number vlan-range

Creates a VLAN group for the NetScaler appliance data VLANs on the Cisco Nexus 7000 Series switches.

The range for the VLAN group is from 1 to 32, and the range for the configured VLANs is from 1 to 3967. You can enter the vlan-range using a comma (,), a dash (-), and the numbers.

Step 4 

switch(config)# service type rise name service-name mode indirect

Creates a RISE service instance, enters the RISE configuration mode on the Cisco Nexus 7000 Series switches, and specifies that NetScaler appliance is indirectly connected to the switch in order to establish RISE connectivity.

You can enter up to 31 alphanumeric characters for the name of the RISE service instance.

Step 5 

switch(config-rise)# vlan vlan-id

Assigns a VLAN to NetScaler appliance that is indirectly connected to the Cisco Nexus 7000 Series switches.

The range is from 1 to 4094.

This VLAN controls message communication with the supervisor over the RISE port channel. The same VLAN can be used for the NetScaler appliance management VLAN.

The VLAN ID and SVI interface must be created before the RISE channel can be established. The IP address of the SVI interface is the supervisor IP address for NetScaler appliance to communicate with and send the control messages.

Step 6 

switch(config-rise)# ip ip-address mask

Specifies the IP address of the NetScaler appliance that is indirectly connected to the Cisco Nexus 7000 Series switches.

This IP address controls message communication with the supervisor over the RISE port channel. The same IP address can be used for the management IP address of NetScaler appliance.

Step 7 

switch(config-rise)# vlan group vlan-group

Specifies the RISE VLAN group, which is the list of VLANs to be used by NetScaler appliance.

The range is from 1 to 32.

Note The trunk-allowed VLANs on the port channel must include all of the VLANs in the VLAN group as well as the VLAN for the RISE control message.

Step 8 

switch(config-rise)# no shutdown

Launches the bootstrap configuration process but skips the auto-discovery process.

Note The Cisco Nexus 7000 Series switches associates the NetScaler appliance serial number with the virtual slot number for this NetScaler appliance.

Note Discovery does not start if any required information (such as the port, RISE VLAN, RISE IP address, or SVI of the RISE VLAN) is not provided. If the discovery times out, the virtual module is shown in the inactive state. The show rise command on the switch displays the reason for discovery failure.

Step 9 

switch(config-rise)# show module service

(Optional) Displays the status of the RISE service module on the Cisco Nexus 7000 Series switches. If the RISE service module is operational, the status displays as "active."

Step 10 

switch(config-rise)# attach rise {slot slot-number | name name}

(Optional) Connects the Cisco Nexus 7000 Series switches to the RISE service module and generates a RISE session from the switch, which allows Telnet access.

The slot number range varies based on the valid slot numbers for a particular VDC. The Cisco Nexus 7000 Series switches supports 32 RISE instances per VDC. The slot number range is as follows:

300-331 for VDC 1

332-363 for VDC 2

364-395 for VDC 3

396-427 for VDC 4

You can enter up to 32 alphanumeric characters for the RISE service module name.

After you enter the password, you can access the NetScaler appliance to configure it.

Step 11 

switch(config-rise)# show rise

(Optional) Displays the RISE configuration status on the Cisco Nexus 7000 Series switches. If RISE is configured on the switch, the state displays as "active."

Configuring RISE on the NetScaler Appliance

You can configure the NetScaler appliance to set up the RISE control channel to the Cisco Nexus 7000 Series switches.

BEFORE YOU BEGIN

Make sure that the NetScaler appliance is operational and connected to the Cisco Nexus 7000 Series switches. See Chapter 2 "Preparing for RISE Integration" for more information. Make sure that RISE is configured on the Cisco Nexus 7000 Series switches. See the "Configuring RISE on the Cisco Nexus 7000 Series Switch" section.

Create a port channel on the NetScaler appliance and map its physical ports to this port channel. Configure the NSIP and NSVLAN on the NetScaler appliance.

Configuring NSIP

The NSIP address is the IP address for management and general system access to the NetScaler appliance, and for HA communication.

Configuring NSIP Using the CLI:

At the NetScaler command prompt, you can type config ns and follow the prompts to complete the initial configuration. Alternatively, type these commands:


Note Note: To prevent an attacker from breaching your ability to send packets to the appliance, choose a nonroutable IP address on your organization's LAN as your appliance IP address.


set ns config - ipaddress address - netmask netmask

add ns ip ip-address netmask - type type

add route network netmask gateway

set system user nsroot password

save ns config

reboot

Example:

set ns config - ipaddress 10.102.29.60 - netmask 255.255.255.0
add ns ip 10.102.29.61 255.255.255.0 -type snip
add route 0.0.0.0 0.0.0.0 10.102.29.1
set system user nsroot administrator
save ns

To configure the accessibility settings by using the configuration utility, see "Accessing the Citrix NetScaler Appliance" section.

Configuring NSVLAN

NSVLAN is a VLAN to which the NetScaler management IP (NSIP) address's subnet is bound. The NSIP subnet is available only on interfaces that are associated with NSVLAN. By default, NSVLAN is VLAN1, but you can designate a different VLAN as NSVLAN. If you do so, you must reboot the NetScaler appliance for the change to take effect. After the reboot, NSIP subnet traffic is restricted to the new NSVLAN.

Configuring NSIP Using the CLI:

Type these commands at the command prompt to configure NSVLAN using the CLI:

set ns config - nsvlan positive_integer - ifnum interface_name ... [-tagged (YES | NO)]

show ns config


Note Note: The configuration takes effect after the NetScaler appliance is rebooted.


Example:

set ns config -nsvlan 300 -ifnum 1/1 1/2 1/3 -tagged NO
save config
 
   

Type these commands at the command prompt to restore the default NSVLAN configuration:

unset ns config -nsvlan

show ns config

Example:

> unset ns config -nsvlan

Configuring NSIP Using the Configuration Utility:

Follow these steps to configure NSVLAN using the configuration utility:


Step 1 Navigate to System > Settings.

Step 2 In the details pane, under Settings, click Change NSVLAN Settings.

Step 3 In the Configure NSVLAN Settings dialog box, set the parameters. For a description of a parameter, hover the mouse cursor over the corresponding field.

Step 4 Under Interfaces, select interfaces from the Available Interfaces list and click Add to move them to the Configured Interfaces list.

Step 5 Click OK. In the Warning dialog box, click OK. The configuration takes effect after the NetScaler appliance is restarted.


On the Nexus 7000 switch, define the RISE service type with the same NSIP and the NSVLAN that were defined on the NetScaler appliance.

Verifying the RISE Configuration

To display the RISE configuration on the Cisco Nexus 7000 Series switches, perform one of the following tasks:

Command
Purpose

show module service

Displays the status of the RISE service module on the Cisco Nexus 7000 Series switches.

show rise [detail]

Displays the RISE configuration status on the Cisco Nexus 7000 Series switches.

show rise vlan-group

Displays VLAN group information for the NetScaler appliance data VLANs on the Cisco Nexus 7000 Series switches.

show running-config services

Displays the RISE running configuration on the Cisco Nexus 7000 Series switches.

show tech-support services [detail]

Displays troubleshooting information for RISE on the Cisco Nexus 7000 Series switches.



Note For detailed information about the fields in the output from these commands, see "Cisco NX-OS RISE Commands."


To display the RISE configuration on the NetScaler appliance, perform one of the following tasks:

Command
Purpose

show rise profile

Displays the RISE configuration status on the NetScaler appliance.



Note For detailed information about the fields in the output from these commands, see "."


Monitoring RISE

Use the show rise profile command on the NetScaler appliance to display RISE statistics, as shown in the following example:

ProfileName:  profile_300 IPAddress:  173.173.1.1
        Mode:  Indirect          Status:  Inactive
        VdcId:  1                SlotNumber:  300
        Vlan:  3                 VlanGroupId:  1
        Ifnum:  LA/1
Done

Configuration Examples for RISE

This section includes the following topics:

Configuration Example for RISE in a Directly Connected Deployment

Configuration Example for RISE in an Indirectly Connected Deployment

Related Documents

Configuration Example for RISE in a Directly Connected Deployment

This example shows how to configure a RISE service on the Cisco Nexus 7000 Series switches using the ports that connect directly to an NetScaler appliance:

switch# configure terminal
switch(config)# port-channel 100
switch(config-if)# switchport trunk allowed vlan 20,30,40
switch(config-if)# no shut
switch(config)# ethernet 5/1-2
switch(config-if-range)# channel-group 100
switch(config)# ethernet 6/1-2
switch(config-if-range)# channel-group 100
switch(config)# service vlan-group 1 20,30,40
switch(config)# feature rise
switch(config)# service type rise name ns21 mode direct
switch(config-rise)# vlan 3
switch(config-rise)# ip 3.3.3.21 255.0.0.0
switch(config-rise)# vlan group 21
switch(config-rise)# port-channel 100
switch(config-rise)# no shutdown
switch(config-rise)# show module service
 
   
Mod  Ports  Module-Type             Model              Name         Status
---  -----  ----------------------- ------------------ ------------ ----------
9    0      RISE Module             NA                 NAM9         ok
300  4      RISE Direct             Netscaler          ns21         ok
 
   
Mod  Sw                                Serial-Num
---  --------------------------------  --------------------------------
9    NA                                NA                              
300  NetScaler NS10.1: Build 120.1309  HE2H81UJ47                      
switch(config-rise)# attach rise slot 300
Attaching to RISE 300 ...
 
   
Username:nsroot
Warning: Permanently added '3.3.3.21' (RSA) to the list of known hosts.
Password: 
Last login: Fri Sep 27 14:58:44 2013 from 10.99.0.15
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.
 
   
 Done		
switch(config-rise)# show rise detail
 
   
RISE module name: ns21
  State: active
  Admin state: enabled
  Interface: N/A
  Mode: direct
  Slot id: 300
  Service token: 0x0
  Serial number: HE2H81UJ47
  SUP IP: 3.101.0.10
  RISE IP: 3.3.3.21
  VDC id: 1
  VLAN: 3
  VLAN group: 21
  VLAN list: 121,222-224,231-234

Note When the NetScaler appliance is directly connected to the Cisco Nexus 7000 Series switches and the RISE control channel is configured on the Cisco Nexus 7000 Series switches, the NetScaler appliance is automatically configured for RISE mode and all of its ports are set to operation mode.


Configuration Example for RISE in an Indirectly Connected Deployment

This example shows how to configure a RISE service on the Cisco Nexus 7000 Series switches using the ports that connect to a NetScaler virtual appliance:

switch# configure terminal
switch(config)# port-channel 100
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport allowed vlan 10,20,30,40,50,60
switch(config)# ethernet 5/1-2
switch(config-if-range)# channel-group 100
switch(config-if-range)# no shutdown
switch(config)# ethernet 6/1-2
switch(config-if-range)# channel-group 100
switch(config-if-range)# no shutdown
switch(config)# service vlan-group 1 20,30,40
switch(config)# feature rise
switch(config)# service type rise name ns22 mode indirect 
switch(config-rise)# vlan 10
switch(config-rise)# ip 3.3.3.22 255.0.0.0
switch(config-rise)# vlan group 22
switch(config-rise)# no shutdown
switch(config-rise)# show module service
 
   
Mod  Ports  Module-Type             Model              Name         Status
---  -----  ----------------------- ------------------ ------------ ----------
9    0      RISE Module             NA                 NAM9         ok
301  0      RISE Indirect           Netscaler          ns22 ok
 
   
Mod  Sw                                Serial-Num
---  --------------------------------  --------------------------------
9    NA                                NA                              
301  NetScaler NS10.1: Build 120.1309  HE2H81UJ47 
 
   
switch(config-rise)# attach rise slot 301
rise_ent->rise_ip = 2010101
ipaddr 100.1.1.10
Attaching to RISE 301 ...
To exit type 'exit', to abort type '$.'
Telnet rlogin escape character is '$'.
Trying 100.1.1.10...
Connected to 100.1.1.10.
Escape character is '^]'.
 
   
Password:
 
   
switch(config-rise)# show rise detail
RISE module name: ns22
  State: active
  Admin state: enabled
  Interface: N/A
  Mode: indirect
  Slot id: 301
  Service token: 0x1
  Serial number: HE2H81UJ47
  SUP IP: 3.101.0.10
  RISE IP: 10.10.10.5
  VDC id: 1
  VLAN: 10
  VLAN group: 22
  VLAN list: 122,221-224,231-234
 
   

This example shows how to configure the RISE control channel between an indirectly connected NetScaler appliance and the Cisco Nexus 7000 Series switches:

ethernet 0/1
  channel-group 1
  no shutdown
ethernet 0/2
  channel-group 1
  no shutdown
ethernet 1/1
  channel-group 1
  no shutdown
ethernet 1/2
  channel-group 1
  no shutdown
port-channel 1
  switchport trunk allowed vlan 10,100,551,600,770
  no shutdown
access-list ALL_rise line 8 extended permit ip any any
 
   
class-map type management match-any remote_access_rise
  2 match protocol rise-tcp any
3 match protocol telnet any
 
   
policy-map type management first-match remote_mgmt_allow_policy_rise
  class remote_access_rise
    permit
 
   
interface vlan 1000
  ip address 10.10.10.5 255.255.255.0
  access-group input ALL_rise
  service-policy input remote_mgmt_allow_policy_rise
  no shutdown

Related Documents

Related Topic
Document Title

CLI on the Cisco Nexus 7000 Series switches

Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide

CoPP

Cisco Nexus 7000 Series NX-OS Security Configuration Guide

Interfaces

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide

Policy-based routing

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide

VDCs

Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide


Feature History for RISE

Table 3-3 lists the release history for this feature.

Table 3-3 Feature History for RISE

Feature Name
Releases
Feature Information

RISE

Cisco NX-OS 6.2(2a)

This feature was introduced on the Cisco Nexus 7000 Series switches.

RISE

NetScaler 10.1.e

This feature was introduced on the NetScaler appliance.