- Preface
-
- Configuring the Fabric Interconnects
- Configuring Ports and Port Channels
- Configuring Communication Services
- Configuring Authentication
- Configuring Organizations
- Configuring Role-Based Access Control
- Managing Firmware
- Configuring DNS Servers
- Configuring System-Related Policies
- Managing Licenses
- Managing Virtual Interfaces
- Index
Configuring Network-Related Policies
This chapter includes the following sections:
- Configuring vNIC Templates
- Configuring Ethernet Adapter Policies
- Configuring Network Control Policies
Configuring vNIC Templates
vNIC Template
This policy defines how a vNIC on a server connects to the LAN. This policy is also referred to as a vNIC LAN connectivity policy.
Beginning in Cisco UCS, Release 2.0(2), Cisco UCS Manager does not automatically create a VM-FEX port profile with the correct settings when you create a vNIC template. If you want to create a VM-FEX port profile, you must configure the target of the vNIC template as a VM.
You need to include this policy in a service profile for it to take effect.
Note |
If your server has two Emulex or QLogic NICs (Cisco UCS CNA M71KR-E or Cisco UCS CNA M71KR-Q), you must configure vNIC policies for both adapters in your service profile to get a user-defined MAC address for both NICs. If you do not configure policies for both NICs, Windows still detects both of them in the PCI bus. Then because the second eth is not part of your service profile, Windows assigns it a hardware MAC address. If you then move the service profile to a different server, Windows sees additional NICs because one NIC did not have a user-defined MAC address. |
Creating a vNIC Template
This policy requires that one or more of the following resources already exist in the system:
What to Do Next
Include the vNIC template in a service profile.
Deleting a vNIC Template
Binding a vNIC to a vNIC Template
You can bind a vNIC associated with a service profile to a vNIC template. When you bind the vNIC to a vNIC template, Cisco UCS Manager configures the vNIC with the values defined in the vNIC template. If the existing vNIC configuration does not match the vNIC template, Cisco UCS Manager reconfigures the vNIC. You can only change the configuration of a bound vNIC through the associated vNIC template. You cannot bind a vNIC to a vNIC template if the service profile that includes the vNIC is already bound to a service profile template.
If the vNIC is reconfigured when you bind it to a template, Cisco UCS Manager reboots the server associated with the service profile.
Unbinding a vNIC from a vNIC Template
Configuring Ethernet Adapter Policies
Ethernet and Fibre Channel Adapter Policies
These policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:
- Queues
- Interrupt handling
- Performance enhancement
- RSS hash
- Failover in an cluster configuration with two fabric interconnects
Operating System Specific Adapter Policies
By default, Cisco UCS provides a set of Ethernet adapter policies and Fibre Channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.
We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support.
However, if you are creating an Ethernet adapter policy for a Windows OS (instead of using the default Windows adapter policy), you must use the following formulas to calculate values that work with Windows:
- Completion Queues = Transmit Queues + Receive Queues
- Interrupt Count = (Completion Queues + 2) rounded up to nearest power of 2
For example, if Transmit Queues = 1 and Receive Queues = 8 then:
- Completion Queues = 1 + 8 = 9
- Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16
Creating an Ethernet Adapter Policy
Tip |
If the fields in an area are not displayed, click the Expand icon to the right of the heading. |
Deleting an Ethernet Adapter Policy
Step 1 | In the Navigation pane, click the LAN tab. |
Step 2 | On the LAN tab, expand Organization_Name. |
Step 3 | Expand the Adapter Policies node. |
Step 4 | Right-click the Ethernet adapter policy that you want to delete and choose Delete. |
Step 5 | If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes. |
Configuring Network Control Policies
Network Control Policy
This policy configures the network control settings for the Cisco UCS domain, including the following:
- Whether the Cisco Discovery Protocol (CDP) is enabled or disabled
- How the VIF behaves if no uplink port is available in end-host mode
- The action that Cisco UCS Manager takes on the remote Ethernet interface, vEthernet interface , or vFibreChannel interface when the associated border port fails
- Whether the server can use different MAC addresses when sending packets to the fabric interconnect
- Whether MAC registration occurs on a per-VNIC basis or for all VLANs.
Action on Uplink Fail
By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. For adapters such as the Cisco UCS M81KR Virtual Interface Card, this default behavior directs Cisco UCS Manager to bring the vEthernet or vFibreChannel interface down if the associated border port fails. For Cisco UCS systems using a non-VM-FEX capable converged network adapter that supports both Ethernet and FCoE traffic, such as Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, this default behavior directs Cisco UCS Manager to bring the remote Ethernet interface down if the associated border port fails. In this scenario, any vFibreChannel interfaces that are bound to the remote Ethernet interface are brought down as well.
Note |
Cisco UCS Manager, release 1.4(2) and earlier did not enforce the Action on Uplink Fail property for those types of non-VM-FEX capable converged network adapters mentioned above. If the Action on Uplink Fail property was set to link-down, Cisco UCS Manager would ignore this setting and instead issue a warning. In the current version of Cisco UCS Manager this setting is enforced. Therefore, if your implementation includes one of those converged network adapters and the adapter is expected to handle both Ethernet and FCoE traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning. Please note that this configuration may result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down. |
MAC Registration Mode
In Cisco UCS Manager, releases 1.4 and earlier, MAC addresses were installed on all of the VLANs belonging to an interface. Starting in release 2.0, MAC addresses are installed only on the native VLAN by default. In most implementations this maximizes the VLAN port count.
Note |
If a trunking driver is being run on the host and the interface is in promiscuous mode, we recommend that you set the Mac Registration Mode to All VLANs. |
Creating a Network Control Policy
MAC address-based port security for Emulex converged Network Adapters (N20-AE0102) is not supported. When MAC address-based port security is enabled, the fabric interconnect restricts traffic to packets that contain the MAC address that it first learns. This is either the source MAC address used in the FCoE Initialization Protocol packet, or the MAC address in an ethernet packet, whichever is sent first by the adaptor. This configuration can result in either FCoE or Ethernet packets being dropped.
Step 1 | In the Navigation pane, click the LAN tab. | ||||||||||||
Step 2 | On the LAN tab, expand . | ||||||||||||
Step 3 |
Expand the node for the organization where you want to create the policy. If the system does not include multitenancy, expand the root node. |
||||||||||||
Step 4 | Right-click the Network Control Policies node and select Create Network Control Policy. | ||||||||||||
Step 5 |
In the Create Network Control Policy dialog box, complete the following fields:
|
||||||||||||
Step 6 |
In the MAC Security area, do the following to determine whether the server can use different MAC addresses when sending packets to the fabric interconnect:
|
||||||||||||
Step 7 | Click OK. |
Deleting a Network Control Policy
Step 1 | In the Navigation pane, click the LAN tab. |
Step 2 | On the LAN tab, expand Organization_Name. |
Step 3 | Expand the Network Control Policies node. |
Step 4 | Right-click the policy you want to delete and select Delete. |
Step 5 | If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes. |