Contents
Configuring Network-Related Policies
This chapter includes the following sections:
Configuring vNIC Templates
vNIC Template
This policy defines how a vNIC on a server connects to the LAN. This
policy is also referred to as a vNIC LAN connectivity policy.
Cisco
UCS Manager does not automatically create a VM-FEX port profile with the correct settings when you create a vNIC template. If you want to create a VM-FEX port profile, you must configure the target of the vNIC template as a VM.
You need to include this policy in a
service profile
for it to take effect.
Note |
If your server has two Emulex or QLogic NICs (Cisco UCS CNA M71KR-E or Cisco UCS CNA M71KR-Q), you must configure vNIC policies for both adapters in your service profile to get a user-defined MAC address for both NICs. If you do not configure policies for both NICs, Windows still detects both of them in the PCI bus. Then because the second eth is not part of your service profile, Windows assigns it a hardware MAC address. If you then move the service profile to a different server, Windows sees additional NICs because one NIC did not have a user-defined MAC address.
|
Creating a vNIC Template
Before You Begin
This policy requires that one or more of the following resources
already exist in the system:
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the node for the organization where you want to create the
policy.
If the system does not include multitenancy,
expand the
root node.
|
| Step 4
| Right-click the
vNIC Templates node and choose
Create vNIC Template.
|
| Step 5
| In the
Create vNIC Template dialog box:
- In the General area, complete the following fields:
| Name
|
Description
|
|---|
|
Name field
|
The name of the vNIC template.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Description
field
|
A user-defined description of the
template.
Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).
|
|
Fabric ID
field
|
The fabric
interconnect associated with the component.
If you want vNICs created from
this template to be able to access the second fabric interconnect if the
default one is unavailable, check the
Enable Failover check box.
| Note
|
Do not enable
vNIC fabric failover under the following circumstances:
-
If the
Cisco UCS domain is
running in Ethernet switch mode. vNIC fabric failover is not supported in that
mode. If all Ethernet uplinks on one fabric interconnect fail, the vNICs do not
fail over to the other.
-
If you plan
to associate one or more vNICs created from this template with a server that
has an adapter which does not support fabric failover, such as the
Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so,
Cisco UCS Manager generates
a configuration fault when you associate the service profile with the server.
|
|
|
Target list
box
|
A list of the possible targets for
vNICs created from this template. The target you choose determines whether or not Cisco UCS Manager automatically creates a VM-FEX port profile with the appropriate settings for the vNIC template. This can be one of the following:
-
Adapter—The vNICs apply to all
adapters.
No VM-FEX port profile is created if you choose this option.
-
VM—The vNICs apply to all virtual
machines.
A VM-FEX port profile is created if you choose this option.
|
|
Template
Type field
|
This can be one of the following:
|
- In the VLANs area, use the table to select the VLAN to
assign to vNICs created from this template. The table contains the following
columns:
| Name
|
Description
|
|---|
|
Select column
|
Check the check box in this column for each VLAN that you want to use.
| Note
| VLANs and PVLANs can not be assigned to the same vNIC.
|
|
|
Name column
|
The name of the VLAN.
|
|
Native VLAN column
|
To designate one of the VLANs as the native VLAN, click the
radio button in this column.
|
|
Create VLAN link
|
Click this link if you want to create a VLAN.
|
- In the Policies area, complete the following fields:
| Name
|
Description
|
|---|
|
MTU field
|
The maximum transmission unit, or packet size, that vNICs
created from this vNIC template should use.
Enter an integer between 1500 and 9216.
| Note
| If the vNIC template has an associated QoS policy, the MTU specified here must be equal to or less than the MTU specified in the associated QoS system class. If this MTU value exceeds the MTU value in the QoS system class, packets may be dropped during data transmission.
|
|
|
MAC Pool
drop-down list
|
The MAC address pool that vNICs
created from this vNIC template should use.
|
|
QoS Policy
drop-down list
|
The quality of service policy that vNICs
created from this vNIC template should use.
|
|
Network Control Policy drop-down list
|
The network control policy that vNICs
created from this vNIC template should use.
|
|
Pin Group
drop-down list
|
The LAN pin group that vNICs created
from this vNIC template should use.
|
|
Stats Threshold
Policy drop-down list
|
The statistics collection policy
that vNICs created from this vNIC template should use.
|
Dynamic vNIC Connection Policy drop-down list
|
The dynamic vNIC connection policy that vNICs created from this vNIC template should use.
|
|
| Step 6
| Click
OK.
|
What to Do Next
Include the vNIC template in a service profile.
Binding a vNIC to a vNIC Template
You can bind a vNIC associated with a service profile to a vNIC
template. When you bind the vNIC to a vNIC template,
Cisco UCS Manager configures
the vNIC with the values defined in the vNIC template. If the existing vNIC
configuration does not match the vNIC template,
Cisco UCS Manager
reconfigures the vNIC. You can only change the configuration of a bound vNIC
through the associated vNIC template. You cannot bind a vNIC to a vNIC template
if the service profile that includes the vNIC is already bound to a service
profile template.
Important:
If the vNIC is
reconfigured when you bind it to a template,
Cisco UCS Manager reboots
the server associated with the service profile.
Procedure
| Step 1
| In the
Navigation pane, click the
Servers tab. |
| Step 2
| On the
Servers tab, expand
. |
| Step 3
| Expand the node for the organization that includes the
service profile
with the vNIC you want to bind.
If the system does not include multi-tenancy, expand the
root node.
|
| Step 4
| Expand
.
|
| Step 5
| Click the vNIC you want to bind to a template.
|
| Step 6
| In the
Work pane, click the
General tab. |
| Step 7
| In the
Actions area, click
Bind to a Template.
|
| Step 8
| In the
Bind to a vNIC Template dialog box, do the
following:
- From the
vNIC Template drop-down list, choose the
template to which you want to bind the vNIC.
- Click
OK.
|
| Step 9
| In the warning dialog box, click
Yes to acknowledge that
Cisco UCS Manager
may need to reboot the server if the binding causes the vNIC to be
reconfigured.
|
Unbinding a vNIC from a vNIC Template
Procedure
| Step 1
| In the
Navigation pane, click the
Servers tab. |
| Step 2
| On the
Servers tab, expand
. |
| Step 3
| Expand the node for the organization that includes the
service profile
with the vNIC you want to unbind.
If the system does not include multi-tenancy, expand the
root node.
|
| Step 4
| Expand
.
|
| Step 5
| Click the vNIC you want to unbind from a template.
|
| Step 6
| In the
Work pane, click the
General tab. |
| Step 7
| In the
Actions area, click
Unbind from a Template.
|
| Step 8
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Deleting a vNIC Template
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
vNIC Templates node.
|
| Step 4
| Right-click the policy you want to delete and choose
Delete.
|
| Step 5
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Configuring Ethernet Adapter Policies
Ethernet and Fibre Channel Adapter Policies
These policies govern the host-side behavior of the adapter, including
how the adapter handles traffic. For example, you can use these policies to
change default settings for the following:
Note |
For Fibre Channel adapter policies, the values displayed by Cisco
UCS Manager may not match those displayed by applications such as QLogic SANsurfer. For example, the following values may result in an apparent mismatch between SANsurfer and Cisco
UCS Manager:
-
Max LUNs Per Target—SANsurfer has a maximum of 256 LUNs and does not display more than that number. Cisco
UCS Manager supports a higher maximum number of LUNs.
-
Link Down Timeout—In SANsurfer, you configure the timeout threshold for link down in seconds. In Cisco
UCS Manager, you configure this value in milliseconds. Therefore, a value of 5500 ms in Cisco
UCS Manager displays as 5s in SANsurfer.
-
Max Data Field Size—SANsurfer has allowed values of 512, 1024, and 2048. Cisco
UCS Manager allows you to set values of any size. Therefore, a value of 900 in Cisco
UCS Manager displays as 512 in SANsurfer.
|
Operating System Specific Adapter Policies
By default, Cisco UCS provides a set of Ethernet adapter policies and Fibre Channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.
Important:
We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support.
However, if you are creating an Ethernet adapter policy for a Windows OS (instead of using the default Windows adapter policy), you must use the following formulas to calculate values that work with Windows:
- Completion Queues = Transmit Queues + Receive Queues
- Interrupt Count = (Completion Queues + 2) rounded up to nearest power of 2
For example, if Transmit Queues = 1 and Receive Queues = 8 then:
- Completion Queues = 1 + 8 = 9
- Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16
Creating an Ethernet Adapter Policy
Tip |
If the fields in an area are not displayed, click the
Expand icon to the right of the heading.
|
Procedure
| Step 1
| In the
Navigation pane, click the
Servers tab. |
| Step 2
| On the
Servers tab, expand
.
|
| Step 3
| Expand the node for the organization where you want to create the
policy.
If the system does not include multitenancy,
expand the
root node.
|
| Step 4
| Right-click Adapter Policies and choose
Create Ethernet Adapter Policy.
|
| Step 5
| Enter a name and description for the policy in the following
fields:
| Name
|
Description
|
|---|
|
Name
field
|
The name of the policy.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Description field
|
A description of the policy.
We recommend that you include information about where and when the policy should be
used.
Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).
|
Owner field
|
This can be one of the following:
Local—This policy is available only to service profiles and service profile templates in this Cisco UCS domain.
Pending Global—Control of this policy is being transferred to Cisco UCS Central. Once the transfer is complete, this policy will be available to all Cisco UCS domains registered with Cisco UCS Central.
Global—This policy is managed by Cisco UCS Central. Any changes to this policy must be made through Cisco UCS Central.
|
|
| Step 6
| (Optional)In the
Resources area, adjust the following values:
| Name
|
Description
|
|---|
|
Transmit Queues field
|
The number of transmit queue resources to allocate.
Enter an integer between 1
and 256.
|
|
Ring Size field
|
The number of descriptors in each transmit queue.
Enter an integer between 64 and 4096.
|
|
Receive Queues field
|
The number of receive queue resources to allocate.
Enter an integer between 1
and 256.
|
|
Ring Size field
|
The number of descriptors in each receive queue.
Enter an integer between 64 and 4096.
|
|
Completion Queues field
|
The number of completion queue resources to allocate.
In general, the number of completion queue resources you should allocate is equal to the number of transmit queue resources plus the number of receive queue resources.
Enter an integer between 1
and 512.
|
|
Interrupts field
|
The number of interrupt resources to allocate. In general, this value should be equal to the number of completion queue resources.
Enter an integer between 1 and 514.
|
|
| Step 7
| (Optional)In the
Options area, adjust the
following values:
| Name
|
Description
|
|---|
|
Transmit Checksum Offload field
|
This can be one of the following:
| Note
|
This option affects only packets sent from the interface.
|
|
|
Receive Checksum Offload field
|
This can be one of the following:
| Note
|
This option affects only packets received by the interface.
|
|
|
TCP Segmentation Offload field
|
This can be one of the following:
| Note
|
This option is also known as Large Send Offload (LSO) and affects only packets sent from the interface.
|
|
|
TCP Large Receive Offload field
|
This can be one of the following:
-
Disabled—The CPU processes all
large packets.
-
Enabled—The hardware reassembles
all segmented packets before sending them to the CPU. This option may reduce
CPU utilization and increase inbound throughput.
| Note
|
This option affects only packets received by the interface.
|
|
|
Receive Side Scaling field
|
RSS distributes network receive processing across multiple CPUs in multiprocessor systems. This can be one of the following:
-
Disabled—Network receive processing is always handled by a single processor even if additional processors are available.
-
Enabled—Network receive processing is shared across processors whenever possible.
|
|
Failback Timeout field
|
After a vNIC has started using its secondary interface, this
setting controls how long the primary interface must be available before the
system resumes using the primary interface for the vNIC.
Enter a number of seconds between 0 and 600.
|
|
Interrupt Mode field
|
The preferred driver interrupt mode. This can be one of the following:
|
|
Interrupt Coalescing Type field
|
This can be one of the following:
-
Min—The system waits for the time
specified in the
Interrupt Timer field before
sending another interrupt event.
-
Idle—The system does not send an
interrupt until there is a period of no activity lasting as least as long as
the time specified in the
Interrupt Timer field.
|
|
Interrupt
Timer field
|
The time to wait between interrupts or the idle period that
must be encountered before an interrupt is sent.
Enter a value between 1 and 65535. To turn off interrupt coalescing,
enter 0 (zero) in this field.
|
|
| Step 8
| Click
OK.
|
| Step 9
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Configuring an Ethernet Adapter Policy to Enable eNIC Support for MRQS on Linux Operating Systems
Cisco UCS Manager includes eNIC support for the Multiple Receive Queue Support (MRQS) feature on Red Hat Enterprise Linux Version 6.x and SUSE Linux Enterprise Server Version 11.x.
Procedure
Deleting an Ethernet Adapter Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
Adapter Policies node.
|
| Step 4
| Right-click the Ethernet adapter policy that you want to delete
and choose
Delete.
|
| Step 5
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Configuring the Default vNIC Behavior Policy
Default vNIC Behavior Policy
Default vNIC behavior policy allow you to configure how vNICs are created for a service profile. You can choose to create vNICS manually, or you can allow them to be created automatically
You can configure the default vNIC behavior policy to define how vNICs are created. This can be one of the following:
None—Cisco
UCS Manager does not create default vNICs for a service profile. All vNICs must be explicitly created.
HW Inherit—If a service profile requires vNICs and none have been explicitly defined, Cisco
UCS Manager creates the required vNICs based on the adapter installed in the server associated with the service profile.
Note |
If you do not specify a default behavior policy for vNICs, HW Inherit is used by default.
|
Configuring a Default vNIC Behavior Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the root node.
You can configure only the default vNIC behavior policy in the root organization. You cannot configure the default vNIC behavior policy in a sub-organization.
|
| Step 4
| Click Default vNIC Behavior. |
| Step 5
| On the General Tab, in the Properties area, click one of the following radio buttons in the Action field: None—Cisco
UCS Manager does not create default vNICs for a service profile. All vNICs must be explicitly created.
HW Inherit—If a service profile requires vNICs and none have been explicitly defined, Cisco
UCS Manager creates the required vNICs based on the adapter installed in the server associated with the service profile.
|
| Step 6
| Click
Save Changes.
|
Configuring LAN Connectivity Policies
LAN and SAN Connectivity Policies
Connectivity policies determine the connections and the network communication resources between the server and the LAN or SAN on the network. These policies use pools to assign MAC addresses, WWNs, and WWPNs to servers and to identify the vNICs and vHBAs that the servers use to communicate with the network.
Note |
We do not recommend that you use static IDs in connectivity policies, because these policies are included in service profiles and service profile templates and can be used to configure multiple servers.
|
Privileges Required for LAN and SAN Connectivity Policies
Connectivity policies enable users without network or storage privileges to create and modify service profiles and service profile templates with network and storage connections. However, users must have the appropriate network and storage privileges to create connectivity policies.
Privileges Required to Create Connectivity Policies
Connectivity policies require the same privileges as other network and storage configurations. For example, you must have at least one of the following privileges to create connectivity policies:
admin—Can create LAN and SAN connectivity policies
ls-server—Can create LAN and SAN connectivity policies
ls-network—Can create LAN connectivity policies
ls-storage—Can create SAN connectivity policies
Privileges Required to Add Connectivity Policies to Service Profiles
After the connectivity policies have been created, a user with ls-compute privileges can include them in a service profile or service profile template. However, a user with only ls-compute privileges cannot create connectivity policies.
Interactions between Service Profiles and Connectivity Policies
You can configure the LAN and SAN connectivity for a service profile through either of the following methods:
LAN and SAN connectivity policies that are referenced in the service profile
Local vNICs and vHBAs that are created in the service profile
Local vNICs and a SAN connectivity policy
Local vHBAs and a LAN connectivity policy
Cisco UCS maintains mutual exclusivity between connectivity policies and local vNIC and vHBA configuration in the service profile. You cannot have a combination of connectivity policies and locally created vNICs or vHBAs. When you include a LAN connectivity policy in a service profile, all existing vNIC configuration is erased, and when you include a SAN connectivity policy, all existing vHBA configuration in that service profile is erased.
Creating a LAN Connectivity Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the node for the organization where you want to create the
policy.
If the system does not include multitenancy,
expand the
root node.
|
| Step 4
| Right-click LAN Connectivity Policies and choose
Create LAN Connectivity Policy.
|
| Step 5
| In the Create LAN Connectivity Policy dialog box, enter a name and description for the policy in the following fields:
| Name
|
Description
|
|---|
|
Name
field
|
The name of the policy.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Description field
|
A description of the policy.
We recommend that you include information about where and when the policy should be
used.
Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).
|
|
| Step 6
| Do one of the following:- To add vNICs to the LAN connectivity policy, continue with Step 7.
- To add iSCSI vNICs to the LAN connectivity policy and use iSCSI boot with the server, continue with Step 8.
|
| Step 7
| To add vNICs, in the vNIC Table area, click + on the table icon bar and complete the following fields in the Create vNIC dialog box:- Complete the following fields to specify the identity information for the vNIC:
| Name
|
Description
|
|---|
|
Name field
|
The user-defined name for this vNIC.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Use vNIC Template check
box
|
Check this check box if you want to use a template to create the vNIC.
The Cisco UCS Manager GUI displays the vNIC Template drop-down list from which you can choose the appropriate template and the Adapter Performance Profile area from which you can choose an adapter profile.
| Note
|
You can choose this option only if one or more vNIC templates exist in the system.
|
|
|
Create vNIC Template link
|
Click this link if you want to create a vNIC template.
|
|
MAC Address Assignment drop-down list
|
If you want to:
-
Use the default MAC address pool, leave this field set
to
Select (pool default used by
default).
-
Use the MAC address assigned to the server by the
manufacturer, select
Hardware Default.
-
Use a specific MAC address, choose
02:25:B5:XX:XX:XX and enter the
address in the
MAC Address field. To verify that
this address is available, click the corresponding link.
-
Use a MAC address from a pool, choose the pool name from the
list. Each pool name is followed by a pair of numbers in parentheses. The first
number is the number of available MAC addresses in the pool and the second is
the total number of MAC addresses in the pool.
|
- Complete the
following fields to specify the fabric connection information:
| Name
|
Description
|
|---|
|
Fabric ID
field
|
The fabric
interconnect associated with the component.
If you want this vNIC to be able
to access the second fabric interconnect if the default one is unavailable,
check the
Enable Failover check box.
| Note
|
Do not enable
fabric failover for the vNIC under the following circumstances:
-
If the
Cisco UCS domain is
running in Ethernet Switch Mode. vNIC fabric failover is not supported in that
mode. If all Ethernet uplinks on one fabric interconnect fail, the vNICs do not
fail over to the other.
-
If you plan
to associate this vNIC with a server that has an adapter which does not support
fabric failover, such as the
Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so,
Cisco UCS Manager generates
a configuration fault when you associate the service profile with the server.
|
|
|
VLANs table
|
This table lists the VLANs that can be associated with this vNIC. The columns are:
-
Select—Check the check box in this column for each VLAN that you want to use.
| Note
| VLANs and PVLANs can not be assigned to the same vNIC.
|
-
Name—The name of the VLAN.
-
Native VLAN—To designate one of the VLANs as the native VLAN, click the
radio button in this column.
|
|
Create VLAN link
|
Click this link if you want to create a VLAN.
|
|
MTU field
|
The maximum transmission unit, or packet size, that this vNIC accepts.
Enter an integer between 1500 and 9216.
| Note
| If the vNIC has an associated QoS policy, the MTU specified here must be equal to or less than the MTU specified in the associated QoS system class. If this MTU value exceeds the MTU value in the QoS system class, packets might get dropped during data transmission.
|
|
|
Pin Group drop-down list
|
Choose the LAN pin group that you want associated with this vNIC.
|
|
Create LAN Pin Group link
|
Click this link if you want to create a LAN pin group.
|
|
Operational Parameters Section
|
|
Stats Threshold Policy drop-down list
|
The statistics collection policy with which this vNIC is
associated.
|
- In the
Adapter Performance Profile area, complete
the following fields:
| Name
|
Description
|
|---|
|
Adapter Policy drop-down list
|
The Ethernet adapter policy with which this vNIC is associated.
|
|
Create Ethernet Adapter Policy link
|
Click this link if you want to create an Ethernet adapter
policy.
|
|
Dynamic vNIC Connection Policy drop-down list
|
The dynamic vNIC connection policy with which this vNIC is associated.
|
|
Create Dynamic vNIC Connection Policy link
|
Click this link if you want to create a dynamic vNIC connection
policy.
|
|
QoS drop-down list
|
The quality of service policy with which this vNIC is associated.
|
|
Create QoS Policy link
|
Click this link if you want to create a quality of service
policy.
|
|
Network Control Policy drop-down list
|
The network control policy with which this vNIC is associated.
|
|
Create Network Control Policy Policy link
|
Click this link if you want to create a network control
policy.
|
- Click OK.
|
| Step 8
| If you want to use iSCSI boot with the server, click the down arrows to expand the Add iSCSI vNICs bar and do the following:- Click + on the table icon bar.
- In the Create iSCSI vNIC dialog box, complete the following fields:
| Name
|
Description
|
|---|
|
Name field
|
The name of the iSCSI vNIC.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Overlay vNIC drop-down list
|
The LAN vNIC associated with this iSCSI vNIC, if any.
|
|
iSCSI Adapter Policy drop-down list
|
The iSCSI adapter policy associated with this iSCSI vNIC, if any.
|
|
Create iSCSI Adapter Policy link
|
Click this link to create a new iSCSI adapter policy that will be available to all iSCSI vNICs.
|
|
VLAN drop-down list
|
The virtual LAN associated with this iSCSI vNIC. The default VLAN is default.
| Note
| For the Cisco UCS M81KR Virtual Interface Card and the Cisco UCS VIC-1240 Virtual Interface Card, the VLAN that you specify must be the same as the native VLAN on the overlay vNIC.
For the Cisco UCS M51KR-B Broadcom
BCM57711 Adapter, the VLAN that you specify can be any VLAN assigned to the overlay vNIC.
|
|
- In the MAC Address Assignment drop-down list in the iSCSI MAC Address area, choose one of the following:
-
Leave the MAC address unassigned, select Select (None used by default). Select this option if the server that will be associated with this service profile contains a Cisco UCS M81KR Virtual Interface Card adapter or a Cisco UCS VIC-1240 Virtual Interface Card.
Important: If the server that will be associated with this service profile contains a Cisco UCS NIC M51KR-B adapter, you must specify a MAC address.
-
A specific MAC address, select 00:25:B5:XX:XX:XX and enter the address in the MAC Address field. To verify that this address is available, click the corresponding link.
-
A MAC address from a pool, select the pool name from the list. Each pool name is followed by a pair of numbers in parentheses. The first number is the number of available MAC addresses in the pool and the second is the total number of MAC addresses in the pool.
If this Cisco UCS domain is registered with Cisco UCS Central, there may be two pool categories. Domain Pools are defined locally in the Cisco UCS domain and Global Pools are defined in Cisco UCS Central.
- Optional: If you want to create a MAC pool that will be available to all service profiles, click Create MAC Pool and complete the fields in the Create MAC Pool wizard.
For more information, see Creating a MAC Pool.
- Click OK.
|
| Step 9
| After you have created all the vNICs or iSCSI vNICs you need for the policy, click OK. |
What to Do Next
Include the policy in a service profile or service profile
template.
Creating a vNIC for a LAN Connectivity Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
LAN Connectivity Policies node. |
| Step 4
| Choose the policy to which you want to add a vNIC. |
| Step 5
| In the
Work pane, click the
General tab. |
| Step 6
| On the icon bar of the vNICs table, click Add. |
| Step 7
| In the Create vNIC dialog box, complete the following fields:- Complete the following fields to specify the identity information for the vNIC:
| Name
|
Description
|
|---|
|
Name field
|
The user-defined name for this vNIC.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Use vNIC Template check
box
|
Check this check box if you want to use a template to create the vNIC.
The Cisco UCS Manager GUI displays the vNIC Template drop-down list from which you can choose the appropriate template and the Adapter Performance Profile area from which you can choose an adapter profile.
| Note
|
You can choose this option only if one or more vNIC templates exist in the system.
|
|
|
Create vNIC Template link
|
Click this link if you want to create a vNIC template.
|
|
MAC Address Assignment drop-down list
|
If you want to:
-
Use the default MAC address pool, leave this field set
to
Select (pool default used by
default).
-
Use the MAC address assigned to the server by the
manufacturer, select
Hardware Default.
-
Use a specific MAC address, choose
02:25:B5:XX:XX:XX and enter the
address in the
MAC Address field. To verify that
this address is available, click the corresponding link.
-
Use a MAC address from a pool, choose the pool name from the
list. Each pool name is followed by a pair of numbers in parentheses. The first
number is the number of available MAC addresses in the pool and the second is
the total number of MAC addresses in the pool.
|
- Complete the
following fields to specify the fabric connection information:
| Name
|
Description
|
|---|
|
Fabric ID
field
|
The fabric
interconnect associated with the component.
If you want this vNIC to be able
to access the second fabric interconnect if the default one is unavailable,
check the
Enable Failover check box.
| Note
|
Do not enable
fabric failover for the vNIC under the following circumstances:
-
If the
Cisco UCS domain is
running in Ethernet Switch Mode. vNIC fabric failover is not supported in that
mode. If all Ethernet uplinks on one fabric interconnect fail, the vNICs do not
fail over to the other.
-
If you plan
to associate this vNIC with a server that has an adapter which does not support
fabric failover, such as the
Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so,
Cisco UCS Manager generates
a configuration fault when you associate the service profile with the server.
|
|
|
VLANs table
|
This table lists the VLANs that can be associated with this vNIC. The columns are:
-
Select—Check the check box in this column for each VLAN that you want to use.
| Note
| VLANs and PVLANs can not be assigned to the same vNIC.
|
-
Name—The name of the VLAN.
-
Native VLAN—To designate one of the VLANs as the native VLAN, click the
radio button in this column.
|
|
Create VLAN link
|
Click this link if you want to create a VLAN.
|
|
MTU field
|
The maximum transmission unit, or packet size, that this vNIC accepts.
Enter an integer between 1500 and 9216.
| Note
| If the vNIC has an associated QoS policy, the MTU specified here must be equal to or less than the MTU specified in the associated QoS system class. If this MTU value exceeds the MTU value in the QoS system class, packets might get dropped during data transmission.
|
|
|
Pin Group drop-down list
|
Choose the LAN pin group that you want associated with this vNIC.
|
|
Create LAN Pin Group link
|
Click this link if you want to create a LAN pin group.
|
|
Operational Parameters Section
|
|
Stats Threshold Policy drop-down list
|
The statistics collection policy with which this vNIC is
associated.
|
- In the
Adapter Performance Profile area, complete
the following fields:
| Name
|
Description
|
|---|
|
Adapter Policy drop-down list
|
The Ethernet adapter policy with which this vNIC is associated.
|
|
Create Ethernet Adapter Policy link
|
Click this link if you want to create an Ethernet adapter
policy.
|
|
Dynamic vNIC Connection Policy drop-down list
|
The dynamic vNIC connection policy with which this vNIC is associated.
|
|
Create Dynamic vNIC Connection Policy link
|
Click this link if you want to create a dynamic vNIC connection
policy.
|
|
QoS drop-down list
|
The quality of service policy with which this vNIC is associated.
|
|
Create QoS Policy link
|
Click this link if you want to create a quality of service
policy.
|
|
Network Control Policy drop-down list
|
The network control policy with which this vNIC is associated.
|
|
Create Network Control Policy Policy link
|
Click this link if you want to create a network control
policy.
|
- Click OK.
|
| Step 8
| Click OK. |
| Step 9
| Click Save Changes. |
Deleting a vNIC from a LAN Connectivity Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
LAN Connectivity Policies node. |
| Step 4
| Select the policy from which you want to delete the vNIC. |
| Step 5
| In the
Work pane, click the
General tab. |
| Step 6
| In the vNICs table, do the following:- Click the vNIC you want to delete.
- On the icon bar, click Delete.
|
| Step 7
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
| Step 8
| Click Save Changes. |
Creating an iSCSI vNIC for a LAN Connectivity Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
LAN Connectivity Policies node. |
| Step 4
| Choose the policy to which you want to add an iSCSI vNIC. |
| Step 5
| In the
Work pane, click the
General tab. |
| Step 6
| On the icon bar of the Add iSCSI vNICs table, click Add. |
| Step 7
| In the Create iSCSI vNIC dialog box, complete the following fields:
| Name
|
Description
|
|---|
|
Name field
|
The name of the iSCSI vNIC.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
Overlay vNIC drop-down list
|
The LAN vNIC associated with this iSCSI vNIC, if any.
|
|
iSCSI Adapter Policy drop-down list
|
The iSCSI adapter policy associated with this iSCSI vNIC, if any.
|
|
Create iSCSI Adapter Policy link
|
Click this link to create a new iSCSI adapter policy that will be available to all iSCSI vNICs.
|
|
VLAN drop-down list
|
The virtual LAN associated with this iSCSI vNIC. The default VLAN is default.
| Note
| For the Cisco UCS M81KR Virtual Interface Card and the Cisco UCS VIC-1240 Virtual Interface Card, the VLAN that you specify must be the same as the native VLAN on the overlay vNIC.
For the Cisco UCS M51KR-B Broadcom
BCM57711 Adapter, the VLAN that you specify can be any VLAN assigned to the overlay vNIC.
|
|
|
| Step 8
| In the MAC Address Assignment drop-down list in the iSCSI MAC Address area, choose one of the following: -
Leave the MAC address unassigned, select Select (None used by default). Select this option if the server that will be associated with this service profile contains a Cisco UCS M81KR Virtual Interface Card adapter or a Cisco UCS VIC-1240 Virtual Interface Card.
Important: If the server that will be associated with this service profile contains a Cisco UCS NIC M51KR-B adapter, you must specify a MAC address.
-
A specific MAC address, select 00:25:B5:XX:XX:XX and enter the address in the MAC Address field. To verify that this address is available, click the corresponding link.
-
A MAC address from a pool, select the pool name from the list. Each pool name is followed by a pair of numbers in parentheses. The first number is the number of available MAC addresses in the pool and the second is the total number of MAC addresses in the pool.
If this Cisco UCS domain is registered with Cisco UCS Central, there may be two pool categories. Domain Pools are defined locally in the Cisco UCS domain and Global Pools are defined in Cisco UCS Central.
|
| Step 9
| (Optional)If you want to create a MAC pool that will be available to all service profiles, click Create MAC Pool and complete the fields in the Create MAC Pool wizard.
For more information, see Creating a MAC Pool.
|
| Step 10
| Click OK. |
| Step 11
| Click Save Changes. |
Deleting an iSCSI vNIC from a LAN Connectivity Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
LAN Connectivity Policies node. |
| Step 4
| Chose the policy from which you want to delete the iSCSI vNIC. |
| Step 5
| In the
Work pane, click the
General tab. |
| Step 6
| In the Add iSCSI vNICs table, do the following:- Click the iSCSI vNIC that you want to delete.
- On the icon bar, click Delete.
|
| Step 7
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
| Step 8
| Click Save Changes. |
Deleting a LAN Connectivity Policy
If you delete a LAN
connectivity policy that is included in a service profile, you will delete all
vNICs and iSCSI vNICs from that service profile and disrupt LAN data traffic
for the server associated with the service profile.
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
LAN Connectivity Policies node. |
| Step 4
| Right-click the policy that you want to delete and choose
Delete. |
| Step 5
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Configuring Network Control Policies
Network Control Policy
This policy configures the network control settings for the Cisco UCS domain, including the following:
-
Whether the Cisco Discovery Protocol (CDP) is enabled or disabled
-
How the virtual interface ( VIF) behaves if no uplink port is available in end-host mode
The action that Cisco
UCS Manager takes on the remote Ethernet interface, vEthernet interface , or vFibre Channel interface when the associated border port fails
-
Whether the server can use different MAC addresses when sending packets to the fabric interconnect
Whether MAC registration occurs on a per-VNIC basis or for all VLANs
Action on Uplink Fail
By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. For adapters such as the Cisco UCS M81KR Virtual Interface Card, this default behavior directs Cisco
UCS Manager to bring the vEthernet or vFibre Channel interface down if the associated border port fails. For Cisco UCS systems using a non-VM-FEX capable converged network adapter that supports both Ethernet and FCoE traffic, such as Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, this default behavior directs Cisco
UCS Manager to bring the remote Ethernet interface down if the associated border port fails. In this scenario, any vFibre Channel interfaces that are bound to the remote Ethernet interface are brought down as well.
Note |
if your
implementation includes those types of non-VM-FEX capable converged network adapters
mentioned in this section and
the adapter is expected to handle both Ethernet and FCoE traffic,
we recommend that you configure the Action on Uplink Fail
property with a value of warning. Note that this configuration might result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.
|
MAC Registration Mode
MAC addresses are installed only on the native VLAN by default, which maximizes the VLAN port count in most implementations.
Note |
If a trunking driver is being run on the host and the interface is in promiscuous mode, we recommend that you set the Mac Registration Mode to All VLANs.
|
Creating a Network Control Policy
MAC address-based port
security for Emulex converged Network Adapters (N20-AE0102) is not supported.
When MAC address-based port security is enabled, the fabric interconnect
restricts traffic to packets that contain the MAC address that it first learns.
This is either the source MAC address used in the FCoE Initialization Protocol
packet, or the MAC address in an ethernet packet, whichever is sent first by
the adaptor. This configuration can result in either FCoE or Ethernet packets
being dropped.
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the node for the organization where you want to create the
policy.
If the system does not include multitenancy,
expand the
root node.
|
| Step 4
| Right-click the Network Control Policies node and select Create Network Control Policy. |
| Step 5
| In the Create Network Control Policy dialog box, complete the following fields:
| Name
|
Description
|
|---|
|
Name
field
|
The name of the policy.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
|
CDP field
|
This option determines whether Cisco Discovery Protocol (CDP) is enabled on servers associated with a service profile that includes this policy. This can be one of the following:
|
MAC Register Mode field
|
Whether adapter-registered MAC addresses are added only to the native VLAN associated with the interface or added to all VLANs associated with the interface. This can be one of the following:
Only Native Vlan—MAC addresses are only added to the native VLAN. This option is the default, and it maximizes the port+VLAN count.
All Host Vlans—MAC addresses are added to all VLANs with which they are associated. Select this option if your VLANs are configured to use trunking but are not running in Promiscuous mode.
|
|
Action on Uplink Fail field
|
This option determines how the VIF behaves if no uplink port is available when the fabric interconnect is in end-host mode. This can be one of the following:
-
Link Down— Changes the operational state of a vNIC to down when uplink connectivity is lost on the fabric interconnect, and enables fabric failover for vNICs.
-
Warning— Maintains server-to-server connectivity even when no uplink port is available, and disables fabric failover when uplink connectivity is lost on the fabric interconnect.
The default is Link Down.
| Note
| if your
implementation includes those types of non-VM-FEX capable converged network adapters
mentioned in this section and
the adapter is expected to handle both Ethernet and FCoE traffic,
we recommend that you configure the Action on Uplink Fail
property with a value of warning. Note that this configuration might result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.
|
|
|
| Step 6
| In the MAC Security area, do the following to determine whether the server can use different MAC addresses when sending packets to the fabric interconnect:- Click the Expand icon to expand the area and display the radio buttons.
- Click one of the following radio buttons to determine whether forged MAC addresses are allowed or denied when packets are sent from the server to the fabric interconnect:
-
Allow— All server packets are accepted by the fabric interconnect, regardless of the MAC address associated with the packets.
-
Deny— After the first packet has been sent to the fabric interconnect, all other packets must use the same MAC address or they will be silently rejected by the fabric interconnect. In effect, this option enables port security for the associated vNIC.
If you plan to install VMware ESX on the associated server, you must configure the MAC Security to allow for the network control policy applied to the default vNIC. If you do not configure MAC Security for allow, the ESX installation may fail because the MAC security permits only one MAC address while the installation process requires more than one MAC address.
|
| Step 7
| Click OK. |
Deleting a Network Control Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the
Network Control Policies node. |
| Step 4
| Right-click the policy you want to delete and select
Delete. |
| Step 5
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|
Configuring Multicast Policies
Multicast Policy
This policy is used to configure Internet Group Management Protocol (IGMP) snooping and IGMP querier. IGMP Snooping dynamically determines hosts in a VLAN that should be included in particular multicast transmissions. You can create, modify, and delete a multicast policy that can be associated to one or more VLANs. When a multicast policy is modified, all VLANs associated with that multicast policy are re-processed to apply the changes. By default, IGMP snooping is enabled and IGMP querier is disabled. In the case of a private VLANs, you can set a multicast policy for primary VLANs but not for their associated isolated VLANs due to a Cisco NX-OS forwarding implementation.
The following limitations apply to multicast policies on the Cisco UCS 6100 series fabric interconnect and the 6200 series fabric interconnect:If a Cisco UCS domain includes only 6100 series fabric interconnects, only the default multicast policy is allowed for local VLANs or global VLANs.
- If a Cisco UCS domain includes one 6100 series fabric interconnect and one 6200 series fabric interconnect:
Only the default multicast policy is allowed for a local VLAN on a 6100 series fabric interconnect.
On a 6200 series fabric interconnect, user-defined multicast policies can also be assigned along with the default multicast policy.
Only the default multicast policy is allowed for a global VLAN (as limited by one 6100 series fabric interconnect in the cluster.
If a Cisco UCS domain includes only 6200 series fabric interconnects, any multicast policy can be assigned.
Creating a Multicast Policy
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the root node. |
| Step 4
| Right-click the Multicast Policies node and select Create Multicast Policy. |
| Step 5
| In the Create Multicast Policy dialog box, complete the following fields:
| Name
|
Description
|
|---|
|
Name
field
|
The name of the policy.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
IGMP Snooping State field
|
Whether IGMP snooping examines IGMP protocol messages within a VLAN to discover which interfaces are connected to hosts or other devices interested in receiving multicast traffic. This can be one of the following:
|
IGMP Snooping Querier State field
|
Whether IGMP snooping querier sends out periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic. This can be one of the following:
|
IGMP Snooping Querier IPv4 Address field
|
The IPv4 address for the IGMP snooping querier interface.
|
|
| Step 6
| Click OK. |
Modifying a Multicast Policy
This procedure describes how to change the IGMP snooping state and the IGMP snooping querier state of an existing multicast policy.
Note |
You cannot change the name of the multicast policy once it has been created.
|
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the root node. |
| Step 4
| Click the policy that you want to modify. |
| Step 5
| In the work pane, complete the following fields:
| Name
|
Description
|
|---|
|
Name
field
|
The name of the policy.
This name can be between 1 and 16
alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and
you cannot change this name after the object has been saved.
|
IGMP Snooping State field
|
Whether IGMP snooping examines IGMP protocol messages within a VLAN to discover which interfaces are connected to hosts or other devices interested in receiving multicast traffic. This can be one of the following:
|
IGMP Snooping Querier State field
|
Whether IGMP snooping querier sends out periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic. This can be one of the following:
|
IGMP Snooping Querier IPv4 Address field
|
The IPv4 address for the IGMP snooping querier interface.
|
|
| Step 6
| Click Save Changes. |
Deleting a Multicast Policy
Note |
If you assigned a non-default (user-defined) multicast policy to a VLAN and then delete that multicast policy, the associated VLAN inherits the multicast policy settings from the default multicast policy until the deleted policy is re-created.
|
Procedure
| Step 1
| In the
Navigation pane, click the
LAN tab. |
| Step 2
| On the
LAN tab, expand
. |
| Step 3
| Expand the root node. |
| Step 4
| Right-click the Multicast Policies node and select Delete Multicast Policy. |
| Step 5
| If the Cisco UCS Manager GUI
displays a confirmation dialog box, click
Yes.
|