Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Send document comments to nexus1k -doc feedback@c i sco .com.
Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1) March 30, 2012
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Internet Protocol (IP) addresses and phone numbers that are used in the examples, command display output, and figures within this document are for illustration only. If an actual IP address or phone number appears in this document, it is coincidental.
Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1) © 2012 Cisco Systems, Inc. All rights reserved.
Send document comments to nexus1k -doc feedback@c i sco .com.
Cisco Nexus 1000OL-25720-01
C O N T E N T S
Preface v
Audience v
Document Organization v
Document Conventions vi
Recommended Reading vi
Related Documentation vii
Obtaining Documentation and Submitting a Service Request viii
viii
Overview 1-1
Information About vCloud Director 1-1
Information About Network Segmentation Manager 1-3
Configuring Network Segmentation Manager 2-1
Information About Network Segmentation Manager 2-1
Prerequisites 2-1
Guidelines and Limitations 2-2
Default Settings 2-2
Network Segmentation Manager Configuration Process 2-3
Enabling the NSM Feature 2-3
Creating a Port Profile for Network Segmentation Policies 2-5
Creating Network Segmentation Policies 2-6
Registering vShield Manager with Network Segmentation Manager 2-10
Unregistering vShield Manager with Network Segmentation Manager 2-11
Verifying the NSM Configuration 2-11
Configuration Examples for Network Segmentation Manager 2-12
Changing a Port Profile Associated with a Network Segmentation Policy 2-13
Identifying the Networks Associated with the Network Segmentation Policy 2-13
Updating the Network Segmentation Policy 2-14
Changing the Network Segmentation Policy Associated with a Network. 2-16
Identifying the Networks 2-16
Migrating Networks to Non Default Network Segmentation Policy 2-17
Feature History for Network Segmentation Manager 2-19
iiiV Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
Send document comments to nexus1k -doc feedback@c i sco .com.
Contents
ivCisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Preface
This preface describes the audience, organization, and conventions of the Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1). It also provides information on how to obtain related documentation.
This preface includes the following sections:
• Audience, page v
• Document Organization, page v
• Document Conventions, page vi
• Recommended Reading, page vi
• Related Documentation, page vii
• Obtaining Documentation and Submitting a Service Request, page viii
AudienceThis guide is for network administrators with the following experience and knowledge:
• An understanding of virtualization
• Using VMware tools to configure a vswitch
Note Note: Knowledge of VMware vNetwork Distributed Switch is not a prerequisite.
Document OrganizationThis publication is organized as follows:
Chapter and Title Description
Overview Describes Network Segmentation Manager.
Configuring Network Segmentation Manager
Describes how to enable, and configure Network Segmentation Manager.
vCisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Preface
Document ConventionsCommand descriptions use these conventions:
Screen examples use these conventions:
This document uses the following conventions for notes and cautions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Recommended ReadingBefore configuring the Cisco Nexus 1000V, we recommend that you read and become familiar with the following documentation:
• Cisco Nexus 1000V Installation and Upgrade Guide, Release 4.2(1)SV1(5.1)
• Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1)
• Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1)
• Scalable Cloud Network with Cisco Nexus 1000V Series Switches and VXLAN White Paper
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
{ } Elements in braces are required choices.
[ ] Elements in square brackets are optional.
x | y | z Alternative, mutually exclusive elements are separated by vertical bars.
string A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
screen font Terminal sessions and information the device displays are in screen font.
boldface screen font
Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
< > Nonprinting characters, such as passwords, are in angle brackets.
[ ] Default responses to system prompts are in square brackets.
!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.
viCisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Beta Dra ft - - C i sco Conf ident i a l
Preface
Related Documentation This section lists the documents used with the Cisco Nexus 1000 and available on Cisco.com at the following URL:
http://www.cisco.com/en/US/products/ps9902/tsd_products_support_series_home.html
General Information
Cisco Nexus 1000V Documentation Roadmap, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Release Notes, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(5.1)
Cisco Nexus 1010 Management Software Release Notes, Release 4.2(1)SP1(3)
Install and Upgrade
Cisco Nexus 1000V Installation and Upgrade Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1010 Virtual Services Appliance Hardware Installation Guide
Cisco Nexus 1010 Software Installation and Upgrade Guide, Release 4.2(1)SP1(3)
Configuration Guides
Cisco Nexus 1000V High Availability and Redundancy Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1010 Software Configuration Guide, Release 4.2(1)SP1(3)
Programming Guide
Cisco Nexus 1000V XML API User Guide, Release 4.2(1)SV1(5.1)
Reference Guides
Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V MIB Quick Reference
Cisco Nexus 1010 Command Reference, Release 4.2(1)SP1(3)
viiCisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Preface
Troubleshooting and Alerts
Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV1(5.1)
Cisco Nexus 1000V Password Recovery Guide
Cisco NX-OS System Messages Reference
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway for Nexus 1000V Series Switch
Virtual Network Management Center
Cisco Virtual Network Management Center
Network Analysis Module Documentation
Cisco Prime Network Analysis Module Software Documentation Guide, 5.1
Cisco Prime Network Analysis Module (NAM) for Nexus 1010 Installation and Configuration Guide, 5.1
Cisco Prime Network Analysis Module Command Reference Guide 5.1
Cisco Prime Network Analysis Module Software 5.1 Release Notes
Cisco Prime Network Analysis Module Software 5.1 User Guide
Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
viiiCisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Cisco Nexus 1000V Network Segmentation MOL-25720-01
C H A P T E R 1
OverviewThis chapter provides an overview of Network Segmentation Manager (NSM) and includes the following sections:
• Information About vCloud Director, page 1-1
• Information About Network Segmentation Manager, page 1-3
Information About vCloud Director VMware’s vCloud Director 1.5 provides an abstraction layer that enables cloud service providers to provide an infrastructure as a service (IaaS) to various tenant organizations. vCloud Director also allows the tenant organizations to manage resources such as virtual data centers (vDCs), vApps, networks, and network pools. See Figure 1-1.
1-1anager Configuration Guide, Release 4.2(1) SV1(5.1)
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 1 OverviewInformation About vCloud Director
Figure 1-1 vCloud Director
vCloud Director includes the following cloud resources:
• Virtual data centers (vDCs)—Enables IT organizations to combine compute, storage, and networking resources to a vDC and deliver these resources to the users. There are two types of vDCs: provider vDCs and organization vDCs.
• Networks—Defines the boundaries and the respective service level for each function within a given cloud’s network architecture. vCloud Director supports three types of networks: external networks, organization networks, and vApp networks. These networks are created as port profiles on the Cisco Nexus 1000V.
• Network pools—Provides a mechanism for dynamic provisioning of networks within an organization vDC. The three different types of network pools are VLAN-backed, network isolation-backed, and port group-backed. All the types of network pools can be backed by using the Cisco Nexus 1000V.
See the VMware vCloud Director Administrator’s Guide and vCloud Director User’s Guide for more information.
Resource pool
DRS Cluster DRS Cluster DRS Cluster
Resource pool Resource pool
N1KVSMN1KVSMStorage
Service Provider VDC
Organization VDC
External Network
Network PoolNetwork PoolNetwork Pool
Org Network
Organization
Data Centerta Center
vCenterServer
Cloud
Client
Virtualization
Infrastructure
vCloudDirector
331204
1-2Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 1 OverviewInformation About Network Segmentation Manager
Information About Network Segmentation ManagerCisco Network Segmentation Manager (NSM) integrates VMware’s vCloud Director 1.5 with Cisco Nexus 1000V for networking management. See Figure 1-2 and Figure 1-3. In this figure, NSM communicates with vShield Manager to integrate with the vCloud Director, enabling you to use the Cisco Nexus 1000V for backing all types of network pools (VLAN-backed, network isolation-backed, and port group-backed) supported by vCloud Director.
Figure 1-2 Integration of vCloud Director with Cisco Nexus 1000V
vCloudDirector
3312
03
Manage
vCenter Server
VMware vSphere VMware vSphere VMware vSphere
NSM/VSM
1-3Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 1 OverviewInformation About Network Segmentation Manager
Figure 1-3 Cisco Nexus 1000V Topology Diagram with vCloud Director
When a cloud administrator creates networks on demand within the vCloud Director, vShield Manager issues requests to NSM to create networks based on network pools in the vCloud Director. NSM exposes a set of APIs which enables vShield Manager to create a port profile on the Cisco Nexus 1000V.
The network administrator creates network segmentation policies that contain a tenant ID, backing type (Segmentation or VLAN), and a reference to port profiles that contain policies for features such as QoS, ACL, and so on. These network segmentation policies are inherited on a port profile as a result of a network that is created in the vCloud Director. For more information on network segmentation policies, see “Creating Network Segmentation Policies” section on page 2-6.
In the vCloud Director, the tenant ID determines how a network is assigned to a network segmentation policy. In a network segmentation policy, the policy type can be either VLAN or Segmentation. When vShield Manager issues requests to NSM to create networks, either a segmentation ID or VLAN is used depending on the policy type for the given tenant.
3313
87
vCloud Director
App
OS
vNIC
vCenterServer
App
OS
vNIC
vShield Manager
App
OS
vNIC
VMware vCloud Director Management Cluster
Server
vSwitch
NIC
ESXi5172.28.30.96
Data VM
App
OS
ESXi 1172.28.30.95
Server
Cisco Nexus1000V VEM
Cisco Nexus 1000V VSM VM
Primary VSM
vNICvNIC
ServiceConsole
IPStorage vMotion
Data VM
App
OS
ESXi 2172.28.30.94
Server
Cisco Nexus1000V VEM
Cisco Nexus 1000V VSM VM
Secondary VSM
vNICvNIC
ServiceConsole
IPStorage vMotion
NIC NIC
vmk vmk vmk vmk vmk vmk
ESXi 3172.28.30.93
Server
Cisco Nexus1000V VEM
Data VM
App
OS
vNIC
App 2
App
OS
vNIC
App 1
App
OS
vNIC
NIC
ESXi 4172.28.30.92
Server
VMwarevSwitch
VC/VUM
App
OS
vNIC
NIC
1-4Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 1 OverviewInformation About Network Segmentation Manager
The vCloud Director creates the network from either a VLAN-backed or network isolation-backed network pool. The network pool type determines if a segmentation ID or VLAN is sent in the create network request to the NSM. Also, the network pool type that determines which type of network segmentation policy NSM uses
1-5Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 1 OverviewInformation About Network Segmentation Manager
1-6Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Cisco Nexus 1000V Network Segmentation MOL-25720-01
C H A P T E R 2
Configuring Network Segmentation ManagerThis chapter describes how to configure the Network Segmentation Manager and includes the following sections:
• Prerequisites, page 2-1
• Guidelines and Limitations, page 2-2
• Default Settings, page 2-2
• Network Segmentation Manager Configuration Process, page 2-3
• Verifying the NSM Configuration, page 2-11
• Configuration Examples for Network Segmentation Manager, page 2-12
• Changing a Port Profile Associated with a Network Segmentation Policy, page 2-13
• Changing the Network Segmentation Policy Associated with a Network., page 2-16
• Feature History for Network Segmentation Manager, page 2-19
Information About Network Segmentation ManagerFor more information, see the Information About Network Segmentation Manager, page 1-3.
Prerequisites Network Segmentation Manager has the following prerequisites:
• You have installed the Cisco Nexus 1000V software and configured the following using the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV1(5.1).
• You have a vCenter Server 4.1 or 5.0 configured in vCloud Director 1.5 and vShield Manager 5.
• You have associated a vShield Manager with every vCenter Server.
• You have created an organization in vCloud Director.
• You have created provider and organization vDC in vCloud Director.
• Ensure that Virtual Supervisor Module (VSM) has an active SVS connection.
• Ensure that Virtual Supervisor Module (VSM)- Virtual Ethernet Module (VEM) connectivity is functioning.
• You have added hosts to Cisco Nexus 1000V.
2-1anager Configuration Guide, Release 4.2(1) SV1(5.1)
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerGuidelines and Limitations
• Ensure that the user specified for NSM on vShield Manager is a network administrator.
Guidelines and LimitationsNetwork Segmentation feature has the following configuration guidelines and limitations:
• You must enable the VLANs that are going to be used through NSM and add them to the uplink.
• Ensure that the infrastructure has port 443 open.
• You must enable feature http-server in order to allow web service communication.
• You must enable the segmentation feature in order to use NSM for Virtual Extensible Local Area Network (VXLAN) via vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. See the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
Default SettingsTable 2-1 lists the default settings for network segmentation policies.
Note If a network creation request comes with a tenant ID and backing type that does not match a network segmentation policy, the default_vlan_template or default_segmentation_template is used during network creation from vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1). If required, you can add additional policies to the default NSM template.
Table 2-1 Default Network Segmentation Policies
Parameters Default
VLAN policy (port-profile template) default_vlan_template
segmentation policy (port-profile template) default_segmentation_template
2-2Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
Network Segmentation Manager Configuration ProcessThe following section guides you through the NSM configuration process. See Figure 2-1. After completing each procedure, return to this section to make sure that you have completed all required procedures in the correct sequence.
Figure 2-1 Network Segmentation Manager Configuration Process
Step 1 Enable the NSM feature using the “Enabling the NSM Feature” section on page 2-3.
Step 2 Create a port profile for network segmentation policies using the “Creating a Port Profile for Network Segmentation Policies” section on page 2-5.
Step 3 Create network segmentation policies using the “Creating Network Segmentation Policies” section on page 2-6.
Step 4 Register NSM with vShield Manager using the “Registering vShield Manager with Network Segmentation Manager” section on page 2-10.
Enabling the NSM FeatureYou can enable the NSM feature in Cisco Nexus 1000V.
Register NSM with vShieldManager
Create Network Segmentationpolicies
Enable NSM feature
Create port profiles
3310
06
2-3Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in EXEC mode.
SUMMARY STEPS
1. configure terminal
2. feature network-segmentation-manager
3. (Optional) show network-segment manager switch
DETAILED STEPS
EXAMPLES
This example shows how to enable the NSM feature:
n1000v# configure terminaln1000v(config)# feature network-segmentation-managern1000v# show network-segment manager switchswitch: default_switchstate: enableddvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d 4c 36 ca 1c d1 f0dvs-name: nexus1000vmgmt-srv-uuid: 087F202C-8937-4F1E-8676-6F714C1AB96Creg status: unregisteredlast alert: - seconds agoconnection status: disconnected
Command Purpose
Step 1 configure terminal
Example:n1000v# configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 feature network-segmentation-manager
Example:n1000v(config)# feature network-segmentation-managern1000v(config)#
Enables the Network Segmentation Manager feature.
Step 3 show network-segment manager switch
Example:n1000v# show network-segment manager switchswitch: default_switchstate: enableddvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d 4c 36 ca 1c d1 f0dvs-name: nexus1000vmgmt-srv-uuid: 087F202C-8937-4F1E-8676-6F714C1AB96Creg status: unregisteredlast alert: - seconds agoconnection status: disconnected
(Optional) Displays the Cisco Nexus 1000V configured with NSM.
2-4Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
Creating a Port Profile for Network Segmentation PoliciesYou can create a port profile that contains policies such as QoS, ACLs, and so on for network segmentation policies in Cisco Nexus 1000V.
For more information on port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
For more information on QoS, see the Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV1(5.1).
For more information on ACL, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(5.1).
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in EXEC mode.
• The VSM is connected to vCenter Server.
• The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. port-profile [type vethernet] name
3. no shutdown
4. state enabled
5. (Optional) show running-config port-profile name
2-5Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
DETAILED STEPS
EXAMPLES
This example shows how to create a segmentation type port profile:
n1000v# configure terminaln1000v(config)# port-profile type vethernet ABC_profile_segmentationn1000v(config-port-prof)# no shutdownn1000v(config-port-prof)# state enabledn1000v(config-port-prof)# show running-config port-profile ABC_profile_segmentation!Command: show running-config port-profile ABC_profile_segmentation!Time: Thu Dec 1 19:58:44 2011
version 4.2(1)SV1(5.1)port-profile type vethernet ABC_profile_segmentation no shutdown state enabled
Creating Network Segmentation PoliciesNetwork segmentation policies are a set of policies that are inherited on a port profile that is created as a result of a network. The policy type can be either VLAN or Segmentation. This policy type corresponds to the network pool type in the vCloud Director. VLAN network segmentation policies are used for networks created from VLAN-backed network pools and Segmentation network segmentation policies are used for networks created from network isolation-backed network pools.
The network segmentation policies also contains a tenant ID and a reference to a port profile that may contain other policies for features such as QoS, ACL, and so on. Each tenant ID is unique and can be associated with only one Segmentation and one VLAN network segmentation policy. The tenant ID
Command Purpose
Step 1 configure terminal
Example:n1000v#configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 port-profile [type vethernet] nameExample: n1000v(config)# port-profile type vethernet ABC_profile_segmentationn1000v(config-port-prof)#
Enters port profile configuration mode for the named port profile.
Step 3 no shutdownExample: n1000v(config-port-prof)# no shutdownn1000v(config-port-prof)#
Administratively enables all ports in the profile.
Step 4 state enabledExample:n1000v(config-port-prof)# state enabledn1000v(config-port-prof)#
Enables the port profile and applies its configuration to the assigned ports.
Step 5 show running-config port-profileExample:n1000v(config-port-prof)# show running-config port-profile ABC_profile_segmentation
(Optional) Displays the configuration for verification.
2-6Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
correlates to the Organization Universally Unique Identifier (UUID) in the vCloud Director. For more information on retrieving the organization UUID from VMware vCloud Director, see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2012943
Note If a network segmentation policy with a tenant ID is not created, the default_vlan_template or default_segmentation_template is used during network creation from vCloud Director. In a network segmentation policy, VXLAN is used for a segmentation policy. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
You can create network segmentation policies.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in EXEC mode.
• The NSM feature is enabled.
• You know the tenant IDs for tenants that require non default network segmentation policies. The tenant IDs for network segment policies can be found on vCloud Director. It is located in the address bar of the browser when viewing an organization.
In the following example,
https://[VCloud_director_IP]/cloud/#/vAppListPage?org=91e87e80-e18b-460f-a761-b978c0d28aea
the tenant ID is "91e87e80-e18b-460f-a761-b978c0d28aea"
• You must create the port profiles with all the required feature port profiles before importing them to the network segmentation policy. To create a port profile, see the “Creating a Port Profile for Network Segmentation Policies” section.
• You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy name
3. description description
4. type {segmentation | VLAN}
5. id {vCloud Director Organization tenant-id}
6. import port-profile name
7. (Optional) show running-config network-segment policy
2-7Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
DETAILED STEPS
Command Purpose
Step 1 configure terminalExample:n1000v# configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 network-segment policy nameExample:n1000v(config)# network-segment policy abc-policy-vxlann1000v(config-network-segment-policy)#
Creates a network segmentation policy. The policy name can be up to 80 characters and must be unique for each policy on the NSM.
Step 3 description descriptionExample:n1000v(config-network-segment-policy)# description network segmentation policy for ABC n1000v(config-network-segment-policy)#
Adds a description of up to 80 ASCII characters to the policy.
Step 4 type {segmentation | VLAN}Example:n1000v(config-network-segment-policy)# type segmentationn1000v(config-network-segment-policy)#
Defines the network segmentation policy type. The policy type can be Segmentation or VLAN. For segmentation policy, VXLAN is used. For more information, see the Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1).
The policy type corresponds to the network pools (VLAN-backed or network isolation-backed) in the vCloud Director.
Once configured, the type cannot be changed.
Step 5 id {vCloud Director Organization tenant-id}Example:n1000v(config-network-segment-policy)#id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170n1000v(config-network-segment-policy)#
Associates the network segmentation policy with the tenant ID. The tenant ID correlates to the Organization UUID in the vCloud Director and cannot be changed once it is configured.
2-8Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
EXAMPLES
This example shows how to create a NSM policy for ABC Inc for VXLAN networks:
n1000v# configure terminaln1000v(config)# network-segment policy abc-policy-vxlann1000v(config-network-segment-policy)# description network segmentation policy for ABC for VXLAN networksn1000v(config-network-segment-policy)# type segmentationn1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation n1000v(config-network-segment-policy)#show running-config network-segment policy abc-policy-vxlan!Command: show running-config network-segment policy abc-policy-vxlan!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)feature network-segmentation-manager
network-segment policy abc-policy-vxlandescription network segmentation policy for ABC for VXLAN networksid f5dcf127-cdb0-4bdd-8df5-9515d6dc8170type segmentationimport port-profile port-profile ABC_profile_segmentation
This example shows how to create a NSM policy for ABC Inc for VLAN networks:n1000v# configure terminaln1000v(config)# network-segment policy abc-policy-vlann1000v(config-network-segment-policy)# description network segmentation policy for ABC for VLAN networksn1000v(config-network-segment-policy)# type vlann1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170n1000v(config-network-segment-policy)# import port-profile ABC_profile_vlan
Step 6 import port-profile nameExample:n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentationn1000v(config-network-segment-policy)#
Associates the port profile with the network segmentation policy. Each network created that uses this network segmentation policy will inherit the associated port profile.
Step 7 show running-config network-segment policyExample:n1000v#show running-config network-segment policy abc-policy-vxlan
!Command: show running-config network-segment policy abc-policy-vxlan!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)feature network-segmentation-manager
network-segment policy abc-policy-vxlandescription network segmentation policy for ABC for VXLAN networksid f5dcf127-cdb0-4bdd-8df5-9515d6dc8170type segmentationimport port-profile port-profile ABC_profile_segmentation
(Optional) Displays the network segmentation policy configuration.
Command Purpose
2-9Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerNetwork Segmentation Manager Configuration Process
n1000v(config-network-segment-policy)#
Note As a best practice, if a tenant specific policy is defined through network segmentation policies, you should define it for both segmentation and VLAN types.
Registering vShield Manager with Network Segmentation ManagerYou can use this procedure to register VMware vShield Manager with NSM.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to vShield Manager.
• The vShield Manager is connected to vCenter Server.
• The NSM feature is enabled.
• You know the range of multicast addresses.
• You know the segment ID pool.
• Ensure that the segment ID range allocated to vShield Manager does not overlap with other instances in the network or VXLANs used on the Cisco Nexus 1000V.
• Ensure that the user specified for NSM on vShield Manager is a network administrator.
DETAILED STEPS
Step 1 In the vShield Manager, navigate to the Settings and Report window.
Step 2 In the Setting and Reports pane, click Configuration.
Step 3 Click Networking. The Edit Settings window opens.
Step 4 Enter the segment ID pool. The segment ID pool should be greater than 4097.
Step 5 Enter the multicast address range.
Step 6 Click OK.
Step 7 In the vShield Manager, navigate to the External Switch Providers window.
Step 8 Click Add Switch Provider. The External Switch Provider window opens.
Step 9 Enter the name of the switch.
Step 10 Enter the NSM API service URL (https://Cisco-VSM-IP-Address/n1k/services/NSM).
Step 11 Enter the network administrator username and password.
Step 12 Accept the SSL thumbprint.
Step 13 In the External Switch Providers window, a green check mark in the Status column indicates that the connection between vShield Manager and NSM is established.
Step 14 You can verify the registration of the vShield Manager with NSM by entering the following command on the Cisco Nexus 1000V CLI:
n1000v# show network-segment manager switchswitch: default_switchstate: enabled
2-10Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerVerifying the NSM Configuration
dvs-uuid: d4 e7 12 50 89 db 3b c4-8d 4d 4c 36 ca 1c d1 f0dvs-name: nexus1000vmgmt-srv-uuid: 087F202C-8937-4F1E-8676-6F714C1AB96Creg status: registeredlast alert: 30 seconds agoconnection status: connected
Unregistering vShield Manager with Network Segmentation ManagerYou can use this procedure to unregister VMware vShield Manager with NSM.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to vShield Manager.
• The vShield Manager is registered with NSM.
DETAILED STEPS
Step 1 In the vShield Manager, navigate to the Settings and Report window.
Step 2 In the Setting and Reports pane, click Configuration.
Step 3 Click Networking. The Edit Settings window opens.
Step 4 In the External Switch Providers pane, click the Delete link for the switch you wish to unregister.
Step 5 You can verify that the vShield Manager has been unregistered by entering the following command on the Cisco Nexus 1000V CLI:
n1000v# show network-segment manager switchswitch: default_switch state: enabled dvs-uuid: ff 05 32 50 5b d5 db fe-da 48 70 e1 0f bd ae 43 dvs-name: cinquedia-vsm mgmt-srv-uuid: 35B101C8-DE9B-42F9-BE85-284DD679367D reg status: unregistered last alert: - seconds ago connection status: disconnected
Verifying the NSM ConfigurationTo display NSM configuration information, perform one of the following tasks:
Command Purpose
show network-segment manager switch Displays the Cisco Nexus 1000V configured with NSM.
show running-config port-profile Displays the port profile configuration.
show running-config network-segment policy Displays the NSM policy configuration.
2-11Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerConfiguration Examples for Network Segmentation Manager
For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1).
Configuration Examples for Network Segmentation ManagerThe following example shows how to configure Network Segmentation Manager feature:
Step 1 Enable Network Segmentation Manager.
n1000v# configure terminaln1000v(config)# feature network-segmentation-manager
Step 2 Create a port profiles for segmentation and VLAN policies.
n1000v# configure terminaln1000v(config)# port-profile type vethernet ABC_profile_segmentationn1000v(config-port-prof)# no shutdownn1000v(config-port-prof)# state enabled
n1000v# configure terminaln1000v(config)# port-profile type vethernet ABC_profile_vlann1000v(config-port-prof)# no shutdownn1000v(config-port-prof)# state enabled
Step 3 Create a NSM Policy
n1000v# configure terminaln1000v(config)# network-segment policy abc-policy-vxlann1000v(config-network-segment-policy)# description network segmentation policy for ABC for VXLAN networksn1000v(config-network-segment-policy)# type segmentationn1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation
n1000v#configure terminaln1000v(config)# network-segment policy abc-policy-vlann1000v(config-network-segment-policy)# description network segmentation policy for ABC for VLAN networksn1000v(config-network-segment-policy)# type vlann1000v(config-network-segment-policy)# id f5dcf127-cdb0-4bdd-8df5-9515d6dc8170n1000v(config-network-segment-policy)# import port-profile ABC_profile_vlan
Step 4 Verify the configuration.
n1000v# configure terminaln1000v(config)# show running-config network-segment policy abc-policy-vxlan!Command: show running-config network-segment policy abc-policy-vxlan!Time: Fri Aug 26 18:34:50 2011
version 4.2(1)SV1(5.1)feature network-segmentation-manager
network-segment policy abc-policy-vxlandescription network segmentation policy for ABC for VXLAN networksid f5dcf127-cdb0-4bdd-8df5-9515d6dc8170type segmentationimport port-profile port-profile ABC_profile_segmentation
2-12Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging a Port Profile Associated with a Network Segmentation Policy
Changing a Port Profile Associated with a Network Segmentation Policy
During a network creation in the vCloud Director, network segmentation policies are created on the NSM and these network segmentation policies are inherited on a port profile. In order to associate a different port profile with the deployed network, you can change the port profile associated with the network segmentation policy.
To change the port profile associated with the network segmentation policy perform the following steps:
Step 1 Identify all the networks associated with the network segmentation policy. For more information, see Identifying the Networks Associated with the Network Segmentation Policy, page 2-13.
Step 2 Manually remove the inheritance for the existing port profile. See section “Removing Inherited Policies from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 3 Manually inherit the new port profile that will be associated with the network segmentation policy. See section “Inheriting a Configuration from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 4 Update the network segmentation policy. For more information, see Updating the Network Segmentation Policy, page 2-14
Identifying the Networks Associated with the Network Segmentation PolicyYou can identify the networks associated with the network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in configuration mode.
• The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. show network-segment policy usage
2-13Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging a Port Profile Associated with a Network Segmentation Policy
DETAILED STEPS
EXAMPLES
This example shows how to identify the networks associated with a network segmentation policy:
n1000v(config)# show network-segment policy usage
network-segment policy default_segmentation_templatedvs.VCDVSint-org-cn2-e46e9686-2327-49df-ad5c-a3f89c00cfb8
network-segment policy default_vlan_template
network-segment policy abc-policy-vxlandvs.VCDVSint-org-nexus-6141babd-bdc8-4e86-8f16-1ac786fb377f
network-segment policy abc-policy-vlan
Updating the Network Segmentation PolicyYou can update a network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in EXEC mode.
• The NSM feature is enabled.
• You know the tenant IDs for tenants that require non default network segmentation policies.
• You must create the port profiles with all the required feature port profiles before importing them to the network segmentation policy. To create a port profile, see the Creating a Port Profile for Network Segmentation Policies, page 2-5.
• You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy name
3. import port-profile name force
Command Description
Step 1 configure terminal
Example:n1000v# configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 show network-segment policy usageExample:n1000v(config)# show network-segment policy usage
Displays the network segmentation policy usage by networks.
2-14Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging a Port Profile Associated with a Network Segmentation Policy
4. (Optional) show run network-segment policy
DETAILED STEPS
EXAMPLES
This example shows how to update the network segmentation policy:
n1000v# configure terminaln1000v(config)# show running-config network-segment policy abc-policy-vxlan
network-segment policy abc-policy-vxlandescription network segmentation policy for ABC for VXLAN networkstype segmentationid f5dcf127-cdb0-4bdd-8df5-9515d6dc8170import port-profile ABC_profile_segmentation
n1000v(config)# network-segment policy abc-policy-vxlann1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation_new forcen1000v(config)# show running-config network-segment policy abc-policy-vxlan
network-segment policy abc-policy-vxlandescription network segmentation policy for ABC for VXLAN networkstype segmentationid f5dcf127-cdb0-4bdd-8df5-9515d6dc8170import port-profile ABC_profile_segmentation_new
Command Purpose
Step 1 configure terminalExample:n1000v# configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 network-segment policy nameExample:n1000v(config)# network-segment policy abc-policy-vxlann1000v(config-network-segment-policy)
Creates a network segmentation policy. The policy name can be up to 80 characters and must be unique for each policy on the NSM.
Step 3 import port-profile name forceExample:n1000v(config-network-segment-policy)# import port-profile ABC_profile_segmentation forcen1000v(config-network-segment-policy)
Forces the new port profile to be used and migrates existing the networks to the new port profile. Each network created that uses this network segmentation policy will inherit the associated port profile.
Note The force option overrides any checks in the NSM that prevent you from modifying the port profile. After updating the network segmentation policy, a warning is displayed listing any networks that are not inheriting the new port profile.
Step 4 show running-config network-segment policyExample:n1000v(config-network-segment-policy)#show running-config network-segment policy abc-policy-vxlan
(Optional) Displays the network segmentation policy configuration.
2-15Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging the Network Segmentation Policy Associated with a Network.
Changing the Network Segmentation Policy Associated with a Network.
During a network creation in the vCloud Director, network segmentation policies are created on the NSM. In order to use other non default policies for any new or old networks associated with an Organization vDC in the vCloud Director, you must change the network segmentation policy associated with a network.
To change the network segmentation policy associated with a network, perform the following steps:
Step 1 Identify all the networks that need to be migrated. For more information, see Identifying the Networks, page 2-16.
Step 2 Manually remove the inheritance of the port profile associated with the network segmentation policy from the network. See section “Removing Inherited Policies from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 3 Manually inherit the new port profile that will be associated with the network segmentation policy on the network. See section “Inheriting a Configuration from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
Step 4 Migrate the networks from the default network segmentation policy to the non default network segmentation policy. For more information, see Migrating Networks to Non Default Network Segmentation Policy, page 2-17.
Identifying the Networks You can identify the networks that have to be migrated.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in configuration mode.
• The NSM feature is enabled.
SUMMARY STEPS
1. configure terminal
2. show network-segment network
2-16Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging the Network Segmentation Policy Associated with a Network.
DETAILED STEPS
EXAMPLES
This example shows you how to display the networks associated with a network segmentation policy:
n1000v(config)# show network-segment network
network dvs.VCDVSint-org-cn2-e46e9686-2327-49df-ad5c-a3f89c00cfb8tenant id: 2b4ca1b2-ba8e-456c-b772-a4730af16e2enetwork-segment policy: default_segmentation_templatesegment id: 4107multicast ip: 225.0.0.1
network dvs.VCDVSint-org-nexus-6141babd-bdc8-4e86-8f16-1ac786fb377ftenant id: 91e87e80-e18b-460f-a761-b978c0d28aeanetwork-segment policy: seg-template-nexus-orgsegment id: 4108multicast ip: 225.0.0.2
n100v(config)#
Migrating Networks to Non Default Network Segmentation PolicyYou can migrate the networks from the default network segmentation policy to the non default network segmentation policy.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
• You are logged in to the CLI in EXEC mode.
• The NSM feature is enabled.
• You know the tenant IDs for tenants that require non default network segmentation policies.
• You have knowledge about port profile inheritance. See the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. network-segment policy migrate id isolation_id type nw_type dest-policy policy
3. (Optional) show network-segment network
Command Description
Step 1 configure terminal
Example:n1000v# configure terminaln1000v(config)#
Enters global configuration mode.
Step 2 show network-segment networkExample:n1000v(config)# show network-segment network
Displays the networks associated with a network segmentation policy.
2-17Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerChanging the Network Segmentation Policy Associated with a Network.
DETAILED STEPS
EXAMPLES
This example shows you how to migrate networks to non default segmentation policy:
n1000v(config)# show network-segment network
network dvs.VCDVStenantid_vlan-74e36255-e588-4357-8abe-15d2cc7feaectenant id: da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87network-segment policy: default_segmentation_templatesegment id: 4107multicast ip: 225.0.0.1
n1000v(config)# network-segment policy migrate id da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87 type segmentation dest-policy org_seg
Note In case a warning appears then, first manually remove the inheritance of the port profile associated with the network segmentation policy from the network. See section “Removing Inherited Policies from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information. Then, manually inherit the new port profile that will be associated with the network segmentation policy on the network. See section “Inheriting a Configuration from a Port Profile” in the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1) for more information.
n1000v(config)#show network-segment network
network dvs.VCDVStenantid_vlan-74e36255-e588-4357-8abe-15d2cc7feaectenant id: da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87
Command Purpose
Step 1 configure terminalExample:n1000v# config terminaln1000v(config)#
Enters global configuration mode.
Step 2 network-segment policy migrate id isolation_id type nw_type dest-policy policyExample:n1000v(config)# network-segment policy migrate id da5c49a8-dd1b-4326-9da0-3c5e6a2c1b87 type vlan dest-policy org_vlan
Migrates the the networks from the default network segmentation policy to the non default destination network segmentation policy.
• isolation_id: Tenant ID of for the networks to be migrated.
• nw_type: Type of networks (VLAN or Segmentation) to be migrated
• policy: Name of the destination network segmentation policy to migrate to.
Note If there are any existing networks that match the tenant ID and type, but are not inheriting the port profile associated with the destination network segmentation policy, a warning will be displayed listing the port-profiles that are not migrated.
Step 3 show network-segment network (Optional) Displays the networks associated with a network segmentation policy.
2-18Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerFeature History for Network Segmentation Manager
network-segment policy: org_segsegment id: 4107multicast ip: 225.0.0.1
Feature History for Network Segmentation ManagerTable 2-2 lists the release history for this feature. Only features that were introduced or modified in Release 4.2(1)SV1(5.1) or a later release appear in the table.
Table 2-2 Feature History for NSM
Feature Name Releases Feature Information
Network Segmentation Manager 4.2(1)SV1(5.1) Introduced the Network Segmentation Manager (NSM) feature.
2-19Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01
Send document comments to nexus1k -doc feedback@c i sco .com.
Chapter 2 Configuring Network Segmentation ManagerFeature History for Network Segmentation Manager
2-20Cisco Nexus 1000V Network Segmentation Manager Configuration Guide, Release 4.2(1) SV1(5.1)
OL-25720-01