- Preface
- New and Changed Information
- Overview
- Configuring CDP
- Configuring the Domain
- Managing Server Connections
- Managing the Configuration
- Working with Files
- Managing Users
- Configuring NTP
- Configuring Local SPAN and ERSPAN
- Configuring SNMP
- Configuring NetFlow
- Configuring System Message Logging
- Configuring iSCSI Multipath
- Configuring VSM Backup and Recovery
- Enabling vTracker
- Configuring Virtualized Workload Mobility
- Index
Configuring the Domain
This chapter contains the following sections:
- Information About Domains
- Guidelines and Limitations
- Default Settings
- Configuring the Domain
- Feature History for the VSM Domain
Information About Domains
You must create a domain for the Cisco Nexus 1000V and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when you install the software. If you need to create a domain later, you can do so by using the setup command or the procedures described in this chapter.
Layer 3 Control
Layer 3 control or IP connectivity, is supported between the Virtual Supervisor Module (VSM) and the Virtual Ethernet Module (VEM) for control and packet traffic. In Layer 3 control mode, the VSM and VEM need to have Layer 3 connectivity between them. A VSM and VEM can exist in two different Layer 2 networks or two different subnets. The primary VSM and the secondary VSM require Layer 2 connectivity over the control VLAN for HA to function.
To implement Layer 3 control, you must make the following configurations:
Guidelines and Limitations
-
UDP port 4785 is required for Layer 3 communication between the VSM and VEM. If you have a firewall in your network and are configuring Layer 3 control, make sure that UDP port 4785 is open on your upstream switch or firewall device. For more information, see the documentation for your upstream switch or firewall device.
-
In a Layer 2 network, you can switch between the Layer 2 and Layer 3 transport modes, but when you do so, the modules might be out of service briefly.
-
The capability attribute (Layer 3 control) cannot be inherited from the port profile.
-
Different hosts can use different VLANs for Layer 3 control.
-
A port profile used for Layer 3 control must be an access port profile. It cannot be a trunk port profile. The port profile created for Layer 3 control, can only be used for vmknic ports and not for VM ports, specifically VSM ports if VSM is hosted on the DVS.
-
You must configure Layer 3 (L3) capability control only for a vmk interface. If you add L3 capability control on a virtual ethernet (veth) interface, the system VLAN becomes ineffective for that veth.
-
We recommend that if you are using the VMware kernel NIC for Layer 3 Control, you do not use it for any other purpose. For example, do not also use the Layer 3 Control VMware kernel NIC for VMotion or network file system (NFS) mount.
-
You must configure control VLANs, packet VLANs, and management VLANs as regular VLANs and not as private VLANs.
Default Settings
Parameter |
Default |
---|---|
VMware port group name (port-profile) |
The name of the port profile |
SVS mode (svs-domain) |
Layer 3 |
Switchport mode (port-profile) |
Access |
State (port-profile) |
Disabled |
State (VLAN) |
Active |
Shut state (VLAN) |
No shutdown |
Configuring the Domain
This section includes the following procedures:
- Creating a Domain
- Changing to Layer 3 Transport
- Changing to Layer 2 Transport
- Creating a Port Profile for Layer 3 Control
- Creating a Control VLAN
- Creating a Packet VLAN
Creating a Domain
You can create a domain for the Cisco Nexus 1000V that identifies the VSM and VEMs and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when installing the software. If you need to create a domain after initial setup, you can do so by using this procedure.
Note | We recommend the following:
|
Before beginning this procedure, you must be logged in to the CLI in EXEC mode.
You must know the following information:
If two or more VSMs share the same control and/or packet VLAN, the domain helps identify the VEMs managed by each VSM.
A unique domain ID for this Cisco Nexus 1000V instance.
Identity of the VLANs to be used for control and packet traffic.
The svs mode command in the SVS Domain Configuration mode is not used and has no effect on a configuration.
switch# config terminal switch(config)# svs-domain switch(config-svs-domain)# domain id 100 switch(config-svs-domain)# control vlan 190 switch(config-svs-domain)# packet vlan 191 switch(config-vlan)# exit switch(config)# show svs domain SVS domain config: Domain id: 317 Control vlan: 317 Packet vlan: 317 L2/L3 Control mode: L2 L3 control interface: NA Status: Config push to VC successful. Note: Control VLAN and Packet VLAN are not used in L3 mode. switch(config)# switch(config)# copy run start [########################################] 100% switch(config)#
Changing to Layer 3 Transport
This procedure requires you to disable the control and packet VLANs. You cannot change to Layer 3 Control before disabling the control and packet VLANs.
Before beginning this procedure, you must be logged in to the CLI in EXEC mode.
You have already configured the Layer 3 interface (mgmt 0 or control 0) and assigned an IP address.
When control 0 is used for Layer 3 transport, proxy-arp must be enabled on the control 0 VLAN gateway router.
switch(config)# show svs domain SVS domain config: Domain id: 100 Control vlan: 100 Packet vlan: 101 L2/L3 Control mode: L2 L3 control interface: NA Status: Config push to VC successful. switch# config t switch(config)# svs-domain switch(config-svs-domain)# no packet vlan switch(config-svs-domain)# no control vlan switch(config)# show svs domain SVS domain config: Domain id: 100 Control vlan: 1 Packet vlan: 1 L2/L3 Control mode: L2 L2/L3 Control interface: NA Status: Config push to VC successful. switch(config-svs-domain)# svs mode l3 interface mgmt0 SVS domain config: Domain id: 100 Control vlan: 1 Packet vlan: 1 L2/L3 Control mode: L3 L3 control interface: mgmt0 Status: Config push to VC successful. switch(config-svs-domain)# show svs domain switch(config-svs-domain)# control type multicast switch(config)# show svs domain SVS domain config: Domain id: 343 Control vlan: NA Packet vlan: NA L2/L3 Control mode: L3 L3 control interface: mgmt0 Status: Config push to VC successful. Control type multicast: Yes switch(config-svs-domain)# no control type multicast switch(config)# show svs domain SVS domain config: Domain id: 343 Control vlan: NA Packet vlan: NA L2/L3 Control mode: L3 L3 control interface: mgmt0 Status: Config push to VC in progress. Control type multicast: No Limitation : Control type multicast is configured. It is not applicable in svs L2 mode. switch(config-svs-domain)# copy running-config startup-config [########################################] 100% switch(config-svs-domain)#
Changing to Layer 2 Transport
You can change the transport mode to Layer 2 for the VSM domain control and packet traffic. The transport mode is Layer 3 by default, but if it is changed, you can use this procedure to configure it again as Layer 2.
This procedure requires you to configure a control VLAN and a packet VLAN. You cannot configure these VLANs if the VSM domain capability is Layer 3 Control. You will first change the svs domain mode to Layer 2 and then configure the control VLAN and packet VLAN.
Before beginning this procedure, you must be logged in to the CLI in EXEC mode.
switch# show svs domain SVS domain config: Domain id: 317 Control vlan: NA Packet vlan: NA L2/L3 Control mode: L3 L3 control interface: mgmt0 Status: Config push to VC successful. Control type multicast: No switch# config t switch(config)# svs-domain switch(config-svs-domain)# svs mode l2 switch(config-svs-domain)# control vlan 100 switch(config-svs-domain)# packet vlan 101 switch(config-svs-domain)# show svs domain SVS domain config: Domain id: 100 Control vlan: 100 Packet vlan: 101 L2/L3 Control mode: L2 L3 control interface: NA Status: Config push to VC successful. switch(config-svs-domain)# copy running-config startup-config [########################################] 100%
Creating a Port Profile for Layer 3 Control
You can allow the VSM and VEM to communicate over IP for control and packet traffic.
Before beginning this procedure, you must be logged in to the CLI in EXEC mode.
You must know the following information:
The transport mode for the VSM domain has already been configured as Layer 3.
All VEMs belong to the same Layer 2 domain.
The VEM VM kernel NIC connects to this Layer 3 control port profile when you add the host to the Cisco Nexus 1000V DVS.
Only one VM kernel NIC can be assigned to this Layer 3 control port profile per host.
The VLAN ID for the VLAN you are adding to this Layer 3 control port profile:
The port profile must be an access port profile. It cannot be a trunk port profile. This procedure includes steps to configure the port profile as an access port profile.
More than one port profile can be configured with the capability L3 control command. These can only be used for vmknic ports and not for VM ports, specifically VSM ports if VSM is hosted on the DVS.
Different hosts can use different VLANs for Layer 3 control.
VEM modules will not register to the VSM before a vmkernel interface (vmk) is migrated to a Layer 3 control capable port profile.
switch# config terminal switch(config)# port-profile l3control-150 switch(config-port-prof)# capability l3control switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode access switch(config-port-prof)# switchport access vlan 150 switch(config-port-prof)# no shutdown switch(config-port-prof)# system vlan 150 switch(config-port-prof)# state enabled switch(config-port-prof)# show port-profile name l3control-150 port-profile l3control-150 description: type: vethernet status: enabled capability l3control: yes pinning control-vlan: 8 pinning packet-vlan: 8 system vlans: 150 port-group: l3control-150 max ports: 32 inherit: config attributes: switchport mode access switchport access vlan 150 no shutdown evaluated config attributes: switchport mode access switchport access vlan 150 no shutdown assigned interfaces: switch(config-port-prof)# copy running-config startup-config
Creating a Control VLAN
Before beginning this procedure, you must be logged in to the CLI in EXEC mode.
Be sure you have already configured and enabled the required switched virtual interface (SVI) using the document, Cisco Nexus 1000V Interface Configuration Guide. The SVI is also called the VLAN interface and provides communication between VLANs.
You must know the following:
switch# config t switch(config)# vlan 30 switch(config-vlan)# name cp_control switch(config-vlan)# state active switch(config-vlan)# show vlan id 30 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 30 cp_control active VLAN Type MTU ---- ----- 5 enet 1500 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- --------------- ------------------------------------------- switch(config-vlan)# copy running-config startup-config
Creating a Packet VLAN
Before beginning this procedure, be sure you have done the following:
Logged in to the CLI in EXEC mode
Configured and enabled the required switched virtual interface (SVI)
Familiarized yourself with how VLANs are numbered.
Note | Newly created VLANs remain unused until Layer 2 ports are assigned to them. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# config t |
Places you in global configuration mode. | ||
Step 2 | switch(config)# vlan vlan-id |
Creates VLAN ID for packet traffic and places you in VLAN configuration mode.
| ||
Step 3 | switch(config-vlan)# name vlan-name | Adds the descriptive name to this VLAN. | ||
Step 4 | switch(config-vlan)# state vlan-state | Changes the operational state of the VLAN to active or suspend. | ||
Step 5 | switch(config-vlan)# show vlan id vlan-id | (Optional) Displays the configuration for the VLAN ID. | ||
Step 6 | switch(config-vlan)# exit |
Returns you to global configuration mode. | ||
Step 7 | switch(config)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
switch# config t switch(config)# vlan 31 switch(config-vlan)# name cp_packet switch(config-vlan)# state active switch(config-vlan)# exit switch(config)# show vlan id 31 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 31 cp_packet active VLAN Type MTU ---- ----- 5 enet 1500 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- --------------- ------------------------------------------- switch(config)# copy run start [########################################] 100% switch(config)#
Feature History for the VSM Domain
This table only includes updates for those releases that have resulted in additions to the feature.
Feature Name |
Releases |
Feature Information |
---|---|---|
Layer 3 Control |
4.0(4)SV1(2) |
Added the following information: |
VSM Domain |
4.0(4)SV1(1) |
This feature was introduced. |