Configuring VNMC Profiles
This section includes the following topics:
VNMC Profiles
Cisco VNMC profiles are configurable.
In Cisco VNMC, there is a default profile that exists. Default profiles are system generated and can be modified, but they cannot be deleted. The administrator can add syslog policies, core policies, fault policies, log policies, and the time zone. DNS and NTP policies can be created also. Configured policies can be assigned to the VNMC profile.
In the VNMC profile, there is a pre-configured DNS domain name when the system is configured at boot configuration. That domain is displayed in the Cisco VNMC instance. New DNS domains cannot be created. However the domain name description can be modified.
Cisco VNMC does not support the creation of additional VNMC profiles.
Policies in VNMC Profiles
You can create multiple policies and assign them to the VNMC profile. Policies for the VNMC profile are created and deleted on the VNMC Profile tab. Policies can be assigned to the VNMC profile. VNMC profile uses name resolution to resolve policy assignments. For details, see Name Resolution in a Multi-Tenant Environment.
The following policies created under root only, in the Device Policies area, will be visible in the VNMC profile:
-
Core file policy
-
Fault policy
-
Logging policy
-
Syslog policy
Policies created under root are visible to both the VNMC profile and the Device profile.
DNS server, NTP server and domain names can be assigned as inline policies. A time zone setting can also be assigned to the profile.
When the system boots up, the following policies already have existing default policies:
-
Fault policy
-
Logging policy
-
Syslog policy
The default policies cannot be deleted but may be modified.
Configuring Policies
Configuring a Core File Policy
Adding a Core File Policy to the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Core File. |
Step 2 |
In the General tab, click Add Core File Policy. |
Step 3 |
In the Add Core File Policy dialog box, complete the following fields, then click OK:
Field |
Description |
Name |
Core file policy name. This name can be from 1 to 32 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been created. |
Description |
Brief policy description. This field can contain from 1 to 256 identifier characters. You can use alphanumeric characters, such as dash (-), underscore (_), and dot (.). |
Admin State |
Indicate whether the administrative state of the policy is to be enabled or disabled. |
Hostname |
Hostname or IP address to use for this policy. If you use a hostname rather than an IP address, you must configure a DNS server in VNMC. |
Port |
Port number for sending the core dump file. |
Protocol |
Protocol for exporting the core dump file (read-only). |
Path |
Path to use when storing the core dump file on a remote system. The default path is /tftpboot, such as /tftpboot/test, where test is the subfolder. |
|
Editing a Core File Policy for VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Core File. |
Step 2 |
In the General tab, click the core file policy you want to edit, then click Edit. |
Step 3 |
In the Edit dialog box, modify the following fields as appropriate:
Field |
Description |
Name |
Name of the core file policy (read-only). |
Description |
Brief policy description. |
Admin State |
Administrative status of the policy: enabled or disabled. |
Hostname |
Hostname or IP address.
Note |
If you use a hostname, you must configure a DNS server. |
|
Port |
Port number to use when exporting the core dump file. |
Protocol |
Protocol used to export the core dump file (read-only). |
Path |
Path to use when storing the core dump file on the remote system. The default path is /tftpboot. To specify a subfolder under tftpboot, use the format /tftpboot/folder where folder is the subfolder. |
|
Step 4 |
Click OK. |
Deleting a Core File Policy from the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Core File. |
Step 2 |
In the General tab, click the core file policy you want to delete, then click Delete. |
Step 3 |
When prompted, confirm the deletion. |
Configuring a Fault Policy
Adding a Fault Policy to the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Fault. |
Step 2 |
In the General tab, click Add Fault Policy. |
Step 3 |
In the Add Fault Policy dialog box, provide the information as described in the following table, then click OK:
Field |
Description |
Name |
Fault policy name. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is created. |
Description |
Brief policy description. |
Flapping Interval |
Length of time (in hours, minutes, and seconds) that must elapse before the system allows a fault to change its state. Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change. If the condition reoccurs during the flapping interval, the fault returns to the active state. If the condition does not reoccur during the flapping interval, the fault is cleared. What happens at that point depends on the setting in the Clear Faults Retention Action field. The default flapping interval is ten seconds. |
Clear Faults Retention Action |
Action to be taken when faults are cleared:
-
retain—Retain the cleared faults.
-
delete—Delete fault messages as soon as they are marked as cleared.
|
Clear Faults Retention Interval |
How long the system is to retain cleared fault messages:
-
Forever—The system retains all cleared fault messages regardless of their age.
-
Other—The system retains cleared fault message for a specified the length of time. In the spinbox that is displayed when you select this option, enter the length of time (in days, hours, minutes, and seconds) that the system is to retain cleared fault messages.
|
|
Editing a Fault Policy for a VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Fault. |
Step 2 |
In the General tab, select the fault policy you want to edit, then click Edit. |
Step 3 |
In the Edit Fault Policy dialog box, modify the fields as needed by using the information in the following table, then click OK.
Field |
Description |
Name |
Policy name (read-only). |
Description |
Brief policy description. |
Flapping Interval |
Length of time (in hours, minutes, and seconds) that must elapse before the system allows a fault to change its state. Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change. If the condition recurs during the flapping interval, the fault returns to the active state. If the condition does not recur during the flapping interval, the fault is cleared. The next action depends on the setting in the Clear Faults Retention Action field. The default flapping interval is ten seconds. |
Clear Faults Retention Action |
Available fault retention actions:
-
retain—The system retains fault messages.
-
delete—The system deletes fault messages when they are marked as cleared.
|
Clear Faults Retention Interval |
How long the system is to retain cleared fault messages:
-
Forever—The system retains all cleared fault messages regardless of their age.
-
Other—The system retains cleared fault message for a specified the length of time. In the spinbox that is displayed when you select this option, enter the length of time (in days, hours, minutes, and seconds) that the system is to retain cleared fault messages.
|
|
Deleting a Fault Policy from the VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
In the Navigation pane, click the Administration tab. |
Step 2 |
In the Navigation pane, click the VNMC Profile subtab. |
Step 3 |
In the Navigation pane, expand . |
Step 4 |
In the Work pane, click the General tab. |
Step 5 |
On the General tab, click the fault policy you want to delete. |
Step 6 |
Click Delete. |
Step 7 |
In the Confirm dialog box, click OK. |
Configuring a Logging Policy
Adding a Logging Policy to the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Log File. |
Step 2 |
In the General tab, click Add Logging Policy. |
Step 3 |
In the Add Logging Policy dialog box, complete the following fields:
Field |
Description |
Name |
Logging policy name. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is created. |
Description |
Brief policy description. |
Log Level |
One of the following logging severity levels:
-
debug0
-
debug1
-
debug2
-
debug3
-
debug4
-
info
-
warning
-
minor
-
major
-
critical
The default log level is info. |
Backup Files Count |
Number of backup files that are filled before they are overwritten. The range is 1 to 9 files, with a default of 2 files. |
File Size (bytes) |
Backup file size. The range is 1 MB to 100 MB with a default of 5 MB. |
|
Step 4 |
Click OK. |
Editing a Logging Policy for VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Log File. |
Step 2 |
In General tab, select the logging policy that you want to edit, then click Edit. |
Step 3 |
In the Edit Log File Policy dialog box, modify the information as required by using the information in the following table, then click OK.
Field |
Description |
Name |
Logging policy name (read-only). |
Description |
Brief policy description. |
Log Level |
One of the following logging levels:
-
debug0
-
debug1
-
debug2
-
debug3
-
debug4
-
info
-
warning
-
minor
-
major
-
critical
The default log level is info. |
Backup Files Count |
Number of backup files that are filled before they are overwritten. The range is 1 to 9 files, with a default of 2 files. |
File Size (bytes) |
Backup file size. The range is 1 MB to 100 MB with a default of 5 MB. |
|
Deleting a Logging Policy from the VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Log File. |
Step 2 |
In the General tab, select the logging policy you want to delete, then click Delete. |
Step 3 |
When prompted, confirm the deletion. |
Configuring Syslog Policy
Adding a Syslog Policy to the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Syslog. |
Step 2 |
In the General tab, click Add Syslog. |
Step 3 |
In the Add Syslog Policy dialog box, provide the information as described in the following table, then click OK. The syslog message settings that you configure for the VNMC profile apply to VNMC syslog messages only. These settings do not affect other non-VNMC syslog messages.
Field |
Description |
General Tab |
Name |
Policy name. |
Description |
Brief policy description. |
Use Emblem Format |
Check the check box to use the EMBLEM format for syslog messages. This option is supported for ASA 1000Vs. It is not supported for VSGs. |
Continue if Host is Down |
Check the check box to continue logging if the syslog server is down. This option is supported for ASA 1000Vs. It is not supported for VSGs. |
Servers Tab |
Add Syslog Server |
Click to add a new syslog server. |
Syslog Servers table |
List of configured syslog servers. |
Local Destinations Tab |
Console area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: alert, critical, or emergency. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
|
Monitor area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
|
File area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
-
File Name—Name of the file to which messages are logged.
-
Size (bytes)—Maximum size, in bytes, that the file can reach before the system begins to overwrite the messages.
|
Buffer area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
-
Buffer Size (Bytes)—In bytes, the size of the buffer for syslog messages.
-
Wrap to Flash—Indicates whether or not the buffer contents are saved to flash memory with the buffer wraps (becomes full). Check the check box to save the contents to flash memory if the buffer wraps.
-
Max File Size in Flash (KB)—Maximum size, in kilobytes, that can be used by the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.
-
Min Free Flash Size (KB)—Minimum size, in kilobytes, that is allocated for the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.
|
|
Editing a Syslog Policy for VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Syslog. |
Step 2 |
In the General tab, select the syslog policy you want to edit, then click Edit. |
Step 3 |
In the Edit Syslog Policy dialog box, update the information as required by using the information in the following table, then click OK.
Field |
Description |
General Tab |
Name |
Policy name. |
Description |
Brief policy description. |
Use Emblem Format |
Check the check box to use the EMBLEM format for syslog messages. This option is supported for ASA 1000Vs. It is not supported for VSGs. |
Continue if Host is Down |
Check the check box to continue logging if the syslog server is down. This option is supported for ASA 1000Vs. It is not supported for VSGs. |
Servers Tab |
Add Syslog Server |
Click to add a new syslog server. |
Syslog Servers table |
List of configured syslog servers. |
Local Destinations Tab |
Console area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: alert, critical, or emergency. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
|
Monitor area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
|
File area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
-
File Name—Name of the file to which messages are logged.
-
Size (bytes)—Maximum size, in bytes, that the file can reach before the system begins to overwrite the messages.
|
Buffer area |
-
Admin State—Administrative state of the policy: enabled or disabled.
-
Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.
-
Buffer Size (Bytes)—In bytes, the size of the buffer for syslog messages.
-
Wrap to Flash—Indicates whether or not the buffer contents are saved to flash memory with the buffer wraps (becomes full). Check the check box to save the contents to flash memory if the buffer wraps.
-
Max File Size in Flash (KB)—Maximum size, in kilobytes, that can be used by the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.
-
Min Free Flash Size (KB)—Minimum size, in kilobytes, that is allocated for the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.
|
|
Deleting a Syslog Policy from a VNMC Profile
Note |
When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Syslog. |
Step 2 |
In the General tab, click the syslog policy you want to delete, then click Delete. |
Step 3 |
When prompted, confirm the deletion. |
Adding a Syslog Server to the VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Syslog . |
Step 2 |
In the General tab, click Add Syslog Policy. |
Step 3 |
In the Add Syslog Policy dialog box, click Add Syslog Server. |
Step 4 |
In the Add Syslog Server dialog box, provide the information as described in the following table:
Field |
Description |
Server Type |
One of the following server types:
-
primary
-
secondary
-
tertiary
|
Hostname/IP Address |
Hostname or IP address where the syslog file resides. |
Severity |
One of the following severity levels:
-
emergencies (0)
-
alerts (1)
-
critical (2)
-
errors (3)
-
warnings (4)
-
notifications (5)
-
information (6)
-
debugging (7)
|
Forwarding Facility |
One of the following forwarding facilities:
-
auth
-
authpriv
-
cron
-
daemon
-
ftp
-
kernel
-
local0
-
local1
-
local2
-
local3
-
local4
-
local5
-
local6
-
local7
-
lpr
-
mail
-
news
-
syslog
-
user
-
uucp
|
Admin State |
Administrative state of the policy: enabled or disabled. |
Port |
Port to use to send data to the syslog server. Valid port values are 1025 through 65535 for both TCP and UDP. The default TCP port is 1470. The default UDP port is 514. |
Protocol |
Protocol to use for this policy: TCP or UDP. |
Use Transport Layer Security |
Check the check box to use Transport Layer Security. This option is available only for TCP. |
Server Interface |
Interface to use to access the syslog server. |
|
Step 5 |
Click OK in the open dialog boxes. |
Editing a Syslog Server for VNMC Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Policies > Syslog. |
Step 2 |
In the General tab, select the syslog policy with the syslog server that you want to edit, then click Edit. |
Step 3 |
In the Edit Syslog Policy dialog box, click the Servers tab. |
Step 4 |
Select the syslog server that you want to edit, then click Edit. |
Step 5 |
In the Edit Syslog Server dialog box, edit the information as required, using the information in the following table:
Name |
Description |
Server Type |
One of the following server types: primary, secondary, or tertiary (read-only). |
Hostname/IP Address |
Hostname or IP address where the syslog file resides. |
Severity |
One of the following severity levels:
-
emergencies (0)
-
alerts (1)
-
critical (2)
-
errors (3)
-
warnings (4)
-
notifications (5)
-
information (6)
-
debugging (7)
|
Forwarding Facility |
One of the following forwarding facilities:
-
auth
-
authpriv
-
cron
-
daemon
-
ftp
-
kernel
-
local0
-
local1
-
local2
-
local3
-
local4
-
local5
-
local6
-
local7
-
lpr
-
mail
-
news
-
syslog
-
user
-
uucp
|
Admin State |
Administrative state of the policy: enabled or disabled. |
Port |
Port to use to send data to the syslog server. Valid port values are 1025 through 65535 for both TCP and UDP. The default TCP port is 1470. The default UDP port is 514. |
Protocol |
Protocol to use: TCP or UDP. |
Use Transport Layer Security |
Check the check box to use Transport Layer Security. This option is available only for TCP. |
Server Interface |
Interface to use to access the syslog server. This option applies to ASA 1000V only. Enter the data interface name specify in the edge firewall. Use the device CLI to configure a route through the management interface. |
|
Step 6 |
Click OK in the open dialog boxes. |
Deleting a Syslog Server from a VNMC Profile
Procedure
Step 1 |
In the Navigation pane, click the Administration tab. |
Step 2 |
In the Navigation pane, click the VNMC Profile subtab. |
Step 3 |
In the Navigation pane, expand . |
Step 4 |
In the Navigation pane, click the Syslog node. |
Step 5 |
In the Work pane, click the General tab. |
Step 6 |
On the General tab, click the Add Syslog link. |
Step 7 |
In the Add Syslog dialog box, click the Servers tab. |
Step 8 |
On the Servers tab, click the syslog server you want to delete. |
Step 9 |
Click Delete. |
Step 10 |
In the Confirm dialog box, click Yes. |
Configuring the Default Profile
Editing the VNMC Default Profile
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Profile > default. |
Step 2 |
In the General tab, update the information as required:
Field |
Description |
Name |
Default profile name (read-only). |
Description |
Brief profile description. |
Time Zone |
Available time zones. The default time zone is UTC. |
|
Step 3 |
In the Policy tab, update the information as required:
Field |
Description |
DNS Servers |
Add DNS Server |
Click to add a new DNS server. |
Delete |
Deletes the DNS server selected in the DNS Servers table. |
Up and down arrows |
Changes the priority of the selected DNS server. VNMC uses the DNS servers in the order in which they appear in the table. |
DNS Servers table |
Identifies the DNS servers configured in the system. |
NTP Servers |
Add NTP Server |
Click to add a new NTP server. |
Delete |
Deletes the NTP server selected in the NTP Servers table. |
Up and down arrows |
Changes the priority of the selected NTP server. VNMC uses the NTP servers in the order in which they appear in the table. |
NTP Servers table |
Identifies the NTP servers configured in the system. |
DNS Domains |
Edit |
Edits the DNS domain selected in the DNS Domains table. The default DNS domain cannot be edited. |
DNS Domains |
Identifies the default DNS domain name and domain configured in the system. |
Other Options |
Syslog |
The syslog policies associated with this profile can be selected, added, or edited. Click the Resolved Policy field to review or modify the specified policy. |
Fault |
The fault policies associated with this profile can be selected, added, or edited. Click the Resolved Policy field to review or modify the specified policy. |
Core File |
The core file policies associated with this profile can be selected, added, or edited. Click the Resolved Policy field to review or modify the specified policy. |
Log File |
The log file policies associated with this profile can be selected, added, or edited. Click the Resolved Policy field to review or modify the specified policy. |
|
Step 4 |
Click Save. |
Configuring a DNS Server
Adding a DNS Server
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Profile > default. |
Step 2 |
Click the Policy tab. |
Step 3 |
In the DNS Servers area, click Add DNS Server. |
Step 4 |
In the Add DNS Server dialog box, enter the DNS server IP address. You can specify a maximum of four DNS servers. |
Step 5 |
Click Save. |
Deleting a DNS Server
Procedure
Step 1 |
In the Navigation pane, click the Administration tab. |
Step 2 |
In the Navigation pane, click the VNMC Profile subtab. |
Step 3 |
In the Navigation pane, expand . |
Step 4 |
In the Navigation pane, click default. |
Step 5 |
In the Work pane, click the Policy tab. |
Step 6 |
In the DNS Servers area, click the IP address you want to delete. |
Step 7 |
Click the Delete link. |
Step 8 |
In the Confirm dialog box, click Yes. |
Step 9 |
In the Work pane, click Save. |
Configuring an NTP Server
Adding an NTP Server
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Profile > default. |
Step 2 |
In the Policy tab, click Add NTP Server. |
Step 3 |
In the Add NTP server dialog box, enter the hostname or IP address of the NTP server.
Note |
You can include a maximum of four NTP servers. Use the up and down arrows to arrange the servers from highest to lowest priority, with the highest priority server at the top of the list. |
|
Step 4 |
Click Save. |
Deleting an NTP Server
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Profile > default. |
Step 2 |
Click the Policy tab. |
Step 3 |
In the NTP Servers area, click the server that you want to delete, then click Delete. |
Step 4 |
When prompted, confirm the deletion. |
Step 5 |
Click Save. |
Configuring a DNS Domain
Editing a DNS Domain
Caution |
Changing the DNS domain will cause a loss of connectivity that results in an error message, your session closing, and then the display of a new VNMC certificate. This situation occurs when the VNMC hostname. VNMC domain name, or both have changed. The VM Manager Extension file must be exported again and installed on vCenter. To continue, accept the VNMC certificate and log into VNMC again.
|
Procedure
Step 1 |
Choose Administration > VNMC Profile > root > VNMC Profile > default. |
Step 2 |
Click the Policy tab. |
Step 3 |
In the DNS Domains table, select the domain that you want to edit, then click Edit. |
Step 4 |
In the Edit DNS Domains dialog box, edit the Domain Name field as required, then click OK. |
Step 5 |
Click Save. |