Port Profiles
This chapter describes how to identify and resolve problems with port profiles and includes the following topics:
Information About Port Profiles
Port profiles are used to configure interfaces. A port profile can be assigned to multiple interfaces giving them all the same configuration. Changes to the port profile are propagated automatically to the configuration of any interface assigned to it.
In the VMware vCenter Server, a port profile is represented as a port group. The vEthernet or Ethernet interfaces are assigned in vCenter Server to a port profile for:
-
Defining port configuration by policy.
-
Applying a single policy across a large number of ports.
-
Supporting both vEthernet and Ethernet ports.
vEthernet port profiles can be assigned by the server administrator to physical ports (a VMNIC or a PNIC). Port profiles not configured as vEthernet can be assigned to a VM virtual port.
Note While manual interface configuration overrides that of the port profile, it is not recommended. Manual interface configuration is only used, for example, to quickly test a change or allow a port to be disabled without having to change the inherited port profile.
For more information about assigning port profiles to physical or virtual ports, see your VMware documentation.
To verify that the profiles are assigned as expected to physical or virtual ports, use the following show commands:
-
show port-profile virtual usage
-
show running-config interface
interface-id
To verify port profile inheritance, use the following command:
-
show running-config interface
interface-id
Note Inherited port profiles cannot be changed or removed from an interface from the Cisco Nexus 1000V CLI. This can only be done from vCenter Server.
Note Inherited port profiles are automatically configured by the Cisco Nexus 1000V when the ports are attached on the hosts. This is done by matching up the VMware port group assigned by the system administrator with the port profile that created it.
For detailed information about port profiles, see the
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV2(1.1).
Problems with Port Profiles
The following are symptoms, possible causes, and solutions for problems with port profiles.
Table 9-1 Problems with Port Profiles
|
|
|
You do not see the port group on vCenter Server or the following message is displayed:
Warning: Operation succeeded locally but update failed on vCenter server. Please check if you are connected to vCenter Server.
|
The connection to vCenter server is down.
|
1. Verify that the connection to the vCenter Server is Enabled and Connected.
show svs connections
2. Reconnect to vCenter server.
For detailed instructions, see the
Connecting to vCenter Server
procedure in the
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV2(1.1)
.
|
The domain configuration was not successfully pushed to vCenter server.
|
1. Verify that the domain configuration was successfully pushed to vCenter Server.
show svs domain
2. Fix any problems with the domain configuration.
For information about configuring the domain, see the
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV2(1.1)
.
|
The port profile is configured incorrectly.
|
1. Verify that the
vmware port-group
is configured for the port profile and that the port profile is enabled.
show port profile name
name
2. Fix the port profile using the procedures in the
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV2(1.1)
.
|
A port configuration is not applied to an interface.
|
Management connectivity between the vCenter server and the VSM has prevented the port profile assignment from being sent or received.
|
1. Display the port profile usage by interface.
show port-profile virtual usage
2. Verify that the interface level configuration did not overwrite the port profile configuration.
show run
show port-profile expand-interface
3. If the show command output is incorrect, then on vCenter server, reassign the port group to the interface.
|
An Ethernet interface or vEthernet interface is administratively down.
A system message similar to the following is logged:
%VMS-3-DVPG_NICS_MOVED: '1' nics have been moved from port-group 'Access483' to 'Unused_Or_Quarantine_Veth'.
|
The interface is inheriting a quarantined port profile.
A configuration was not saved prior to rebooting the VSM, the configuration was lost, and the interfaces were moved to one of the following port profiles:
-
Unused_Or_Quarantine_Uplink
for ethernet types
-
Unused_Or_Quarantine_Veth for Vethernet types
|
1. Verify the port profile-to-interface mapping.
show port-profile virtual usage
2. Reassign the VMNIC or PNIC to a non-quarantined port group to enable the interface to be up and forwarding traffic. This requires changing the port group on vCenter Server.
|
After applying a port profile, an online interface is quarantined.
A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet3/3 has been quarantined due to Cache Overrun
|
The assigned port profile is incorrectly configured. The incorrect command fails when the port profile is applied to an interface.
Although a specific command fails, the port profile-to-interface mapping is created.
|
1. Identify the command that failed.
show accounting log | grep FAILURE
2. Verify the interface is quarantined.
show port-profile sync-status
3. Verify the port profile-to-interface mapping.
show port-profile virtual usage
4. Fix the error in the port profile using the procedures in the
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV2(1.1)
.
5. Bring the interface out of quarantine.
no shutdown
The interface comes back online.
6. Return shutdown control to the port-profile.
default shutdown
|
After modifying a port profile, an assigned offline interface is quarantined.
A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet4/3 has been quarantined due to Cache Overrun
|
The interface has been removed from the DVS.
|
To bring the interface back online:, use the Recovering a Quarantined Offline Interface.
|
A module and all associated interfaces are offline.
A system message similar to the following is logged:
2011 Mar 2 22:28:50 n1000v %VEM_MGR-2-VEM_MGR_REMOVE_NO_HB: Removing VEM 3 (heartbeats lost)
2011 Mar 2 22:29:00 n1000v %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
|
The interface carrying system VLANs for the module has gone down for one of the following reasons:
-
System interfaces were removed from the DVS on the vCenter Server.
-
The module was powered down.
-
There is general loss of connectivity to the module.
|
Follow VEM troubleshooting guide to bring module back online
To bring the interface back online, use the Recovering a Quarantined Offline Interface.
|
Recovering a Quarantined Offline Interface
You can use this procedure to recover and bring online an interface that is offline and has been quarantined.
BEFORE YOU BEGIN
Before beginning this procedure, you must know or do the following:
-
You are logged in to the CLI in EXEC mode.
DETAILED STEPS
Step 1 Verify the interface has is quarantined. The interface appears in the show command output.
show port-profile sync-status
Step 2 On the vCenter server, add or associate the PNIC to a port profile (either the original port profile or a different port profile).
The interface comes back online.
Step 3 Verify that the interface has come back online.
show interface brief
Step 4 Verify the port profile-to-interface mapping.
show port-profile virtual usage
Step 5 Verify the interface has come out of quarantine automatically. The interface should no longer appear in the show command output.
show port-profile sync-status
Step 6 Return shutdown control to the port-profile.
default shutdown
Port Profile Logs
To enable and collect detailed logs for port profiles, use the following commands:
-
debug port-profile trace
-
debug port-profile error
-
debug port-profile all
-
debug msp all
After enabling the debug log, the results of any subsequent port profile configuration are captured in the log file.
Port Profile Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to port profiles.
|
|
show port-profile
|
Displays the port profile configuration.
See
Example 9-1 on page 9-7
.
|
show port-profile name
name
|
Displays the configuration for a named port profile.
See
Example 9-2 on page 9-8
.
|
show port-profile brief
|
Displays tabular view of all configured port profiles.
See
Example 9-3 on page 9-9
.
|
show port-profile expand-interface
|
Displays all configured port profiles expanded to include the interfaces assigned to them.
See
Example 9-4 on page 9-9
.
|
show port-profile expand-interface name
name
|
Displays a named port profile expanded to include the interfaces assigned to it.
See
Example 9-5 on page 9-11
.
|
show
port-profile-role
[
name
port-profile-role-name
]
|
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups.
See
Example 9-7 on page 9-12
.
|
show
running-config
port-profile
[
profile-name
]
|
Displays the port profile configuration.
See
Example 9-6 on page 9-12
.
|
show port-profile-role
|
Displays the port profile role configuration.
See
Example 9-7 on page 9-12
.
|
show port-profile-role users
|
Displays available users and groups.
See
Example 9-8 on page 9-12
.
|
show port-profile sync-status
[
interface
if-name
]
|
Displays interfaces that are out of sync with the port profile.
See
Example 9-9 on page 9-12
.
|
show
port-profile virtual usage
[
name
profile-name
]
|
Displays the port profile usage by interface.
See
Example 9-10 on page 9-13
.
|
show msp internal info
|
Displays port profile mappings on vCenter server and configured roles.
|
show system internal port-profile profile-fsm
|
Displays port profile activity on the Cisco Nexus 1000V, including transitions such as inherits and configurations. If the following displays, then all inherits are processed:
Curr state: [PPM_PROFILE_ST_SIDLE]
See
Example 9-12 on page 9-17
|
show system internal port-profile event-history msgs
|
Displays the messages logged about port profile events within the Cisco Nexus 1000V.
See
Example 9-13 on page 9-17
|
For detailed information about show command output, see the
Cisco Nexus 1000V Command Reference, Release 4.2(1)SV2(1.1)
.
EXAMPLES
Example 9-1 show port-profile
n1000v# show port-profile port-profile vEthProfile1 channel-group auto mode on mac-pinning evaluated config attributes: channel-group auto mode on mac-pinning port-profile vEthProfile2 channel-group auto mode on sub-group cdp evaluated config attributes: channel-group auto mode on sub-group cdp port-profile vEthProfile3 channel-group auto mode on sub-group manual evaluated config attributes: channel-group auto mode on sub-group manual assigned interfaces:n1000v#
Example 9-2 show port-profile name
n1000v# show port-profile name vEthProfile3 port-profile vEthProfile3 channel-group auto mode on sub-group manual evaluated config attributes: channel-group auto mode on sub-group manual
Example 9-3 show port-profile brief
n1000v# show port-profile brief -------------------------------------------------------------------------------- Port Profile Profile Conf Eval Assigned Child Profile Type State Items Items Intfs Profs -------------------------------------------------------------------------------- AccessProf Vethernet 0 0 0 0 0 PP1027 Vethernet 1 0 0 0 0 PP1028 Vethernet 1 0 0 0 0 Unused_Or_Quarantine_Uplink Ethernet 1 1 0 0 0 Unused_Or_Quarantine_Veth Vethernet 1 1 0 0 0 accessprof Vethernet 0 3 3 0 0 portp1 Vethernet 0 0 0 0 0 -------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Example 9-4 show port-profile expand-interface
n1000v# show port-profile expand-interface vmware config information vmware config information dvs uuid: 12 98 0e 50 6b 78 6f c5-74 af b2 3a 16 6e 45 10 vmware config information dvs uuid: 12 98 0e 50 6b 78 6f c5-74 af b2 3a 16 6e 45 10 port-profile Unused_Or_Quarantine_Uplink vmware config information pg name: Unused_Or_Quarantine_Uplink pg id: Unused_Or_Quarantine_Uplink dvs uuid: 12 98 0e 50 6b 78 6f c5-74 af b2 3a 16 6e 45 10 port-profile Unused_Or_Quarantine_Veth vmware config information pg name: Unused_Or_Quarantine_Veth pg id: Unused_Or_Quarantine_Veth dvs uuid: 12 98 0e 50 6b 78 6f c5-74 af b2 3a 16 6e 45 10 vmware config information vmware config information
Example 9-5 show port-profile expand-interface name UplinkProfile1
n1000v# show port-profile expand-interface name UplinkProfile1 switchport trunk allowed vlan 110-119
Example 9-6 show running-config port-profile
n1000v# show running-config port-profile port-profile type ethernet UplinkProfile1 description "Profile for critical system ports" switchport access vlan 113 switchport trunk native vlan 113 channel-group auto mode on port-profile type vethernet vEthProfile2 switchport trunk native vlan 112 channel-group auto mode on sub-group cdp
Example 9-7 show port-profile-role
n1000v# show port-profile-role name adminUser
Example 9-8 show port-profile-role users
switch#
show port-profile-role users
Groups:
Administrators
TestGroupB
Users:
hdbaar
fgreen
suchen
mariofr
Example 9-9
show port-profile sync-status
n1000v# show port-profile sync-status interface ethernet 3/2
Ethernet3/2
port-profile: uplink
interface status: quarantine
sync status: out of sync
cached commands:
errors:
command cache overrun
recovery steps:
bring interface online
n1000v#
Example 9-10 show port-profile virtual usage
n1000v# show port-profile virtual usage ------------------------------------------------------------------------------- Port Profile Port Adapter Owner ------------------------------------------------------------------------------- vlan1767 Veth7 Net Adapter 1 all-tool-7 Veth8 Net Adapter 1 all-tool-8 aipc1765 Veth4 Net Adapter 1 bl-h-s inband1766 Veth6 Net Adapter 3 bl-h-s mgmt1764 Veth5 Net Adapter 2 bl-h-s Eth4/2 vmnic1 VDANIKLNCOS Eth4/3 vmnic2 VDANIKLNCOS ch-aipc1765 Veth1 Net Adapter 1 bl-h-p ch-mgmt1764 Veth2 Net Adapter 2 bl-h-p ch-inband1766 Veth3 Net Adapter 3 bl-h-p
Example 9-11
show msp internal info
n1000v# show msp internal info vmware config information dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile Unused_Or_Quarantine_Uplink vmware config information pg name: Unused_Or_Quarantine_Uplink pg id: Unused_Or_Quarantine_Uplink dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile Unused_Or_Quarantine_Veth vmware config information pg name: Unused_Or_Quarantine_Veth pg id: Unused_Or_Quarantine_Veth dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile eth-break-deinherit vmware config information pg name: eth-break-deinherit pg id: eth-break-deinherit dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile eth-break-inherit vmware config information pg name: eth-break-inherit dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 vmware config information dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 vmware config information dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile veth-break-deinherit vmware config information pg name: veth-break-deinherit pg id: veth-break-deinherit dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 port-profile veth-break-inherit vmware config information pg name: veth-break-inherit pg id: veth-break-inherit dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 vmware config information dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5 dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
Example 9-12 show system internal port-profile profile-fsm
n1000v# show system internal port-profile profile-fsm >>>>FSM: <PROFILE_FSM:1> has 4 logged transitions<<<<< 1) FSM:<PROFILE_FSM:1> Transition at 856903 usecs after Tue Mar 8 19:11:47 2011 Previous state: [PPM_PROFILE_ST_SIDLE] Triggered event: [PPM_PROFILE_EV_EIF_STATUS_CHANGE] Next state: [PPM_PROFILE_ST_SIDLE] 2) FSM:<PROFILE_FSM:1> Transition at 858442 usecs after Tue Mar 8 19:11:47 2011 Previous state: [PPM_PROFILE_ST_SIDLE] Triggered event: [PPM_PROFILE_EV_ELEARN] Next state: [PPM_PROFILE_ST_SIF_CREATE] 3) FSM:<PROFILE_FSM:1> Transition at 842710 usecs after Tue Mar 8 19:12:04 2011 Previous state: [PPM_PROFILE_ST_SIF_CREATE] Triggered event: [PPM_PROFILE_EV_EACKNOWLEDGE] Next state: [FSM_ST_NO_CHANGE] 4) FSM:<PROFILE_FSM:1> Transition at 873872 usecs after Tue Mar 8 19:12:04 2011 Previous state: [PPM_PROFILE_ST_SIF_CREATE] Triggered event: [PPM_PROFILE_EV_ESUCCESS] Next state: [PPM_PROFILE_ST_SIDLE] Curr state: [PPM_PROFILE_ST_SIDLE]
Example 9-13 show system internal port-profile event-history msgs
n1000v# show system internal port-profile event-history msgs 1) Event:E_MTS_RX, length:60, at 538337 usecs after Tue Mar 8 19:13:02 2011 [NOT] Opc:MTS_OPC_IM_IF_CREATED(62467), Id:0X0000B814, Ret:SUCCESS Src:0x00000101/175, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:120 0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 29 2) Event:E_MTS_RX, length:60, at 515030 usecs after Tue Mar 8 19:13:02 2011 [NOT] Opc:MTS_OPC_LC_ONLINE(1084), Id:0X0000B7E8, Ret:SUCCESS Src:0x00000101/744, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:234 0x0000: 02 00 00 03 00 00 00 00 00 00 03 02 03 02 00 00 3) Event:E_MTS_RX, length:60, at 624319 usecs after Tue Mar 8 19:12:05 2011 [NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003908, Ret:SUCCESS Src:0x00000101/489, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107 0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26 4) Event:E_MTS_RX, length:60, at 624180 usecs after Tue Mar 8 19:12:05 2011 [NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003905, Ret:SUCCESS Src:0x00000101/489, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107 0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26 5) Event:E_MTS_RX, length:60, at 624041 usecs after Tue Mar 8 19:12:05 2011 [NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003903, Ret:SUCCESS Src:0x00000101/489, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107 0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26