Port Profiles
This chapter describes how to identify and resolve problems with port profiles and includes the following sections:
Information About Port Profiles
Port profiles are used to configure interfaces. A port profile can be assigned to multiple interfaces tp give them all the same configuration. Changes to the port profile are propagated automatically to the configuration of any interface assigned to it.
In VMware vCenter Server, a port profile is represented as a port group. The vEthernet or Ethernet interfaces are assigned in vCenter Server to a port profile for the following reasons:
- Defining a port configuration by policy.
- Applying a single policy across a large number of ports.
- Supporting both vEthernet and Ethernet ports.
vEthernet port profiles can be assigned by the server administrator to physical ports (a VMNIC or a PNIC). Port profiles not configured as vEthernet can be assigned to a VM virtual port.
Note
While a manual interface configuration overrides that of the port profile, we do not recommend that you do so. Manual interface configuration is only used, for example, to quickly test a change or allow a port to be disabled without having to change the inherited port profile.
For more information about assigning port profiles to physical or virtual ports, see your VMware documentation.
To verify that the profiles are assigned as expected to physical or virtual ports, use the following show commands:
- show port-profile virtual usage
- show running-config interface interface-id
To verify port profile inheritance, use the following command:
- show running-config interface interface-id
Note Inherited port profiles cannot be changed or removed from an interface from the Cisco Nexus 1000V CLI. This action can only be done from vCenter Server.
Note Inherited port profiles are automatically configured by the Cisco Nexus 1000V when the ports are attached on the hosts. This action is done by matching up the VMware port group assigned by the system administrator with the port profile that created it.
For detailed information about port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide.
Problems with Port Profiles
The following are symptoms, possible causes, and solutions for problems with port profiles.
|
|
|
|
| You do not see the port group on vCenter Server or the following message is displayed:
Warning: Operation succeeded locally but update failed on vCenter server. Please check if you are connected to vCenter Server.
|
The connection to vCenter server is down. |
1. Verify that the connection to vCenter Server is Enabled and Connected. show svs connections 2. Reconnect to vCenter server. For detailed instructions, see the Connecting to vCenter Server procedure in the Cisco Nexus 1000V System Management Configuration Guide. |
The domain configuration was not successfully pushed to vCenter server. |
1. Verify that the domain configuration was successfully pushed to vCenter Server. show svs domain 2. Fix any problems with the domain configuration. For information about configuring the domain, see the Cisco Nexus 1000V System Management Configuration Guide. |
The port profile is configured incorrectly. |
1. Verify that the vmware port-group is configured for the port profile and that the port profile is enabled. show port profile name name 2. Fix the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. |
A port configuration is not applied to an interface. |
Management connectivity between vCenter server and the VSM has prevented the port profile assignment from being sent or received. |
1. Display the port profile usage by interface. show port-profile virtual usage 2. Verify that the interface level configuration did not overwrite the port profile configuration. show run show port-profile expand-interface 3. If the show command output is incorrect, on vCenter server, reassign the port group to the interface. |
An Ethernet interface or vEthernet interface is administratively down. A system message similar to the following is logged:
%VMS-3-DVPG_NICS_MOVED: '1' nics have been moved from port-group 'Access483' to 'Unused_Or_Quarantine_Veth'.
|
The interface is inheriting a quarantined port profile. A configuration was not saved prior to rebooting the VSM, the configuration was lost, and the interfaces were moved to one of the following port profiles:
- Unused_Or_Quarantine_Uplink
for ethernet types
- Unused_Or_Quarantine_Veth for Vethernet types
|
1. Verify the port profile-to-interface mapping. show port-profile virtual usage 2. Reassign the VMNIC or PNIC to a non-quarantined port group to enable the interface to be up and forwarding traffic. This requires changing the port group on vCenter Server. |
After applying a port profile, an online interface is quarantined. A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet3/3 has been quarantined due to Cache Overrun
|
The assigned port profile is incorrectly configured. The incorrect command fails when the port profile is applied to an interface. Although a specific command fails, the port profile-to-interface mapping is created. |
1. Identify the command that failed. show accounting log | grep FAILURE 2. Verify that the interface is quarantined. show port-profile sync-status 3. Verify the port profile-to-interface mapping. show port-profile virtual usage 4. Fix the error in the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. 5. Bring the interface out of quarantine. no shutdown The interface comes back online. 6. Return shutdown control to the port profile. default shutdown |
After modifying a port profile, an assigned offline interface is quarantined. A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet4/3 has been quarantined due to Cache Overrun
|
The interface has been removed from the DVS. |
To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
A module and all associated interfaces are offline. A system message similar to the following is logged:
2011 Mar 2 22:28:50 switch %VEM_MGR-2-VEM_MGR_REMOVE_NO_HB: Removing VEM 3 (heartbeats lost)
2011 Mar 2 22:29:00 switch %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
|
The interface carrying system VLANs for the module has gone down for one of the following reasons:
- System interfaces were removed from the DVS on vCenter Server.
- The module was powered down.
- There is a general loss of connectivity to the module.
|
Follow VEM troubleshooting guidelines to bring the module back online To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
Recovering a Quarantined Offline Interface
You can recover and bring online an interface that is offline and has been quarantined.
BEFORE YOU BEGIN
- Log in to the CLI in EXEC mode.
DETAILED STEPS
Step 1 Verify that the interface has been quarantined. The interface appears in the show command output.
show port-profile sync-status
Step 2 On vCenter server, add or associate the PNIC to a port profile (either the original port profile or a different port profile).
The interface comes back online.
Step 3 Verify that the interface has come back online.
show interface brief
Step 4 Verify the port profile-to-interface mapping.
show port-profile virtual usage
Step 5 Verify the interface has come out of quarantine automatically. The interface should no longer appear in the show command output.
show port-profile sync-status
Step 6 Return shutdown control to the port profile.
default shutdown
Port Profile Logs
To enable and collect detailed logs for port profiles, use the following commands:
- debug port-profile trace
- debug port-profile error
- debug port-profile all
- debug msp all
After enabling the debug log, the results of any subsequent port profile configuration are captured in the log file.
Port Profile Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to port profiles.
|
|
|
show port-profile |
Displays the port profile configuration. See Example 10-1 on page 10-6 . |
show port-profile name name |
Displays the configuration for a named port profile. See Example 10-2 on page 10-7 . |
show port-profile brief |
Displays a tabular view of all configured port profiles. See Example 10-3 on page 10-7 . |
show port-profile expand-interface |
Displays all configured port profiles expanded to include the interfaces assigned to them. See Example 10-4 on page 10-7 . |
show port-profile expand-interface name name |
Displays a named port profile expanded to include the interfaces assigned to it. See Example 10-5 on page 10-8 . |
show port-profile-role [ name port-profile-role-name ] |
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups. See Example 10-7 on page 10-8 . |
show running-config port-profile [ profile-name ] |
Displays the port profile configuration. See Example 10-6 on page 10-8 . |
show port-profile-role |
Displays the port profile role configuration. See Example 10-7 on page 10-8 . |
show port-profile-role users |
Displays the available users and groups. See Example 10-8 on page 10-9 . |
show port-profile sync-status [ interface if-name ] |
Displays the interfaces that are not synchronized with the port profile. See Example 10-9 on page 10-9 . |
show port-profile virtual usage [ name profile-name ] |
Displays the port profile usage by interface. See Example 10-10 on page 10-9 . |
show msp internal info |
Displays the port profile mappings on vCenter server and configured roles. |
show system internal port-profile profile-fsm |
Displays the port profile activity on the Cisco Nexus 1000V, including transitions such as inherits and configurations. If the following displays, then all inherits are processed: Curr state: [PPM_PROFILE_ST_SIDLE] See Example 10-12 on page 10-13 . |
show system internal port-profile event-history msgs |
Displays the messages logged about port profile events within the Cisco Nexus 1000V. See Example 10-13 on page 10-14 . |
For detailed information about show command output, see the Cisco Nexus 1000V Command Reference.
EXAMPLES
Example 10-1 show port-profile Command
switch# show port-profile
ip port access-group acl1 in
evaluated config attributes:
ip port access-group acl1 in
capability iscsi-multipath: no
capability l3-vservice: no
Example 10-2 show port-profile name Command
switch# show port-profile name vEthProfile3
ip port access-group acl1 in
evaluated config attributes:
ip port access-group acl1 in
capability iscsi-multipath: no
capability l3-vservice: no
Example 10-3 show port-profile brief Command
switch# show port-profile brief
VM_PP_NIC8_VLAN_1338 Vethernet 1 3 3 374 0
VM_PP_NIC9_VLAN_1339 Vethernet 1 3 3 374 0
--------------------------------------------------------------------------------
Profile Assigned Total Sys Parent Child UsedBy
Type Intfs Prfls Prfls Prfls Prfls Prfls
--------------------------------------------------------------------------------
Vethernet 3549 1524 7 1524 0 18
Example 10-4 show port-profile expand-interface Command
switch# show port-profile expand-interface
switchport access vlan 50
switchport access vlan 50
switchport access vlan 50
switchport access vlan 50
switchport access vlan 50
no shutdownport-profile AccessProf
Example 10-5 show port-profile expand-interface name Command
switch# show port-profile expand-interface name UplinkProfile1
switchport trunk allowed vlan 110-119
Example 10-6 show running-config port-profile Command
switch# show running-config port-profile
port-profile type ethernet UplinkProfile1
description "Profile for critical system ports"
switchport access vlan 113
switchport trunk native vlan 113
channel-group auto mode on
port-profile type vethernet vEthProfile2
switchport trunk native vlan 112
channel-group auto mode on sub-group cdp
Example 10-7 show port-profile-role Command
switch# show port-profile-role name adminUser
Example 10-8 show port-profile-role users Command
switch# show port-profile-role users
Groups:
Administrators
TestGroupB
Users:
hdbaar
fgreen
suchen
mariofr
Example 10-9 show port-profile sync-status Command
switch# show port-profile sync-status interface ethernet 3/2
Ethernet3/2
port-profile: uplink
interface status: quarantine
sync status: out of sync
cached commands:
errors:
command cache overrun
recovery steps:
bring interface online
switch#
Example 10-10 show port-profile virtual usage Command
switch# show port-profile virtual usage
-------------------------------------------------------------------------------
Port Profile Port Adapter Owner
-------------------------------------------------------------------------------
vlan1767 Veth7 Net Adapter 1 all-tool-7
Veth8 Net Adapter 1 all-tool-8
aipc1765 Veth4 Net Adapter 1 bl-h-s
inband/outband interface 1766 Veth6 Net Adapter 3 bl-h-s
mgmt1764 Veth5 Net Adapter 2 bl-h-s
Eth4/2 vmnic1 VDANIKLNCOS
Eth4/3 vmnic2 VDANIKLNCOS
ch-aipc1765 Veth1 Net Adapter 1 bl-h-p
ch-mgmt1764 Veth2 Net Adapter 2 bl-h-p
ch-inband/outband interface1766 Veth3 Net Adapter 3 bl-h-p
Example 10-11 show msp internal info Command
switch# show msp internal info
vmware config information
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile Unused_Or_Quarantine_Uplink
vmware config information
pg name: Unused_Or_Quarantine_Uplink
pg id: Unused_Or_Quarantine_Uplink
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile Unused_Or_Quarantine_Veth
vmware config information
pg name: Unused_Or_Quarantine_Veth
pg id: Unused_Or_Quarantine_Veth
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile eth-break-deinherit
vmware config information
pg name: eth-break-deinherit
pg id: eth-break-deinherit
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile eth-break-inherit
vmware config information
pg name: eth-break-inherit
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
vmware config information
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
vmware config information
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile veth-break-deinherit
vmware config information
pg name: veth-break-deinherit
pg id: veth-break-deinherit
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
port-profile veth-break-inherit
vmware config information
pg name: veth-break-inherit
pg id: veth-break-inherit
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
vmware config information
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
dvs uuid: 44 dc 3b 50 53 11 b7 ac-ef ed ef 46 ee df c2 d5
Example 10-12 show system internal port-profile profile-fsm Command
switch# show system internal port-profile profile-fsm
>>>>FSM: <PROFILE_FSM:1> has 4 logged transitions<<<<<
1) FSM:<PROFILE_FSM:1> Transition at 856903 usecs after Tue Mar 8 19:11:47 2011
Previous state: [PPM_PROFILE_ST_SIDLE]
Triggered event: [PPM_PROFILE_EV_EIF_STATUS_CHANGE]
Next state: [PPM_PROFILE_ST_SIDLE]
2) FSM:<PROFILE_FSM:1> Transition at 858442 usecs after Tue Mar 8 19:11:47 2011
Previous state: [PPM_PROFILE_ST_SIDLE]
Triggered event: [PPM_PROFILE_EV_ELEARN]
Next state: [PPM_PROFILE_ST_SIF_CREATE]
3) FSM:<PROFILE_FSM:1> Transition at 842710 usecs after Tue Mar 8 19:12:04 2011
Previous state: [PPM_PROFILE_ST_SIF_CREATE]
Triggered event: [PPM_PROFILE_EV_EACKNOWLEDGE]
Next state: [FSM_ST_NO_CHANGE]
4) FSM:<PROFILE_FSM:1> Transition at 873872 usecs after Tue Mar 8 19:12:04 2011
Previous state: [PPM_PROFILE_ST_SIF_CREATE]
Triggered event: [PPM_PROFILE_EV_ESUCCESS]
Next state: [PPM_PROFILE_ST_SIDLE]
Curr state: [PPM_PROFILE_ST_SIDLE]
Example 10-13 show system internal port-profile event-history msgs Command
switch# show system internal port-profile event-history msgs
1) Event:E_MTS_RX, length:60, at 538337 usecs after Tue Mar 8 19:13:02 2011
[NOT] Opc:MTS_OPC_IM_IF_CREATED(62467), Id:0X0000B814, Ret:SUCCESS
Src:0x00000101/175, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:120
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 29
2) Event:E_MTS_RX, length:60, at 515030 usecs after Tue Mar 8 19:13:02 2011
[NOT] Opc:MTS_OPC_LC_ONLINE(1084), Id:0X0000B7E8, Ret:SUCCESS
Src:0x00000101/744, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:234
0x0000: 02 00 00 03 00 00 00 00 00 00 03 02 03 02 00 00
3) Event:E_MTS_RX, length:60, at 624319 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003908, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26
4) Event:E_MTS_RX, length:60, at 624180 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003905, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26
5) Event:E_MTS_RX, length:60, at 624041 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003903, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26
Feedback