Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2055
Views
0
Helpful
5
Replies

Port-profile-role on nexus 1010 with multiple vsm

omahrez
Level 1
Level 1

‎03-10-2011 08:49 AM

Hello,

I have configured nexus 1010 with version (4.0(4)SP1(1)) in HA mode.

I have configured a vsm with following versions:

boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.3b.bin sup-1

boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.3b.bin sup-1

boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.3b.bin sup-2

boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.3b.bin sup-2

In order to benefit from the new port-profile-role feature, i had to upgrade to the version SV1.4. So now, my versions are:
Current Boot Variables:
sup-1
kickstart variable = bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin
system variable = bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin
sup-2
kickstart variable = bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin
system variable = bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin
No module boot variable set
Now when i go with the command line in config terminal, there is no port-profile-role command????
1- Did I miss something?
2- Should I configure the "Admin Context Nexus1010" with the same boot variables as vsm to get this command line ?
My HA works great, either for Admin Context and VSMs.
any idea?
thank you.
Labels:
0 Helpful
5 Replies 5

lwatta
Cisco Employee
Cisco Employee

‎03-10-2011 11:41 AM

Roles require you to turn on the feature.

Run "show feature" on the VSM cli. Roles will probably be disabled.

n1000v-AV# show feature
Feature Name          Instance  State  
--------------------  --------  --------
dhcp-snooping         1         enabled
http-server           1         enabled
lacp                  1         enabled
netflow               1         enabled
port-profile-roles    1         disabled
private-vlan          1         enabled
sshServer             1         enabled
tacacs                1         disabled
telnetServer          1         enabled
n1000v-AV# config t
Enter configuration commands, one per line.  End with CNTL/Z.
n1000v-AV(config)# feature port-profile-roles ?
  <CR> 

n1000v-AV(config)# feature port-profile-roles

That will enable roles

louis

0 Helpful

omahrez
Level 1
Level 1
In response to lwatta

‎03-11-2011 10:03 AM

thanks a lot, it works.

One more question, when defining roles in Nexus, Can the permissions in the vCenter Override the ones in Nexus?

thanks.

0 Helpful

sbacheld
Level 1
Level 1
In response to omahrez

‎03-15-2011 12:09 AM

What do you mean by override the ones in Nexus? Are you saying changing the privileges in the role defined on the VC? Or do you mean adding permissions to portgroups on the VC?

Thanks,

Sean

0 Helpful

omahrez
Level 1
Level 1
In response to sbacheld

‎03-15-2011 05:42 AM

Well, I would like to set permissions on Nexus that the SysAdmin cannot change on the VC. How would this be possible?

O

0 Helpful

sbacheld
Level 1
Level 1

‎03-15-2011 03:08 PM

Any user on the vCenter that is allowed to edit roles globally and change permissions for the N1K objects (i.e. DVS and portgroups) will be able to make changes at the vCenter. There is not a way to prevent the vCenter users from making these changes today. It is up to the vCenter administrator to properly set privileges so that only authorized users can make these changes.

Thanks,

Sean

0 Helpful
Customers Also Viewed These Support Documents