06-03-2023 07:35 PM
Hello team
Last day i upgraded all controller in to 20.3.5 -> 20.6.5 version
as you know in 20.3.5 which use multitenant mode , the vsmart are bind in each tenant.
but when i upgarde it 20.6.5 version. the vsmart are come out side.
I want to use those vsmart with different policy for each tenant.
Does anyone know anything about this issue?
Solved! Go to Solution.
06-04-2023 11:05 AM
Login as admin and change view to provider-as-tenant. Then you can create centralized policy for your specific tenant. Activate policy for tenant vSmarts and vSmart will have tenant-specific centralized policy. Below is an example from my lab:
vSmart01# show running-config tenant [sp-organization-name]-[organization-name for customer01] policy
tenant [sp-organization-name]-[organization-name for customer01]
policy
lists
site-list HQ
site-id 1
!
prefix-list _AnyIpv4PrefixList
ip-prefix 0.0.0.0/0 le 32
!
!
control-policy Central-Routing
sequence 1
match route
prefix-list _AnyIpv4PrefixList
!
action accept
!
!
default-action accept
!
!
vSmart01# show running-config tenant [sp-organization-name]-[organization-name for customer02] policy
% No entries found.
As you see, policy will be evaluated only for specified tenant.
06-04-2023 04:06 AM - edited 06-04-2023 04:13 AM
Hi,
how many vSmart do you have in overlay? Did you enable multitenancy? Multitenancy is not enabled by default, so even after upgrade, you still have single tenant option.
And Cisco says don't enable multi-tenancy on live environment, but deploy new vmanage.
06-04-2023 05:51 AM
hello
each overlay have 2 vsmart also multitenant active now.
06-04-2023 11:05 AM
Login as admin and change view to provider-as-tenant. Then you can create centralized policy for your specific tenant. Activate policy for tenant vSmarts and vSmart will have tenant-specific centralized policy. Below is an example from my lab:
vSmart01# show running-config tenant [sp-organization-name]-[organization-name for customer01] policy
tenant [sp-organization-name]-[organization-name for customer01]
policy
lists
site-list HQ
site-id 1
!
prefix-list _AnyIpv4PrefixList
ip-prefix 0.0.0.0/0 le 32
!
!
control-policy Central-Routing
sequence 1
match route
prefix-list _AnyIpv4PrefixList
!
action accept
!
!
default-action accept
!
!
vSmart01# show running-config tenant [sp-organization-name]-[organization-name for customer02] policy
% No entries found.
As you see, policy will be evaluated only for specified tenant.
06-13-2023 06:31 PM
thanks for kind guide! my team make it
06-14-2023 12:18 AM
I'm glad I was able to help. Good luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: