cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
5
Helpful
5
Replies

nexus1k mangement and data share same vlan

we are going to deploy nexus1k in our production environment for the first time.

 

our current topology contains different vlans includes for example (network mgmt vlan 10 , test servers vlan 20).

 

we are manage to use vlan 10 (network mgmt vlan ) for all nexus1k vlan (mgmt , packet and control vlan).

 

for test servers we will create port-profile for data (vlan 20) and port-profile for all nexus system vlans (vlan10).

 

but what if we have server for network virtual machines (prime, ... etc) in this case data vlan will be mgmt vlan too (vlan 10)!

 

so can we use system vlan as data vlan ?

5 Replies 5

Jackson Braga
Level 1
Level 1

Hi.

Sure, no problem. Just create an port-profile for management traffic in the vlan 10.

When you deploy n1kv and specify mgmt, packet and control vlan, this vlan is automaticaly added in uplink, so you just need add an additional port-profile like this:

port-profile type vethernet MGMT

vmware port-group MGMT

switchport mode access

switchport access vlan 10

no shut

state enabled

 

Good luck

Hi,

 

thanks for your reply.

so when we use mgmt vlan as data vlan (for network server or test server) we will create 2* vEthernet

one with system command will be attached to vmkernel and the other will be attached to vm trafic ?

 

and what about the uplink (data and mgmt same vlan ) , lets say we only have one nic per host so the uplink profile will be with system command or not ?

 

regarding control and packet ( for host contains vsm) can we attach mgmt port-profile (sytem vlan 10 ) ?

so when we use mgmt vlan as data vlan (for network server or test server) we will create 2* vEthernet

one with system command will be attached to vmkernel and the other will be attached to vm trafic ?

You can use the same veth profile that you will use to vmkernel, system command is usefull to allow traffic before VSM boot. In case of vmkernel it is mandatory, but you can use other VMs in the same port-profile with no problem.

 

and what about the uplink (data and mgmt same vlan ) , lets say we only have one nic per host so the uplink profile will be with system command or not ?

In uplink profile you need put system vlan to all system vlans that you have configured in veth profiles.

Lets say, you have an mgmt profile with system vlan 10 and have an iscsi profile with system vlan 90, your uplink config will be:

system vlan 10, 90

 

regarding control and packet ( for host contains vsm) can we attach mgmt port-profile (sytem vlan 10 ) ?

Dont change the default config of control and packet that is created after you deploy n1kv. But in these hosts, if you create an port-profile in vlan 10 named MGMT you will can see and use in this hosts.

 

Hi Jackson,

 

thank you for your great support :)

sorry for disturbance but i've more couple questions .

 

in layer 3 mode we will use as discussed before we will use mgmt profile (either it was 10 or 20) for esxi mgmt host vmkernel. the VSM will be on vlan 10 to communicate to VEM in vlan 20 it will bypass through firewall which is vlans gateway , so what ports we will have to allow to allow communication ?

 

you mentioned before we don't have to change control/packet configuration but when we will migrate vsm VM we have to map its port to port profiles so what portprofile we will use as destination ? will it be mgmt port profile too ?

in layer 3 mode we will use as discussed before we will use mgmt profile (either it was 10 or 20) for esxi mgmt host vmkernel. the VSM will be on vlan 10 to communicate to VEM in vlan 20 it will bypass through firewall which is vlans gateway , so what ports we will have to allow to allow communication ?

Sorry, I have no idea LOL. Im not a security guy, but I think that firewall in internal LAN (mainly used in a so critical comunication like VSM-VEM) is not a good idea...

you mentioned before we don't have to change control/packet configuration but when we will migrate vsm VM we have to map its port to port profiles so what portprofile we will use as destination ? will it be mgmt port profile too ?

Yes, create your management service profile and migrate your native vmkernel to this port-profile.

It is the most "cross-fingers" moment of deployment. This document have a step-by-step migration

https://communities.cisco.com/servlet/JiveServlet/downloadBody/15533-102-2-39703/Migration%20from%20VMware%20vSwitch%20to%20Cisco%20Nexus%201000V.pdf

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: