ā09-17-2013 04:45 AM - edited ā03-01-2019 11:15 AM
Hi everybody:
I have a problem with a VSG version 4.2(1)VSG1(4.1)
When I configure a simple rule in VNMC as
permit all any any
I can see in the VSG
VSG1# show running-config rule
rule Between31and32/PermitAll@root/Tenant1/VDC1/App1
action 10 permit
rule default/default-rule@root
action 10 drop
and everything works fine, I can ping and I can browse the web portal
If I change the rule to
deny all any to any
I can see the change apply inmediatly
VSG1# show running-config rule
rule Between31and32/DenyAll@root/Tenant1/VDC1/App1
action 10 drop
rule default/default-rule@root
action 10 drop
and I can't ping from one VM to the other and I can't browse
But If I try to apply a more complex rule like
Permit tcp from 10.1.60.31 to 10.1.60.32 eq 80
Deny all any any
I only can see:
VSG1# show running-config rule
rule Between31and32/PermitHTTP@root/Tenant1/VDC1/App1
action 10 permit
rule default/default-rule@root
action 10 drop
The rule doesn't work
I can't ping from .31 to .32 but I can't access to the web page either
The new rule (PermitHTTP) appear, but not the complex conditions (see the attach)
I've tryed as one Policy set with only one rule and as one Policy set with two rules (permit http and deny all any any)
Any clue why the VSG doen't apply complex rules?
I've seen examples where the VSG show not only the rule name but the conditions
I can't see the conditions
The conection between VNMC and VSG seems to be OK, because the updates happen inmediatly
Thank you in advance
Al
ā09-17-2013 06:29 AM
More information
When I applied a single rule no errors appears
But when I applied a complex one this message warning appear
[FSM:STAGE:REMOTE-ERROR]: Result: service-unavailable Code: ERR-Device-IO Message: Policy Engine Error: Attribute NOT found(sam:dme:TopSystemAssociate:ConfigFwPolicy)
ā10-03-2013 05:17 AM
Aparently is an incompatibility between VNMC 2.1(1a) and VSG 4.1 (an attribute no supported perhaps)
I installed VNMC 2.0.3f and everthing work fine now
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide