cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
879
Views
0
Helpful
2
Replies

VSG rules not applied

a.giorgi
Level 1
Level 1

Hi everybody:

I have a problem with a VSG version 4.2(1)VSG1(4.1)

When I configure a simple rule in VNMC as

permit all any any

I can see in the VSG

VSG1# show running-config rule

rule Between31and32/PermitAll@root/Tenant1/VDC1/App1

  action 10 permit

rule default/default-rule@root

  action 10 drop


and everything works fine, I can ping and I can browse the web portal

If I change the rule to

deny all any to any

I can see the change apply inmediatly

VSG1# show running-config rule

rule Between31and32/DenyAll@root/Tenant1/VDC1/App1

  action 10 drop

rule default/default-rule@root

  action 10 drop

and I can't ping from one VM to the other and I can't browse

But If I try to apply a more complex rule like

Permit tcp from 10.1.60.31 to 10.1.60.32 eq 80

Deny all any any

I only can see:

VSG1# show running-config rule

rule Between31and32/PermitHTTP@root/Tenant1/VDC1/App1

  action 10 permit

rule default/default-rule@root

  action 10 drop

The rule doesn't work

I can't ping from .31 to .32 but I can't access to the web page either

The new rule (PermitHTTP) appear, but not the complex conditions (see the attach)

I've tryed as one Policy set with only one rule and as one Policy set with two rules (permit http and deny all any any)

Any clue why the VSG doen't apply complex rules?

I've seen examples where the VSG show not only the rule name but the conditions
I can't see the conditions

The conection between VNMC and VSG seems to be OK, because the updates happen inmediatly

Thank you in advance

Al

2 Replies 2

a.giorgi
Level 1
Level 1

More information

When I applied a single rule no errors appears

But when I applied a complex one this message warning appear

[FSM:STAGE:REMOTE-ERROR]: Result: service-unavailable Code: ERR-Device-IO Message: Policy Engine Error: Attribute  NOT found(sam:dme:TopSystemAssociate:ConfigFwPolicy)

Aparently is an incompatibility between VNMC 2.1(1a) and VSG 4.1 (an attribute no supported perhaps)

I installed VNMC 2.0.3f and everthing work fine now

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: