The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to identify and resolve problems with port profiles and includes the following sections:
Port profiles are used to configure interfaces. A port profile can be assigned to multiple interfaces tp give them all the same configuration. Changes to the port profile are propagated automatically to the configuration of any interface assigned to it.
In VMware vCenter Server, a port profile is represented as a port group. The ethernet interfaces are assigned in vCenter Server to a port profile for the following reasons:
Ethernet port profiles can be assigned by the server administrator to physical ports (a VMNIC or a PNIC). Port profiles not configured as Ethernet can be assigned to a VM virtual port.
Note While a manual interface configuration overrides that of the port profile, we do not recommend that you do so. Manual interface configuration is only used, for example, to quickly test a change or allow a port to be disabled without having to change the inherited port profile.
Note For VSG protected ports, some configurations related to vservice will be visible under interface level (show running-config interface command), even after removing the vservice configuration from port-profile or changing to non-protected port-profile; but it does not affect new port-profile related functionality. However, when any interface is being moved from VSG protected profile to a non-protected port-profile, it is recommended to move the port to VM Network port-profile. After moving the port, delete the vethernet interface using no interface vethernet command and then move the port to a new port-profile.
For more information about assigning port profiles to physical or virtual ports, see your VMware documentation.
To verify that the profiles are assigned as expected to physical or virtual ports, use the following show commands:
To verify port profile inheritance, use the following command:
Note Inherited port profiles cannot be changed or removed from an interface from the Cisco Nexus 1000VE CLI. This action can only be done from vCenter Server.
Note Inherited port profiles are automatically configured by the Cisco Nexus 1000VE when the ports are attached on the hosts. This action is done by matching up the VMware port group assigned by the system administrator with the port profile that created it.
For detailed information about port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide.
The following are symptoms, possible causes, and solutions for problems with port profiles.
|
|
|
---|---|---|
You do not see the port group on vCenter Server or the following message is displayed: |
1. Verify that the connection to vCenter Server is Enabled and Connected. 2. Reconnect to vCenter server. For detailed instructions, see the Connecting to vCenter Server procedure in the Cisco Nexus 1000V System Management Configuration Guide. |
|
The domain configuration was not successfully pushed to vCenter server. |
1. Verify that the domain configuration was successfully pushed to vCenter Server. 2. Fix any problems with the domain configuration. For information about configuring the domain, see the Cisco Nexus 1000V System Management Configuration Guide. |
|
1. Verify that the vmware port-group is configured for the port profile and that the port profile is enabled. 2. Fix the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. |
||
Management connectivity between vCenter server and the VSM has prevented the port profile assignment from being sent or received. |
1. Display the port profile usage by interface. show port-profile virtual usage 2. Verify that the interface level configuration did not overwrite the port profile configuration. show port-profile expand-interface 3. If the show command output is incorrect, on vCenter server, reassign the port group to the interface. |
|
An Ethernet interface or vEthernet interface is administratively down. A system message similar to the following is logged: |
The interface is inheriting a quarantined port profile. A configuration was not saved prior to rebooting the VSM, the configuration was lost, and the interfaces were moved to one of the following port profiles: |
1. Verify the port profile-to-interface mapping. show port-profile virtual usage 2. Reassign the VMNIC or PNIC to a non-quarantined port group to enable the interface to be up and forwarding traffic. This requires changing the port group on vCenter Server. |
After applying a port profile, an online interface is quarantined. A system message similar to the following is logged: |
The assigned port profile is incorrectly configured. The incorrect command fails when the port profile is applied to an interface. Although a specific command fails, the port profile-to-interface mapping is created. |
1. Identify the command that failed. show accounting log | grep FAILURE 2. Verify that the interface is quarantined. 3. Verify the port profile-to-interface mapping. show port-profile virtual usage 4. Fix the error in the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. 5. Bring the interface out of quarantine. The interface comes back online. |
After modifying a port profile, an assigned offline interface is quarantined. A system message similar to the following is logged: |
To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
|
A module and all associated interfaces are offline. A system message similar to the following is logged: |
Follow VSE troubleshooting guidelines to bring the module back online To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
You can recover and bring online an interface that is offline and has been quarantined.
Step 1 Verify that the interface has been quarantined. The interface appears in the show command output.
Step 2 On vCenter server, add or associate the PNIC to a port profile (either the original port profile or a different port profile).
The interface comes back online.
Step 3 Verify that the interface has come back online.
Step 4 Verify the port profile-to-interface mapping.
show port-profile virtual usage
Step 5 Verify the interface has come out of quarantine automatically. The interface should no longer appear in the show command output.
To enable and collect detailed logs for port profiles, use the following commands:
After enabling the debug log, the results of any subsequent port profile configuration are captured in the log file.
You can use the commands in this section to troubleshoot problems related to port profiles.
|
|
---|---|
Displays the port profile configuration. See Example 9-1 on page 9-7 . |
|
Displays the configuration for a named port profile. See Example 9-2 on page 9-8 . |
|
Displays a tabular view of all configured port profiles. See Example 9-3 on page 9-8 . |
|
Displays all configured port profiles expanded to include the interfaces assigned to them. See Example 9-4 on page 9-9 . |
|
Displays a named port profile expanded to include the interfaces assigned to it. See Example 9-5 on page 9-9 . |
|
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups. See Example 9-7 on page 9-11 . |
|
Displays the port profile configuration. See Example 9-6 on page 9-10 . |
|
Displays the port profile role configuration. See Example 9-7 on page 9-11 . |
|
Displays the available users and groups. See Example 9-8 on page 9-11 . |
|
Displays the port profile usage by interface. See Example 9-9 on page 9-11 . |
|
Displays the port profile mappings on vCenter server and configured roles. |
|
Displays the port profile activity on the Cisco Nexus 1000VE, including transitions such as inherits and configurations. If the following displays, then all inherits are processed: |
|
Displays the messages logged about port profile events within the Cisco Nexus 1000VE. |
For detailed information about show command output, see the Cisco Nexus 1000V Command Reference.
Example 9-1 show port-profile Command
Example 9-2 show port-profile name Command
Example 9-3 show port-profile brief Command
Example 9-4 show port-profile expand-interface Command
Example 9-5 show port-profile expand-interface name Command
Example 9-6 show running-config port-profile Command
Example 9-7 show port-profile-role Command
switch# show port-profile-role name adminUser
Example 9-8 show port-profile-role users Command
switch#
show port-profile-role users
switch#
Example 9-9 show port-profile virtual usage Command
Example 9-10 show msp internal info Command
Example 9-11 show system internal port-profile profile-fsm Command
Example 9-12 show system internal port-profile event-history msgs Command