Port Profiles
This chapter describes how to identify and resolve problems with port profiles and includes the following sections:
Information About Port Profiles
Port profiles are used to configure interfaces. A port profile can be assigned to multiple interfaces tp give them all the same configuration. Changes to the port profile are propagated automatically to the configuration of any interface assigned to it.
In VMware vCenter Server, a port profile is represented as a port group. The ethernet interfaces are assigned in vCenter Server to a port profile for the following reasons:
- Defining a port configuration by policy.
- Applying a single policy across a large number of ports.
- Supporting both vEthernet and Ethernet ports.
Ethernet port profiles can be assigned by the server administrator to physical ports (a VMNIC or a PNIC). Port profiles not configured as Ethernet can be assigned to a VM virtual port.
Note
While a manual interface configuration overrides that of the port profile, we do not recommend that you do so. Manual interface configuration is only used, for example, to quickly test a change or allow a port to be disabled without having to change the inherited port profile.
Note
For VSG protected ports, some configurations related to vservice will be visible under interface level (show running-config interface command), even after removing the vservice configuration from port-profile or changing to non-protected port-profile; but it does not affect new port-profile related functionality. However, when any interface is being moved from VSG protected profile to a non-protected port-profile, it is recommended to move the port to VM Network port-profile. After moving the port, delete the vethernet interface using no interface vethernet command and then move the port to a new port-profile.
For more information about assigning port profiles to physical or virtual ports, see your VMware documentation.
To verify that the profiles are assigned as expected to physical or virtual ports, use the following show commands:
- show port-profile virtual usage
- show running-config interface interface-id
To verify port profile inheritance, use the following command:
- show running-config interface interface-id
Note
Inherited port profiles cannot be changed or removed from an interface from the Cisco Nexus 1000VE CLI. This action can only be done from vCenter Server.
Note
Inherited port profiles are automatically configured by the Cisco Nexus 1000VE when the ports are attached on the hosts. This action is done by matching up the VMware port group assigned by the system administrator with the port profile that created it.
For detailed information about port profiles, see the Cisco Nexus 1000V Port Profile Configuration Guide.
Problems with Port Profiles
The following are symptoms, possible causes, and solutions for problems with port profiles.
|
|
|
You do not see the port group on vCenter Server or the following message is displayed:
Warning: Operation succeeded locally but update failed on vCenter server. Please check if you are connected to vCenter Server.
|
The connection to vCenter server is down. |
1. Verify that the connection to vCenter Server is Enabled and Connected. show svs connections 2. Reconnect to vCenter server. For detailed instructions, see the Connecting to vCenter Server procedure in the Cisco Nexus 1000V System Management Configuration Guide. |
The domain configuration was not successfully pushed to vCenter server. |
1. Verify that the domain configuration was successfully pushed to vCenter Server. show svs domain 2. Fix any problems with the domain configuration. For information about configuring the domain, see the Cisco Nexus 1000V System Management Configuration Guide. |
The port profile is configured incorrectly. |
1. Verify that the vmware port-group is configured for the port profile and that the port profile is enabled. show port profile name name 2. Fix the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. |
A port configuration is not applied to an interface. |
Management connectivity between vCenter server and the VSM has prevented the port profile assignment from being sent or received. |
1. Display the port profile usage by interface. show port-profile virtual usage 2. Verify that the interface level configuration did not overwrite the port profile configuration. show run show port-profile expand-interface 3. If the show command output is incorrect, on vCenter server, reassign the port group to the interface. |
An Ethernet interface or vEthernet interface is administratively down. A system message similar to the following is logged:
%VMS-3-DVPG_NICS_MOVED: '1' nics have been moved from port-group 'Access483' to 'Unused_Or_Quarantine_Veth'.
|
The interface is inheriting a quarantined port profile. A configuration was not saved prior to rebooting the VSM, the configuration was lost, and the interfaces were moved to one of the following port profiles:
- Unused_Or_Quarantine_Uplink
for ethernet types
- Unused_Or_Quarantine_Veth for Vethernet types
|
1. Verify the port profile-to-interface mapping. show port-profile virtual usage 2. Reassign the VMNIC or PNIC to a non-quarantined port group to enable the interface to be up and forwarding traffic. This requires changing the port group on vCenter Server. |
After applying a port profile, an online interface is quarantined. A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet3/3 has been quarantined due to Cache Overrun
|
The assigned port profile is incorrectly configured. The incorrect command fails when the port profile is applied to an interface. Although a specific command fails, the port profile-to-interface mapping is created. |
1. Identify the command that failed. show accounting log | grep FAILURE 2. Verify that the interface is quarantined. show port-profile sync-status 3. Verify the port profile-to-interface mapping. show port-profile virtual usage 4. Fix the error in the port profile using the procedures in the Cisco Nexus 1000V Port Profile Configuration Guide. 5. Bring the interface out of quarantine. no shutdown The interface comes back online. 6. Return shutdown control to the port profile. default shutdown |
After modifying a port profile, an assigned offline interface is quarantined. A system message similar to the following is logged:
%PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet4/3 has been quarantined due to Cache Overrun
|
The interface has been removed from the DVS. |
To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
A module and all associated interfaces are offline. A system message similar to the following is logged:
2011 Mar 2 22:28:50 switch %VSE_MGR-2-VSE_MGR_REMOVE_NO_HB: Removing VSE 3 (heartbeats lost)
2011 Mar 2 22:29:00 switch %VSE_MGR-2-MOD_OFFLINE: Module 3 is offline
|
- The VSE or the underlying host was powered down.
- There is a general loss of connectivity to the module.
|
Follow VSE troubleshooting guidelines to bring the module back online To bring the interface back online, see the “Recovering a Quarantined Offline Interface” section. |
Recovering a Quarantined Offline Interface
You can recover and bring online an interface that is offline and has been quarantined.
BEFORE YOU BEGIN
- Log in to the CLI in EXEC mode.
DETAILED STEPS
Step 1
Verify that the interface has been quarantined. The interface appears in the show command output.
show port-profile sync-status
Step 2
On vCenter server, add or associate the PNIC to a port profile (either the original port profile or a different port profile).
The interface comes back online.
Step 3
Verify that the interface has come back online.
show interface brief
Step 4
Verify the port profile-to-interface mapping.
show port-profile virtual usage
Step 5
Verify the interface has come out of quarantine automatically. The interface should no longer appear in the show command output.
show port-profile sync-status
Step 6
Return shutdown control to the port profile.
default shutdown
Port Profile Logs
To enable and collect detailed logs for port profiles, use the following commands:
- debug port-profile trace
- debug port-profile error
- debug port-profile all
- debug msp all
After enabling the debug log, the results of any subsequent port profile configuration are captured in the log file.
Port Profile Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to port profiles.
|
|
show port-profile |
Displays the port profile configuration. See Example 9-1 on page 9-7 . |
show port-profile name name |
Displays the configuration for a named port profile. See Example 9-2 on page 9-8 . |
show port-profile brief |
Displays a tabular view of all configured port profiles. See Example 9-3 on page 9-8 . |
show port-profile expand-interface |
Displays all configured port profiles expanded to include the interfaces assigned to them. See Example 9-4 on page 9-9 . |
show port-profile expand-interface name name |
Displays a named port profile expanded to include the interfaces assigned to it. See Example 9-5 on page 9-9 . |
show port-profile-role [ name port-profile-role-name ] |
Displays the port profile role configuration, including role names, descriptions, assigned users, and assigned groups. See Example 9-7 on page 9-11 . |
show running-config port-profile [ profile-name ] |
Displays the port profile configuration. See Example 9-6 on page 9-10 . |
show port-profile-role |
Displays the port profile role configuration. See Example 9-7 on page 9-11 . |
show port-profile-role users |
Displays the available users and groups. See Example 9-8 on page 9-11 . |
show port-profile virtual usage [ name profile-name ] |
Displays the port profile usage by interface. See Example 9-9 on page 9-11 . |
show msp internal info |
Displays the port profile mappings on vCenter server and configured roles. |
show system internal port-profile profile-fsm |
Displays the port profile activity on the Cisco Nexus 1000VE, including transitions such as inherits and configurations. If the following displays, then all inherits are processed: Curr state: [PPM_PROFILE_ST_SIDLE] See Example 9-11 on page 9-15 . |
show system internal port-profile event-history msgs |
Displays the messages logged about port profile events within the Cisco Nexus 1000VE. See Example 9-12 on page 9-16 . |
For detailed information about show command output, see the Cisco Nexus 1000V Command Reference.
EXAMPLES
Example 9-1 show port-profile Command
switch# show port-profile
port-profile inside-trunk1
description: Port-group created for Nexus 1000V internal usage. Do not use.
switchport trunk allowed vlan 1-50
evaluated config attributes:
switchport trunk allowed vlan 1-50
port-group: inside-trunk1
capability iscsi-multipath: no
capability l3-vservice: no
port-profile inside-trunk2
description: Port-group created for Nexus 1000V internal usage. Do not use.
switchport trunk allowed vlan 2047-2096
evaluated config attributes:
switchport trunk allowed vlan 2047-2096
port-group: inside-trunk2
capability iscsi-multipath: no
capability l3-vservice: no
Example 9-2 show port-profile name Command
switch# show port-profile name vlan222
switchport access vlan 222
evaluated config attributes:
switchport access vlan 222
capability iscsi-multipath: no
capability l3-vservice: no
Example 9-3 show port-profile brief Command
switch# show port-profile brief
--------------------------------------------------------------------------------
Port Profile Profile Eval Max Assigned Child
Profile Type State Items Ports Ports Profs
--------------------------------------------------------------------------------
inside-trunk1 Vethernet 1 3 32 0 0
inside-trunk2 Vethernet 1 3 32 0 0
l3ctrl Vethernet 1 3 32 0 0
outside-trunk Ethernet 1 3 512 0 0
Unused_Or_Quarantine_Veth Vethernet 1 0 32 0 0
uplink-pp Ethernet 1 3 512 2 0
vlan222 Vethernet 1 3 32 2 0
vlan223 Vethernet 1 3 32 2 0
--------------------------------------------------------------------------------
Profile Assigned Total Sys Parent Child UsedBy
Type Intfs Prfls Prfls Prfls Prfls Prfls
--------------------------------------------------------------------------------
Example 9-4 show port-profile expand-interface Command
switch# show port-profile expand-interface
port-profile inside-trunk1
port-profile inside-trunk2
port-profile outside-trunk
port-profile Unused_Or_Quarantine_Veth
switchport trunk allowed vlan 181,220-229
switchport trunk allowed vlan 181,220-229
switchport access vlan 222
switchport access vlan 222
switchport access vlan 223
switchport access vlan 223
Example 9-5 show port-profile expand-interface name Command
switch# show port-profile expand-interface name uplink-pp
switchport trunk allowed vlan 181,220-229
switchport trunk allowed vlan 181,220-229
Example 9-6 show running-config port-profile Command
switch# show running-config port-profile
port-profile default max-ports 32
port-profile type vethernet Unused_Or_Quarantine_Veth
port-binding static auto expand
description Port-group created for Nexus 1000V internal usage. Do not use.
port-profile type ethernet outside-trunk
switchport trunk allowed vlan 1-3967,4048-4093
description Port-group created for Nexus 1000V internal usage. Do not use.
port-profile type vethernet inside-trunk1
switchport trunk allowed vlan 1-50
description Port-group created for Nexus 1000V internal usage. Do not use.
port-profile type vethernet inside-trunk2
switchport trunk allowed vlan 2047-2096
description Port-group created for Nexus 1000V internal usage. Do not use.
port-profile type vethernet vlan222
switchport access vlan 222
port-profile type ethernet uplink-pp
switchport trunk allowed vlan 181,220-229
port-profile type vethernet l3ctrl
switchport access vlan 181
port-profile type vethernet vlan223
switchport access vlan 223
inherit port-profile vlan223
inherit port-profile vlan222
inherit port-profile vlan222
inherit port-profile vlan223
inherit port-profile uplink-pp
inherit port-profile uplink-pp
Example 9-7 show port-profile-role Command
switch# show port-profile-role name adminUser
Example 9-8 show port-profile-role users Command
switch#
show port-profile-role users
Groups:
Administrators
TestGroupB
Users:
hdbaar
fgreen
suchen
mariofr
Example 9-9 show port-profile virtual usage Command
switch# show port-profile virtual usage
-------------------------------------------------------------------------------
Port Profile Port Adapter Owner
-------------------------------------------------------------------------------
vlan222 Veth2 Net Adapter 2 test-vm1
Veth3 Net Adapter 2 test-vm3
uplink-pp Eth3/1 eth1 172.23.233.17
Eth4/1 eth1 172.23.181.156
vlan223 Veth1 Net Adapter 2 test-vm2
Veth4 Net Adapter 2 test-vm4
Example 9-10 show msp internal info Command
switch# show msp internal info
port-profile inside-trunk1
active used ports count: 3
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: 37a5cc5a-81f2-44dc-94ee-76e9bf7e766e
port-profile inside-trunk2
active used ports count: 3
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: 1d066e56-afcd-46e3-a9ad-b643842e166c
active used ports count: 0
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: 301ffcc4-a296-411b-ad9c-b598bfdcf59c
port-profile outside-trunk
active used ports count: 0
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: eb445392-b9f9-4c8b-9463-add3d1729d1d
port-profile Unused_Or_Quarantine_Veth
active used ports count: 0
Port-profile alias information
pg name: Unused_Or_Quarantine_Veth
pg id: Unused_Or_Quarantine_Veth
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: 1c176aec-02d2-4377-9fae-4d278548dfe5
active used ports count: 0
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: d876121c-8688-4de3-bc9e-68ab7eed06ba
active used ports count: 0
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: c5e59050-7ba8-48ab-bba5-65b32532ca5a
active used ports count: 0
Port-profile alias information
dvs uuid: 50 12 e0 5d 1c 63 22 76-7b 77 69 b7 27 dc 0c 2e
pg id: 8176c0d3-f714-4f86-91bf-f8584074b44a
global_inherit_ifindex_count: 0
global_inherit_info.rt_data.restored_from_pss: 0
global_inherit_info.rt_data.inherit_in_progress: 0
third_party_app_conf.connection_state[VMWARE_VC] =1
third_party_app_conf.sync_state[VMWARE_VC] = 1PPM restore_complete:TRUE
opq_data_info.ppm_sdb_restored:1
Unable to read nsmgr_restore_state
opq_data_info.nsm_sdb_restored:0
Example 9-11 show system internal port-profile profile-fsm Command
switch# show system internal port-profile profile-fsm
>>>>FSM: <PROFILE_FSM:1> has 4 logged transitions<<<<<
1) FSM:<PROFILE_FSM:1> Transition at 856903 usecs after Tue Mar 8 19:11:47 2011
Previous state: [PPM_PROFILE_ST_SIDLE]
Triggered event: [PPM_PROFILE_EV_EIF_STATUS_CHANGE]
Next state: [PPM_PROFILE_ST_SIDLE]
2) FSM:<PROFILE_FSM:1> Transition at 858442 usecs after Tue Mar 8 19:11:47 2011
Previous state: [PPM_PROFILE_ST_SIDLE]
Triggered event: [PPM_PROFILE_EV_ELEARN]
Next state: [PPM_PROFILE_ST_SIF_CREATE]
3) FSM:<PROFILE_FSM:1> Transition at 842710 usecs after Tue Mar 8 19:12:04 2011
Previous state: [PPM_PROFILE_ST_SIF_CREATE]
Triggered event: [PPM_PROFILE_EV_EACKNOWLEDGE]
Next state: [FSM_ST_NO_CHANGE]
4) FSM:<PROFILE_FSM:1> Transition at 873872 usecs after Tue Mar 8 19:12:04 2011
Previous state: [PPM_PROFILE_ST_SIF_CREATE]
Triggered event: [PPM_PROFILE_EV_ESUCCESS]
Next state: [PPM_PROFILE_ST_SIDLE]
Curr state: [PPM_PROFILE_ST_SIDLE]
Example 9-12 show system internal port-profile event-history msgs Command
switch# show system internal port-profile event-history msgs
1) Event:E_MTS_RX, length:60, at 538337 usecs after Tue Mar 8 19:13:02 2011
[NOT] Opc:MTS_OPC_IM_IF_CREATED(62467), Id:0X0000B814, Ret:SUCCESS
Src:0x00000101/175, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:120
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 29
2) Event:E_MTS_RX, length:60, at 515030 usecs after Tue Mar 8 19:13:02 2011
[NOT] Opc:MTS_OPC_LC_ONLINE(1084), Id:0X0000B7E8, Ret:SUCCESS
Src:0x00000101/744, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:234
0x0000: 02 00 00 03 00 00 00 00 00 00 03 02 03 02 00 00
3) Event:E_MTS_RX, length:60, at 624319 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003908, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26
4) Event:E_MTS_RX, length:60, at 624180 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003905, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26
5) Event:E_MTS_RX, length:60, at 624041 usecs after Tue Mar 8 19:12:05 2011
[NOT] Opc:MTS_OPC_PPM_INTERFACE_UPDATE(152601), Id:0X00003903, Ret:SUCCESS
Src:0x00000101/489, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:107
0x0000: 00 00 00 02 00 00 00 02 00 00 00 0c 00 00 00 26