The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
This section describes how to install and complete the basic configuration of the Cisco VSG for Cisco Nexus 1000V Switch
The following table lists the terminology is used in the Cisco VSG implementation.
Term |
Description |
---|---|
Distributed Virtual Switch (DVS) |
Logical switch that spans one or more compute nodes. It is controlled by one VSM instance. |
NIC |
Network interface card. |
Open Virtual Appliance or Application (OVA) file |
Package that contains the following files used to describe a virtual machine and saved in a single archive using .TAR packaging: |
Open Virtual Machine Format (OVF) |
Platform-independent method of packaging and distributing Virtual Machines (VMs). |
OpenStack dashboard |
Provides administrators and users a graphical interface to access, provision, and automate cloud-based resources. |
Virtual Ethernet Module (VEM)/Compute node |
Part of the Cisco Nexus 1000V Series switch that switches data traffic. It runs on a KVM host. Up to 64 VEMs are controlled by one VSM. |
Virtual Machine (VM) |
Virtualized x86 PC environment in which a guest operating system and associated application software can run. Multiple VMs can operate on the same host system concurrently. |
VMotion |
Practice of migrating virtual machines live from server to server. (The Cisco VSGs cannot be moved by VMotion.) |
vPath |
Component in the Cisco Nexus 1000V Series switch with a VEM that directs the appropriate traffic to the Cisco VSG for policy evaluation. It also acts as fast path and can short circuit part of the traffic without sending it to the Cisco VSG. |
Virtual Security Gateway (VSG) |
Cisco software that secures virtual networks and provides firewall functions in virtual environments using the Cisco Nexus 1000V Series switch by providing network segmentation. |
Virtual Supervisor Module (VSM) |
Control software for the Cisco Nexus 1000V Series distributed virtual device that runs on a virtual machine (VM) and is based on Cisco NX-OS. |
The following components must be installed and configured:
On the Cisco Nexus 1000V Series switch, configure three VLANs, a service VLAN, a management VLAN, and an HA VLAN on the switch uplink ports. (The VLAN does not need to be the system VLAN.)
Details about configuring VLANs and port profiles on the Cisco Nexus 1000V Series switch are available in the Cisco Nexus 1000V Series switch documentation.
You can obtain the Cisco VSG software files at this URL:
http://www.cisco.com/en/US/products/ps13095/index.htmlYou can install the Cisco VSG software on a VM by using an open virtual appliance (OVA) file or an QCOW2 image file from the CD. Depending upon the type of file that you are installing, use one of the installation methods described in the following topics
You can install the Cisco VSG software on a VM by using an open virtual appliance (OVA) file or an QCOW2 image file.
Specify a name for the new Cisco VSG that is unique within the inventory folder and has up to 80 characters.
Copy the installation file (.QCOW2 or .ova file) to the OpenStack Controller Node.
Know the name of the host where the Cisco VSG will be installed in the inventory folder.
Know the name of the datastore in which the VM files will be stored.
Know the names of the network port profiles used for the VM.
Know the Cisco VSG IP address.
Know the mode in which you will be installing the Cisco VSG:
This section describes how to configure the initial settings on the Cisco VSG and configure a standby Cisco VSG with its initial settings. For configuring a standby Cisco VSG, see Configuring Initial Settings on a Standby Cisco VSG section.
When you power on the Cisco VSG for the first time, depending on which mode you used to install your Cisco VSG, you might be prompted to log in to the Cisco VSG to configure initial settings at the console of your OpenStack dashboard. For details about installing Cisco VSG, see Installing the Cisco VSG Software.
The following table determines if you must configure the initial settings as described in this section.
Your Cisco Virtual Security Gateway Software Installation Method |
Do You Need to Proceed with “Configuring Initial Settings”? |
---|---|
Installing an OVA file and choosing Manually Configure Nexus 1000 VSG in the configuration field during installation. |
Yes. Proceed with configuring initial settings described in this section. |
Installing an OVA file and choosing any of the options other than the manual method in the configuration field during installation. |
No. You have already configured the initial settings during the OVA file installation. |
Installing an QCOW2 file. |
Yes. Proceed with configuring initial settings described in this section. |
You can add a standby Cisco VSG by logging in to the Cisco VSG you have identified as secondary and using the following procedure to configure a standby Cisco VSG with its initial settings.
Step 1 | Navigate to the Console tab in the VM. Cisco Nexus 1000V Series switch opens the Console window and boots the Cisco VSG software. | ||
Step 2 | At the Enter the password for "admin" prompt, enter the password for the admin account and press Enter. | ||
Step 3 | At the prompt, confirm the admin password and press Enter. | ||
Step 4 | At the Enter HA role[standalone/primary/secondary] prompt, enter the secondary HA role and press Enter. | ||
Step 5 |
At the Enter the ha id(1-4095) prompt, enter 25 for the HA pair id and press Enter.
| ||
Step 6 | At the VSG login prompt, enter the name of the admin account you want to use and press Enter. The default account name is admin. | ||
Step 7 | At the Password prompt, enter the name of the password for the admin account and press Enter. You are now at the Cisco VSG node. |
To display the Cisco VSG configuration, perform one of the tasks:
Command |
Purpose |
---|---|
show interface brief |
Displays brief status and interface information. |
show vsg |
Displays the Cisco VSG and system-related information. |
This example shows how to verify the Cisco VSG configurations:
vsg# show interface brief -------------------------------------------------------------------------------- Port VRF Status IP Address Speed MTU -------------------------------------------------------------------------------- mgmt0 -- up 10.193.77.217 1000 1500 vsg# show vsg Model: VSG HA ID: 111 VSG software version: 5.2(1)VSG2(1.3) build [5.2(1)VSG2(1.3)] NSC IP: 14.52.0.9 NSC PA version: 2.1(2a)-vsg
After installing and completing the initial configuration of the Cisco VSG, you can configure firewall policies on the Cisco VSG through the Cisco PNSC.