If you only want to use local authentication, configure the XNV-enabled switches as follows:
configure vm-tracking authentication database-order local
To enable dynamic VLAN, issue the following command:
enable vm-tracking dynamic-vlan ports 19
To add Uplinkports to Dynamic VLAN:
configure vlan dynamic-vlan uplink-ports add ports port_no
To delete the uplink port:
configure vlan dynamic-vlan uplink-ports delete ports port_no
The following is the policy1.pol file for Port 21 in the ingress direction:
entry nvpp1 { if match all { ethernet-destination-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ; } then { deny ; count host1 } }
The following is the policy2.pol file for Port 21 in the egress direction:
entry nevpp1 { if match all { ethernet-source-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ; } then { deny ; count h1 } }
The following commands configure VM authentication in the local database:
create vm-tracking local-vm mac-address 00:04:96:27:C8:23 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 ip-address 11.1.1.101 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 name myVm1 create vm-tracking vpp vpp1 configure vm-tracking vpp vpp1 add ingress policy policy1 configure vm-tracking vpp vpp1 add egress policy policy2 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 vpp vpp1
The following commands used to create VM-mac with vlan-tag, and Vr for Dynamic vlan creation:
create vm-tracking local-vm mac-address 00:00:00:00:00:01 configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vpp lvpp1 configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vlan-tag 1000 vr VR-Default configure vm-tracking vpp lvpp1 vlan-tag 2000
The following commands display the switch XNV feature status after configuration:
* Switch.67 # show vm-tracking local-vm MAC Address IP Address Type Value ------------------------------------------------------------------------------ 00:00:00:00:00:01 VM VPP lvpp1 VLAN Tag 1000 VR Name VR-Default Number of Local VMs: 1 * Switch.69 # show vm-tracking vpp VPP Name Type Value ----------------------------------------------------------------------------------- lvpp1 origin local counters none VLAN Tag 2000 VR Name Vr-Default ingress policy1 egress policy2 Number of Local VPPs : 1 Number of Network VPPs: 0 Switch.71 # show vm-tracking ----------------------------------------------------------- VM Tracking Global Configuration ----------------------------------------------------------- VM Tracking : Enabled VM Tracking authentication order: nms vm-map local VM Tracking nms reauth period : 0 (Re-authentication disabled) VM Tracking blackhole policy : none ----------------------------------------------------------- Port : 19 VM Tracking : Enabled VM Tracking Dynamic VLAN : Enabled Flags MAC APC IP Address Type Value ---------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- Flags : (A)uthenticated : L - Local, N - NMS, V - VMMAP (P)olicy Applied : B - All Ingress and Egress, E - All Egress, I - All Ingress (C)ounter Installed : B - Both Ingress and Egress, E - Egress Only, I - Ingress Only Type : IEP - Ingress Error Policies EEP - Egress Error Policies Number of Network VMs Authenticated: 0 Number of Local VMs Authenticated : 0 Number of VMs Authenticated : 0 Switch.73 # show policy Policies at Policy Server: PolicyName ClientUsage Client BindCount -------------------------------------------------------------------------- policy1 1 acl 1 policy2 1 acl 1