If you only want to use local authentication, configure the XNV-enabled switches as follows:
configure vm-tracking authentication database-order local
To enable dynamic VLAN, issue the following command:
enable vm-tracking dynamic-vlan ports 19
To add Uplinkports to Dynamic VLAN:
configure vlan dynamic-vlan uplink-ports add ports port_no
To delete the uplink port:
configure vlan dynamic-vlan uplink-ports delete ports port_no
The following is the policy1.pol file for Port 21 in the ingress direction:
entry nvpp1 {
if match all {
ethernet-destination-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ;
} then {
deny ;
count host1
} }
The following is the policy2.pol file for Port 21 in the egress direction:
entry nevpp1 {
if match all {
ethernet-source-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ;
} then {
deny ;
count h1
} }
The following commands configure VM authentication in the local database:
create vm-tracking local-vm mac-address 00:04:96:27:C8:23 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 ip-address 11.1.1.101 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 name myVm1 create vm-tracking vpp vpp1 configure vm-tracking vpp vpp1 add ingress policy policy1 configure vm-tracking vpp vpp1 add egress policy policy2 configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 vpp vpp1
The following commands used to create VM-mac with vlan-tag, and Vr for Dynamic vlan creation:
create vm-tracking local-vm mac-address 00:00:00:00:00:01 configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vpp lvpp1 configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vlan-tag 1000 vr VR-Default configure vm-tracking vpp lvpp1 vlan-tag 2000
The following commands display the switch XNV feature status after configuration:
* Switch.67 # show vm-tracking local-vm
MAC Address IP Address Type Value
------------------------------------------------------------------------------
00:00:00:00:00:01 VM
VPP lvpp1
VLAN Tag 1000
VR Name VR-Default
Number of Local VMs: 1
* Switch.69 # show vm-tracking vpp
VPP Name Type Value
-----------------------------------------------------------------------------------
lvpp1 origin local
counters none
VLAN Tag 2000
VR Name Vr-Default
ingress policy1
egress policy2
Number of Local VPPs : 1
Number of Network VPPs: 0
Switch.71 # show vm-tracking
-----------------------------------------------------------
VM Tracking Global Configuration
-----------------------------------------------------------
VM Tracking : Enabled
VM Tracking authentication order: nms vm-map local
VM Tracking nms reauth period : 0 (Re-authentication disabled)
VM Tracking blackhole policy : none
-----------------------------------------------------------
Port : 19
VM Tracking : Enabled
VM Tracking Dynamic VLAN : Enabled
Flags
MAC APC IP Address Type Value
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
Flags :
(A)uthenticated : L - Local, N - NMS, V - VMMAP
(P)olicy Applied : B - All Ingress and Egress, E - All Egress, I - All Ingress
(C)ounter Installed : B - Both Ingress and Egress, E - Egress Only, I - Ingress Only
Type :
IEP - Ingress Error Policies
EEP - Egress Error Policies
Number of Network VMs Authenticated: 0
Number of Local VMs Authenticated : 0
Number of VMs Authenticated : 0
Switch.73 # show policy
Policies at Policy Server:
PolicyName ClientUsage Client BindCount
--------------------------------------------------------------------------
policy1 1 acl 1
policy2 1 acl 1