Local VM Authentication Configuration

If you only want to use local authentication, configure the XNV-enabled switches as follows:

configure vm-tracking authentication database-order local

To enable dynamic VLAN, issue the following command:

enable vm-tracking dynamic-vlan ports 19

To add Uplinkports to Dynamic VLAN:

configure vlan dynamic-vlan uplink-ports add ports port_no

To delete the uplink port:

configure vlan dynamic-vlan uplink-ports delete ports port_no

The following is the policy1.pol file for Port 21 in the ingress direction:

entry nvpp1 {
if match all {
ethernet-destination-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ;
} then {
deny ;
count host1
} }

The following is the policy2.pol file for Port 21 in the egress direction:

entry nevpp1 {
if match all {
ethernet-source-address 00:04:96:00:00:00 / ff:ff:ff:00:00:00 ;
} then {
deny ;
count h1
} }

The following commands configure VM authentication in the local database:

create vm-tracking local-vm mac-address 00:04:96:27:C8:23
configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 ip-address 11.1.1.101
configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 name myVm1
create vm-tracking vpp vpp1
configure vm-tracking vpp vpp1 add ingress policy policy1
configure vm-tracking vpp vpp1 add egress policy policy2
configure vm-tracking local-vm mac-address 00:04:96:27:C8:23 vpp vpp1

The following commands used to create VM-mac with vlan-tag, and Vr for Dynamic vlan creation:

create vm-tracking local-vm mac-address 00:00:00:00:00:01
configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vpp lvpp1
configure vm-tracking local-vm mac-address 00:00:00:00:00:01 vlan-tag 1000 vr VR-Default
configure vm-tracking vpp lvpp1 vlan-tag 2000

The following commands display the switch XNV feature status after configuration:

* Switch.67 # show vm-tracking local-vm

MAC Address        IP Address        Type     Value
------------------------------------------------------------------------------
00:00:00:00:00:01                    VM
                                     VPP      lvpp1
                                     VLAN Tag 1000
                                     VR Name  VR-Default
Number of Local VMs: 1
* Switch.69 # show vm-tracking vpp

VPP Name                         Type       Value
-----------------------------------------------------------------------------------
lvpp1                            origin     local
                                 counters   none
                                 VLAN Tag   2000
                                 VR Name Vr-Default
ingress             policy1
egress              policy2
Number of Local VPPs : 1
Number of Network VPPs: 0
Switch.71 # show vm-tracking
-----------------------------------------------------------
   VM Tracking Global Configuration
-----------------------------------------------------------
VM Tracking                     : Enabled
VM Tracking authentication order: nms vm-map local
VM Tracking nms reauth period   : 0 (Re-authentication disabled)
VM Tracking blackhole policy    : none
-----------------------------------------------------------

Port                         : 19
VM Tracking                  : Enabled
VM Tracking Dynamic VLAN     : Enabled

                   Flags
MAC                APC   IP Address      Type     Value
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------

Flags :
  (A)uthenticated     : L - Local, N - NMS, V - VMMAP
  (P)olicy Applied    : B - All Ingress and Egress, E - All Egress, I - All Ingress
  (C)ounter Installed : B - Both Ingress and Egress, E - Egress Only, I - Ingress Only

Type :
  IEP - Ingress Error Policies
  EEP - Egress Error Policies

Number of Network VMs Authenticated: 0
Number of Local VMs Authenticated  : 0
Number of VMs Authenticated        : 0
Switch.73 # show policy
Policies at Policy Server:
PolicyName                   ClientUsage     Client          BindCount
--------------------------------------------------------------------------
policy1                          1               acl             1
policy2                          1               acl             1