Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Nexus 1000v "veth" physical control question ?

Hi all,

I have a question about administering the veths on a VSM.

In a real physical network, in order to maintain physical security in a LAN environment, we, as Network Administrators put the unused switchports in “shutdown” state.

However, in a VMWARE virtualized environment, once you created a port-profile on VSM, it shows up on vCenter. When the VMWARE administrator assigns a VMs’ NIC card to that port-profile that VM can begin to communicate on that VLAN immediately. How am I gonna have the same control level in this virutalized environment as in a physical LAN ?

Seems like Cisco recommends not to play with veths directly cause veths are tied to VM s vNICs. They say so on Networkers slide deck.

Thanks in advance.

Dumlu

4 REPLIES

Re: Nexus 1000v "veth" physical control question ?

Hi Dumlu,

I never thought about that, but portsecurity could help you? Here you can allow just the MAC's you want. maybe a workaround.

regards,

Sebastian

New Member

Re: Nexus 1000v "veth" physical control question ?

Hi Sebastian,

Thank you for your response. Apparently, we can configure port security under a vethernet port so once that new server is powered up, then dynamically a new vethernet port is created on Nexus1K, right after that I can configure that vethernet port characteristcis. But the server has already got network access ? I need to find a method which prevents that server from access the network prior to that...

Thanks again.

Dumlu

Re: Nexus 1000v "veth" physical control question ?

Hi Dumlu,

I understand your claim. But from the Nexus side I see no change. When you connect a maschine to a port-profice a veth will created until you delete the maschine. The only change I see is to prevent it on vCenter site, but I believe your colleauges will not play with you on this side ..

My suggestion, remove the Network permission from the server admins and you will get maybe just network rights in vCenter. This could work. But I'm not a VM specialist I just now that there are some posibilities to customize the permissions.

Check this guide.

http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf

-Sebastian

New Member

Re: Nexus 1000v "veth" physical control question ?

Hi again Sebastian,

Actually thats what Ive had in mind so far. Yeah, in vCenter you have such customized permission lists, and that was what I suggested the customer should do. But still I though that there has to be some way to prevent this from the Nexus side

thanks anyways....

Dumlu

618
Views
0
Helpful
4
Replies
CreatePlease to create content