Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
4
Replies

Nexus 1000v "veth" physical control question ?

dumlutimuralp
Level 1
Level 1

‎10-26-2010 08:01 AM - edited ‎03-01-2019 06:52 AM

Hi all,

I have a question about administering the veths on a VSM.

In a real physical network, in order to maintain physical security in a LAN environment, we, as Network Administrators put the unused switchports in “shutdown” state.

However, in a VMWARE virtualized environment, once you created a port-profile on VSM, it shows up on vCenter. When the VMWARE administrator assigns a VMs’ NIC card to that port-profile that VM can begin to communicate on that VLAN immediately. How am I gonna have the same control level in this virutalized environment as in a physical LAN ?

Seems like Cisco recommends not to play with veths directly cause veths are tied to VM s vNICs. They say so on Networkers slide deck.

Thanks in advance.

Dumlu

Labels:
0 Helpful
4 Replies 4

Sebastian Helmer
Level 5
Level 5

‎10-30-2010 02:27 AM

Hi Dumlu,

I never thought about that, but portsecurity could help you? Here you can allow just the MAC's you want. maybe a workaround.

regards,

Sebastian

0 Helpful

dumlutimuralp
Level 1
Level 1
In response to Sebastian Helmer

‎10-30-2010 03:19 AM

Hi Sebastian,

Thank you for your response. Apparently, we can configure port security under a vethernet port so once that new server is powered up, then dynamically a new vethernet port is created on Nexus1K, right after that I can configure that vethernet port characteristcis. But the server has already got network access ? I need to find a method which prevents that server from access the network prior to that...

Thanks again.

Dumlu

0 Helpful

Sebastian Helmer
Level 5
Level 5
In response to dumlutimuralp

‎10-30-2010 09:56 AM

Hi Dumlu,

I understand your claim. But from the Nexus side I see no change. When you connect a maschine to a port-profice a veth will created until you delete the maschine. The only change I see is to prevent it on vCenter site, but I believe your colleauges will not play with you on this side ..

My suggestion, remove the Network permission from the server admins and you will get maybe just network rights in vCenter. This could work. But I'm not a VM specialist I just now that there are some posibilities to customize the permissions.

Check this guide.

http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf

-Sebastian

0 Helpful

dumlutimuralp
Level 1
Level 1
In response to Sebastian Helmer

‎10-31-2010 03:55 AM

Hi again Sebastian,

Actually thats what Ive had in mind so far. Yeah, in vCenter you have such customized permission lists, and that was what I suggested the customer should do. But still I though that there has to be some way to prevent this from the Nexus side

thanks anyways....

Dumlu

0 Helpful
Customers Also Viewed These Support Documents