Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

N1Kv - change management vlan

Hi experts,

I am very new to this virtual switch product. We run VSMs on Nexus 1010. It currently uses different vlans for management and control.

svs-domain

  domain id 200

  control vlan 2890

  management vlan 643

  svs mode L2

We want to change the vlan 643 to 613. IP subnet will stay the same. My question is, will this cause down time?

I would also appreciate very much if you can provide documents which explain to no-vmware-exposure people what control, management and packet vlan do in the VSM. I don't see the VSM has packet vlan configured. How can I find that out?

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: N1Kv - change management vlan

In L3 mode the control and packet networks are not officially used however I have run into issues if they are not avalible its a bit odd with Cisco. 

When you change managment VLAN for the VSM you will disrupt communications between the VSM and vCenter as they communicate over their respective managment IP addresses.  If your vCenter is in the samve VLAN as your VSM managment IP you will need to change the VLAN access for both. 

Are you planning to change the IP address of the VSM or just the VLAN?  If you are simply moving the VLAN only then once you move the route point from the old VLAN to the new VLAN everything should connect back up.  Again traffic will flow even if VSM and vCenter can not communicate, you just cant make configuration changes.  Again I am one who ares on the side of caution and would do this after hours on in a maintinace window.

6 REPLIES
New Member

Re: N1Kv - change management vlan

I actually had to change the management VLAN and IP of a live production VSM with complete success. However I strongly advise migration everything back to standard VM switching as a precaution. It should be noted in my configuration the VSM and VEM are operating in L3 mode.

If you are just changing the VLAN ID then the VEM and VSM will not communicate properly until the changes are completed however the VEMs will keep passing traffic. You will not be able to make configuration changes to the ESX cluster or VM networking. Make sure to update the system VLAN with the new ID on the uplinks. The VEM and VSM initial communications need the correct system VLANs to be declared. If you are going this route you may want to consider changing over to L3 mode. Cisco is moving away from the L2 designs, also L3 mode is default in the newer version of code.

Hope this helps.

Sent from Cisco Technical Support iPad App

New Member

Re: N1Kv - change management vlan

Hi Michael, I think I might run L3 mode... I am really confused with configuration under the VSA and VSM... Apparently one runs L3 mode and another runs L2 mode... Could you explain to me more on this? Thanks!

Here is 1000v VSM config

svs-domain

  domain id 202

  control vlan 2890

  packet vlan 2890

  svs mode L3 interface control0

Here is the VSA config

svs-domain

  domain id 200

  control vlan 2890

  management vlan 643

  svs mode L2

New Member

Re: N1Kv - change management vlan

It looks as if your VSM is already operating in L3 mode and that will make things a bit easier.  You should find a port profile in your VSM that has a command 'capability l3control'.  This command basically tells the VSM that it should listen for l3 control traffic from the VEM's on that VLAN/port-profile.  Do the ESX hosts live in the same VLAN as the VSM managment interface?  If the l3control command is on the port profile that the ESX hosts are attached and you are not changing their IP or VLAN then you should not have to change anything there.  Be sure to add the new VLAN to your uplink profiles or your VSA uplink trunks if your running trunking. 

You may also want to consult with TAC as they can give you more precise information and assistance. 

New Member

Re: N1Kv - change management vlan

Thank you Michael. I have a ticket open with IBM (we don't engage with Cisco directly unless escalation is required). They are also working on this for me. However I always get valuable help here so I decide to get 2nd opinion here as well

Yes you are right that I have a profile with "capability l3control" here. The vlan in that profile is 2882, so different from mgmt, or control vlan... So my understanding is that, ESX hosts have interface in vlan 2882. They use that interface to talk to VSM in control vlan 2890. When I change mgmt vlan 643 to 613, I shouldn't affect any actual data from the VMware servers, correct?

Is this all I have to do on the VSA? Do I need to do anything on the VSM?

svs-domain
    management vlan 613

end

copy running-config startup-config

      

From IBM support I am told that I need to do a reload of the VSA. Will reload cause any upset with the production data on the vmware servers?

Thanks!

New Member

Re: N1Kv - change management vlan

In L3 mode the control and packet networks are not officially used however I have run into issues if they are not avalible its a bit odd with Cisco. 

When you change managment VLAN for the VSM you will disrupt communications between the VSM and vCenter as they communicate over their respective managment IP addresses.  If your vCenter is in the samve VLAN as your VSM managment IP you will need to change the VLAN access for both. 

Are you planning to change the IP address of the VSM or just the VLAN?  If you are simply moving the VLAN only then once you move the route point from the old VLAN to the new VLAN everything should connect back up.  Again traffic will flow even if VSM and vCenter can not communicate, you just cant make configuration changes.  Again I am one who ares on the side of caution and would do this after hours on in a maintinace window.

New Member

Re: N1Kv - change management vlan

Hey Michael, thanks so much for the information. Yes I am just changing vlan ID, not IP address or subnet. Exactly like you said, I expect everything to come back up after I move the IPs on my 6500 core (gateway). And yes I will do it in the midnight just in case.

549
Views
4
Helpful
6
Replies
CreatePlease login to create content