Objective 2.1 covers off some other components in regards distributed switches so I thought I would just group them all together in this post since there isn't a whole lot to getting the setup.
First up, SNMP
Remember a week or so ago when we went over how to manage hosts with the vSphere Management Assistant? Well I hope you paid attention as we will need to have our hosts connected to the vMA in order to configure SNMP (technically you could do it with any instance of the vSphere CLI but the vMA is already there for you on the exam so you might as well use it). We will need to use a command called vicfg-snmp in order to setup a trap target on our hosts. So to start off, let's set a host target with the following command
|
1 |
vifptarget -s host1.lab.local |
Once our host is set as the target host we can start to configure SNMP. First off, let's specify our target server, port, and community name. For a target server of 192.168.199.5 on the default port of 162 and a community name of Public we can use the following command
|
1 |
vicfg-snmp -t 192.168.199.5@162/Public |
Now, simply enable SNMP on the host with -E
|
1 |
vicfg-snmp -E |
You know what, your done! Want to test it, use -T. Check your SNMP server to be sure you have recieved the trap!
|
1 |
vicfg-snmp -T |
I would definitely recommend exploring the rest of the options with vicfg-snmp. You can do so by browsing the help of the command. Look at things like multiple communities (-c), how to reset the settings to default (-r), and how to list out the current configuration (-s) etc…
|
1 |
vicfg-snmp --help |
Also, don't forget you need to do this on all of your hosts! Keep in mind that vCenter also has SNMP settings. These are configured in the vCenter Server Settings under the SNMP section. There is a complete GUI around this so I'm not going to go over how to configure these.
NetFlow
Netflow is configured on the settings of your dvSwitch (Right-click dvSwitch->Edit Settings) on the NetFlow tab. There are a number of items we can configure here. First off, our collector IP and port. This is the IP and port of the actual NetFlow collector where we are sending the data too. To allow all of your traffic to appear as coming from a single source, rather than multiple ESX management networks you can specify an IP address for the dvSwitch here as well. This doesn't actually live on your network, just shows up in your NetFlow collector.
There are a few other settings here as well; Active Flow Export Timeout and Idle Flow Export Timeout handle timeouts for the flows, whereas the sampling rate determins what portion of data to collect. IE, a sampling rate of 2 will collect every other packet, 5, every fifth packet and so on. The Process internal flows only will only collect data between VMs on the same host. That's really it for netflow, not that hard to configure.
Port Mirroring
I supposed you may be asked to mirror a certain port to an uplink or VM on the exam so it's probably best to go over this. First off if you were asked to mirror traffic from VMA to VMB then yo1u need to determine what ports these VMs are attached to. You can see this on the Ports tab of the dvSwitch. Just sort by the 'Connectee' column and find their corresponding Port IDs. For the sake of this example let's say VMA is on port 150 and VMB is on 200.
To do the actual mirroring we need to be on the Port Mirroring tab of the dvSwitches settings. Here we can click 'Add' to setup the mirror. As shown we give our session a name and description as well as there is a few settings regarding encapsulating VLANs and the maximum lenght or packet to capture.
The next couple of steps simply setup our source and destination for our mirror. To follow our example we can use 150 for the source, and port 200 for the destination. Unless we explicity check the 'Enable' box when completing the setup, all port mirrors are disabled by default. They can be enabled by going back into the session and explicitly enabling the session.
I'm going to practice setting these up until I can do it with my eyes closed. They are something that I don't use that option in my day to day operations, but I also recognize that the VCAP may ask you to do these are they can easily be scored.
Hi Mike!
Thx for your great series of VCAP posts!
Regarding the NetFlow config didn´t you miss to enable NetFlow on the specific Port Groups?
If you have done the global configuration on the vDS itself you still have the option “NetFlow status” set as “Disabled” below each individual Port Groups (Edit Settings -> Policies -> Monitoring).
Cheers,
Mario
Great info Mario, thanks so much – I did miss that!