Creating a network access group, Modifying network access groups – HP Virtual Connect 4Gb Fibre Channel Module for c-Class BladeSystem User Manual

Configuring the Virtual Connect domain using the CLI 142

1024 unique addresses might not be enough for a large configuration (multiple enclosures with many

Flex-10 NICs). If you plan a domain of this type, determine the number of MAC addresses you are likely
to use, and then select an option that provides the domain with sufficient MAC addresses.

•

User-defined MAC address range. To avoid potential conflict with other hardware MAC addresses in
the environment, consider using a subrange of MAC addresses reserved by the IEEE for

locally-administered MAC addresses. Ensure that the range does not conflict with any Ethernet device

already deployed within the enterprise.

IMPORTANT:

If you plan to use Insight Control Server Deployment for RedHat Linux installation

and also plan to use User- or HP-defined MAC addresses, you must import the enclosure and
assign profiles before running Insight Control Server Deployment.

NOTE:

After any server profiles are deployed using a selected MAC address range, that range

cannot be changed until all server profiles are deleted.

Creating a network access group

Before VC 3.30, any server profile could be assigned any set of networks. If policy dictated that some

networks should not be accessed by a system that accessed other networks (for example, the Intranet and the

Extranet) there was no way to enforce that policy automatically.
With VC 3.30 and later, network access groups are defined by the network administrator and associated
with a set of networks that can be shared by a single server. Each server profile is associated with one

network access group. A network cannot be assigned to the server profile unless it is a member of the network

access group associated with that server profile. A network access group can contain multiple networks.
Up to 128 network access groups are supported in the domain. Ethernet networks and server profiles that are
not assigned to a specific network access group are added to the domain Default network access group

automatically. The Default network access group is predefined by VCM and cannot be removed or renamed.
If you are updating to VC 3.30, all current networks are added to the Default network access group and all

server profiles are set to use the Default network access group. Network communication within the Default

network access group behaves similarly to earlier versions of VC firmware, because all profiles can reach all
networks.
If you create a new network access group, NetGroup1, and move existing networks from the Default network

access group to NetGroup1, then a profile that uses NetGroup1 cannot use networks included in the Default

network access group. Similarly, if you create a new network and assign it to NetGroup1 but not to the
Default network access group, then a profile that uses the Default network access group cannot use the new

network.
To create a network access group, use the add network-access-group command:

>add network-access-group MyGroupName

The network access group name must be unique within the data center, and can be up to 64 characters

without spaces or special characters except for ".", "-", and "_".

Modifying network access groups

To modify network access groups, use the set network-access-group command:

>set network-access-group NetGroup1 Name=NewNetGroupName

•

To add additional network members to the network access group, use the add nag-network

command: