Creating a network access group, Modifying network access groups – HP Virtual Connect 8Gb 24-port Fibre Channel Module for c-Class BladeSystem User Manual
Page 131
Configuring the Virtual Connect domain using the CLI 131
•
HP pre-defined MAC address range (recommended). These pre-defined ranges are reserved and are
not the factory default on any hardware. There are 64 ranges of 1024 unique addresses to choose
from. Be sure to use each range only once within a data center.
1024 unique addresses might not be enough for a large configuration (multiple enclosures with many
Flex-10 NICs). If you plan a domain of this type, determine the number of MAC addresses you are likely
to use, and then select an option that provides the domain with sufficient MAC addresses.
•
User-defined MAC address range. To avoid potential conflict with other hardware MAC addresses in
the environment, consider using a subrange of MAC addresses reserved by the IEEE for
locally-administered MAC addresses. Ensure that the range does not conflict with any Ethernet device
already deployed within the enterprise.
IMPORTANT:
If you plan to use Insight Control Server Deployment for RedHat Linux installation
and also plan to use User- or HP-defined MAC addresses, you must import the enclosure and
assign profiles before running Insight Control Server Deployment.
NOTE:
After any server profiles are deployed using a selected MAC address range, that range
cannot be changed until all server profiles are deleted.
Creating a network access group
Before VC 3.30, any server profile could be assigned any set of networks. If policy dictated that some
networks should not be accessed by a system that accessed other networks (for example, the Intranet and the
Extranet) there was no way to enforce that policy automatically.
With VC 3.30 and later, network access groups are defined by the network administrator and associated
with a set of networks that can be shared by a single server. Each server profile is associated with one
network access group. A network cannot be assigned to the server profile unless it is a member of the network
access group associated with that server profile. A network access group can contain multiple networks.
Up to 128 network access groups are supported in the domain. Ethernet networks and server profiles that are
not assigned to a specific network access group are added to the domain Default network access group
automatically. The Default network access group is predefined by VCM and cannot be removed or renamed.
If you are updating to VC 3.30, all current networks are added to the Default network access group and all
server profiles are set to use the Default network access group. Network communication within the Default
network access group behaves similarly to earlier versions of VC firmware, because all profiles can reach all
networks.
If you create a new network access group, NetGroup1, and move existing networks from the Default network
access group to NetGroup1, then a profile that uses NetGroup1 cannot use networks included in the Default
network access group. Similarly, if you create a new network and assign it to NetGroup1 but not to the
Default network access group, then a profile that uses the Default network access group cannot use the new
network.
To create a network access group, use the add network-access-group command:
>add network-access-group MyGroupName
The network access group name must be unique within the data center, and can be up to 64 characters
without spaces or special characters except for ".", "-", and "_".
Modifying network access groups
To modify network access groups, use the set network-access-group command: