Creating a network access group, Modifying network access groups, Displaying network access groups – HP Virtual Connect 8Gb 24-port Fibre Channel Module for c-Class BladeSystem User Manual
Page 136
Configuring the Virtual Connect domain using the CLI 136
IMPORTANT:
If you plan to use Insight Control Server Deployment for RedHat Linux installation
and also plan to use User- or HP-defined MAC addresses, you must import the enclosure and
assign profiles before running Insight Control Server Deployment.
NOTE:
After any server profiles are deployed using a selected MAC address range, that range
cannot be changed until all server profiles are deleted.
Creating a network access group
Before VC 3.30, any server profile could be assigned any set of networks. If policy dictated that some
networks should not be accessed by a system that accessed other networks (for example, the Intranet and the
Extranet) there was no way to enforce that policy automatically.
With VC 3.30 and later, network access groups are defined by the network administrator and associated
with a set of networks that can be shared by a single server. Each server profile is associated with one
network access group. A network cannot be assigned to the server profile unless it is a member of the network
access group associated with that server profile. A network access group can contain multiple networks.
Up to 128 network access groups are supported in the domain. Ethernet networks and server profiles that are
not assigned to a specific network access group are added to the domain Default network access group
automatically. The Default network access group is predefined by VCM and cannot be removed or renamed.
If you are updating to VC 3.30, all current networks are added to the Default network access group and all
server profiles are set to use the Default network access group. Network communication within the Default
network access group behaves similarly to earlier versions of VC firmware, because all profiles can reach all
networks.
If you create a new network access group, NetGroup1, and move existing networks from the Default network
access group to NetGroup1, then a profile that uses NetGroup1 cannot use networks included in the Default
network access group. Similarly, if you create a new network and assign it to NetGroup1 but not to the
Default network access group, then a profile that uses the Default network access group cannot use the new
network.
To create a network access group, use the add network-access-group command:
>add network-access-group MyGroupName
The network access group name must be unique within the data center, and can be up to 64 characters
without spaces or special characters except for ".", "-", and "_".
Modifying network access groups
To modify network access groups, use the set network-access-group command:
>set network-access-group NetGroup1 Name=NewNetGroupName
•
To add additional network members to the network access group, use the add nag-network
command:
>add nag-network nag=NetGroup1 network=Net3,Net4,Net5
•
To remove specified network members from the network access group, use the remove nag-network
command:
>remove nag-network nag=NetworkGroup1 network=Net4,Net5
Displaying network access groups
To display network access groups, use the show network-access-group command: