The VEM is in unlicensed mode for VSG, while the Virtual Supervisor Module (VSM) of Cisco Nexus 1000V continues to show it licensed.
This issue affects deployments that have Cisco VSG integration with Cisco Nexus 1000V Series Switches. This issue occurs after upgrading the VSM of Cisco Nexus 1000V Series Switches to Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a) or earlier.
After an upgrade, the device can enter a state whereby it has active VEM ports but a license is not installed for the VSG, even when the device is configured with permanent VSG licenses. When this occurs, all the virtual Ethernet ports on the VEM that correspond to the VMs are kept in pass-through mode, with traffic not being analyzed by the VSG and hence any policies configured on the VSG are not enforced.
This bug is independent of VSM-to-VEM communication (whether in Layer 2 or Layer 3 mode).
If the workaround as described below is followed, then this issue will not be seen, and the licenses will be correctly installed.
After the upgrade to Software Release 4.2(1)SV1(5.2) has been performed, this issue can be verified from the command-line interface by issuing the command-line interface (CLI) command show vsn detail
. In the following example, the VSN-STATE indicates No-License
nexus1K# show vsn detail
#VSN VLAN: -, IP-ADDR: 192.168.0.1
MODULE VSN-MAC-ADDR FAIL-MODE VSN-STATE
3 - Close No-License
4 - Close No-License
When upgrading a Cisco Nexus 1000V Series Switch to Software Release 4.2(1)SV1(5.2), the administrator should perform these additional steps:
- After the VSM upgrade is complete, but before the VEM upgrade is initiated, use the system switchover command to initiate a manual switchover. After the switchover, the CLI session will exit.
- Login to the VSM and use the show redundancy status CLI command to verify the switchover was successful.
After the VSM and VEM has been upgraded, use the show vsn detail
command to validate the licenses were properly installed. The VSN-STATE
should be Up
. If the VSM and VEM were upgraded successfully and the licenses were properly installed, then this issue will not be observed.
Cisco will release Software Release 4.2(1)SV1(5.2a) and this response will be updated when a confirmed release date is available.