User guide
HP Virtual Connect for Cisco Network Administrators (version 4.x)
Document Number: C01386629 Date: January 2014
page 40
If an Administrator needs the blade server NIC ports to receive layer 2 QoS markings (Class
of Service), then the server NIC ports will need to be assigned to a vNet operating in
802.1Q\p tunneling mode. See the section above entitled “VC Uplinks and VLAN Trunking” for
more information.
Security
ACLs & VLAN ACLs
In the current version of firmware, Virtual Connect does not support user-configurable port or
VLAN ACLs. However, an Administrator can specifically design the deployment of vNets to
make use of ACLs or VACLs configured on the upstream Cisco switch.
In the figure below as an example, all four blade servers are on VLAN 1 even though they are
split between two different vNets. Since the uplink ports for both vNets are connected to Cisco
switch ports assigned to VLAN 1, both vNets represent VLAN 1 within the VC Domain. While
server 1 can communicate directly with Server 2 without leaving the VC Domain, Server 1 cannot
talk to Servers 3 or 4 without transiting the external Cisco switch. Server 1’s traffic will exit the
VC domain via vNet VC_LAN1_A connected to interface gi0/1, be switched by the Cisco switch
over to interface gi0/3, and reach Server 3 via the vNet VC_LAN1_B.
Since Server 1’s traffic must transit the external Cisco switch to reach either Server 3 or Server
4, Server 1’s traffic will be subject to any port ACLs or VLAN ACLs configured on the external
Cisco switch. In this case, the Administrator could apply a VACL on VLAN 1 of the external Cisco
switch to prevent Server 1 from communicating with Server 3 while still allowing Server 1 to
communicate with Server 4.
The scenario above is just one example of the many ways an Administrator can creatively use vNets
to accommodate complex network configurations.